November 2016 - Kimchi-devel - Ovirt List Archives

[PATCH] [Kimchi 0/4] CPU Hot plug/unplug feature

by dhbarboza82＠gmail.com

From: Daniel Henrique Barboza <danielhb(a)linux.vnet.ibm.com> This patch set implements CPU Hot plug/unplug capabilities in Kimchi. To test it, simply add/remove CPUs in a running guest via the 'Edit' menu. Note that all restrictions on the current CPU value (can't exceed max number of CPUs, must be a number that makes sense in the topology if one is set) still applies. For Power systems, the hot unplug requires additional software running in the guest to work: powerpc-utils, ppc64-diag and librtas. The service 'rtas_err' must be running too. Further enhancements and bug fixes in the CPU handling when editing a turned off VM (such as #1042) will be send in a separated patch. Daniel Henrique Barboza (4): CPU Hot plug/unplug: i18n changes CPU Hot plug/unplug: model changes CPU Hot plug/unplug: test changes CPU Hot plug/unplug: ui changes i18n.py | 5 +++ model/vms.py | 50 ++++++++++++++++++++++- tests/test_model.py | 80 +++++++++++++++++++++++++++++++++++++ ui/js/src/kimchi.guest_edit_main.js | 12 +++--- ui/pages/guest-edit.html.tmpl | 1 + ui/pages/help/en_US/guests.dita | 8 ++++ 6 files changed, 148 insertions(+), 8 deletions(-) -- 2.7.4

8 years

3
7
0 / 0

[PATCH] [Kimchi 0/2] Fixed edit template multiple issues

by rajgupta＠linux.vnet.ibm.com

From: Rajat Gupta <rajat.triumph(a)gmail.com> Rajat Gupta (2): Fixed issue #1075 s390x : Edit Template storage tab Storage dropdown shows "default" text Fixed issue #1076 s390x : n/w shows twice same interface while adding for template ui/js/src/kimchi.template_edit_main.js | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) -- 2.1.0

8 years

2
4
0 / 0

[PATCH v2][Wok] Bug fix #175: Do not generate nginx conf file on the fly

by Ramon Medeiros

--- Changes: v2: Correct typos in Makefile.am Change wokd.in and docs .gitignore | 1 - Makefile.am | 2 ++ contrib/wok.spec.fedora.in | 1 - contrib/wok.spec.suse.in | 1 - docs/wokd.8.in | 16 +++------- src/nginx/Makefile.am | 7 ++-- src/nginx/wok.conf | 79 ++++++++++++++++++++++++++++++++++++++++++++++ src/nginx/wok.conf.in | 75 ------------------------------------------- src/wok.conf.in | 33 ++----------------- src/wok/config.py.in | 2 +- src/wok/proxy.py | 45 -------------------------- src/wokd.in | 21 +----------- 12 files changed, 94 insertions(+), 189 deletions(-) create mode 100644 src/nginx/wok.conf delete mode 100644 src/nginx/wok.conf.in diff --git a/.gitignore b/.gitignore index d06f936..10754f9 100644 --- a/.gitignore +++ b/.gitignore @@ -31,7 +31,6 @@ wok-*.tar.gz wok.spec src/wokd src/wok.conf -src/nginx/wok.conf src/wok/config.py tests/run_tests.sh tests/test_config.py diff --git a/Makefile.am b/Makefile.am index 5c8e69d..1609034 100644 --- a/Makefile.am +++ b/Makefile.am @@ -159,6 +159,8 @@ install-data-local: touch $(DESTDIR)/etc/nginx/conf.d/wok.conf mkdir -p $(DESTDIR)/etc/logrotate.d/ $(INSTALL_DATA) $(top_srcdir)/src/wok.logrotate $(DESTDIR)/etc/logrotate.d/wokd + mkdir -p $(DESTDIR)/etc/nginx/conf.d + $(INSTALL_DATA) $(top_srcdir)/src/nginx/wok.conf $(DESTDIR)/etc/nginx/conf.d/wok.conf uninstall-local: @if test -f $(systemdsystemunitdir)/wokd.service; then \ diff --git a/contrib/wok.spec.fedora.in b/contrib/wok.spec.fedora.in index fdf3484..c48899f 100644 --- a/contrib/wok.spec.fedora.in +++ b/contrib/wok.spec.fedora.in @@ -114,7 +114,6 @@ rm -rf $RPM_BUILD_ROOT %{_prefix}/share/locale/*/LC_MESSAGES/wok.mo %{_datadir}/wok/ui/ %{_datadir}/wok -%{_sysconfdir}/nginx/conf.d/wok.conf.in %{_sysconfdir}/wok/wok.conf %{_sysconfdir}/wok/ %{_sysconfdir}/logrotate.d/wokd diff --git a/contrib/wok.spec.suse.in b/contrib/wok.spec.suse.in index 70c295b..283f9c3 100644 --- a/contrib/wok.spec.suse.in +++ b/contrib/wok.spec.suse.in @@ -93,7 +93,6 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/wok %{_sysconfdir}/wok/wok.conf %{_sysconfdir}/wok/ -%{_sysconfdir}/nginx/conf.d/wok.conf.in %{_sysconfdir}/nginx/conf.d/wok.conf %{_sysconfdir}/logrotate.d/wokd %{_var}/lib/wok/ diff --git a/docs/wokd.8.in b/docs/wokd.8.in index c7a6f3f..d4ca062 100644 --- a/docs/wokd.8.in +++ b/docs/wokd.8.in @@ -3,10 +3,10 @@ Kimchi \- HTML5 based management tool for KVM .SH SYNOPSIS .B kimchid -[\fB-h\fP|\fB--help\fP] [\fB--host\fP \fIhost\fP] [\fB--port\fP \fIport\fP] -[\fB--ssl-port\fP \fIssl_port\fP] [\fB--cherrypy_port\fP \fIcherrypy_port\fP] -[\fB--log-level\fP \fIlog_level\fP] [\fB--access-log\fP \fIaccess_log\fP] -[\fB--error-log\fP \fIerror_log\fP] [\fB--environment\fP \fIenvironment\fP] +[\fB-h\fP|\fB--help\fP] [\fB--nginx-port\fP \fInginx_port\fP] +[\fB--cherrypy_port\fP \fIcherrypy_port\fP] [\fB--log-level\fP \fIlog_level\fP] +[\fB--access-log\fP \fIaccess_log\fP] [\fB--error-log\fP \fIerror_log\fP] +[\fB--environment\fP \fIenvironment\fP] .SH DESCRIPTION \fBKimchi\fP is an HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest. @@ -19,13 +19,7 @@ The following options are supported: \fB\-h\fP , \fB\-\-help\fP Show this help message and exit. .TP -\fB\-\-host\fP \fIhost\fP -Specify the hostname or IP to listen on. -.TP -\fB\-\-port\fP \fIport\fP -Specify the HTTP port (default \fI8000\fP). -.TP -\fB\-\-ssl-port\fP \fIssl_port\fP +\fB\-\-nginx-port\fP \fInginx_port\fP Specify the HTTPS port (default \fI8001\fP). .TP \fB\-\-cherrypy_port\fP \fIcherrypy_port\fP diff --git a/src/nginx/Makefile.am b/src/nginx/Makefile.am index a376a74..3a47a5f 100644 --- a/src/nginx/Makefile.am +++ b/src/nginx/Makefile.am @@ -1,7 +1,7 @@ # # Project Wok # -# Copyright IBM Corp, 2015 +# Copyright IBM Corp, 2015-2016 # # Code derived from Project Kimchi # @@ -19,9 +19,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -EXTRA_DIST = wok.conf.in +EXTRA_DIST = wok.conf confdir = $(sysconfdir)/nginx/conf.d -dist_conf_DATA = wok.conf.in +dist_conf_DATA = wok.conf -CLEANFILES = wok.conf diff --git a/src/nginx/wok.conf b/src/nginx/wok.conf new file mode 100644 index 0000000..d191746 --- /dev/null +++ b/src/nginx/wok.conf @@ -0,0 +1,79 @@ +# Project Wok +# +# Copyright IBM Corp, 2016 +# +# Code derived from Project Kimchi +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 USA + +# This is a template file to be used to generate a nginx +# proxy config file at wokd script. + +client_max_body_size 4194304k; + +# Set timeout, based on configuration values, to avoid the 504 Gateway Timeout +# when Wok is processing a request. +proxy_connect_timeout 10m; +proxy_send_timeout 10m; +proxy_read_timeout 10m; +send_timeout 10m; + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +upstream websocket { + server 127.0.0.1:64667; +} + +server { + listen 0.0.0.0:8001 ssl; + + ssl_certificate /etc/wok/wok-cert.pem; + ssl_certificate_key /etc/wok/wok-key.pem; + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:@STRENGTH'; + ssl_prefer_server_ciphers on; + ssl_dhparam /etc/wok/dhparams.pem; + ssl_session_timeout 10m; + + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + + location / { + proxy_pass http://127.0.0.1:8010; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect http://127.0.0.1:8010/ https://$host:8001/; + } + + location /websockify { + proxy_pass http://websocket; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } +} + +server { + listen 0.0.0.0:8000; + rewrite ^/(.*)$ https://$host:8001/$1 redirect; +} + diff --git a/src/nginx/wok.conf.in b/src/nginx/wok.conf.in deleted file mode 100644 index 5d2bb17..0000000 --- a/src/nginx/wok.conf.in +++ /dev/null @@ -1,75 +0,0 @@ -# Project Wok -# -# Copyright IBM Corp, 2015-2016 -# -# Code derived from Project Kimchi -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301 USA - -# This is a template file to be used to generate a nginx -# proxy config file at wokd script. - -client_max_body_size ${max_body_size}k; - -# Set timeout, based on configuration values, to avoid the 504 Gateway Timeout -# when Wok is processing a request. -proxy_connect_timeout ${session_timeout}m; -proxy_send_timeout ${session_timeout}m; -proxy_read_timeout ${session_timeout}m; -send_timeout ${session_timeout}m; - -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -upstream websocket { - server 127.0.0.1:${websockets_port}; -} - -server { - listen ${host_addr}:${proxy_ssl_port} ssl; - - ssl_certificate ${cert_pem}; - ssl_certificate_key ${cert_key}; - ssl_protocols TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:@STRENGTH'; - ssl_prefer_server_ciphers on; - ssl_dhparam ${dhparams_pem}; - ssl_session_timeout ${session_timeout}m; - - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - - location ${server_root}/ { - proxy_pass http://127.0.0.1:${cherrypy_port}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_redirect http://127.0.0.1:${cherrypy_port}/ https://$host:${proxy_ssl_port}${server_root}/; - } - - location ${server_root}/websockify { - proxy_pass http://websocket; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - } -} - -${http_config} diff --git a/src/wok.conf.in b/src/wok.conf.in index 254f786..1d26e8c 100644 --- a/src/wok.conf.in +++ b/src/wok.conf.in @@ -3,46 +3,19 @@ # [server] -# Hostname or IP address to listen on -#host = 0.0.0.0 - -# Port to listen on -#port = 8000 - -# Start an SSL-enabled server on the given port -#ssl_port = 8001 - -# Allow user disables HTTP port. In that case, all the connections -# will be done directly through HTTPS port (values: true|false) -#https_only = false # Cherrypy server port #cherrypy_port = 8010 +# Start an SSL-enabled server on the given port +#nginx_port = 8001 + # Port for websocket proxy to listen on #websockets_port = 64667 -# Number of minutes that a session can remain idle before the server -# terminates it automatically. -#session_timeout = 10 - -# The full path to an SSL Certificate or chain of certificates in -# PEM format. When a chain is used, the server's certificate must be -# the first certificate in the file with the chain concatenated into -# the end of that certificate. If left unspecified, Wok will generate -# a self-signed certificate automatically. -#ssl_cert = - -# The corresponding private key in PEM format for the SSL Certificate supplied -# above. If left blank, Wok will generate a self-signed certificate. -#ssl_key = - # Running environment of the server #environment = production -# Max request body size in KB, default value is 4GB -#max_body_size = 4 * 1024 * 1024 - # Wok server root. Set the following variable to configure any relative path to # the server. For example, to have Wok pointing to https://localhost:8001/wok/ # uncomment the following: diff --git a/src/wok/config.py.in b/src/wok/config.py.in index f1167f4..3e67269 100644 --- a/src/wok/config.py.in +++ b/src/wok/config.py.in @@ -263,7 +263,7 @@ def _get_config(): config.add_section("server") config.set("server", "host", "0.0.0.0") config.set("server", "port", "8000") - config.set("server", "ssl_port", "8001") + config.set("server", "nginx_port", "8001") config.set("server", "https_only", "false") config.set("server", "cherrypy_port", "8010") config.set("server", "websockets_port", "64667") diff --git a/src/wok/proxy.py b/src/wok/proxy.py index 5f646e4..1c11b9b 100644 --- a/src/wok/proxy.py +++ b/src/wok/proxy.py @@ -25,8 +25,6 @@ # and configure the Nginx proxy. import os -import pwd -from string import Template from wok import sslcert from wok.config import paths @@ -53,17 +51,6 @@ def _create_proxy_config(options): Arguments: options - OptionParser object with Wok config options """ - # User that will run the worker process of the proxy. Fedora, - # RHEL and Suse creates an user called 'nginx' when installing - # the proxy. Ubuntu creates an user 'www-data' for it. - user_proxy = None - user_list = ('nginx', 'www-data', 'http') - sys_users = [p.pw_name for p in pwd.getpwall()] - common_users = list(set(user_list) & set(sys_users)) - if len(common_users) == 0: - raise Exception("No common user found") - else: - user_proxy = common_users[0] config_dir = paths.conf_dir nginx_config_dir = paths.nginx_conf_dir cert = options.ssl_cert @@ -81,38 +68,6 @@ def _create_proxy_config(options): with open(key, "w") as f: f.write(ssl_gen.key_pem()) - # Setting up Diffie-Hellman group with 2048-bit file - dhparams_pem = os.path.join(config_dir, "dhparams.pem") - - http_config = '' - if options.https_only == 'false': - http_config = HTTP_CONFIG % {'host_addr': options.host, - 'proxy_port': options.port, - 'proxy_ssl_port': options.ssl_port, - 'rel_path': options.server_root} - - # Read template file and create a new config file - # with the specified parameters. - with open(os.path.join(nginx_config_dir, "wok.conf.in")) as template: - data = template.read() - data = Template(data) - data = data.safe_substitute(user=user_proxy, - host_addr=options.host, - proxy_ssl_port=options.ssl_port, - http_config=http_config, - cherrypy_port=options.cherrypy_port, - websockets_port=options.websockets_port, - cert_pem=cert, cert_key=key, - max_body_size=eval(options.max_body_size), - session_timeout=options.session_timeout, - dhparams_pem=dhparams_pem, - server_root=options.server_root) - - # Write file to be used for nginx. - config_file = open(os.path.join(nginx_config_dir, "wok.conf"), "w") - config_file.write(data) - config_file.close() - # If not running from the installed path (from a cloned and builded source # code), create a symbolic link in system's dir to prevent errors on read # SSL certifications. diff --git a/src/wokd.in b/src/wokd.in index c1b302c..5552b79 100644 --- a/src/wokd.in +++ b/src/wokd.in @@ -43,37 +43,18 @@ def main(options): if not os.geteuid() == 0: sys.exit("\nMust be root to run this script. Exiting ...\n") - host = config.config.get("server", "host") - port = config.config.get("server", "port") - ssl_port = config.config.get("server", "ssl_port") - https_only = config.config.get("server", "https_only") + ssl_port = config.config.get("server", "nginx_port") cherrypy_port = config.config.get("server", "cherrypy_port") - websockets_port = config.config.get("server", "websockets_port") - session_timeout = config.config.get("server", "session_timeout") runningEnv = config.config.get("server", "environment") server_root = config.config.get("server", "server_root") logDir = config.config.get("logging", "log_dir") logLevel = config.config.get("logging", "log_level") parser = OptionParser() - parser.add_option('--host', type="string", default=host, - help="Hostname to listen on") - parser.add_option('--port', type="int", default=port, - help="Port to listen on (default %s)" % port) parser.add_option('--ssl-port', type="int", default=ssl_port, help="Port to enable SSL (default %s)" % ssl_port) - parser.add_option('--https_only', type="choice", default=https_only, - choices=['false', 'true'], - help="Disable HTTP port (default %s)" % ssl_port) parser.add_option('--cherrypy_port', type="int", default=cherrypy_port, help="Cherrypy server port (default %s)" % cherrypy_port) - parser.add_option('--websockets_port', type="int", default=websockets_port, - help="Websockets port to listen on (default %s)" % - websockets_port) - parser.add_option('--session_timeout', type="int", default=session_timeout, - help="Number of minutes that a session can remain idle " - "before the server terminates it automatically. " - "(default %s)" % session_timeout) parser.add_option('--log-level', default=logLevel, help="Logging level") parser.add_option('--access-log', -- 2.7.4

8 years

2
1
0 / 0

[PATCH v2] [Wok] Added util method for formatting timestamp as per locale.

by pkulkark＠linux.vnet.ibm.com

From: Pooja Kulkarni <pkulkark(a)linux.vnet.ibm.com> v2: Rebased to latest master Signed-off-by: Pooja Kulkarni <pkulkark(a)linux.vnet.ibm.com> --- ui/js/src/wok.utils.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ui/js/src/wok.utils.js b/ui/js/src/wok.utils.js index 80bdb77..daa34c4 100644 --- a/ui/js/src/wok.utils.js +++ b/ui/js/src/wok.utils.js @@ -258,6 +258,13 @@ wok.numberLocaleConverter = function numberConverter(number, locale){ return number; } +wok.timestampConverter = function timestampconverter(timestamp, locale){ + var dte = new Date(timestamp) + var options = { year: 'numeric', month: 'long', day: 'numeric', hour: 'numeric', + minute: 'numeric', second: 'numeric', timeZoneName: 'short'}; + return dte.toLocaleString(locale, options); +} + wok.localeConverters = { "date-locale-converter": { to: function(date){ -- 2.1.0

8 years

2
1
0 / 0

[PATCH] [Kimchi] Fixed issue #1074 IP address for the guest under Interfaces tab is blank

by rajgupta＠linux.vnet.ibm.com

From: Rajat Gupta <rajat.triumph(a)gmail.com> If IP address is not define it will show "unavailable" for the guest under Interfaces tab Signed-off-by: Rajat Gupta <rajat.triumph(a)gmail.com> --- ui/js/src/kimchi.guest_edit_main.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/js/src/kimchi.guest_edit_main.js b/ui/js/src/kimchi.guest_edit_main.js index 9669d08..d5e32a1 100644 --- a/ui/js/src/kimchi.guest_edit_main.js +++ b/ui/js/src/kimchi.guest_edit_main.js @@ -206,7 +206,7 @@ kimchi.guest_edit_main = function() { if (data.id === -1) { data.id = $('#form-guest-edit-interface > .body').children().size(); } - if (data.ips === "" || data.ips === null) { + if (data.ips === "" || data.ips === null || data.ips === undefined) { data.ips = i18n["KCHNET6001M"]; } else { data.ips = data.ips; -- 2.1.0

8 years

4
3
0 / 0

[PATCH V2] [Kimchi] s390x specific changes to support storage path and storage pool as disk.

by archus＠linux.vnet.ibm.com

From: Archana Singh <archus(a)linux.vnet.ibm.com> 1) As on s390x, default is storage path, but if pool explicitly specified in template.conf it takes preference. So added code to ensure that if storage pool explicitly specified in file conf then check for default storage pool is performed. 2) Code changes in tmpl default creation which ensure that on s390x, default disk is path but if conf file has explicitly pool specified then defult disk is the sepecified pool. And also ensures that disk is either pool or path and not both. 3) Code changes in vmtemplate, to ensure that on s390x either a path disk or a pool disk can be added to template. And if disk to add does not have both path and pool then tmpl default storage is used. 4) Added 'path' specific to s390x only as commented in template.conf. --- model/storagepools.py | 6 ++++-- osinfo.py | 40 +++++++++++++++++++++++++++++++++------- template.conf | 3 +++ vmtemplate.py | 33 ++++++++++++++++++++++++--------- 4 files changed, 64 insertions(+), 18 deletions(-) diff --git a/model/storagepools.py b/model/storagepools.py index 5942b31..cc4b906 100644 --- a/model/storagepools.py +++ b/model/storagepools.py @@ -73,7 +73,9 @@ class StoragePoolsModel(object): def _check_default_pools(self): pools = {} - if is_s390x(): + # Don't create default pool if it's not + # explicitly specified in template.conf + if is_s390x() and 'pool' not in tmpl_defaults['disks'][0]: return default_pool = tmpl_defaults['disks'][0]['pool']['name'] @@ -91,7 +93,7 @@ class StoragePoolsModel(object): error_msg = ("Storage pool %s does not exist or is not " "active. Please, check the configuration in " "%s/template.conf to ensure it lists only valid " - "networks." % (pool_name, kimchiPaths.sysconf_dir)) + "storage." % (pool_name, kimchiPaths.sysconf_dir)) try: pool = conn.storagePoolLookupByName(pool_name) except libvirt.libvirtError, e: diff --git a/osinfo.py b/osinfo.py index c51d6e0..3bc59d7 100644 --- a/osinfo.py +++ b/osinfo.py @@ -27,9 +27,9 @@ from configobj import ConfigObj from distutils.version import LooseVersion from wok.config import PluginPaths +from wok.exception import InvalidParameter from wok.plugins.kimchi.config import kimchiPaths - SUPPORTED_ARCHS = {'x86': ('i386', 'i686', 'x86_64'), 'power': ('ppc', 'ppc64'), 'ppc64le': ('ppc64le'), @@ -176,14 +176,40 @@ def _get_tmpl_defaults(): default_config = ConfigObj(tmpl_defaults) # Load template configuration file - if is_on_s390x: - config_file = os.path.join( - kimchiPaths.sysconf_dir, - 'template_s390x.conf') - else: - config_file = os.path.join(kimchiPaths.sysconf_dir, 'template.conf') + config_file = os.path.join(kimchiPaths.sysconf_dir, 'template.conf') config = ConfigObj(config_file) + # File configuration takes preference. + # In s390x, file configuration can have storage pool or path. + # Default configuration for s390x is storage path. + # In case file conf has storage pool then storage pool takes preference. + # When conf file has explicitly storage pool: "defaults" should + # have storage pool and default configured path should be removed, + # as either storage can be path or pool, cannot be both. + # When conf file does not explicity storage pool or have explicitly + # storage path: "default" should have storage path only and cannot + # have default pool. + # + # Check file conf has storage configured. + if is_on_s390x and config.get('storage').get('disk.0'): + # remove storage from default_config as file configuration takes + # preference. + default_config.pop('storage') + + # Get storage configuration present in conf file + config_pool = config.get('storage').get('disk.0').get('pool') + config_path = config.get('storage').get('disk.0').get('path') + + # If storage configured in conf file then it should have either + # pool or path. + if not config_pool and not config_path: + raise InvalidParameter('KCHTMPL0040E') + + # On s390x if config file has both path and pool uncommented + # then path should take preference. + if config_pool and config_path: + config.get('storage').get('disk.0').pop('pool') + # Merge default configuration with file configuration default_config.merge(config) diff --git a/template.conf b/template.conf index c4598f1..55f3d70 100644 --- a/template.conf +++ b/template.conf @@ -28,6 +28,9 @@ # Storage pool used to handle the guest disk #pool = default +# Only Applicable for s390x. Storage path used to handle the guest disk +#path = /var/lib/libvirt/images + [graphics] # Graphics type # Valid options: vnc | spice diff --git a/vmtemplate.py b/vmtemplate.py index c3390fe..b249873 100644 --- a/vmtemplate.py +++ b/vmtemplate.py @@ -106,14 +106,25 @@ class VMTemplate(object): for index, disk in enumerate(disks): disk_info = dict(default_disk) - # on s390x/s390 either pool or path should be present in - # default disk. - if is_s390x() and 'pool' not in default_disk and \ - 'path' not in default_disk: - raise InvalidParameter('KCHTMPL0040E') - # On s390x/s390 pool is optional attribute for disk. - pool = disk.get('pool', default_disk.get('pool')) + if is_s390x(): + # Default disk should have either pool or path. + if 'pool' not in default_disk and 'path' not in default_disk: + raise InvalidParameter('KCHTMPL0040E') + + # Each disk should have either pool or path. + # if not then use "default_disk" configuration. + pool = disk.get('pool') + path = disk.get('path') + if not path and not pool: + # If default disk is path then set disk with default path + if default_disk.get('path'): + path = default_disk.get('path') + # If default disk is pool then set disk with default pool + if default_disk.get('pool'): + pool = default_disk.get('pool') + else: + pool = disk.get('pool', default_disk.get('pool')) if pool: pool_type = self._get_storage_type(pool['name']) @@ -148,8 +159,12 @@ class VMTemplate(object): disk_info['index'] = disk_info.get('index', index) self.info['disks'][index] = disk_info elif is_s390x(): - # For now support 'path' only on s390x - path = disk.get('path', default_disk.get('path')) + # This check is required where 'path' disk + # has to be added and hence default pool + # has to be removed during template update. + if 'pool' in disk_info: + del disk_info['pool'] + disk_info.update(disk) keys = sorted(disk_info.keys()) if ((keys != sorted(basic_path_disk)) and -- 2.7.4

8 years

3
2
0 / 0

[PATCH v4] [Kimchi 0/2] Issue #998 Not all static strings are externalized

by pkulkark＠linux.vnet.ibm.com

From: Pooja Kulkarni <pkulkark(a)linux.vnet.ibm.com> v4: Rebased to latest master v3: Removed 'fuzzy' messages from .po files v2: Rebased to latest master v1: This patch set externalizes all the static string that should be externalized to support globalization. Also contains the updated .pot and .po files Pooja Kulkarni (2): Issue #998 Not all static strings are externalized Issue #998 Updated .pot and .po files po/POTFILES.in | 1 + po/de_DE.po | 277 +++++++++++++++++++++++++++-- po/en_US.po | 277 +++++++++++++++++++++++++++-- po/es_ES.po | 277 +++++++++++++++++++++++++++-- po/fr_FR.po | 277 +++++++++++++++++++++++++++-- po/it_IT.po | 277 +++++++++++++++++++++++++++-- po/ja_JP.po | 277 +++++++++++++++++++++++++++-- po/kimchi.pot | 277 +++++++++++++++++++++++++++-- po/ko_KR.po | 277 +++++++++++++++++++++++++++-- po/pt_BR.po | 277 +++++++++++++++++++++++++++-- po/ru_RU.po | 277 +++++++++++++++++++++++++++-- po/zh_CN.po | 277 +++++++++++++++++++++++++++-- po/zh_TW.po | 277 +++++++++++++++++++++++++++-- ui/js/src/kimchi.guest_storage_add.main.js | 12 +- ui/js/src/kimchi.storagepool_add_main.js | 12 +- ui/pages/guest-edit.html.tmpl | 14 +- ui/pages/i18n.json.tmpl | 19 ++ 17 files changed, 3171 insertions(+), 211 deletions(-) -- 2.1.0

8 years

2
3
0 / 0

[PATCH v3] [Wok] Externalise missed strings in Wok.

by pkulkark＠linux.vnet.ibm.com

From: Pooja Kulkarni <pkulkark(a)linux.vnet.ibm.com> v3: Rebased to current master v2: Included space in title field v1: This patch externalises some more static strings missed in Wok and removes tooltip. Signed-off-by: Pooja Kulkarni <pkulkark(a)linux.vnet.ibm.com> --- ui/pages/login.html.tmpl | 6 +++--- ui/pages/wok-ui.html.tmpl | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ui/pages/login.html.tmpl b/ui/pages/login.html.tmpl index 170f8fe..431806c 100644 --- a/ui/pages/login.html.tmpl +++ b/ui/pages/login.html.tmpl @@ -111,12 +111,12 @@ <form id="form-login" class="form-horizontal" method="post"> <div class="form-group"> <label for="username" class="sr-only">$_("User Name")</label> - <input type="text" class="form-control" id="username" name="username" required="required" placeholder="$_(" User Name ")" autofocus autocomplete="off" /> + <input type="text" class="form-control" id="username" name="username" required="required" placeholder="$_(" User Name ")" autofocus autocomplete="off" title=" " /> <div id="username-msg" class="msg-required"></div> </div> <div class="form-group"> <label for="password" class="sr-only">$_("Password")</label> - <input type="password" class="form-control" id="password" name="password" required="required" placeholder="$_(" Password ")" autocomplete="off" /> + <input type="password" class="form-control" id="password" name="password" required="required" placeholder="$_(" Password ")" autocomplete="off" title=" "/> <div id="password-msg" class="msg-required"></div> </div> <div class="form-group"> @@ -322,7 +322,7 @@ </div> <div class="row"> <div class="col-lg-4 delayed-fadein"> - <p class="text-muted powered hidden">Powered by:</p> + <p class="text-muted powered hidden">$_("Powered by:")</p> <ul id="wok-logos" class="list-inline"></ul> </div> </div> diff --git a/ui/pages/wok-ui.html.tmpl b/ui/pages/wok-ui.html.tmpl index 4f821da..c10b2bd 100644 --- a/ui/pages/wok-ui.html.tmpl +++ b/ui/pages/wok-ui.html.tmpl @@ -160,8 +160,8 @@ <div class="well"> <p>$_("Your session will expire on: 30s. Do you want to renew it?")</p> <div class="form-group"> - <button class="btn btn-primary btn-xs" id="renew-session-button" onclick="wok.session.renewSession();">Renew</button> - <button class="btn btn-primary btn-xs" id="dismiss-session-button" onclick="wok.session.hideExpiringAlert();">Dismiss</button> + <button class="btn btn-primary btn-xs" id="renew-session-button" onclick="wok.session.renewSession();">$_("Renew")</button> + <button class="btn btn-primary btn-xs" id="dismiss-session-button" onclick="wok.session.hideExpiringAlert();">$_("Dismiss")</button> </div> </div> </div> @@ -195,7 +195,7 @@ <p class="text-muted powered hidden">$_("Powered by"):</p> <ul id="plugins"> </ul> - <span class="wok-version">Wok Version: $get_version()</span> + <span class="wok-version">$_("Wok Version"): $get_version()</span> </div> </footer> </body> -- 2.1.0

8 years

2
1
0 / 0

[PATCH] [Wok 0/3] Fix Sample plugin

by Aline Manera

Aline Manera (3): Bug fix #7: Do not include Sample plugin files on Wok build Remove unnecessary directories from Sample plugin structure Bug fix #177: Fix Sample plugin according to latest changes on Wok .gitignore | 1 - IBM-license-blacklist | 3 - configure.ac | 23 -- src/wok/plugins/Makefile.am | 2 - src/wok/plugins/sample/Makefile.am | 31 -- src/wok/plugins/sample/__init__.py | 80 +---- src/wok/plugins/sample/config.status | 1 - src/wok/plugins/sample/model.py | 37 +- src/wok/plugins/sample/po/Makefile.in.in | 391 --------------------- src/wok/plugins/sample/po/Makevars | 41 --- src/wok/plugins/sample/po/POTFILES.in | 4 +- src/wok/plugins/sample/po/en_US.po | 48 ++- src/wok/plugins/sample/po/gen-pot | 28 -- src/wok/plugins/sample/po/pt_BR.po | 48 ++- src/wok/plugins/sample/po/sample.pot | 48 ++- src/wok/plugins/sample/po/update-po | 34 ++ src/wok/plugins/sample/po/zh_CN.po | 48 ++- src/wok/plugins/sample/root.py | 171 +++++++++ src/wok/plugins/sample/sample.conf | 3 + src/wok/plugins/sample/sample.conf.in | 27 -- src/wok/plugins/sample/ui/Makefile.am | 22 -- src/wok/plugins/sample/ui/config/Makefile.am | 22 -- src/wok/plugins/sample/ui/config/tab-ext.xml | 13 +- src/wok/plugins/sample/ui/css/.gitignore | 0 src/wok/plugins/sample/ui/images/.gitignore | 0 src/wok/plugins/sample/ui/images/sample.svg | 45 +++ src/wok/plugins/sample/ui/js/Makefile.am | 22 -- src/wok/plugins/sample/ui/libs/.gitignore | 0 src/wok/plugins/sample/ui/pages/Makefile.am | 22 -- src/wok/plugins/sample/ui/pages/i18n.json.tmpl | 3 +- .../plugins/sample/ui/pages/sample-tab1.html.tmpl | 32 -- .../plugins/sample/ui/pages/sample-tab2.html.tmpl | 32 -- .../sample/ui/pages/tabs/sample-tab1.html.tmpl | 39 ++ .../sample/ui/pages/tabs/sample-tab2.html.tmpl | 39 ++ 34 files changed, 553 insertions(+), 807 deletions(-) delete mode 100644 src/wok/plugins/sample/Makefile.am delete mode 120000 src/wok/plugins/sample/config.status delete mode 100644 src/wok/plugins/sample/po/Makefile.in.in delete mode 100644 src/wok/plugins/sample/po/Makevars delete mode 100755 src/wok/plugins/sample/po/gen-pot create mode 100755 src/wok/plugins/sample/po/update-po create mode 100644 src/wok/plugins/sample/root.py create mode 100644 src/wok/plugins/sample/sample.conf delete mode 100644 src/wok/plugins/sample/sample.conf.in delete mode 100644 src/wok/plugins/sample/ui/Makefile.am delete mode 100644 src/wok/plugins/sample/ui/config/Makefile.am delete mode 100644 src/wok/plugins/sample/ui/css/.gitignore delete mode 100644 src/wok/plugins/sample/ui/images/.gitignore create mode 100644 src/wok/plugins/sample/ui/images/sample.svg delete mode 100644 src/wok/plugins/sample/ui/js/Makefile.am delete mode 100644 src/wok/plugins/sample/ui/libs/.gitignore delete mode 100644 src/wok/plugins/sample/ui/pages/Makefile.am delete mode 100644 src/wok/plugins/sample/ui/pages/sample-tab1.html.tmpl delete mode 100644 src/wok/plugins/sample/ui/pages/sample-tab2.html.tmpl create mode 100644 src/wok/plugins/sample/ui/pages/tabs/sample-tab1.html.tmpl create mode 100644 src/wok/plugins/sample/ui/pages/tabs/sample-tab2.html.tmpl -- 2.7.4

8 years

2
6
0 / 0

[PATCH][Wok] Bug fix #175: Do not generate nginx conf file on the fly

by Ramon Medeiros

--- .gitignore | 1 - Makefile.am | 3 ++ contrib/wok.spec.fedora.in | 1 - contrib/wok.spec.suse.in | 1 - src/nginx/Makefile.am | 7 ++-- src/nginx/wok.conf | 79 ++++++++++++++++++++++++++++++++++++++++++++++ src/nginx/wok.conf.in | 75 ------------------------------------------- src/wok.conf.in | 34 -------------------- src/wok/proxy.py | 45 -------------------------- 9 files changed, 85 insertions(+), 161 deletions(-) create mode 100644 src/nginx/wok.conf delete mode 100644 src/nginx/wok.conf.in diff --git a/.gitignore b/.gitignore index d06f936..10754f9 100644 --- a/.gitignore +++ b/.gitignore @@ -31,7 +31,6 @@ wok-*.tar.gz wok.spec src/wokd src/wok.conf -src/nginx/wok.conf src/wok/config.py tests/run_tests.sh tests/test_config.py diff --git a/Makefile.am b/Makefile.am index 5c8e69d..3754547 100644 --- a/Makefile.am +++ b/Makefile.am @@ -159,6 +159,8 @@ install-data-local: touch $(DESTDIR)/etc/nginx/conf.d/wok.conf mkdir -p $(DESTDIR)/etc/logrotate.d/ $(INSTALL_DATA) $(top_srcdir)/src/wok.logrotate $(DESTDIR)/etc/logrotate.d/wokd + mkdir -p $(DESTDIR)/etc/nginx/conf.d + $(INSTALL_DATA) $(top_srcdir)/src/nginx/wok.conf $(DESTDIR)/etc/nginx/conf.d/wok.conf uninstall-local: @if test -f $(systemdsystemunitdir)/wokd.service; then \ @@ -175,6 +177,7 @@ uninstall-local: $(RM) -rf $(DESTDIR)/etc/wok $(RM) $(DESTDIR)/etc/nginx/conf.d/wok.conf $(RM) $(DESTDIR)/etc/logrotate.d/wokd + $(DESTDIR)/etc/nginx/conf.d/wok.conf VERSION: @if $(GIT) rev-parse &> /dev/null ; then \ diff --git a/contrib/wok.spec.fedora.in b/contrib/wok.spec.fedora.in index fdf3484..c48899f 100644 --- a/contrib/wok.spec.fedora.in +++ b/contrib/wok.spec.fedora.in @@ -114,7 +114,6 @@ rm -rf $RPM_BUILD_ROOT %{_prefix}/share/locale/*/LC_MESSAGES/wok.mo %{_datadir}/wok/ui/ %{_datadir}/wok -%{_sysconfdir}/nginx/conf.d/wok.conf.in %{_sysconfdir}/wok/wok.conf %{_sysconfdir}/wok/ %{_sysconfdir}/logrotate.d/wokd diff --git a/contrib/wok.spec.suse.in b/contrib/wok.spec.suse.in index 70c295b..283f9c3 100644 --- a/contrib/wok.spec.suse.in +++ b/contrib/wok.spec.suse.in @@ -93,7 +93,6 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/wok %{_sysconfdir}/wok/wok.conf %{_sysconfdir}/wok/ -%{_sysconfdir}/nginx/conf.d/wok.conf.in %{_sysconfdir}/nginx/conf.d/wok.conf %{_sysconfdir}/logrotate.d/wokd %{_var}/lib/wok/ diff --git a/src/nginx/Makefile.am b/src/nginx/Makefile.am index a376a74..3a47a5f 100644 --- a/src/nginx/Makefile.am +++ b/src/nginx/Makefile.am @@ -1,7 +1,7 @@ # # Project Wok # -# Copyright IBM Corp, 2015 +# Copyright IBM Corp, 2015-2016 # # Code derived from Project Kimchi # @@ -19,9 +19,8 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -EXTRA_DIST = wok.conf.in +EXTRA_DIST = wok.conf confdir = $(sysconfdir)/nginx/conf.d -dist_conf_DATA = wok.conf.in +dist_conf_DATA = wok.conf -CLEANFILES = wok.conf diff --git a/src/nginx/wok.conf b/src/nginx/wok.conf new file mode 100644 index 0000000..d191746 --- /dev/null +++ b/src/nginx/wok.conf @@ -0,0 +1,79 @@ +# Project Wok +# +# Copyright IBM Corp, 2016 +# +# Code derived from Project Kimchi +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 USA + +# This is a template file to be used to generate a nginx +# proxy config file at wokd script. + +client_max_body_size 4194304k; + +# Set timeout, based on configuration values, to avoid the 504 Gateway Timeout +# when Wok is processing a request. +proxy_connect_timeout 10m; +proxy_send_timeout 10m; +proxy_read_timeout 10m; +send_timeout 10m; + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +upstream websocket { + server 127.0.0.1:64667; +} + +server { + listen 0.0.0.0:8001 ssl; + + ssl_certificate /etc/wok/wok-cert.pem; + ssl_certificate_key /etc/wok/wok-key.pem; + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:@STRENGTH'; + ssl_prefer_server_ciphers on; + ssl_dhparam /etc/wok/dhparams.pem; + ssl_session_timeout 10m; + + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + + location / { + proxy_pass http://127.0.0.1:8010; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect http://127.0.0.1:8010/ https://$host:8001/; + } + + location /websockify { + proxy_pass http://websocket; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } +} + +server { + listen 0.0.0.0:8000; + rewrite ^/(.*)$ https://$host:8001/$1 redirect; +} + diff --git a/src/nginx/wok.conf.in b/src/nginx/wok.conf.in deleted file mode 100644 index 5d2bb17..0000000 --- a/src/nginx/wok.conf.in +++ /dev/null @@ -1,75 +0,0 @@ -# Project Wok -# -# Copyright IBM Corp, 2015-2016 -# -# Code derived from Project Kimchi -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301 USA - -# This is a template file to be used to generate a nginx -# proxy config file at wokd script. - -client_max_body_size ${max_body_size}k; - -# Set timeout, based on configuration values, to avoid the 504 Gateway Timeout -# when Wok is processing a request. -proxy_connect_timeout ${session_timeout}m; -proxy_send_timeout ${session_timeout}m; -proxy_read_timeout ${session_timeout}m; -send_timeout ${session_timeout}m; - -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -upstream websocket { - server 127.0.0.1:${websockets_port}; -} - -server { - listen ${host_addr}:${proxy_ssl_port} ssl; - - ssl_certificate ${cert_pem}; - ssl_certificate_key ${cert_key}; - ssl_protocols TLSv1.1 TLSv1.2; - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:@STRENGTH'; - ssl_prefer_server_ciphers on; - ssl_dhparam ${dhparams_pem}; - ssl_session_timeout ${session_timeout}m; - - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - - location ${server_root}/ { - proxy_pass http://127.0.0.1:${cherrypy_port}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_redirect http://127.0.0.1:${cherrypy_port}/ https://$host:${proxy_ssl_port}${server_root}/; - } - - location ${server_root}/websockify { - proxy_pass http://websocket; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - } -} - -${http_config} diff --git a/src/wok.conf.in b/src/wok.conf.in index 254f786..d3b7b2d 100644 --- a/src/wok.conf.in +++ b/src/wok.conf.in @@ -3,46 +3,12 @@ # [server] -# Hostname or IP address to listen on -#host = 0.0.0.0 - -# Port to listen on -#port = 8000 - -# Start an SSL-enabled server on the given port -#ssl_port = 8001 - -# Allow user disables HTTP port. In that case, all the connections -# will be done directly through HTTPS port (values: true|false) -#https_only = false - # Cherrypy server port #cherrypy_port = 8010 -# Port for websocket proxy to listen on -#websockets_port = 64667 - -# Number of minutes that a session can remain idle before the server -# terminates it automatically. -#session_timeout = 10 - -# The full path to an SSL Certificate or chain of certificates in -# PEM format. When a chain is used, the server's certificate must be -# the first certificate in the file with the chain concatenated into -# the end of that certificate. If left unspecified, Wok will generate -# a self-signed certificate automatically. -#ssl_cert = - -# The corresponding private key in PEM format for the SSL Certificate supplied -# above. If left blank, Wok will generate a self-signed certificate. -#ssl_key = - # Running environment of the server #environment = production -# Max request body size in KB, default value is 4GB -#max_body_size = 4 * 1024 * 1024 - # Wok server root. Set the following variable to configure any relative path to # the server. For example, to have Wok pointing to https://localhost:8001/wok/ # uncomment the following: diff --git a/src/wok/proxy.py b/src/wok/proxy.py index 5f646e4..1c11b9b 100644 --- a/src/wok/proxy.py +++ b/src/wok/proxy.py @@ -25,8 +25,6 @@ # and configure the Nginx proxy. import os -import pwd -from string import Template from wok import sslcert from wok.config import paths @@ -53,17 +51,6 @@ def _create_proxy_config(options): Arguments: options - OptionParser object with Wok config options """ - # User that will run the worker process of the proxy. Fedora, - # RHEL and Suse creates an user called 'nginx' when installing - # the proxy. Ubuntu creates an user 'www-data' for it. - user_proxy = None - user_list = ('nginx', 'www-data', 'http') - sys_users = [p.pw_name for p in pwd.getpwall()] - common_users = list(set(user_list) & set(sys_users)) - if len(common_users) == 0: - raise Exception("No common user found") - else: - user_proxy = common_users[0] config_dir = paths.conf_dir nginx_config_dir = paths.nginx_conf_dir cert = options.ssl_cert @@ -81,38 +68,6 @@ def _create_proxy_config(options): with open(key, "w") as f: f.write(ssl_gen.key_pem()) - # Setting up Diffie-Hellman group with 2048-bit file - dhparams_pem = os.path.join(config_dir, "dhparams.pem") - - http_config = '' - if options.https_only == 'false': - http_config = HTTP_CONFIG % {'host_addr': options.host, - 'proxy_port': options.port, - 'proxy_ssl_port': options.ssl_port, - 'rel_path': options.server_root} - - # Read template file and create a new config file - # with the specified parameters. - with open(os.path.join(nginx_config_dir, "wok.conf.in")) as template: - data = template.read() - data = Template(data) - data = data.safe_substitute(user=user_proxy, - host_addr=options.host, - proxy_ssl_port=options.ssl_port, - http_config=http_config, - cherrypy_port=options.cherrypy_port, - websockets_port=options.websockets_port, - cert_pem=cert, cert_key=key, - max_body_size=eval(options.max_body_size), - session_timeout=options.session_timeout, - dhparams_pem=dhparams_pem, - server_root=options.server_root) - - # Write file to be used for nginx. - config_file = open(os.path.join(nginx_config_dir, "wok.conf"), "w") - config_file.write(data) - config_file.close() - # If not running from the installed path (from a cloned and builded source # code), create a symbolic link in system's dir to prevent errors on read # SSL certifications. -- 2.7.4

8 years

3
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Kimchi-devel November 2016