[Kimchi-devel] [PATCH v6 0/4] Github #329: Kimchi must not run as root

Aline Manera alinefm at linux.vnet.ibm.com
Thu Apr 17 02:06:14 UTC 2014 

Reviewed-by: Aline Manera <alinefm at linux.vnet.ibm.com>

Just a minor comment in patch 1 that I can fixed before applying.

On 04/16/2014 04:29 PM, Daniel Barboza wrote:
> From: Daniel Henrique Barboza <danielhb at linux.vnet.ibm.com>
>
> New in v6:
> - Moved the SSL logic from server.py to proxy.py
> - server.py is now responsible to launch the proxy
> - removed references of 'ssl_port'
>
> New in v5:
> - fixes to VNC connection
> - fixes to unit tests
> - obscuring kimchid port by making it localhost only
> - launhing nginx proxy in unit tests
>
>
> New in v4:
> - added a new module with all nginx-related methods
> - added DEBIAN entries
> - other fixes proposed by Aline
>
> After reading the comments from Zhou Zheng Sheng, I simplified
> the work I did in version 2 to run only one cherrypy process
> instead of two processes, one for frontend and another for the
> backend. Nginx is still being used as a reverse proxy to allow
> kimchid to run as root, but not being exposed to the outside.
>
> As Zhou mentioned, it is to little avail to run frontend and
> backend separately if the exposed port is running by the
> reverse proxy anyway. He mentioned the RPC approach as a best
> long-term approach, which I agree. We can solve this issue right
> now and the work in a more suitable solution, such as RPC, and
> then ditch nginx.
>
> Daniel Henrique Barboza (4):
>    Github #329: Proxy module and template file
>    Github #329: Kimchid, config.py.in and server.py changes
>    Github #329: changes in mockmodel, model/config and tests
>    Github #329: .gitignore, spec, control.in and readme
>
>   .gitignore                    |   1 +
>   Makefile.am                   |   2 +
>   contrib/DEBIAN/control.in     |   3 +-
>   contrib/kimchi.spec.fedora.in |   2 +
>   contrib/kimchi.spec.suse.in   |   2 +
>   docs/README.md                |   4 +-
>   src/Makefile.am               |   3 +-
>   src/kimchi/config.py.in       |   5 +-
>   src/kimchi/mockmodel.py       |   2 +-
>   src/kimchi/model/config.py    |   2 +-
>   src/kimchi/proxy.py           | 107 ++++++++++++++++++++++++++++++++++++++++++
>   src/kimchi/server.py          |  44 +++++------------
>   src/kimchid.in                |  44 ++++++++++++-----
>   src/nginx.conf.in             |  55 ++++++++++++++++++++++
>   tests/test_rest.py            |   8 ++--
>   tests/utils.py                |  10 +++-
>   16 files changed, 238 insertions(+), 56 deletions(-)
>   create mode 100644 src/kimchi/proxy.py
>   create mode 100644 src/nginx.conf.in
>

More information about the Kimchi-devel mailing list