[Kimchi-devel] [PATCH v6 0/4] Github #329: Kimchi must not run as root

Daniel Barboza danielhb at linux.vnet.ibm.com
Wed Apr 16 19:29:48 UTC 2014 

From: Daniel Henrique Barboza <danielhb at linux.vnet.ibm.com>

New in v6:
- Moved the SSL logic from server.py to proxy.py
- server.py is now responsible to launch the proxy
- removed references of 'ssl_port'

New in v5:
- fixes to VNC connection 
- fixes to unit tests
- obscuring kimchid port by making it localhost only
- launhing nginx proxy in unit tests


New in v4:
- added a new module with all nginx-related methods
- added DEBIAN entries
- other fixes proposed by Aline

After reading the comments from Zhou Zheng Sheng, I simplified
the work I did in version 2 to run only one cherrypy process
instead of two processes, one for frontend and another for the
backend. Nginx is still being used as a reverse proxy to allow
kimchid to run as root, but not being exposed to the outside.

As Zhou mentioned, it is to little avail to run frontend and
backend separately if the exposed port is running by the
reverse proxy anyway. He mentioned the RPC approach as a best
long-term approach, which I agree. We can solve this issue right
now and the work in a more suitable solution, such as RPC, and
then ditch nginx.

Daniel Henrique Barboza (4):
  Github #329: Proxy module and template file
  Github #329: Kimchid, config.py.in and server.py changes
  Github #329: changes in mockmodel, model/config and tests
  Github #329: .gitignore, spec, control.in and readme

 .gitignore                    |   1 +
 Makefile.am                   |   2 +
 contrib/DEBIAN/control.in     |   3 +-
 contrib/kimchi.spec.fedora.in |   2 +
 contrib/kimchi.spec.suse.in   |   2 +
 docs/README.md                |   4 +-
 src/Makefile.am               |   3 +-
 src/kimchi/config.py.in       |   5 +-
 src/kimchi/mockmodel.py       |   2 +-
 src/kimchi/model/config.py    |   2 +-
 src/kimchi/proxy.py           | 107 ++++++++++++++++++++++++++++++++++++++++++
 src/kimchi/server.py          |  44 +++++------------
 src/kimchid.in                |  44 ++++++++++++-----
 src/nginx.conf.in             |  55 ++++++++++++++++++++++
 tests/test_rest.py            |   8 ++--
 tests/utils.py                |  10 +++-
 16 files changed, 238 insertions(+), 56 deletions(-)
 create mode 100644 src/kimchi/proxy.py
 create mode 100644 src/nginx.conf.in

-- 
1.8.3.1

More information about the Kimchi-devel mailing list