On 04/16/2014 04:29 PM, Daniel Barboza wrote:
From: Daniel Henrique Barboza <danielhb(a)linux.vnet.ibm.com>
The file src/kimchi/proxy.py is a module that contains all Nginx
related functions - start proxy, terminate proxy and create
proxy config.
src/nginx.conf.in is a template file that is used by the proxy
module to generate a customized proxy configuration.
Signed-off-by: Daniel Henrique Barboza <danielhb(a)linux.vnet.ibm.com>
---
src/kimchi/proxy.py | 107 ++++++++++++++++++++++++++++++++++++++++++++++++++++
src/nginx.conf.in | 55 +++++++++++++++++++++++++++
2 files changed, 162 insertions(+)
create mode 100644 src/kimchi/proxy.py
create mode 100644 src/nginx.conf.in
diff --git a/src/kimchi/proxy.py b/src/kimchi/proxy.py
new file mode 100644
index 0000000..23944ea
--- /dev/null
+++ b/src/kimchi/proxy.py
@@ -0,0 +1,107 @@
+#!/usr/bin/python
+#
+# Project Kimchi
+#
+# Copyright IBM, Corp. 2014
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301 USA
+
+# This module contains functions that the manipulate
+# and configure the Nginx proxy.
+
+import os
+import pwd
+import sslcert
sslcert is a kimchi module so we should import it as:
from kimchi import sslcert
I can update it before applying
+import subprocess
+from string import Template
+
+import kimchi.config
+from kimchi.config import config, paths
+
+
+def _create_proxy_config(p_port, k_port, p_ssl_port, cert, key):
+ """Create nginx configuration file based on current ports config
+
+ To allow flexibility in which port kimchi runs, we need the same
+ flexibility with the nginx proxy. This method creates the config
+ file dynamically by using 'nginx.conf.in' as a template, creating
+ the file 'nginx_kimchi.config' which will be used to launch the
+ proxy.
+
+ Arguments:
+ p_port - proxy port
+ k_port - kimchid port
+ p_ssl_port - proxy SSL port
+ cert - cert file specified by user config
+ key - key file specified by user config
+ """
+
+ # User that will run the worker process of the proxy. Fedora,
+ # RHEL and Suse creates an user called 'nginx' when installing
+ # the proxy. Ubuntu creates an user 'www-data' for it.
+ user_proxy = 'nginx'
+ try:
+ pwd.getpwnam(user_proxy)
+ except KeyError:
+ user_proxy = 'www-data'
+
+ # No certificates specified by the user
+ if not cert or not key:
+ config_dir = paths.conf_dir
+ cert = '%s/kimchi-cert.pem' % config_dir
+ key = '%s/kimchi-key.pem' % config_dir
+ # create cert files if they don't exist
+ if not os.path.exists(cert) or not os.path.exists(key):
+ ssl_gen = sslcert.SSLCert()
+ with open(cert, "w") as f:
+ f.write(ssl_gen.cert_pem())
+ with open(key, "w") as f:
+ f.write(ssl_gen.key_pem())
+
+ # Read template file and create a new config file
+ # with the specified parameters.
+ with open(os.path.join(config_dir, "nginx.conf.in")) as template:
+ data = template.read()
+ data = Template(data)
+ data = data.safe_substitute(user=user_proxy,
+ proxy_port=p_port,
+ kimchid_port=k_port,
+ proxy_ssl_port=p_ssl_port,
+ cert_pem=cert, cert_key=key)
+
+ # Write file to be used for nginx.
+ config_file = open(os.path.join(config_dir, "nginx_kimchi.conf"),
"w")
+ config_file.write(data)
+ config_file.close()
+
+
+def start_proxy(options):
+ """Start nginx reverse proxy."""
+ _create_proxy_config(options.proxy_port,
+ options.port,
+ options.proxy_ssl_port,
+ options.ssl_cert,
+ options.ssl_key)
+ config_dir = paths.conf_dir
+ config_file = "%s/nginx_kimchi.conf" % config_dir
+ cmd = ['nginx', '-c', config_file]
+ subprocess.call(cmd)
+
+
+def terminate_proxy():
+ """Stop nginx process."""
+ term_proxy_cmd = ['nginx', '-s', 'stop']
+ subprocess.call(term_proxy_cmd)
diff --git a/src/nginx.conf.in b/src/nginx.conf.in
new file mode 100644
index 0000000..967b46b
--- /dev/null
+++ b/src/nginx.conf.in
@@ -0,0 +1,55 @@
+# Project Kimchi
+#
+# Copyright IBM, Corp. 2014
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 USA
+
+
+# This is a template file to be used to generate a nginx
+# proxy config file at kimchid script.
+
+user $user;
+worker_processes 1;
+
+error_log /var/log/nginx/error.log;
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+
+ log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent"
"$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+
+ server {
+ listen $proxy_port;
+ listen $proxy_ssl_port ssl;
+ ssl_certificate $cert_pem;
+ ssl_certificate_key $cert_key;
+
+ location / {
+ proxy_pass
http://localhost:$kimchid_port;
+ proxy_set_header Host $host;
+ }
+ }
+}