[Kimchi-devel] [PATCH][Wok] Bug fix #175: Do not generate nginx conf file on the fly

Ramon Medeiros ramonn at linux.vnet.ibm.com
Tue Nov 1 19:01:32 UTC 2016 


On 11/01/2016 01:43 PM, Aline Manera wrote:
> Hi Ramon:
>
> You also need to update the files below to reflect those changes:
> - wokd.in
> - docs/wokd.8.in
> - src/wok/config.py.in
>
> And more comments below:
>
> On 11/01/2016 01:33 PM, Ramon Medeiros wrote:
>> ---
>>   .gitignore                 |  1 -
>>   Makefile.am                |  3 ++
>>   contrib/wok.spec.fedora.in |  1 -
>>   contrib/wok.spec.suse.in   |  1 -
>>   src/nginx/Makefile.am      |  7 ++--
>>   src/nginx/wok.conf         | 79 
>> ++++++++++++++++++++++++++++++++++++++++++++++
>>   src/nginx/wok.conf.in      | 75 
>> -------------------------------------------
>>   src/wok.conf.in            | 34 --------------------
>>   src/wok/proxy.py           | 45 --------------------------
>>   9 files changed, 85 insertions(+), 161 deletions(-)
>>   create mode 100644 src/nginx/wok.conf
>>   delete mode 100644 src/nginx/wok.conf.in
>>
>> diff --git a/.gitignore b/.gitignore
>> index d06f936..10754f9 100644
>> --- a/.gitignore
>> +++ b/.gitignore
>> @@ -31,7 +31,6 @@ wok-*.tar.gz
>>   wok.spec
>>   src/wokd
>>   src/wok.conf
>> -src/nginx/wok.conf
>>   src/wok/config.py
>>   tests/run_tests.sh
>>   tests/test_config.py
>> diff --git a/Makefile.am b/Makefile.am
>> index 5c8e69d..3754547 100644
>> --- a/Makefile.am
>> +++ b/Makefile.am
>> @@ -159,6 +159,8 @@ install-data-local:
>>       touch $(DESTDIR)/etc/nginx/conf.d/wok.conf
>>       mkdir -p $(DESTDIR)/etc/logrotate.d/
>>       $(INSTALL_DATA) $(top_srcdir)/src/wok.logrotate 
>> $(DESTDIR)/etc/logrotate.d/wokd
>> +    mkdir -p $(DESTDIR)/etc/nginx/conf.d
>> +    $(INSTALL_DATA) $(top_srcdir)/src/nginx/wok.conf 
>> $(DESTDIR)/etc/nginx/conf.d/wok.conf
>>
>>   uninstall-local:
>>       @if test -f $(systemdsystemunitdir)/wokd.service; then \
>> @@ -175,6 +177,7 @@ uninstall-local:
>>       $(RM) -rf $(DESTDIR)/etc/wok
>>       $(RM) $(DESTDIR)/etc/nginx/conf.d/wok.conf
>>       $(RM) $(DESTDIR)/etc/logrotate.d/wokd
>
>> +    $(DESTDIR)/etc/nginx/conf.d/wok.conf
>
> The $(RM) is missing
I did not add RM because it's already exists:

$(RM) $(DESTDIR)/etc/nginx/conf.d/wok.conf (now wok.conf.in does not exists)

>
>>   VERSION:
>>
>> -
>> -# Port to listen on
>> -#port = 8000
>> -
>
>> -# Start an SSL-enabled server on the given port
>> -#ssl_port = 8001
>> -
>
> The ssl_port is being used by /config API so we will need to keep it 
> there too.
>
OK
>> -# Allow user disables HTTP port. In that case, all the connections
>> -# will be done directly through HTTPS port (values: true|false)
>> -#https_only = false
>> -
>>   # Cherrypy server port
>>   #cherrypy_port = 8010
>
>> -# Port for websocket proxy to listen on
>> -#websockets_port = 64667
>
> We will need to keep websockets_port as it needed by /config API and 
> to Kimchi knows on which port to launch websocikfy
>
>> -
>> -# Number of minutes that a session can remain idle before the server
>> -# terminates it automatically.
>> -#session_timeout = 10
>> -
>> -# The full path to an SSL Certificate or chain of certificates in
>> -# PEM format. When a chain is used, the server's certificate must be
>> -# the first certificate in the file with the chain concatenated into
>> -# the end of that certificate. If left unspecified, Wok will generate
>> -# a self-signed certificate automatically.
>> -#ssl_cert =
>> -
>> -# The corresponding private key in PEM format for the SSL 
>> Certificate supplied
>> -# above.  If left blank, Wok will generate a self-signed certificate.
>> -#ssl_key =
>> -
>>   # Running environment of the server
>>   #environment = production
>>
>> -# Max request body size in KB, default value is 4GB
>> -#max_body_size = 4 * 1024 * 1024
>> -
>>   # Wok server root. Set the following variable to configure any 
>> relative path to
>>   # the server. For example, to have Wok pointing to 
>> https://localhost:8001/wok/
>>   # uncomment the following:
>> diff --git a/src/wok/proxy.py b/src/wok/proxy.py
>> index 5f646e4..1c11b9b 100644
>> --- a/src/wok/proxy.py
>> +++ b/src/wok/proxy.py
>> @@ -25,8 +25,6 @@
>>   # and configure the Nginx proxy.
>>
>>   import os
>> -import pwd
>> -from string import Template
>>
>>   from wok import sslcert
>>   from wok.config import paths
>> @@ -53,17 +51,6 @@ def _create_proxy_config(options):
>>       Arguments:
>>       options - OptionParser object with Wok config options
>>       """
>> -    # User that will run the worker process of the proxy. Fedora,
>> -    # RHEL and Suse creates an user called 'nginx' when installing
>> -    # the proxy. Ubuntu creates an user 'www-data' for it.
>> -    user_proxy = None
>> -    user_list = ('nginx', 'www-data', 'http')
>> -    sys_users = [p.pw_name for p in pwd.getpwall()]
>> -    common_users = list(set(user_list) & set(sys_users))
>> -    if len(common_users) == 0:
>> -        raise Exception("No common user found")
>> -    else:
>> -        user_proxy = common_users[0]
>>       config_dir = paths.conf_dir
>>       nginx_config_dir = paths.nginx_conf_dir
>>       cert = options.ssl_cert
>> @@ -81,38 +68,6 @@ def _create_proxy_config(options):
>>               with open(key, "w") as f:
>>                   f.write(ssl_gen.key_pem())
>>
>> -    # Setting up Diffie-Hellman group with 2048-bit file
>> -    dhparams_pem = os.path.join(config_dir, "dhparams.pem")
>> -
>> -    http_config = ''
>> -    if options.https_only == 'false':
>> -        http_config = HTTP_CONFIG % {'host_addr': options.host,
>> -                                     'proxy_port': options.port,
>> -                                     'proxy_ssl_port': 
>> options.ssl_port,
>> -                                     'rel_path': options.server_root}
>> -
>> -    # Read template file and create a new config file
>> -    # with the specified parameters.
>> -    with open(os.path.join(nginx_config_dir, "wok.conf.in")) as 
>> template:
>> -        data = template.read()
>> -    data = Template(data)
>> -    data = data.safe_substitute(user=user_proxy,
>> -                                host_addr=options.host,
>> - proxy_ssl_port=options.ssl_port,
>> -                                http_config=http_config,
>> - cherrypy_port=options.cherrypy_port,
>> - websockets_port=options.websockets_port,
>> -                                cert_pem=cert, cert_key=key,
>> - max_body_size=eval(options.max_body_size),
>> - session_timeout=options.session_timeout,
>> -                                dhparams_pem=dhparams_pem,
>> - server_root=options.server_root)
>> -
>> -    # Write file to be used for nginx.
>> -    config_file = open(os.path.join(nginx_config_dir, "wok.conf"), "w")
>> -    config_file.write(data)
>> -    config_file.close()
>> -
>>       # If not running from the installed path (from a cloned and 
>> builded source
>>       # code), create a symbolic link in  system's dir to prevent 
>> errors on read
>>       # SSL certifications.
>

-- 

Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
ramonn at br.ibm.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20161101/bd96ad31/attachment.html>

More information about the Kimchi-devel mailing list