[Kimchi-devel] [PATCH v6 0/4] Github #329: Kimchi must not run as root
Aline Manera
alinefm at linux.vnet.ibm.com
Thu Apr 17 02:29:23 UTC 2014
I applied this patch set in a separated branch: wip
(https://github.com/kimchi-project/kimchi/tree/wip)
so anyone can have a try and check everything is working fine.
I plan to merge it to master tomorrow.
On 04/16/2014 04:29 PM, Daniel Barboza wrote:
> From: Daniel Henrique Barboza <danielhb at linux.vnet.ibm.com>
>
> New in v6:
> - Moved the SSL logic from server.py to proxy.py
> - server.py is now responsible to launch the proxy
> - removed references of 'ssl_port'
>
> New in v5:
> - fixes to VNC connection
> - fixes to unit tests
> - obscuring kimchid port by making it localhost only
> - launhing nginx proxy in unit tests
>
>
> New in v4:
> - added a new module with all nginx-related methods
> - added DEBIAN entries
> - other fixes proposed by Aline
>
> After reading the comments from Zhou Zheng Sheng, I simplified
> the work I did in version 2 to run only one cherrypy process
> instead of two processes, one for frontend and another for the
> backend. Nginx is still being used as a reverse proxy to allow
> kimchid to run as root, but not being exposed to the outside.
>
> As Zhou mentioned, it is to little avail to run frontend and
> backend separately if the exposed port is running by the
> reverse proxy anyway. He mentioned the RPC approach as a best
> long-term approach, which I agree. We can solve this issue right
> now and the work in a more suitable solution, such as RPC, and
> then ditch nginx.
>
> Daniel Henrique Barboza (4):
> Github #329: Proxy module and template file
> Github #329: Kimchid, config.py.in and server.py changes
> Github #329: changes in mockmodel, model/config and tests
> Github #329: .gitignore, spec, control.in and readme
>
> .gitignore | 1 +
> Makefile.am | 2 +
> contrib/DEBIAN/control.in | 3 +-
> contrib/kimchi.spec.fedora.in | 2 +
> contrib/kimchi.spec.suse.in | 2 +
> docs/README.md | 4 +-
> src/Makefile.am | 3 +-
> src/kimchi/config.py.in | 5 +-
> src/kimchi/mockmodel.py | 2 +-
> src/kimchi/model/config.py | 2 +-
> src/kimchi/proxy.py | 107 ++++++++++++++++++++++++++++++++++++++++++
> src/kimchi/server.py | 44 +++++------------
> src/kimchid.in | 44 ++++++++++++-----
> src/nginx.conf.in | 55 ++++++++++++++++++++++
> tests/test_rest.py | 8 ++--
> tests/utils.py | 10 +++-
> 16 files changed, 238 insertions(+), 56 deletions(-)
> create mode 100644 src/kimchi/proxy.py
> create mode 100644 src/nginx.conf.in
>
More information about the Kimchi-devel
mailing list