From: Daniel Henrique Barboza <danielhb(a)linux.vnet.ibm.com>
Two new config options were added in config.py.in - proxy_port
and proxy_ssl_port - to allow more control in the ports that
the proxy will bind. The defaults proxy ports are 8000 and
8001 (ssl) and default kimchid ports are 8010 and 8011. The
default proxy ports were chosen to avoid editing the existing
firewall configuration (now that nginx is process being exposed).
Kimchid creates the proxy configuration according to user-defined
parameters.
server.py registers the terminate_proxy() method to a cherrypy
engine that fires when the server is shut down.
Signed-off-by: Daniel Henrique Barboza <danielhb(a)linux.vnet.ibm.com>
---
src/kimchi/config.py.in | 6 ++++--
src/kimchi/server.py | 4 ++++
src/kimchid.in | 51 +++++++++++++++++++++++++++++++++++++++----------
3 files changed, 49 insertions(+), 12 deletions(-)
diff --git a/src/kimchi/config.py.in b/src/kimchi/config.py.in
index bddcb5c..1d540c0 100644
--- a/src/kimchi/config.py.in
+++ b/src/kimchi/config.py.in
@@ -231,8 +231,10 @@ def _get_config():
config = SafeConfigParser()
config.add_section("server")
config.set("server", "host", "0.0.0.0")
- config.set("server", "port", "8000")
- config.set("server", "ssl_port", "8001")
+ config.set("server", "port", "8010")
+ config.set("server", "ssl_port", "8011")
+ config.set("server", "proxy_port", "8000")
+ config.set("server", "proxy_ssl_port", "8001")
config.set("server", "ssl_cert", "")
config.set("server", "ssl_key", "")
config.set("server", "environment", "development")
diff --git a/src/kimchi/server.py b/src/kimchi/server.py
index 0d02868..6975c99 100644
--- a/src/kimchi/server.py
+++ b/src/kimchi/server.py
@@ -31,6 +31,7 @@ from kimchi import mockmodel
from kimchi import vnc
from kimchi.config import paths, KimchiConfig, PluginConfig
from kimchi.control import sub_nodes
+from kimchi.proxy import terminate_proxy
from kimchi.root import KimchiRoot
from kimchi.utils import get_enabled_plugins, import_class
@@ -137,6 +138,9 @@ class Server(object):
config=self.configObj)
self._load_plugins()
+ # Terminate proxy when cherrypy server is terminated
+ cherrypy.engine.subscribe('exit', terminate_proxy)
+
cherrypy.lib.sessions.init()
def _load_plugins(self):
diff --git a/src/kimchid.in b/src/kimchid.in
index 8b63b57..f158a2c 100644
--- a/src/kimchid.in
+++ b/src/kimchid.in
@@ -16,18 +16,21 @@
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301 USA
import logging
import os
import sys
sys.path.insert(1, '@pythondir@')
+from optparse import OptionParser
+
import kimchi.server
import kimchi.config
from kimchi.config import config, paths
-from optparse import OptionParser
+from kimchi.proxy import create_proxy_config, start_proxy
if not paths.installed:
sys.path.append(paths.prefix)
@@ -35,29 +38,57 @@ if not paths.installed:
ACCESS_LOG = "kimchi-access.log"
ERROR_LOG = "kimchi-error.log"
+
def main(options):
+ # Script must run as root or with sudo.
+ if not os.geteuid() == 0:
+ sys.exit("\nMust be root to run this script. Exiting ...\n")
+
host = config.get("server", "host")
port = config.get("server", "port")
ssl_port = config.get("server", "ssl_port")
+ proxy_port = config.get("server", "proxy_port")
+ proxy_ssl_port = config.get("server", "proxy_ssl_port")
runningEnv = config.get('server', 'environment')
logDir = config.get("logging", "log_dir")
logLevel = config.get("logging", "log_level")
parser = OptionParser()
- parser.add_option('--host', type="string", default=host,
help="Hostname to listen on")
- parser.add_option('--port', type="int", default=port,
help="Port to listen on")
- parser.add_option('--ssl-port', type="int", default=ssl_port,
help="Enable a SSL server on the given port")
- parser.add_option('--log-level', default=logLevel, help="Logging
level")
- parser.add_option('--access-log', default=os.path.join(logDir,ACCESS_LOG),
help="Access log file")
- parser.add_option('--error-log', default=os.path.join(logDir,ERROR_LOG),
help="Error log file")
- parser.add_option('--environment', default=runningEnv, help="Running
environment of kimchi server")
- parser.add_option('--test', action='store_true', help="Run
server in mock model")
+ parser.add_option('--host', type="string", default=host,
+ help="Hostname to listen on")
+ parser.add_option('--port', type="int", default=port,
+ help="Kimchid process listen port (default %s)" % port)
+ parser.add_option('--ssl-port', type="int", default=ssl_port,
+ help="Kimchid SSL port (default %s)" % ssl_port)
+ parser.add_option('--proxy-port', type="int", default=proxy_port,
+ help="Proxy port to listen on (default %s)" %
+ proxy_port)
+ parser.add_option('--proxy-ssl-port', type="int",
default=proxy_ssl_port,
+ help="Proxy port to enable SSL (default %s)" %
+ proxy_ssl_port)
+ parser.add_option('--log-level', default=logLevel,
+ help="Logging level")
+ parser.add_option('--access-log',
+ default=os.path.join(logDir, ACCESS_LOG),
+ help="Access log file")
+ parser.add_option('--error-log',
+ default=os.path.join(logDir, ERROR_LOG),
+ help="Error log file")
+ parser.add_option('--environment', default=runningEnv,
+ help="Running environment of kimchi server")
+ parser.add_option('--test', action='store_true',
+ help="Run server in mock model")
(options, args) = parser.parse_args()
# Add non-option arguments
setattr(options, 'ssl_cert', config.get('server',
'ssl_cert'))
setattr(options, 'ssl_key', config.get('server', 'ssl_key'))
+ # Launch reverse proxy: create config file and start.
+ create_proxy_config(options.proxy_port, options.port,
+ options.proxy_ssl_port, options.ssl_port)
+ start_proxy()
+
kimchi.server.main(options)
if __name__ == '__main__':
--
1.8.3.1