On 04/16/2014 04:29 PM, Daniel Barboza wrote:
From: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>
The file src/kimchi/proxy.py is a module that contains all Nginx related functions - start proxy, terminate proxy and create proxy config.
src/nginx.conf.in is a template file that is used by the proxy module to generate a customized proxy configuration.
Signed-off-by: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com> --- src/kimchi/proxy.py | 107 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/nginx.conf.in | 55 +++++++++++++++++++++++++++ 2 files changed, 162 insertions(+) create mode 100644 src/kimchi/proxy.py create mode 100644 src/nginx.conf.in
diff --git a/src/kimchi/proxy.py b/src/kimchi/proxy.py new file mode 100644 index 0000000..23944ea --- /dev/null +++ b/src/kimchi/proxy.py @@ -0,0 +1,107 @@ +#!/usr/bin/python +# +# Project Kimchi +# +# Copyright IBM, Corp. 2014 +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, +# MA 02110-1301 USA + +# This module contains functions that the manipulate +# and configure the Nginx proxy. + +import os +import pwd
+import sslcert
sslcert is a kimchi module so we should import it as: from kimchi import sslcert I can update it before applying
+import subprocess +from string import Template + +import kimchi.config +from kimchi.config import config, paths + + +def _create_proxy_config(p_port, k_port, p_ssl_port, cert, key): + """Create nginx configuration file based on current ports config + + To allow flexibility in which port kimchi runs, we need the same + flexibility with the nginx proxy. This method creates the config + file dynamically by using 'nginx.conf.in' as a template, creating + the file 'nginx_kimchi.config' which will be used to launch the + proxy. + + Arguments: + p_port - proxy port + k_port - kimchid port + p_ssl_port - proxy SSL port + cert - cert file specified by user config + key - key file specified by user config + """ + + # User that will run the worker process of the proxy. Fedora, + # RHEL and Suse creates an user called 'nginx' when installing + # the proxy. Ubuntu creates an user 'www-data' for it. + user_proxy = 'nginx' + try: + pwd.getpwnam(user_proxy) + except KeyError: + user_proxy = 'www-data' + + # No certificates specified by the user + if not cert or not key: + config_dir = paths.conf_dir + cert = '%s/kimchi-cert.pem' % config_dir + key = '%s/kimchi-key.pem' % config_dir + # create cert files if they don't exist + if not os.path.exists(cert) or not os.path.exists(key): + ssl_gen = sslcert.SSLCert() + with open(cert, "w") as f: + f.write(ssl_gen.cert_pem()) + with open(key, "w") as f: + f.write(ssl_gen.key_pem()) + + # Read template file and create a new config file + # with the specified parameters. + with open(os.path.join(config_dir, "nginx.conf.in")) as template: + data = template.read() + data = Template(data) + data = data.safe_substitute(user=user_proxy, + proxy_port=p_port, + kimchid_port=k_port, + proxy_ssl_port=p_ssl_port, + cert_pem=cert, cert_key=key) + + # Write file to be used for nginx. + config_file = open(os.path.join(config_dir, "nginx_kimchi.conf"), "w") + config_file.write(data) + config_file.close() + + +def start_proxy(options): + """Start nginx reverse proxy.""" + _create_proxy_config(options.proxy_port, + options.port, + options.proxy_ssl_port, + options.ssl_cert, + options.ssl_key) + config_dir = paths.conf_dir + config_file = "%s/nginx_kimchi.conf" % config_dir + cmd = ['nginx', '-c', config_file] + subprocess.call(cmd) + + +def terminate_proxy(): + """Stop nginx process.""" + term_proxy_cmd = ['nginx', '-s', 'stop'] + subprocess.call(term_proxy_cmd) diff --git a/src/nginx.conf.in b/src/nginx.conf.in new file mode 100644 index 0000000..967b46b --- /dev/null +++ b/src/nginx.conf.in @@ -0,0 +1,55 @@ +# Project Kimchi +# +# Copyright IBM, Corp. 2014 +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 USA + + +# This is a template file to be used to generate a nginx +# proxy config file at kimchid script. + +user $user; +worker_processes 1; + +error_log /var/log/nginx/error.log; + +events { + worker_connections 1024; +} + + +http { + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + + server { + listen $proxy_port; + listen $proxy_ssl_port ssl; + ssl_certificate $cert_pem; + ssl_certificate_key $cert_key; + + location / { + proxy_pass http://localhost:$kimchid_port; + proxy_set_header Host $host; + } + } +}