[PATCH] bug fix: Expose /storageservers
by Aline Manera
From: Aline Manera <alinefm(a)br.ibm.com>
Now to expose a new uri for kimchi server we need to use the UrlSubNode
decorator, otherwise the uri will not be available.
Signed-off-by: Aline Manera <alinefm(a)br.ibm.com>
---
src/kimchi/control/storageservers.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/kimchi/control/storageservers.py b/src/kimchi/control/storageservers.py
index 5cbb5a1..9e7f4ac 100644
--- a/src/kimchi/control/storageservers.py
+++ b/src/kimchi/control/storageservers.py
@@ -20,11 +20,12 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-from kimchi.control.base import Collection, Resource
-from kimchi.control.utils import get_class_name, model_fn
import kimchi.template
+from kimchi.control.base import Collection, Resource
+from kimchi.control.utils import get_class_name, model_fn, UrlSubNode
+@UrlSubNode("storageservers", True)
class StorageServers(Collection):
def __init__(self, model):
super(StorageServers, self).__init__(model)
--
1.7.10.4
10 years, 11 months
[PATCH] Remove the unnecessary 'exposed'
by Mark Wu
'exposed' is only need to be set when a leaf hander is exposed,
so this patch removes the usages on resources.
Signed-off-by: Mark Wu <wudxw(a)linux.vnet.ibm.com>
---
src/kimchi/control/config.py | 2 --
src/kimchi/control/host.py | 2 --
src/kimchi/control/storagepools.py | 1 -
3 files changed, 5 deletions(-)
diff --git a/src/kimchi/control/config.py b/src/kimchi/control/config.py
index cc41e8a..c28e6e3 100644
--- a/src/kimchi/control/config.py
+++ b/src/kimchi/control/config.py
@@ -35,9 +35,7 @@ class Config(Resource):
def __init__(self, model, id=None):
super(Config, self).__init__(model, id)
self.capabilities = Capabilities(self.model)
- self.capabilities.exposed = True
self.distros = Distros(model)
- self.distros.exposed = True
@property
def data(self):
diff --git a/src/kimchi/control/host.py b/src/kimchi/control/host.py
index f041b35..053c822 100644
--- a/src/kimchi/control/host.py
+++ b/src/kimchi/control/host.py
@@ -35,9 +35,7 @@ class Host(Resource):
self.reboot = self.generate_action_handler('reboot')
self.shutdown = self.generate_action_handler('shutdown')
self.stats = HostStats(self.model)
- self.stats.exposed = True
self.partitions = Partitions(self.model)
- self.partitions.exposed = True
@property
def data(self):
diff --git a/src/kimchi/control/storagepools.py b/src/kimchi/control/storagepools.py
index 3b8ef79..01078ba 100644
--- a/src/kimchi/control/storagepools.py
+++ b/src/kimchi/control/storagepools.py
@@ -40,7 +40,6 @@ class StoragePools(Collection):
super(StoragePools, self).__init__(model)
self.resource = StoragePool
isos = IsoPool(model)
- isos.exposed = True
setattr(self, ISO_POOL_NAME, isos)
def create(self, *args):
--
1.8.4.2
10 years, 11 months
[PATCH] Bug fix #309 - network: Unable to create vlan tagged on Ubuntu
by Ramon Medeiros
Python binding for libvirt does not support conn.changeBegin() and
conn.commit(). To make the change safe, this procedure was changed to a
internal framework: RollbackContext.
Signed-off-by: Ramon Medeiros <ramonn(a)linux.vnet.ibm.com>
---
src/kimchi/model.py | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/src/kimchi/model.py b/src/kimchi/model.py
index 81c1507..a2f5634 100644
--- a/src/kimchi/model.py
+++ b/src/kimchi/model.py
@@ -951,16 +951,17 @@ class Model(object):
br_xml = networkxml.create_vlan_tagged_bridge_xml(br_name, interface,
vlan_id)
conn = self.conn.get()
- conn.changeBegin()
- try:
- vlan_tagged_br = conn.interfaceDefineXML(br_xml)
- vlan_tagged_br.create()
- except libvirt.libvirtError as e:
- conn.changeRollback()
- raise OperationFailed(e.message)
- else:
- conn.changeCommit()
- return br_name
+
+ with RollbackContext() as rollback:
+
+ try:
+ vlan_tagged_br = conn.interfaceDefineXML(br_xml)
+ vlan_tagged_br.create()
+ except libvirt.libvirtError as e:
+ raise OperationFailed(e.message)
+ rollback.prependDefer(vlan_tagged_br.destroy)
+ else:
+ return br_name
def _remove_vlan_tagged_bridge(self, network):
try:
--
1.8.3.1
10 years, 11 months
[PATCH] Use resource's lookup interface to fetch capabilities
by Mark Wu
Capabilities is kind of resource, so we can use its lookup
interface to fetch information from model. It can reduce the
special code, which is helpful for further refactoring.
This patch removes the dict initialization in controller level
intentionally, because the model should return full information of
capabilities always.
Signed-off-by: Mark Wu <wudxw(a)linux.vnet.ibm.com>
---
src/kimchi/control/config.py | 6 +-----
src/kimchi/mockmodel.py | 2 +-
src/kimchi/model.py | 2 +-
3 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/kimchi/control/config.py b/src/kimchi/control/config.py
index c28e6e3..16cc384 100644
--- a/src/kimchi/control/config.py
+++ b/src/kimchi/control/config.py
@@ -50,11 +50,7 @@ class Capabilities(Resource):
@property
def data(self):
- caps = ['libvirt_stream_protocols', 'qemu_stream',
- 'screenshot', 'system_report_tool']
- ret = dict([(x, None) for x in caps])
- ret.update(self.model.get_capabilities())
- return ret
+ return self.info
class Distros(Collection):
diff --git a/src/kimchi/mockmodel.py b/src/kimchi/mockmodel.py
index 916020a..0fe69dd 100644
--- a/src/kimchi/mockmodel.py
+++ b/src/kimchi/mockmodel.py
@@ -60,7 +60,7 @@ class MockModel(object):
self.objstore = ObjectStore(objstore_loc)
self.distros = self._get_distros()
- def get_capabilities(self):
+ def capabilities_lookup(self, name):
return {'libvirt_stream_protocols': ['http', 'https', 'ftp', 'ftps', 'tftp'],
'qemu_stream': True,
'screenshot': True,
diff --git a/src/kimchi/model.py b/src/kimchi/model.py
index 81c1507..1f98bfa 100644
--- a/src/kimchi/model.py
+++ b/src/kimchi/model.py
@@ -242,7 +242,7 @@ class Model(object):
kimchi_log.info("*** Feature tests completed ***")
_set_capabilities.priority = 90
- def get_capabilities(self):
+ def capabilities_lookup(self, name):
report_tool = self._get_system_report_tool()
return {'libvirt_stream_protocols': self.libvirt_stream_protocols,
--
1.8.4.2
10 years, 11 months
[PATCH v4 0/3] Reorganize kimchi's path vars generation code
by Mark Wu
This series of patches reorganize kimchi's path vars generation code
to allow plugin use kimchi s ui handler.
Changes:
v4:
Fix the test break when installed to non system dirs. (per Shaohe)
v3:
Rebase
Only access the paths instance when the request is for html, which
can avoid forcibly installing paths to the plugin which just have
json requests.
v2:
Rebase
Remove the optimization for plugin paths since it just have a few
instantiations.
Mark Wu (3):
Reorganize the kimchi's paths gereneration code
Add test cases for paths generation code
Allow plugin use kimchi's ui handler
.gitignore | 1 +
src/kimchi/cachebust.py | 4 +-
src/kimchi/config.py.in | 155 +++++++++++++++++++-----------------------------
src/kimchi/root.py | 23 ++++---
src/kimchi/server.py | 14 +++--
src/kimchi/template.py | 17 ++++--
src/kimchi/utils.py | 6 +-
src/kimchid.in | 7 ++-
tests/Makefile.am | 9 ++-
tests/test_config.py.in | 85 ++++++++++++++++++++++++++
10 files changed, 196 insertions(+), 125 deletions(-)
create mode 100644 tests/test_config.py.in
--
1.8.4.2
10 years, 11 months
[PATCH] bug fix: failed to update vm with unicode name
by shaohef@linux.vnet.ibm.com
From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
update a vm's name with unicode name, kimchi will report error.
$ curl -u <user> -H 'Accept: application/json' \
-H 'Content-type: application/json' \
http://localhost:8000/vms/u13.10 -X PUT -d '
{"name": "kīмсhī-∨м"}'
There are two bugs:
1. typo
encode the ident with "utf8" when HTTPRedirect
change it to "utf-8"
2. The name form libvirt is str, need decode.
ref:
https://github.com/kimchi-project/kimchi/wiki/support-unicode
Signed-off-by: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
---
src/kimchi/control/base.py | 2 +-
src/kimchi/model.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/kimchi/control/base.py b/src/kimchi/control/base.py
index f50ff6e..0b656ab 100644
--- a/src/kimchi/control/base.py
+++ b/src/kimchi/control/base.py
@@ -154,7 +154,7 @@ class Resource(object):
ident = update(self.ident, params)
if ident != self.ident:
uri_params = list(self.model_args[:-1])
- uri_params += [urllib2.quote(ident.encode('utf8'))]
+ uri_params += [urllib2.quote(ident.encode('utf-8'))]
raise cherrypy.HTTPRedirect(self.uri_fmt % tuple(uri_params), 303)
return self.get()
diff --git a/src/kimchi/model.py b/src/kimchi/model.py
index 55de570..6590ca3 100644
--- a/src/kimchi/model.py
+++ b/src/kimchi/model.py
@@ -504,7 +504,7 @@ class Model(object):
dom = self._get_vm(name)
dom = self._static_vm_update(dom, params)
self._live_vm_update(dom, params)
- return dom.name()
+ return dom.name().decode('utf-8')
def vm_lookup(self, name):
dom = self._get_vm(name)
--
1.8.4.2
10 years, 11 months
[PATCH 00/22] Refactor Model
by Aline Manera
From: Aline Manera <alinefm(a)br.ibm.com>
Hi all,
This patch set splitted model.py into several model implementations.
One for each resource in kimchi.
It also includes a mechanism implemented by Zhou Zheng Sheng to automatically
load all the models in one. So we don't nee to change tests and controller
to work with new models.
It is just the first step.
I also will send a patch to split mockmodel
And finally, a new one to separate common code and specific code from models.
I am sending it separately because all that require a lot of work (and tests)
and also can conflict with new features.
I am planning to merge it on next Wed (when sprint 2 ends) so I hope those
changes will not impact so much any developer.
PS. it seems to to be a huge patch set but I just move code from one place to
another. There is no new implementation/feature in there.
Aline Manera (22):
refactor model: Separate libvirtconnection from model.py
refactor model: Move StoragePooldef from model to
libvirtstoragepools.py
refactor model: Create a common model builder
Create a model to join all model resources implementation
refactor model: Create a separated model for task resource
refactor model: Create a separated model for plugins resource
refactor model: Create a separated model for debug report resource
refactor model: Create a separated model for config resource
refactor model: Create a separated model for network resource
refactor model: Create a separated model for interface resource
refactor model: Create a separated model for storage pool resource
refactor model: Create a separated model for storage volume resource
refactor model: Create a separated model for storage server resource
refactor model: Create a separated model for storage target resource
refactor model: Create a separated model for template resource
refactor model: Create a separated model for vm resource
refactor model: Create a separated model for vm interface resource
refactor model: Create a separated model for host resource
Update server to use the new model
Update tests to use the new model
Update mockmodel imports
Delete former model.py and rename model_ to model
Makefile.am | 1 +
src/kimchi/basemodel.py | 55 +
src/kimchi/control/config.py | 6 +-
src/kimchi/control/storagepools.py | 2 +-
src/kimchi/control/utils.py | 12 +-
src/kimchi/mockmodel.py | 27 +-
src/kimchi/model.py | 2025 --------------------------------
src/kimchi/model/__init__.py | 21 +
src/kimchi/model/config.py | 87 ++
src/kimchi/model/debugreports.py | 167 +++
src/kimchi/model/host.py | 201 ++++
src/kimchi/model/interfaces.py | 46 +
src/kimchi/model/libvirtconnection.py | 122 ++
src/kimchi/model/libvirtstoragepool.py | 257 ++++
src/kimchi/model/model.py | 53 +
src/kimchi/model/networks.py | 265 +++++
src/kimchi/model/plugins.py | 31 +
src/kimchi/model/storagepools.py | 246 ++++
src/kimchi/model/storageservers.py | 78 ++
src/kimchi/model/storagetargets.py | 86 ++
src/kimchi/model/storagevolumes.py | 176 +++
src/kimchi/model/tasks.py | 39 +
src/kimchi/model/templates.py | 172 +++
src/kimchi/model/utils.py | 33 +
src/kimchi/model/vmifaces.py | 135 +++
src/kimchi/model/vms.py | 450 +++++++
src/kimchi/server.py | 2 +-
src/kimchi/utils.py | 46 +-
tests/test_model.py | 91 +-
tests/test_storagepool.py | 4 +-
tests/utils.py | 4 +-
31 files changed, 2831 insertions(+), 2109 deletions(-)
create mode 100644 src/kimchi/basemodel.py
delete mode 100644 src/kimchi/model.py
create mode 100644 src/kimchi/model/__init__.py
create mode 100644 src/kimchi/model/config.py
create mode 100644 src/kimchi/model/debugreports.py
create mode 100644 src/kimchi/model/host.py
create mode 100644 src/kimchi/model/interfaces.py
create mode 100644 src/kimchi/model/libvirtconnection.py
create mode 100644 src/kimchi/model/libvirtstoragepool.py
create mode 100644 src/kimchi/model/model.py
create mode 100644 src/kimchi/model/networks.py
create mode 100644 src/kimchi/model/plugins.py
create mode 100644 src/kimchi/model/storagepools.py
create mode 100644 src/kimchi/model/storageservers.py
create mode 100644 src/kimchi/model/storagetargets.py
create mode 100644 src/kimchi/model/storagevolumes.py
create mode 100644 src/kimchi/model/tasks.py
create mode 100644 src/kimchi/model/templates.py
create mode 100644 src/kimchi/model/utils.py
create mode 100644 src/kimchi/model/vmifaces.py
create mode 100644 src/kimchi/model/vms.py
--
1.7.10.4
10 years, 11 months
[RFC] Authorization enhancement
by Frank Novak
Sounds reasonable by me....
Is it done yet? :-)
Cheers,
Frank
-----------------------------------------------------------------------------------------------------------------------
Frank Novak ( 诺帆 nuò、fān )
STSM, SCEM Open Hypervisor
IBM Linux Technology Center
US: fnovak(a)us.ibm.com ; Notes: Frank Novak/Watson/IBM @IBMUS
cell : 919-671-7966
-------------------------------------------------------------------------------------------------------------------------
Adam King rak at linux.vnet.ibm.com
Tue Jan 21 20:38:51 EST 2014
Previous message: [Kimchi-devel] [RFC] Authorization enhancement
Next message: [Kimchi-devel] [PATCH V6] Add nfs server and target UI
in create storage pool
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The proposal is over ambitious in some areas, under ambitious in others.
I'd suggest the following:
*Assumptions:*
The first objective of introducing authorization into Kimchi is to allow
an admin to partition defined VMs for independent, secure use by
different users.
*Scenario:
*Frank is the manager of a team consisting of developers and testers
with a clear separation of responsibility. He already has groups created
on his linux host with user id membership organized by the user's
function. Frank needs to create some VMs for his teams to use. He is the
sole root user on the host.
He wants the developers to be able to manage their VMs' lifecycle, but
not to have permission to increase their VMs resource allocation.
Developers always want as much memory as they can get away with:-)
He wants the testers to have permission to edit the resource allocation
of their VMs. The software needs to be verified with different hardware
configurations, and he doesn't want to have to make every edit for his
testers each time they need to validate a new scenario.
*Resolution:*
Frank creates his VMs.
Those he has created for use by his developers, he assigns the user role
to the development group for each of the VMs granting all his developers
permission to see and manage the life cycle of the VMs
Those he has created for use by his testers, he assigns the admin role
to the test group for each of the VMs granting all his testers
permission to see and take all actions to the VMs
*User Design goals*
An existing system user will only see the resources and actions the user
is authorized to use
An existing system sudo user will see and be able to act on all resources
Actions on a given resource can be restricted with more than binary
granularity. Some authorized users may have more privilege on a resource
than others. ie Some authorized users may be able to edit a VMs resource
definition, while others can only manipulate its life cycle
*System Design Goals*
No new prerequisites are required to be installed or managed. i.e. No
database prerequisite
No new user repository is required beyond what the host system is
configured to use. PAM
The authorization scheme will work with read only user repositories.
Authorization information will be portable. ie. If a VM is moved from
one kimchi host to another, the new host is immediately aware of the
security constraints.
The system is secure. A user will not be able discover the REST API and
invoke actions directly without authorization.
Kimchi managed resources can still be managed by other KVM tools, and
returned to Kimchi without loss of function.
Kimchi 1.2 authorization design is extensible to cover arbitrarily fine
grained constraints
*Kimchi 1.2 Proposal*
Users in the sudo (admin) group would continue having full access to all
Kimchi functions.
Users not in the sudo (admin) group would only have access to VMs that
they are authorized to use.
A VM user could have one of two roles on a given VM
admin - user has access to all VM actions on the individual VM
user - user has access to power on, power off, reboot,
snapshot, VNC/Spice as appropriate on the individual VM
Group/role mapping will be stored in the <metadata> element of the VM
Domain XML. If the VM is migrated to a new host, the metadata will go
with it.
*Algorithm*
Login:
If the user is a member of the sudo (admin) group
grant all permissions and render the full Kimchi UI as today
else
enumerate all the groups the user is a member of, including
groups of groups recursively
for each VM determine the highest role available to the user by
the various groups he is a member of
render the kimchi frame with only a list of the authorized VMs,
each with the appropriate actions
If none, render the empty list
*Kimchi 1.2+ Extensibilty
*How can the 1.2 proposal be extended in future Kimchi versions as needed?
* Resource **
* Other resources (network, storage) can use the same group/role
authorization concept, relying on similar libvirt metadata for storage.
Storage for the authorization mapping would have to be elsewhere for any
resource libvirt has not defined metadata on.
* Admin granularity*
Additional roles can be introduced to allow some admins control
over network while others control storage pools and volumes. Storage for
these administration scoped roles would have to be defined and
replicated for future cluster support.
*Role granularity*
Additional roles can be introduced beyond admin and user to
allow more differentiation in what actions a specific group of users can
access including custom administrator defined roles
--
Adam King <rak at linux.vnet.ibm.com>
IBM CSI
10 years, 11 months
[PATCH v3 0/3] Reorganize kimchi's path vars generation code
by Mark Wu
This series of patches reorganize kimchi's path vars generation code
to allow plugin use kimchi s ui handler.
Changes:
v3:
Rebase
Only access the paths instance when the request is for html, which
can avoid forcibly installing paths to the plugin which just have
json requests.
v2:
Rebase
Remove the optimization for plugin paths since it just have a few
instantiations.
Mark Wu (3):
PEP8 cleanup and bug fix for src/kimchi/utils.py
Reorganize the kimchi's paths gereneration code
Add test cases for paths generation code
Makefile.am | 1 +
src/kimchi/cachebust.py | 4 +-
src/kimchi/config.py.in | 155 +++++++++++++++++++-----------------------------
src/kimchi/root.py | 7 ++-
src/kimchi/server.py | 10 ++--
src/kimchi/template.py | 14 +++--
src/kimchi/utils.py | 15 ++---
src/kimchid.in | 7 ++-
tests/test_config.py | 73 +++++++++++++++++++++++
9 files changed, 168 insertions(+), 118 deletions(-)
create mode 100644 tests/test_config.py
--
1.8.4.2
10 years, 11 months
[PATCH v4 0/2] Change all CSS files indentation to 4 spaces
by Crístian Viana
This is the difference between this and the previous patchset (v3):
- Limit line length to 79 characters instead of 80, according to the PEP8
specification. Even though PEP8 rules are meant to be applied for Python
code, it is better if we can reuse the same ones (when applicable).
Crístian Viana (2):
CSS: Do not allow lines longer than 79 characters
CSS: Change all CSS files indentation to 4 spaces
ui/css/theme-default/button.css | 167 ++++++++++++++++++++----------
ui/css/theme-default/error.css | 15 ++-
ui/css/theme-default/grid.css | 36 ++++---
ui/css/theme-default/host.css | 6 +-
ui/css/theme-default/jquery-ui.custom.css | 27 +++--
ui/css/theme-default/line-chart.css | 6 +-
ui/css/theme-default/list.css | 15 ++-
ui/css/theme-default/nav-tree.css | 12 ++-
ui/css/theme-default/network.css | 12 ++-
ui/css/theme-default/popover.css | 39 ++++---
ui/css/theme-default/report-add.css | 3 +-
ui/css/theme-default/reset.css | 8 +-
ui/css/theme-default/storage.css | 18 ++--
ui/css/theme-default/template-edit.css | 9 +-
ui/css/theme-default/template_add.css | 20 ++--
ui/css/theme-default/template_list.css | 24 +++--
ui/css/theme-default/toolbar.css | 6 +-
ui/css/theme-default/topbar.css | 29 ++++--
ui/css/theme-default/window.css | 3 +-
19 files changed, 296 insertions(+), 159 deletions(-)
--
1.8.4.2
10 years, 11 months