January 2014 - Kimchi-devel - Ovirt List Archives

by Aline Manera

From: Aline Manera <alinefm(a)br.ibm.com> Now to expose a new uri for kimchi server we need to use the UrlSubNode decorator, otherwise the uri will not be available. Signed-off-by: Aline Manera <alinefm(a)br.ibm.com> --- src/kimchi/control/storageservers.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/kimchi/control/storageservers.py b/src/kimchi/control/storageservers.py index 5cbb5a1..9e7f4ac 100644 --- a/src/kimchi/control/storageservers.py +++ b/src/kimchi/control/storageservers.py @@ -20,11 +20,12 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -from kimchi.control.base import Collection, Resource -from kimchi.control.utils import get_class_name, model_fn import kimchi.template +from kimchi.control.base import Collection, Resource +from kimchi.control.utils import get_class_name, model_fn, UrlSubNode +@UrlSubNode("storageservers", True) class StorageServers(Collection): def __init__(self, model): super(StorageServers, self).__init__(model) -- 1.7.10.4

10 years, 3 months

2
2
0 / 0

[PATCH] Remove the unnecessary 'exposed'

by Mark Wu

'exposed' is only need to be set when a leaf hander is exposed, so this patch removes the usages on resources. Signed-off-by: Mark Wu <wudxw(a)linux.vnet.ibm.com> --- src/kimchi/control/config.py | 2 -- src/kimchi/control/host.py | 2 -- src/kimchi/control/storagepools.py | 1 - 3 files changed, 5 deletions(-) diff --git a/src/kimchi/control/config.py b/src/kimchi/control/config.py index cc41e8a..c28e6e3 100644 --- a/src/kimchi/control/config.py +++ b/src/kimchi/control/config.py @@ -35,9 +35,7 @@ class Config(Resource): def __init__(self, model, id=None): super(Config, self).__init__(model, id) self.capabilities = Capabilities(self.model) - self.capabilities.exposed = True self.distros = Distros(model) - self.distros.exposed = True @property def data(self): diff --git a/src/kimchi/control/host.py b/src/kimchi/control/host.py index f041b35..053c822 100644 --- a/src/kimchi/control/host.py +++ b/src/kimchi/control/host.py @@ -35,9 +35,7 @@ class Host(Resource): self.reboot = self.generate_action_handler('reboot') self.shutdown = self.generate_action_handler('shutdown') self.stats = HostStats(self.model) - self.stats.exposed = True self.partitions = Partitions(self.model) - self.partitions.exposed = True @property def data(self): diff --git a/src/kimchi/control/storagepools.py b/src/kimchi/control/storagepools.py index 3b8ef79..01078ba 100644 --- a/src/kimchi/control/storagepools.py +++ b/src/kimchi/control/storagepools.py @@ -40,7 +40,6 @@ class StoragePools(Collection): super(StoragePools, self).__init__(model) self.resource = StoragePool isos = IsoPool(model) - isos.exposed = True setattr(self, ISO_POOL_NAME, isos) def create(self, *args): -- 1.8.4.2

10 years, 3 months

3
2
0 / 0

[PATCH] Bug fix #309 - network: Unable to create vlan tagged on Ubuntu

by Ramon Medeiros

Python binding for libvirt does not support conn.changeBegin() and conn.commit(). To make the change safe, this procedure was changed to a internal framework: RollbackContext. Signed-off-by: Ramon Medeiros <ramonn(a)linux.vnet.ibm.com> --- src/kimchi/model.py | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/kimchi/model.py b/src/kimchi/model.py index 81c1507..a2f5634 100644 --- a/src/kimchi/model.py +++ b/src/kimchi/model.py @@ -951,16 +951,17 @@ class Model(object): br_xml = networkxml.create_vlan_tagged_bridge_xml(br_name, interface, vlan_id) conn = self.conn.get() - conn.changeBegin() - try: - vlan_tagged_br = conn.interfaceDefineXML(br_xml) - vlan_tagged_br.create() - except libvirt.libvirtError as e: - conn.changeRollback() - raise OperationFailed(e.message) - else: - conn.changeCommit() - return br_name + + with RollbackContext() as rollback: + + try: + vlan_tagged_br = conn.interfaceDefineXML(br_xml) + vlan_tagged_br.create() + except libvirt.libvirtError as e: + raise OperationFailed(e.message) + rollback.prependDefer(vlan_tagged_br.destroy) + else: + return br_name def _remove_vlan_tagged_bridge(self, network): try: -- 1.8.3.1

10 years, 3 months

3
3
0 / 0

[PATCH] Use resource's lookup interface to fetch capabilities

by Mark Wu

Capabilities is kind of resource, so we can use its lookup interface to fetch information from model. It can reduce the special code, which is helpful for further refactoring. This patch removes the dict initialization in controller level intentionally, because the model should return full information of capabilities always. Signed-off-by: Mark Wu <wudxw(a)linux.vnet.ibm.com> --- src/kimchi/control/config.py | 6 +----- src/kimchi/mockmodel.py | 2 +- src/kimchi/model.py | 2 +- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/kimchi/control/config.py b/src/kimchi/control/config.py index c28e6e3..16cc384 100644 --- a/src/kimchi/control/config.py +++ b/src/kimchi/control/config.py @@ -50,11 +50,7 @@ class Capabilities(Resource): @property def data(self): - caps = ['libvirt_stream_protocols', 'qemu_stream', - 'screenshot', 'system_report_tool'] - ret = dict([(x, None) for x in caps]) - ret.update(self.model.get_capabilities()) - return ret + return self.info class Distros(Collection): diff --git a/src/kimchi/mockmodel.py b/src/kimchi/mockmodel.py index 916020a..0fe69dd 100644 --- a/src/kimchi/mockmodel.py +++ b/src/kimchi/mockmodel.py @@ -60,7 +60,7 @@ class MockModel(object): self.objstore = ObjectStore(objstore_loc) self.distros = self._get_distros() - def get_capabilities(self): + def capabilities_lookup(self, name): return {'libvirt_stream_protocols': ['http', 'https', 'ftp', 'ftps', 'tftp'], 'qemu_stream': True, 'screenshot': True, diff --git a/src/kimchi/model.py b/src/kimchi/model.py index 81c1507..1f98bfa 100644 --- a/src/kimchi/model.py +++ b/src/kimchi/model.py @@ -242,7 +242,7 @@ class Model(object): kimchi_log.info("*** Feature tests completed ***") _set_capabilities.priority = 90 - def get_capabilities(self): + def capabilities_lookup(self, name): report_tool = self._get_system_report_tool() return {'libvirt_stream_protocols': self.libvirt_stream_protocols, -- 1.8.4.2

10 years, 3 months

3
2
0 / 0

[PATCH v4 0/3] Reorganize kimchi's path vars generation code

by Mark Wu

This series of patches reorganize kimchi's path vars generation code to allow plugin use kimchi s ui handler. Changes: v4: Fix the test break when installed to non system dirs. (per Shaohe) v3: Rebase Only access the paths instance when the request is for html, which can avoid forcibly installing paths to the plugin which just have json requests. v2: Rebase Remove the optimization for plugin paths since it just have a few instantiations. Mark Wu (3): Reorganize the kimchi's paths gereneration code Add test cases for paths generation code Allow plugin use kimchi's ui handler .gitignore | 1 + src/kimchi/cachebust.py | 4 +- src/kimchi/config.py.in | 155 +++++++++++++++++++----------------------------- src/kimchi/root.py | 23 ++++--- src/kimchi/server.py | 14 +++-- src/kimchi/template.py | 17 ++++-- src/kimchi/utils.py | 6 +- src/kimchid.in | 7 ++- tests/Makefile.am | 9 ++- tests/test_config.py.in | 85 ++++++++++++++++++++++++++ 10 files changed, 196 insertions(+), 125 deletions(-) create mode 100644 tests/test_config.py.in -- 1.8.4.2

10 years, 3 months

3
7
0 / 0

[PATCH] bug fix: failed to update vm with unicode name

by shaohef＠linux.vnet.ibm.com

From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com> update a vm's name with unicode name, kimchi will report error. $ curl -u <user> -H 'Accept: application/json' \ -H 'Content-type: application/json' \ http://localhost:8000/vms/u13.10 -X PUT -d ' {"name": "kīмсhī-∨м"}' There are two bugs: 1. typo encode the ident with "utf8" when HTTPRedirect change it to "utf-8" 2. The name form libvirt is str, need decode. ref: https://github.com/kimchi-project/kimchi/wiki/support-unicode Signed-off-by: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com> --- src/kimchi/control/base.py | 2 +- src/kimchi/model.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/kimchi/control/base.py b/src/kimchi/control/base.py index f50ff6e..0b656ab 100644 --- a/src/kimchi/control/base.py +++ b/src/kimchi/control/base.py @@ -154,7 +154,7 @@ class Resource(object): ident = update(self.ident, params) if ident != self.ident: uri_params = list(self.model_args[:-1]) - uri_params += [urllib2.quote(ident.encode('utf8'))] + uri_params += [urllib2.quote(ident.encode('utf-8'))] raise cherrypy.HTTPRedirect(self.uri_fmt % tuple(uri_params), 303) return self.get() diff --git a/src/kimchi/model.py b/src/kimchi/model.py index 55de570..6590ca3 100644 --- a/src/kimchi/model.py +++ b/src/kimchi/model.py @@ -504,7 +504,7 @@ class Model(object): dom = self._get_vm(name) dom = self._static_vm_update(dom, params) self._live_vm_update(dom, params) - return dom.name() + return dom.name().decode('utf-8') def vm_lookup(self, name): dom = self._get_vm(name) -- 1.8.4.2

10 years, 3 months

2
1
0 / 0

[PATCH 00/22] Refactor Model

by Aline Manera

From: Aline Manera <alinefm(a)br.ibm.com> Hi all, This patch set splitted model.py into several model implementations. One for each resource in kimchi. It also includes a mechanism implemented by Zhou Zheng Sheng to automatically load all the models in one. So we don't nee to change tests and controller to work with new models. It is just the first step. I also will send a patch to split mockmodel And finally, a new one to separate common code and specific code from models. I am sending it separately because all that require a lot of work (and tests) and also can conflict with new features. I am planning to merge it on next Wed (when sprint 2 ends) so I hope those changes will not impact so much any developer. PS. it seems to to be a huge patch set but I just move code from one place to another. There is no new implementation/feature in there. Aline Manera (22): refactor model: Separate libvirtconnection from model.py refactor model: Move StoragePooldef from model to libvirtstoragepools.py refactor model: Create a common model builder Create a model to join all model resources implementation refactor model: Create a separated model for task resource refactor model: Create a separated model for plugins resource refactor model: Create a separated model for debug report resource refactor model: Create a separated model for config resource refactor model: Create a separated model for network resource refactor model: Create a separated model for interface resource refactor model: Create a separated model for storage pool resource refactor model: Create a separated model for storage volume resource refactor model: Create a separated model for storage server resource refactor model: Create a separated model for storage target resource refactor model: Create a separated model for template resource refactor model: Create a separated model for vm resource refactor model: Create a separated model for vm interface resource refactor model: Create a separated model for host resource Update server to use the new model Update tests to use the new model Update mockmodel imports Delete former model.py and rename model_ to model Makefile.am | 1 + src/kimchi/basemodel.py | 55 + src/kimchi/control/config.py | 6 +- src/kimchi/control/storagepools.py | 2 +- src/kimchi/control/utils.py | 12 +- src/kimchi/mockmodel.py | 27 +- src/kimchi/model.py | 2025 -------------------------------- src/kimchi/model/__init__.py | 21 + src/kimchi/model/config.py | 87 ++ src/kimchi/model/debugreports.py | 167 +++ src/kimchi/model/host.py | 201 ++++ src/kimchi/model/interfaces.py | 46 + src/kimchi/model/libvirtconnection.py | 122 ++ src/kimchi/model/libvirtstoragepool.py | 257 ++++ src/kimchi/model/model.py | 53 + src/kimchi/model/networks.py | 265 +++++ src/kimchi/model/plugins.py | 31 + src/kimchi/model/storagepools.py | 246 ++++ src/kimchi/model/storageservers.py | 78 ++ src/kimchi/model/storagetargets.py | 86 ++ src/kimchi/model/storagevolumes.py | 176 +++ src/kimchi/model/tasks.py | 39 + src/kimchi/model/templates.py | 172 +++ src/kimchi/model/utils.py | 33 + src/kimchi/model/vmifaces.py | 135 +++ src/kimchi/model/vms.py | 450 +++++++ src/kimchi/server.py | 2 +- src/kimchi/utils.py | 46 +- tests/test_model.py | 91 +- tests/test_storagepool.py | 4 +- tests/utils.py | 4 +- 31 files changed, 2831 insertions(+), 2109 deletions(-) create mode 100644 src/kimchi/basemodel.py delete mode 100644 src/kimchi/model.py create mode 100644 src/kimchi/model/__init__.py create mode 100644 src/kimchi/model/config.py create mode 100644 src/kimchi/model/debugreports.py create mode 100644 src/kimchi/model/host.py create mode 100644 src/kimchi/model/interfaces.py create mode 100644 src/kimchi/model/libvirtconnection.py create mode 100644 src/kimchi/model/libvirtstoragepool.py create mode 100644 src/kimchi/model/model.py create mode 100644 src/kimchi/model/networks.py create mode 100644 src/kimchi/model/plugins.py create mode 100644 src/kimchi/model/storagepools.py create mode 100644 src/kimchi/model/storageservers.py create mode 100644 src/kimchi/model/storagetargets.py create mode 100644 src/kimchi/model/storagevolumes.py create mode 100644 src/kimchi/model/tasks.py create mode 100644 src/kimchi/model/templates.py create mode 100644 src/kimchi/model/utils.py create mode 100644 src/kimchi/model/vmifaces.py create mode 100644 src/kimchi/model/vms.py -- 1.7.10.4

10 years, 3 months

2
23
0 / 0

[RFC] Authorization enhancement

by Frank Novak

Sounds reasonable by me.... Is it done yet? :-) Cheers, Frank ----------------------------------------------------------------------------------------------------------------------- Frank Novak ( 诺帆 nuò、fān ) STSM, SCEM Open Hypervisor IBM Linux Technology Center US: fnovak(a)us.ibm.com ; Notes: Frank Novak/Watson/IBM @IBMUS cell : 919-671-7966 ------------------------------------------------------------------------------------------------------------------------- Adam King rak at linux.vnet.ibm.com Tue Jan 21 20:38:51 EST 2014 Previous message: [Kimchi-devel] [RFC] Authorization enhancement Next message: [Kimchi-devel] [PATCH V6] Add nfs server and target UI in create storage pool Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] The proposal is over ambitious in some areas, under ambitious in others. I'd suggest the following: *Assumptions:* The first objective of introducing authorization into Kimchi is to allow an admin to partition defined VMs for independent, secure use by different users. *Scenario: *Frank is the manager of a team consisting of developers and testers with a clear separation of responsibility. He already has groups created on his linux host with user id membership organized by the user's function. Frank needs to create some VMs for his teams to use. He is the sole root user on the host. He wants the developers to be able to manage their VMs' lifecycle, but not to have permission to increase their VMs resource allocation. Developers always want as much memory as they can get away with:-) He wants the testers to have permission to edit the resource allocation of their VMs. The software needs to be verified with different hardware configurations, and he doesn't want to have to make every edit for his testers each time they need to validate a new scenario. *Resolution:* Frank creates his VMs. Those he has created for use by his developers, he assigns the user role to the development group for each of the VMs granting all his developers permission to see and manage the life cycle of the VMs Those he has created for use by his testers, he assigns the admin role to the test group for each of the VMs granting all his testers permission to see and take all actions to the VMs *User Design goals* An existing system user will only see the resources and actions the user is authorized to use An existing system sudo user will see and be able to act on all resources Actions on a given resource can be restricted with more than binary granularity. Some authorized users may have more privilege on a resource than others. ie Some authorized users may be able to edit a VMs resource definition, while others can only manipulate its life cycle *System Design Goals* No new prerequisites are required to be installed or managed. i.e. No database prerequisite No new user repository is required beyond what the host system is configured to use. PAM The authorization scheme will work with read only user repositories. Authorization information will be portable. ie. If a VM is moved from one kimchi host to another, the new host is immediately aware of the security constraints. The system is secure. A user will not be able discover the REST API and invoke actions directly without authorization. Kimchi managed resources can still be managed by other KVM tools, and returned to Kimchi without loss of function. Kimchi 1.2 authorization design is extensible to cover arbitrarily fine grained constraints *Kimchi 1.2 Proposal* Users in the sudo (admin) group would continue having full access to all Kimchi functions. Users not in the sudo (admin) group would only have access to VMs that they are authorized to use. A VM user could have one of two roles on a given VM admin - user has access to all VM actions on the individual VM user - user has access to power on, power off, reboot, snapshot, VNC/Spice as appropriate on the individual VM Group/role mapping will be stored in the <metadata> element of the VM Domain XML. If the VM is migrated to a new host, the metadata will go with it. *Algorithm* Login: If the user is a member of the sudo (admin) group grant all permissions and render the full Kimchi UI as today else enumerate all the groups the user is a member of, including groups of groups recursively for each VM determine the highest role available to the user by the various groups he is a member of render the kimchi frame with only a list of the authorized VMs, each with the appropriate actions If none, render the empty list *Kimchi 1.2+ Extensibilty *How can the 1.2 proposal be extended in future Kimchi versions as needed? * Resource ** * Other resources (network, storage) can use the same group/role authorization concept, relying on similar libvirt metadata for storage. Storage for the authorization mapping would have to be elsewhere for any resource libvirt has not defined metadata on. * Admin granularity* Additional roles can be introduced to allow some admins control over network while others control storage pools and volumes. Storage for these administration scoped roles would have to be defined and replicated for future cluster support. *Role granularity* Additional roles can be introduced beyond admin and user to allow more differentiation in what actions a specific group of users can access including custom administrator defined roles -- Adam King <rak at linux.vnet.ibm.com> IBM CSI

10 years, 3 months

3
2
0 / 0

[PATCH v3 0/3] Reorganize kimchi's path vars generation code

by Mark Wu

This series of patches reorganize kimchi's path vars generation code to allow plugin use kimchi s ui handler. Changes: v3: Rebase Only access the paths instance when the request is for html, which can avoid forcibly installing paths to the plugin which just have json requests. v2: Rebase Remove the optimization for plugin paths since it just have a few instantiations. Mark Wu (3): PEP8 cleanup and bug fix for src/kimchi/utils.py Reorganize the kimchi's paths gereneration code Add test cases for paths generation code Makefile.am | 1 + src/kimchi/cachebust.py | 4 +- src/kimchi/config.py.in | 155 +++++++++++++++++++----------------------------- src/kimchi/root.py | 7 ++- src/kimchi/server.py | 10 ++-- src/kimchi/template.py | 14 +++-- src/kimchi/utils.py | 15 ++--- src/kimchid.in | 7 ++- tests/test_config.py | 73 +++++++++++++++++++++++ 9 files changed, 168 insertions(+), 118 deletions(-) create mode 100644 tests/test_config.py -- 1.8.4.2

10 years, 3 months

2
6
0 / 0

[PATCH v4 0/2] Change all CSS files indentation to 4 spaces

by Crístian Viana

This is the difference between this and the previous patchset (v3): - Limit line length to 79 characters instead of 80, according to the PEP8 specification. Even though PEP8 rules are meant to be applied for Python code, it is better if we can reuse the same ones (when applicable). Crístian Viana (2): CSS: Do not allow lines longer than 79 characters CSS: Change all CSS files indentation to 4 spaces ui/css/theme-default/button.css | 167 ++++++++++++++++++++---------- ui/css/theme-default/error.css | 15 ++- ui/css/theme-default/grid.css | 36 ++++--- ui/css/theme-default/host.css | 6 +- ui/css/theme-default/jquery-ui.custom.css | 27 +++-- ui/css/theme-default/line-chart.css | 6 +- ui/css/theme-default/list.css | 15 ++- ui/css/theme-default/nav-tree.css | 12 ++- ui/css/theme-default/network.css | 12 ++- ui/css/theme-default/popover.css | 39 ++++--- ui/css/theme-default/report-add.css | 3 +- ui/css/theme-default/reset.css | 8 +- ui/css/theme-default/storage.css | 18 ++-- ui/css/theme-default/template-edit.css | 9 +- ui/css/theme-default/template_add.css | 20 ++-- ui/css/theme-default/template_list.css | 24 +++-- ui/css/theme-default/toolbar.css | 6 +- ui/css/theme-default/topbar.css | 29 ++++-- ui/css/theme-default/window.css | 3 +- 19 files changed, 296 insertions(+), 159 deletions(-) -- 1.8.4.2

10 years, 3 months

2
5
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Kimchi-devel January 2014