March 2014 - Kimchi-devel - Ovirt List Archives

[PATCH] bug fix: remove the hard code of disk_path

by shaohef＠linux.vnet.ibm.com

From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com> Usually the path of default pool is under /var/lib/libvirt/images/ But that not means it always is. So remove this hard code. Signed-off-by: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com> --- tests/test_model.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/test_model.py b/tests/test_model.py index d661247..75cfc45 100644 --- a/tests/test_model.py +++ b/tests/test_model.py @@ -241,7 +241,8 @@ class ModelTests(unittest.TestCase): rollback.prependDefer(inst.vm_delete, 'test-vm-1') vm_info = inst.vm_lookup(params['name']) - disk_path = '/var/lib/libvirt/images/%s-0.img' % vm_info['uuid'] + disk_path = '%s/%s-0.img' % ( + inst.storagepool_lookup('default')['path'], vm_info['uuid']) self.assertTrue(os.access(disk_path, os.F_OK)) self.assertFalse(os.access(disk_path, os.F_OK)) -- 1.8.4.2

10 years, 9 months

5
4
0 / 0

[PATCH] add a method to probe the permission as qemu user

by shaohef＠linux.vnet.ibm.com

From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com> now I want to improve the template integrity verification. I need to check the 'qemu' user can open an iso files. This patch is used to 'qemu' user has permission to open a file. Test this patch: $ mkdir -p a/b/c $ touch a/b/c/f $ chmod o-x a/b/c $ sudo PYTHONPATH=src python -c ' from kimchi.utils import probe_file_permission_as_user print probe_file_permission_as_user("a/b/c/f", "qemu")' It will return False change another user, it may return True Signed-off-by: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com> --- src/kimchi/utils.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/kimchi/utils.py b/src/kimchi/utils.py index d4ab1a1..baee936 100644 --- a/src/kimchi/utils.py +++ b/src/kimchi/utils.py @@ -22,8 +22,11 @@ # import cherrypy +import grp +from multiprocessing import Process, Queue import os import psutil +import pwd import re import subprocess import urllib2 @@ -234,3 +237,24 @@ def run_setfacl_set_attr(path, attr="r", user=""): set_user = ["setfacl", "--modify", "user:%s:%s" % (user, attr), path] out, error, ret = run_command(set_user) return ret == 0 + + +def probe_file_permission_as_user(file, user): + def probe_permission(q, file, user): + uid = pwd.getpwnam(user).pw_uid + gid = pwd.getpwnam(user).pw_gid + gids = [g.gr_gid for g in grp.getgrall() if user in g.gr_mem] + os.setgid(gid) + os.setgroups(gids) + os.setuid(uid) + try: + with open(file) as f: + q.put(True) + except Exception as e: + q.put(False) + + queue = Queue() + p = Process(target=probe_permission, args=(queue, file, user)) + p.start() + p.join() + return queue.get() -- 1.8.4.2

10 years, 9 months

3
5
0 / 0

[RFC][PATCH V4 0/4] Issue #322

by shaohef＠linux.vnet.ibm.com

From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com> V3 -> V4 update test case V2 -> V3 sort the import. V1 -> V2 use debug to log the open exception trace stack. It is complex to check the permission for qemu user. There are too many access controlling mechanisms in Linux, such as ACL, traditional ugo+-rwx, SELinux and AppArmor. It's not possible to enumerate and check every access mechanisms if it allows QEMU to access a file. So now I'm simply trying to access the file with qemu user and see if it's OK It is simple and avoid handling corner case. Also I can try to start a simple guest with the given iso. ShaoHe Feng (4): add a method to probe the permission as qemu user qemu user tests: probe the username of qemu process started by libvirt Don't allow templates to be created with ISOs that won't be usable. probe iso permission: update test case Makefile.am | 1 + src/kimchi/i18n.py | 5 ++++ src/kimchi/kvmusertests.py | 64 +++++++++++++++++++++++++++++++++++++++++++ src/kimchi/model/templates.py | 13 ++++++++- src/kimchi/utils.py | 26 ++++++++++++++++++ tests/test_model.py | 38 ++++++++++++++++--------- 6 files changed, 133 insertions(+), 14 deletions(-) create mode 100644 src/kimchi/kvmusertests.py -- 1.8.4.2

10 years, 9 months

3
7
0 / 0

[PATCH 0/3] Issue #302

by shaohef＠linux.vnet.ibm.com

From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com> let 'create' attr of networks model to create the default network ShaoHe Feng (3): move _default_network_check from top model to networks model add a new function to get an available network address Issue #302: let 'create' attr of networks model to create default network src/kimchi/model/model.py | 35 --------------------------------- src/kimchi/model/networks.py | 46 +++++++++++++++++++++++++++++++++++++------- src/kimchi/network.py | 7 +++++-- 3 files changed, 44 insertions(+), 44 deletions(-) -- 1.8.4.2

10 years, 9 months

3
12
0 / 0

[PATCH 0/4] [UI] Host Repositories Management Support

by Hongliang Wang

Add host repositories management in this patch set. Hongliang Wang (4): [UI] Add i18n Strings for Repositories Management [UI] Add API Support for Repositories Management [UI] Add/Edit Repository Support [UI] Integrate Repositories Management into Host Tab po/POTFILES.in | 2 + ui/css/theme-default/host.css | 44 +++++++++++ ui/css/theme-default/repository-add.css | 39 ++++++++++ ui/css/theme-default/repository-edit.css | 69 +++++++++++++++++ ui/js/src/kimchi.api.js | 61 +++++++++++++++ ui/js/src/kimchi.host.js | 126 +++++++++++++++++++++++++++++++ ui/js/src/kimchi.repository_add_main.js | 84 +++++++++++++++++++++ ui/js/src/kimchi.repository_edit_main.js | 85 +++++++++++++++++++++ ui/pages/i18n.html.tmpl | 18 +++++ ui/pages/repository-add.html.tmpl | 104 +++++++++++++++++++++++++ ui/pages/repository-edit.html.tmpl | 121 +++++++++++++++++++++++++++++ ui/pages/tabs/host.html.tmpl | 13 ++++ 12 files changed, 766 insertions(+) create mode 100644 ui/css/theme-default/repository-add.css create mode 100644 ui/css/theme-default/repository-edit.css create mode 100644 ui/js/src/kimchi.repository_add_main.js create mode 100644 ui/js/src/kimchi.repository_edit_main.js create mode 100644 ui/pages/repository-add.html.tmpl create mode 100644 ui/pages/repository-edit.html.tmpl -- 1.8.1.4

10 years, 9 months

4
13
0 / 0

[RFC] UI: Support Selecting SCSI Volume when Creating a VM

by Hongliang Wang

Hi all, Royce talked this topic with me today that the UI part is missing for SCSI volume selecting when creating a VM. In the current design, VM is created through a template and no extra options are available at VM creation: template defines which pool and disk size, and Kimchi will create a volume in the pool with specified disk size for the VM. Though SCSI volumes are read-only and we can't create anything in SCSI pool, we need allow user to select a volume in SCSI pool. So my initial suggestion to the VM creation UI looks like: /// --- Create VM Window --- /// 1. Virtual Machine Name The name used to identify the virtual machine. If omitted, a name will be chosen based on the template used. [ Text box here to enter VM name ] 2. Template Please choose a template. [ Templates list here to be selected ] 3. Volumes (this part will be only available when SCSI pool is selected in Step 2) [ Volumes list in SCSI pool to be selected ] /// Create /// Does this make sense? If so, I'll send out patches for it.

10 years, 9 months

4
4
0 / 0

[PATCH v4 0/5] [UI] CDROM Management in a VM

by Hongliang Wang

Allow user to manipulate CDROM(s) in a VM: 1) Attach one or more CDROM(s); 2) Replace a CDROM with another ISO file path; 3) Detach a CDROM from a VM. Tested on Chrome. Please apply the following patch first: * [UI] Window Widget Enhancement - Allow onClose Listener v3 -> v4: 4a) Re-organized UI layout based on Adam King's slides: * Promoted media management for VM as a separate action * Restricted to only CDROM replacement for a running VM 4b) Removed listeners to avoid duplicate functions v2 -> v3: 3a) Keep the edit window silver instead of white (Aline's comment) 3b) Added information after CDROM manipulations to avoid confusion (Aline & Adam King's comment) v1 -> v2: 2a) Separate one patch into 4 small ones to make it easier to review (Thanks to Ramon Medeiros's comment) 2b) Updated API calling to list CDROM (Thanks to Aline's comment) 2c) Separated VM updating window into 2 parts: general and storage (Thanks to Aline's comment) 2d) Enhanced UI to allow user trigger replace CDROM window by clicking ISO file path text box 2e) Changed uneditable fields from readonly to disabled 2f) Removed authors infomation (Thanks to Aline's comment) Hongliang Wang (5): [UI] kimchi.message - Enhancement [UI] Add CDROM-related APIs [UI] Add i18n Variables for CDROM-related Function [UI] Add/Edit CDROM Support [UI] Attach/Replace/Detach a CDROM to/in/from a VM ui/css/theme-default/guest-cdrom-edit.css | 62 +++++++++++ ui/css/theme-default/guest-edit.css | 144 ++++++++++++++++++++++--- ui/css/theme-default/guest-media.css | 42 ++++++++ ui/css/theme-default/guest-storage-add.css | 70 ++++++++++++ ui/images/theme-default/guest-icon-sprite.png | Bin 0 -> 6748 bytes ui/js/src/kimchi.api.js | 74 +++++++++++++ ui/js/src/kimchi.guest_cdrom_edit_main.js | 87 +++++++++++++++ ui/js/src/kimchi.guest_edit_main.js | 105 ++++++++++++++++-- ui/js/src/kimchi.guest_main.js | 20 +++- ui/js/src/kimchi.guest_media_main.js | 59 ++++++++++ ui/js/src/kimchi.guest_storage_add.main.js | 85 +++++++++++++++ ui/js/src/kimchi.message.js | 27 ++--- ui/pages/guest-cdrom-edit.html.tmpl | 73 +++++++++++++ ui/pages/guest-edit.html.tmpl | 150 ++++++++++++++++---------- ui/pages/guest-media.html.tmpl | 60 +++++++++++ ui/pages/guest-storage-add.html.tmpl | 80 ++++++++++++++ ui/pages/guest.html.tmpl | 1 + ui/pages/i18n.html.tmpl | 11 ++ 18 files changed, 1063 insertions(+), 87 deletions(-) create mode 100644 ui/css/theme-default/guest-cdrom-edit.css create mode 100644 ui/css/theme-default/guest-media.css create mode 100644 ui/css/theme-default/guest-storage-add.css create mode 100644 ui/images/theme-default/guest-icon-sprite.png create mode 100644 ui/js/src/kimchi.guest_cdrom_edit_main.js create mode 100644 ui/js/src/kimchi.guest_media_main.js create mode 100644 ui/js/src/kimchi.guest_storage_add.main.js create mode 100644 ui/pages/guest-cdrom-edit.html.tmpl create mode 100644 ui/pages/guest-media.html.tmpl create mode 100644 ui/pages/guest-storage-add.html.tmpl -- 1.8.1.4

10 years, 9 months

3
15
0 / 0

[PATCH] [UI] Adjust CSS for Window

by Hongliang Wang

It's tightly limited to use the style rules. Make it looser. Signed-off-by: Hongliang Wang <hlwang(a)linux.vnet.ibm.com> --- ui/css/theme-default/window.css | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ui/css/theme-default/window.css b/ui/css/theme-default/window.css index 09a9840..af8db86 100644 --- a/ui/css/theme-default/window.css +++ b/ui/css/theme-default/window.css @@ -49,7 +49,7 @@ max-height: 100%; } -.window>header { +.window header { position: absolute; left: 0; right: 0; @@ -99,12 +99,12 @@ cursor: pointer; } -.window>header>.close:HOVER { +.window header>.close:HOVER { border: 2px solid #444; color: #444; } -.window>header>.title { +.window header>.title { font-size: 18px; height: 48px; line-height: 48px; -- 1.8.1.4

10 years, 9 months

2
1
0 / 0

[PATCH 0/3] Issue 294 The auto logout leaves action menu on page

by Adam King

When the user session ends, content that should no longer be visible to the unauthenticated user is left in the DOM. The issue as written notes that the guest action menu is displayed above the login window, leading to a buggy user experience. Information about the users guests, storage pools, networks, etc may also be left visible in the browser. Adam King (3): Fix formatting of the requestJSON function Issue 294 The auto logout leaves action menu on page - add classes Issue 294 The auto logout leaves action menu on page - update JS ui/js/src/kimchi.api.js | 2 +- ui/js/src/kimchi.login_window.js | 3 +++ ui/js/src/kimchi.main.js | 2 ++ ui/js/src/kimchi.network.js | 2 +- ui/js/src/kimchi.window.js | 2 +- ui/pages/kimchi-ui.html.tmpl | 2 +- ui/pages/tabs/guests.html.tmpl | 2 +- ui/pages/tabs/host.html.tmpl | 2 +- ui/pages/tabs/network.html.tmpl | 4 ++-- ui/pages/tabs/storage.html.tmpl | 2 +- ui/pages/tabs/templates.html.tmpl | 2 +- 11 files changed, 15 insertions(+), 10 deletions(-) -- 1.8.1.4

10 years, 9 months

3
5
0 / 0

[RFC][PATCH V3 0/3] Issue #322

by shaohef＠linux.vnet.ibm.com

From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com> V2 -> V2 sort the import. V1 -> V2 use debug to log the open exception trace stack. It is complex to check the permission for qemu user. There are too many access controlling mechanisms in Linux, such as ACL, traditional ugo+-rwx, SELinux and AppArmor. It's not possible to enumerate and check every access mechanisms if it allows QEMU to access a file. So now I'm simply trying to access the file with qemu user and see if it's OK It is simple and avoid handling corner case. Also I can try to start a simple guest with the given iso. ShaoHe Feng (3): add a method to probe the permission as qemu user qemu user tests: probe the username of qemu process started by libvirt Don't allow templates to be created with ISOs that won't be usable. Makefile.am | 1 + src/kimchi/i18n.py | 5 ++++ src/kimchi/kvmusertests.py | 64 +++++++++++++++++++++++++++++++++++++++++++ src/kimchi/model/templates.py | 13 ++++++++- src/kimchi/utils.py | 26 ++++++++++++++++++ 5 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 src/kimchi/kvmusertests.py -- 1.8.4.2

10 years, 9 months

3
5
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Kimchi-devel March 2014