RFC: Design of the authentication in Kimchi
by Wen Wang
Hi all,
Due to the fact that Kimchi needs authentication feature to be designed.
I an posting my point of view below of how I thought about doing it,
including how I plan doing it in the front-end and request for help for
the back end support.
Kimchi changed to a traditional login patten in last release that makes
Kimchi more secure to use. It Before login, the front-end can hardly get
any html information before user actually login. As we discussed, root
user will have full access to Kimchi whereas the non-root user will have
restricted privileges. It will be easier and more decent to show the
proper tabs to certain users that distinguished by the back-end. Now the
tabs are generated by an xml file generated from the back-end that show
all 5 tabs. We probably need to have the '*Host*' and '*template*'
tab_removed_ for non-root users, which is recommended to be done in the
back-end.
Also there need to be information provided to the front-end like the
user-name, user-role as well as user-group, etc. that indicate user
identity after login. The browser need the information to give certain
privileges to certain users and disable the unnecessary functions. My
suggestion is to have these 3 parameters passed: ***user-name,
user-role* as well as *user-group*. There is a better extendibility to
user the user-role other than isRoot so that we can define more roles in
the future. As fact that we have only defined two roles now, the
user-role parameter can be divided into root and guest based on user is
root or non-root. These message can get from *sessiondada*, *cookie *or
passed according to a query. the way passing the info of the user is
still under discussion. Request for your advises.
Best Regards
Wang Wen
9 years, 9 months
[RFC] Improve task management for kimchi
by Wen Wang
Dear all,
*
**Problems:*
Now our strategy for long time operation is using task which the
browser needs to check up-to-date task status time by time until the
task ends. It's time consuming and less efficient. Also there exists
several problems when locating each task when doing debug generating and
storage pool as well as some new features that might use task strategy
in the future.
*Solution*:
As talked with Sheldon and Zhengsheng, we came up with a solution that
avoid browser checking status every 200ms. Also, we might need some more
labels in each task to provide more information when getting the task
like we might need to indicate which operation triggered certain task.
What's in our mind is to use the strategy that allow the server inform
browser about the task information. Our proposal is designed as follows.
1) Browser needs to register to the back end to indicate which part the
result needs to reply to when the task finished.
2) The back end use broker to manage message distribution: when a task
is finished or experiencing an error, back end inform the browser
certain part of work is finished or error.
3) Using websocket of cherrypy to accomplish the message transfer.
Best Regards
Wang Wen
9 years, 9 months
RFC: smt support
by Christy Perez
Quick poll for adding support for
<cpu>
<topology sockets='1' cores='2' threads='1'/>
</cpu>
I know it would be nice to let users add it on a per-vm basis, but maybe
it might be something that we'd rather just leave in the template only.
Having it in the template only seems simpler when thinking about UI
design, imo, but I'd love to hear what everyone else thinks.
Thanks,
- Christy
9 years, 9 months
[PATCH v2] Add SUSE's products
by Dinar valeev
From: Dinar Valeev <dvaleev(a)suse.com>
Add SLES 12 information and set openSUSE's version to 13.1
Signed-off-by: Dinar Valeev <dvaleev(a)suse.com>
---
src/kimchi/isoinfo.py | 1 +
src/kimchi/osinfo.py | 7 +++++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/kimchi/isoinfo.py b/src/kimchi/isoinfo.py
index b7315e0..c394a32 100644
--- a/src/kimchi/isoinfo.py
+++ b/src/kimchi/isoinfo.py
@@ -95,6 +95,7 @@ iso_dir = [
'|HRM_CENA_X64CHKV|HRM_CPRA_X64FREV|HRM_CPRNA_X64FREV')),
('sles', '10', 'SLES10|SUSE-Linux-Enterprise-Server.001'),
('sles', '11', 'SUSE_SLES-11-0-0'),
+ ('sles', '12', 'SLE-12'),
('sles', lambda m: "11sp%s" % m.group(1), 'SLES-11-SP(\d+)'),
('opensuse', lambda m: m.group(1), 'openSUSE[ -](\d+\.\d+)'),
('opensuse', '11.1', 'SU1110.001'),
diff --git a/src/kimchi/osinfo.py b/src/kimchi/osinfo.py
index 093feca..0cf005e 100644
--- a/src/kimchi/osinfo.py
+++ b/src/kimchi/osinfo.py
@@ -58,9 +58,12 @@ template_specs = {'x86': {'old': dict(common_spec, disk_bus='ide',
modern_version_bases = {'x86': {'debian': '6.0', 'ubuntu': '7.10',
'opensuse': '10.3', 'centos': '5.3',
- 'rhel': '6.0', 'fedora': '16', 'gentoo': '0'},
+ 'rhel': '6.0', 'fedora': '16', 'gentoo': '0',
+ 'sles': '11', 'sles': '12'},
'power': {'rhel': '7.0', 'fedora': '19',
- 'ubuntu': '14.04'}}
+ 'ubuntu': '14.04',
+ 'opensuse': '13.1',
+ 'sles': '12'}}
icon_available_distros = [icon[5:-4] for icon in glob.glob1('%s/images/'
% paths.ui_dir, 'icon-*.png')]
--
1.8.4.5
9 years, 9 months
[PATCH] Fix create vm disk params
by lvroyce@linux.vnet.ibm.com
From: Royce Lv <lvroyce(a)linux.vnet.ibm.com>
When creating vm on SCSI/iSCSI pools, volume needs to be specified.
API.md and doc need to be updated.
Signed-off-by: Royce Lv <lvroyce(a)linux.vnet.ibm.com>
---
docs/API.md | 1 +
src/kimchi/API.json | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/docs/API.md b/docs/API.md
index 4f51dd0..7a3076b 100644
--- a/docs/API.md
+++ b/docs/API.md
@@ -183,6 +183,7 @@ Represents a snapshot of the Virtual Machine's primary monitor.
(either *size* or *volume* must be specified):
* index: The device index
* size: The device size in GB
+ * volume: LUN of SCSI or iSCSI storage.
* graphics *(optional)*: The graphics paramenters of this template
* type: The type of graphics. It can be VNC or spice or None.
diff --git a/src/kimchi/API.json b/src/kimchi/API.json
index 6d1324c..ea1eb61 100644
--- a/src/kimchi/API.json
+++ b/src/kimchi/API.json
@@ -381,7 +381,13 @@
"type": "number",
"minimum": 1,
"error": "KCHTMPL0022E"
+ },
+ "volume": {
+ "description": "LUN of SCSI or iSCSI storage",
+ "type": "string",
+ "minLength": 1
}
+
}
},
"minItems": 1,
--
1.8.3.2
9 years, 9 months
[PATCH 1/2] add SysV init scripts in centos6
by ssdxiao
now in centos6 has'nt the SysV init scripts, so add it to kimchi
Signed-off-by: Ding Xiao <ssdxiao(a)163.com>
---
contrib/kimchid.sysvinit.centos6 | 112 ++++++++++++++++++++++++++++++++++++++
1 files changed, 112 insertions(+), 0 deletions(-)
create mode 100644 contrib/kimchid.sysvinit.centos6
diff --git a/contrib/kimchid.sysvinit.centos6 b/contrib/kimchid.sysvinit.centos6
new file mode 100644
index 0000000..ba4adff
--- /dev/null
+++ b/contrib/kimchid.sysvinit.centos6
@@ -0,0 +1,112 @@
+#! /bin/sh
+#
+#kimchid Kimchi Web Server
+#
+#
+# Author: Ding Xiao <ssdxiao(a)163.com>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+#
+### BEGIN INIT INFO
+# Provides: kimchid
+# Required-Start: libvirtd
+# Required-Stop:
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Description: Start the kimchid daemon
+### END INIT INFO
+
+. /etc/rc.d/init.d/functions
+
+prog="kimchid"
+exec="/usr/bin/kimchid"
+pidfile="/var/run/kimchi.pid"
+
+
+lockfile=/var/lock/subsys/$prog
+
+start() {
+ [ -x $exec ] || exit 5
+ echo -n $"Starting $prog: "
+ daemon --user root --pidfile $pidfile "$exec &>/dev/null & echo \$! > $pidfile"
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && touch $lockfile
+ return $retval
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ killproc -p $pidfile $prog
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && rm -f $lockfile
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+reload() {
+ restart
+}
+
+force_reload() {
+ restart
+}
+
+rh_status() {
+ status -p $pidfile $prog
+}
+
+rh_status_q() {
+ rh_status >/dev/null 2>&1
+}
+
+
+case "$1" in
+ start)
+ rh_status_q && exit 0
+ $1
+ ;;
+ stop)
+ rh_status_q || exit 0
+ $1
+ ;;
+ restart)
+ $1
+ ;;
+ reload)
+ rh_status_q || exit 7
+ $1
+ ;;
+ force-reload)
+ force_reload
+ ;;
+ status)
+ rh_status
+ ;;
+ condrestart|try-restart)
+ rh_status_q || exit 0
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+ exit 2
+esac
+exit $?
+
--
1.7.1
9 years, 10 months
[PATCH v2 1/2] UI changes to allow underscore in debug report name.
by Christy Perez
New message on the debug report creation screen now says that
underscore ('_') characters are allowed, as well as
hyphens ('-').
Signed-off-by: Christy Perez <christy(a)linux.vnet.ibm.com>
---
po/en_US.po | 12 ++++++------
po/pt_BR.po | 13 ++++++-------
po/zh_CN.po | 12 ++++++------
src/kimchi/API.json | 2 +-
src/kimchi/i18n.py | 2 +-
ui/js/src/kimchi.report_add_main.js | 2 +-
ui/pages/i18n.json.tmpl | 2 +-
ui/pages/report-add.html.tmpl | 2 +-
8 files changed, 23 insertions(+), 24 deletions(-)
diff --git a/po/en_US.po b/po/en_US.po
index 7b66eb2..933d4eb 100644
--- a/po/en_US.po
+++ b/po/en_US.po
@@ -703,9 +703,9 @@ msgid "You should give a name for the debug file report."
msgstr "You should give a name for the debug file report."
msgid ""
-"Name should be a string. Only letters, digits and hyphen ('-') are allowed."
+"Name should be a string. Only letters, digits, underscore ('_') and hyphen ('-') are allowed."
msgstr ""
-"Name should be a string. Only letters, digits and hyphen ('-') are allowed."
+"Name should be a string. Only letters, digits, underscore ('_') and hyphen ('-') are allowed."
#, python-format
msgid ""
@@ -1317,8 +1317,8 @@ msgstr "Rename"
msgid "Download"
msgstr "Download"
-msgid "Report name should contain only letters, digits and/or hyphen ('-')."
-msgstr "Report name should contain only letters, digits and/or hyphen ('-')."
+msgid "Report name should contain only letters, digits, underscore ('_') and/or hyphen ('-')."
+msgstr "Report name should contain only letters, digits, underscore ('_') and/or hyphen ('-')."
msgid "Pending..."
msgstr "Pending..."
@@ -1503,10 +1503,10 @@ msgstr "Report Name"
msgid ""
"The name used to identify the report. If omitted, a name will be chosen "
-"based on current time. Name can contain: letters, digits and hyphen (\"-\")."
+"based on current time. Name can contain: letters, digits, underscore ('_') and hyphen (\"-\")."
msgstr ""
"The name used to identify the report. If omitted, a name will be chosen "
-"based on current time. Name can contain: letters, digits and hyphen (\"-\")."
+"based on current time. Name can contain: letters, digits, underscore ('_') and hyphen (\"-\")."
msgid "Add a Repository"
msgstr "Add a Repository"
diff --git a/po/pt_BR.po b/po/pt_BR.po
index b0884b4..adcfd11 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -748,10 +748,9 @@ msgid "You should give a name for the debug file report."
msgstr "Você deve dar um nome para o arquivo do relatório de debug."
msgid ""
-"Name should be a string. Only letters, digits and hyphen ('-') are allowed."
+"Name should be a string. Only letters, digits, underscore ('_') and hyphen ('-') are allowed."
msgstr ""
-"Nome deve ser uma string. Somente letras, digitos e hífem ('-') são "
-"permitidos."
+"Nome deve ser uma string. Somente letras, digitos, sublinhar ('_') e hífem ('-') são permitidos."
#, python-format
msgid ""
@@ -1382,8 +1381,8 @@ msgstr "Renomear"
msgid "Download"
msgstr "Baixar"
-msgid "Report name should contain only letters, digits and/or hyphen ('-')."
-msgstr "Nome do relatório deve apenas conter letras, números e/ou hífen ('-')."
+msgid "Report name should contain only letters, digits, underscore ('_') and/or hyphen ('-')."
+msgstr "Nome do relatório deve apenas conter letras, números, sublinhar ('_') e/ou hífen ('-')."
msgid "Pending..."
msgstr "Pendente..."
@@ -1568,10 +1567,10 @@ msgstr "Nome do Relatório"
msgid ""
"The name used to identify the report. If omitted, a name will be chosen "
-"based on current time. Name can contain: letters, digits and hyphen (\"-\")."
+"based on current time. Name can contain: letters, digits, underscore ('_') and hyphen (\"-\")."
msgstr ""
"Se o nome do relatório for omitido, será escolhido um nome baseado no "
-"horário atual. O nome pode conter: letras, números e hífen ('-')."
+"horário atual. O nome pode conter: letras, números, sublinhar ('_') e hífen ('-')."
msgid "Add a Repository"
msgstr "Adicionar um Repositório"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 272dd51..a3b5dcb 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -680,8 +680,8 @@ msgid "You should give a name for the debug file report."
msgstr "应该为诊断文件报告指定一个名字。"
msgid ""
-"Name should be a string. Only letters, digits and hyphen ('-') are allowed."
-msgstr "名字必须是一个字符串。只允许字母、数字和连字符 ('-')。"
+"Name should be a string. Only letters, digits, underscore ('_') and hyphen ('-') are allowed."
+msgstr "名字必须是一个字符串。只允许字母、下划线 ('_') 数字和连字符 ('-')。"
#, python-format
msgid ""
@@ -1270,8 +1270,8 @@ msgstr "重命名"
msgid "Download"
msgstr "下载"
-msgid "Report name should contain only letters, digits and/or hyphen ('-')."
-msgstr "报告名字中只能包含字母、数字或连字符(-)。"
+msgid "Report name should contain only letters, digits, underscore ('_') and/or hyphen ('-')."
+msgstr "报告名字中只能包含字母、下划线 ('_') 数字或连字符(-)。"
msgid "Pending..."
msgstr "正在加载..."
@@ -1441,10 +1441,10 @@ msgstr "诊断报告名"
msgid ""
"The name used to identify the report. If omitted, a name will be chosen "
-"based on current time. Name can contain: letters, digits and hyphen (\"-\")."
+"based on current time. Name can contain: letters, digits, underscore ('_') and hyphen (\"-\")."
msgstr ""
"名字用来标识诊断报告。如果省略,将会基于当前时间生成一个新名字。名字中可以包"
-"含字母、数字和连字符(-)"
+"含字母、下划线 ('_') 数字和连字符(-)"
msgid "Add a Repository"
msgstr "增加一个软件仓库"
diff --git a/src/kimchi/API.json b/src/kimchi/API.json
index 6d1324c..d635d2c 100644
--- a/src/kimchi/API.json
+++ b/src/kimchi/API.json
@@ -36,7 +36,7 @@
"name": {
"description": "The name for the debug report file.",
"type": "string",
- "pattern": "^[A-Za-z0-9-]*$",
+ "pattern": "^[_A-Za-z0-9-]*$",
"error": "KCHDR0007E"
}
}
diff --git a/src/kimchi/i18n.py b/src/kimchi/i18n.py
index 91684b6..0c76145 100644
--- a/src/kimchi/i18n.py
+++ b/src/kimchi/i18n.py
@@ -206,7 +206,7 @@
"KCHDR0004E": _("Can not find any generated debug report matching name %(name)s"),
"KCHDR0005E": _("Unable to generate debug report %(name)s. Details: %(err)s"),
"KCHDR0006E": _("You should give a name for the debug file report."),
- "KCHDR0007E": _("Name should be a string. Only letters, digits and hyphen ('-') are allowed."),
+ "KCHDR0007E": _("Name should be a string. Only letters, digits, underscore ('_') and hyphen ('-') are allowed."),
"KCHDR0008E": _("The debug report with specified name \"%(name)s\" already exists. Please use another one."),
"KCHSR0001E": _("Storage server %(server)s was not used by Kimchi"),
diff --git a/ui/js/src/kimchi.report_add_main.js b/ui/js/src/kimchi.report_add_main.js
index 43484f5..f64b879 100644
--- a/ui/js/src/kimchi.report_add_main.js
+++ b/ui/js/src/kimchi.report_add_main.js
@@ -41,7 +41,7 @@ kimchi.report_add_main = function() {
return false;
}
var reportName = nameTextbox.val();
- var validator = RegExp("^[A-Za-z0-9-]*$");
+ var validator = RegExp("^[_A-Za-z0-9-]*$");
if (!validator.test(reportName)) {
kimchi.message.error.code('KCHDR6011M');
return false;
diff --git a/ui/pages/i18n.json.tmpl b/ui/pages/i18n.json.tmpl
index d765cf2..c6f4e8c 100644
--- a/ui/pages/i18n.json.tmpl
+++ b/ui/pages/i18n.json.tmpl
@@ -113,7 +113,7 @@
"KCHDR6008M": "$_("Rename")",
"KCHDR6009M": "$_("Remove")",
"KCHDR6010M": "$_("Download")",
- "KCHDR6011M": "$_("Report name should contain only letters, digits and/or hyphen ('-').")",
+ "KCHDR6011M": "$_("Report name should contain only letters, digits, underscore ('_') and/or hyphen ('-').")",
"KCHDR6012M": "$_("Pending...")",
"KCHVM6001M": "$_("This will delete the virtual machine and its virtual disks. This operation cannot be undone. Would you like to continue?")",
diff --git a/ui/pages/report-add.html.tmpl b/ui/pages/report-add.html.tmpl
index b7209fe..74ef313 100644
--- a/ui/pages/report-add.html.tmpl
+++ b/ui/pages/report-add.html.tmpl
@@ -35,7 +35,7 @@
</h2>
<div class="field">
<span>
- $_("The name used to identify the report. If omitted, a name will be chosen based on current time. Name can contain: letters, digits and hyphen (\"-\").")
+ $_("The name used to identify the report. If omitted, a name will be chosen based on current time. Name can contain: letters, digits, underscore (\"_\") and hyphen (\"-\").")
</span>
<input type="text" class="text" id="report-name-textbox" name="name" />
</div>
--
1.9.3
9 years, 10 months
[RFC]Create VM from image
by Royce Lv
Currently kimchi just support create a vm from an ISO defined template.
This requires duplicate installation.
This release we want to support create a vm from an installed image.
This involves the following change:
1. Create a template from an image:
POST /templates/template-1
{'base': 'abs_base_img_path'}
Implementation:
(1)probe image os distro and version to get suggested config.
(2)Avoid image to be deleted.
(3)Avoid using ISO and base image at the same time.
2. Create a vm from image based template:
This part has already been covered by Aline's prototype patch.
POST /vms/vm-1
{'storagepool': 'default', 'network': 'default',
'disks':[{'index':0, 'base': 'abs_path'}]}
or
{'storagepool': 'default', 'network': 'default',
'disks':[{'index':0, 'base': 'abs_path', 'volume': 'scsi_volume'}]}
The create vm implementation need to be re-considered for the
following points:
(1) when creating vm on scsi/iscsi pool, if volume size smaller
than original image, need to be rejected.
(2) when creating vm on directory based pool, volume generating
logic is different with allocation new volume.
(2) xml generating need to be refactored.
Anything else need to be considered, welcome your comments.
9 years, 10 months
[PATCH] Add SUSE's products
by Dinar valeev
From: Dinar Valeev <dvaleev(a)suse.com>
Add SLES 12 information and set openSUSE's version to 13.1
Signed-off-by: Dinar Valeev <dvaleev(a)suse.com>
---
src/kimchi/isoinfo.py | 1 +
src/kimchi/osinfo.py | 9 ++++++---
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/kimchi/isoinfo.py b/src/kimchi/isoinfo.py
index b7315e0..c394a32 100644
--- a/src/kimchi/isoinfo.py
+++ b/src/kimchi/isoinfo.py
@@ -95,6 +95,7 @@ iso_dir = [
'|HRM_CENA_X64CHKV|HRM_CPRA_X64FREV|HRM_CPRNA_X64FREV')),
('sles', '10', 'SLES10|SUSE-Linux-Enterprise-Server.001'),
('sles', '11', 'SUSE_SLES-11-0-0'),
+ ('sles', '12', 'SLE-12'),
('sles', lambda m: "11sp%s" % m.group(1), 'SLES-11-SP(\d+)'),
('opensuse', lambda m: m.group(1), 'openSUSE[ -](\d+\.\d+)'),
('opensuse', '11.1', 'SU1110.001'),
diff --git a/src/kimchi/osinfo.py b/src/kimchi/osinfo.py
index 093feca..9e8b62e 100644
--- a/src/kimchi/osinfo.py
+++ b/src/kimchi/osinfo.py
@@ -57,10 +57,13 @@ template_specs = {'x86': {'old': dict(common_spec, disk_bus='ide',
modern_version_bases = {'x86': {'debian': '6.0', 'ubuntu': '7.10',
- 'opensuse': '10.3', 'centos': '5.3',
- 'rhel': '6.0', 'fedora': '16', 'gentoo': '0'},
+ 'opensuse': '13.1', 'centos': '5.3',
+ 'rhel': '6.0', 'fedora': '16', 'gentoo': '0',
+ 'sles': '12'},
'power': {'rhel': '7.0', 'fedora': '19',
- 'ubuntu': '14.04'}}
+ 'ubuntu': '14.04',
+ 'opensuse': '13.1',
+ 'sles': '12'}}
icon_available_distros = [icon[5:-4] for icon in glob.glob1('%s/images/'
% paths.ui_dir, 'icon-*.png')]
--
1.8.4.5
9 years, 10 months
RFC: Security Model & UI Design
by Yu Xin Huo
*Security Strategy:*
1. Only handle existing linux users and groups, kimchi is positioned to
be a virtualization console, will not handle user management which is
host level admin.
2. Two levels of privileges
root users: console settings and virtualization resources
management
full access to 'Host', 'Guests', 'Templates',
'Storage', 'Network'
all root users can see all the guests, templates,
storage pools and volumes, networks no matter who created it
for created VMs, assign to non-root users with
either an admin or user role
non-root users: manage or use VMs assigned to them
admin role: edit & delete their VMs
user role: start, stop, vnc their VMs
they only have access to 'Guests' tab
In 'Guests' tab, only list VMs that they have an
admin or user role
*UI Design:*
root users:
all current UI will be available.
for create a VM, add a section to add users with admin or user role
for edit a VM, also has a section for add/remove/change users'
access
non-root users:
As only one 'Guest' tab, remove tabs bar and the '+' bar
Only list VMs that they have a role on
If the user have 'admin' role, then all current actions available
if the user have 'user' role, then only actions 'start',
'stop', 'vnc' available
9 years, 10 months