Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Łukasz Nowak
slapos
Commits
f48a06ec
Commit
f48a06ec
authored
Jul 13, 2022
by
Thomas Gambier
🚴🏼
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
software/kvm: don't use websockify anymore
parent
7168ba00
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
137 additions
and
62 deletions
+137
-62
software/kvm/buildout.hash.cfg
software/kvm/buildout.hash.cfg
+7
-3
software/kvm/instance-kvm.cfg.jinja2
software/kvm/instance-kvm.cfg.jinja2
+52
-34
software/kvm/instance.cfg.in
software/kvm/instance.cfg.in
+3
-0
software/kvm/software.cfg
software/kvm/software.cfg
+7
-19
software/kvm/template/nginx_conf.in
software/kvm/template/nginx_conf.in
+59
-0
software/kvm/template/template-kvm-run.in
software/kvm/template/template-kvm-run.in
+3
-3
software/kvm/test/test.py
software/kvm/test/test.py
+6
-3
No files found.
software/kvm/buildout.hash.cfg
View file @
f48a06ec
...
@@ -15,11 +15,11 @@
...
@@ -15,11 +15,11 @@
[template]
[template]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
a7978940fb9cdcc4e1ec33015ba640ba
md5sum =
b6204319cca4264b3c351d4dd1f2b5d0
[template-kvm]
[template-kvm]
filename = instance-kvm.cfg.jinja2
filename = instance-kvm.cfg.jinja2
md5sum =
69749ef4be49b970af9548d68e6d878
5
md5sum =
14a8433ca9f0038bb6cc4b68ef7ea8e
5
[template-kvm-cluster]
[template-kvm-cluster]
filename = instance-kvm-cluster.cfg.jinja2.in
filename = instance-kvm-cluster.cfg.jinja2.in
...
@@ -49,13 +49,17 @@ md5sum = 64aa1ce8785f6b94aabd787fa3443082
...
@@ -49,13 +49,17 @@ md5sum = 64aa1ce8785f6b94aabd787fa3443082
filename = instance-nbd.cfg.jinja2
filename = instance-nbd.cfg.jinja2
md5sum = e041e8011ad2ec7f104be173ef76f5e9
md5sum = e041e8011ad2ec7f104be173ef76f5e9
[template-nginx]
filename = template/nginx_conf.in
md5sum = 9ca886120a99befe25ca761ddc54753c
[template-ansible-promise]
[template-ansible-promise]
filename = template/ansible-promise.in
filename = template/ansible-promise.in
md5sum = 6328f99728284847b8dd1146aadeae1b
md5sum = 6328f99728284847b8dd1146aadeae1b
[template-kvm-run]
[template-kvm-run]
filename = template/template-kvm-run.in
filename = template/template-kvm-run.in
md5sum =
fa048a28da7362d570f5b6bd1e05d232
md5sum =
4ce3fc8072e1e010ee99651cb01d3b3d
[template-kvm-controller]
[template-kvm-controller]
filename = template/kvm-controller-run.in
filename = template/kvm-controller-run.in
...
...
software/kvm/instance-kvm.cfg.jinja2
View file @
f48a06ec
...
@@ -643,31 +643,48 @@ promise = check_command_execute
...
@@ -643,31 +643,48 @@ promise = check_command_execute
name = qemu-virtual-machine-is-ready.py
name = qemu-virtual-machine-is-ready.py
config-command = ${kvm-started-bin:output}
config-command = ${kvm-started-bin:output}
[novnc-instance]
[nginx-tempdir]
recipe = slapos.cookbook:novnc
recipe = slapos.cookbook:mkdirectory
path = ${ca-novnc:executable}
tmp = ${buildout:directory}/tmp
client-body-temp-path = ${:tmp}/client_body_temp_path
proxy-temp-path = ${:tmp}/proxy_temp_path
fastcgi-temp-path = ${:tmp}/fastcgi_temp_path
uwsgi-temp-path = ${:tmp}/uwsgi_temp_path
scgi-temp-path = ${:tmp}/scgi_temp_path
[nginx-launcher]
recipe = slapos.cookbook:wrapper
command-line = ${ca-novnc:executable} -c ${nginx-config:output}
wrapper-path = ${directory:services}/nginx
[nginx-config]
recipe = slapos.recipe.template:jinja2
url = {{ template_nginx }}
output = ${directory:etc}/nginx.conf
context =
section params nginx-params
section ca ca-novnc
section tempdir nginx-tempdir
raw docroot {{ novnc_location }}
raw mime {{ nginx_mime }}
[nginx-params]
path-pid = ${directory:run}/nginx.pid
path-error-log = ${directory:log}/nginx-error.log
path-access-log = ${directory:log}/nginx-access.log
ip = ${slap-network-information:global-ipv6}
ip = ${slap-network-information:global-ipv6}
port = 6080
port = 6080
vnc-ip = ${kvm-parameter-dict:vnc-ip}
websocket-ip = ${kvm-parameter-dict:vnc-ip}
vnc-port = ${kvm-parameter-dict:vnc-port}
websocket-port = ${kvm-parameter-dict:vnc-port}
novnc-location = {{ novnc_location }}
websocket-path = websockify
websockify-path = {{ websockify_executable_location }}
nb-workers = 2
ssl-key-path = ${ca-novnc:key-file}
ssl-cert-path = ${ca-novnc:cert-file}
[nginx-graceful]
recipe = slapos.recipe.template
[websockify-sighandler]
output = ${directory:scripts}/nginx-graceful
recipe = slapos.cookbook:signalwrapper
inline =
wrapper-path = ${directory:bin}/websockify-sighandler
#!/bin/sh
wrapped-path = ${novnc-instance:path}
exec kill -s SIGHUP $(cat ${nginx-params:path-pid})
[websockify-sighandler-service]
recipe = slapos.cookbook:wrapper
command-line = ${websockify-sighandler:wrapper-path}
wrapper-path = ${directory:services}/websockify
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
wait-for-files =
${ca-novnc:key-file}
${ca-novnc:cert-file}
[certificate-authority]
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
recipe = slapos.cookbook:certificate_authority
...
@@ -699,15 +716,15 @@ crl = ${directory:ca-dir}/crl/
...
@@ -699,15 +716,15 @@ crl = ${directory:ca-dir}/crl/
recipe = slapos.cookbook:certificate_authority.request
recipe = slapos.cookbook:certificate_authority.request
key-file = ${directory:novnc-conf}/novnc.key
key-file = ${directory:novnc-conf}/novnc.key
cert-file = ${directory:novnc-conf}/novnc.crt
cert-file = ${directory:novnc-conf}/novnc.crt
executable =
${directory:bin}/novnc
executable =
{{ nginx_executable }}
wrapper = ${directory:bin}/
websockify
wrapper = ${directory:bin}/
nginx-with-ca
[novnc-promise]
[novnc-promise]
<= monitor-promise-base
<= monitor-promise-base
promise = check_socket_listening
promise = check_socket_listening
name = novnc_promise.py
name = novnc_promise.py
config-host = ${n
ovnc-instance
:ip}
config-host = ${n
ginx-params
:ip}
config-port = ${n
ovnc-instance
:port}
config-port = ${n
ginx-params
:port}
#----------------
#----------------
...
@@ -748,7 +765,8 @@ partition-id = ${slap-connection:partition-id}
...
@@ -748,7 +765,8 @@ partition-id = ${slap-connection:partition-id}
shared = true
shared = true
config-https-only = True
config-https-only = True
config-type = websocket
config-type = websocket
config-url = https://[${novnc-instance:ip}]:${novnc-instance:port}
config-websocket-path-list = ${nginx-params:websocket-path}
config-url = https://[${nginx-params:ip}]:${nginx-params:port}
return = secure_access domain
return = secure_access domain
[request-slave-frontend]
[request-slave-frontend]
...
@@ -762,7 +780,7 @@ sla-instance_guid = ${slap-parameter:frontend-instance-guid}
...
@@ -762,7 +780,7 @@ sla-instance_guid = ${slap-parameter:frontend-instance-guid}
<= monitor-promise-base
<= monitor-promise-base
promise = check_url_available
promise = check_url_available
name = frontend_promise.py
name = frontend_promise.py
config-url = ${request-slave-frontend:connection-secure_access}
config-url = ${request-slave-frontend:connection-secure_access}
/vnc.html
{% if additional_frontend %}
{% if additional_frontend %}
[request-slave-frontend-additional]
[request-slave-frontend-additional]
...
@@ -823,10 +841,10 @@ blank-line =
...
@@ -823,10 +841,10 @@ blank-line =
<= monitor-publish
<= monitor-publish
recipe = slapos.cookbook:publish.serialised
recipe = slapos.cookbook:publish.serialised
ipv6 = ${slap-network-information:global-ipv6}
ipv6 = ${slap-network-information:global-ipv6}
backend-url = https://[${n
ovnc-instance:ip}]:${novnc-instance:port}/vnc.html?auto=1&
encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
backend-url = https://[${n
ginx-params:ip}]:${nginx-params:port}/vnc.html?
encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
url = ${request-slave-frontend:connection-secure_access}/vnc.html?
auto=1&
encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
url = ${request-slave-frontend:connection-secure_access}/vnc.html?encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
{% if additional_frontend %}
{% if additional_frontend %}
url-additional = ${request-slave-frontend-additional:connection-secure_access}/vnc.html?
auto=1&
encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
url-additional = ${request-slave-frontend-additional:connection-secure_access}/vnc.html?encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
{% endif %}
{% endif %}
{% set disk_number = len(storage_dict) -%}
{% set disk_number = len(storage_dict) -%}
maximum-extra-disk-amount = {{ disk_number }}
maximum-extra-disk-amount = {{ disk_number }}
...
@@ -1242,8 +1260,8 @@ parts =
...
@@ -1242,8 +1260,8 @@ parts =
kvm-controller-wrapper
kvm-controller-wrapper
kvm-vnc-promise
kvm-vnc-promise
kvm-disk-image-corruption-promise
kvm-disk-image-corruption-promise
websockify-sighandl
er
nginx-launch
er
websockify-sighandler-service
nginx-graceful
novnc-promise
novnc-promise
kvm-started-promise
kvm-started-promise
cron
cron
...
...
software/kvm/instance.cfg.in
View file @
f48a06ec
...
@@ -89,6 +89,8 @@ extra-context =
...
@@ -89,6 +89,8 @@ extra-context =
raw logrotate_cfg ${template-logrotate-base:output}
raw logrotate_cfg ${template-logrotate-base:output}
raw novnc_location ${noVNC:location}
raw novnc_location ${noVNC:location}
raw netcat_bin ${netcat:location}/bin/netcat
raw netcat_bin ${netcat:location}/bin/netcat
raw nginx_executable ${nginx-output:nginx}
raw nginx_mime ${nginx-output:mime}
raw python_executable ${buildout:executable}
raw python_executable ${buildout:executable}
raw python_eggs_executable ${buildout:bin-directory}/${python-with-eggs:interpreter}
raw python_eggs_executable ${buildout:bin-directory}/${python-with-eggs:interpreter}
raw qemu_executable_location ${qemu:location}/bin/qemu-system-x86_64
raw qemu_executable_location ${qemu:location}/bin/qemu-system-x86_64
...
@@ -100,6 +102,7 @@ extra-context =
...
@@ -100,6 +102,7 @@ extra-context =
raw template_kvm_controller_run ${template-kvm-controller:target}
raw template_kvm_controller_run ${template-kvm-controller:target}
raw template_kvm_run ${template-kvm-run:target}
raw template_kvm_run ${template-kvm-run:target}
raw template_monitor ${monitor2-template:output}
raw template_monitor ${monitor2-template:output}
raw template_nginx ${template-nginx:target}
raw websockify_executable_location ${buildout:directory}/bin/websockify
raw websockify_executable_location ${buildout:directory}/bin/websockify
raw wipe_disk_wrapper ${buildout:directory}/bin/securedelete
raw wipe_disk_wrapper ${buildout:directory}/bin/securedelete
template-parts-destination = ${template-parts:target}
template-parts-destination = ${template-parts:target}
...
...
software/kvm/software.cfg
View file @
f48a06ec
...
@@ -8,9 +8,8 @@ extends =
...
@@ -8,9 +8,8 @@ extends =
../../component/noVNC/buildout.cfg
../../component/noVNC/buildout.cfg
../../component/openssl/buildout.cfg
../../component/openssl/buildout.cfg
../../component/netcat/buildout.cfg
../../component/netcat/buildout.cfg
../../component/
lxml-python
/buildout.cfg
../../component/
nginx
/buildout.cfg
../../component/pycurl/buildout.cfg
../../component/pycurl/buildout.cfg
../../component/numpy/buildout.cfg
../../component/gzip/buildout.cfg
../../component/gzip/buildout.cfg
../../stack/slapos.cfg
../../stack/slapos.cfg
../../stack/resilient/buildout.cfg
../../stack/resilient/buildout.cfg
...
@@ -33,28 +32,20 @@ parts = ${:common-parts}
...
@@ -33,28 +32,20 @@ parts = ${:common-parts}
# In qemu builtin vnc server, and make it available only for localhost
# In qemu builtin vnc server, and make it available only for localhost
# so that only novnc can listen to it.
# so that only novnc can listen to it.
#XXX-Cedric: Check status of https://github.com/kanaka/noVNC/issues/13 to see
# When qemu has builtin support for websockets in vnc server to get rid of
# Websockify (socket <-> websocket proxy server) when it is ready.
# May solve previous XXX depending on the implementation.
#XXX-Cedric : add list of keyboard layouts (azerty/us querty/...) parameter to qemu
[python-with-eggs]
[python-with-eggs]
recipe = zc.recipe.egg
recipe = zc.recipe.egg
interpreter = ${:_buildout_section_name_}
interpreter = ${:_buildout_section_name_}
eggs =
eggs =
${slapos-toolbox:eggs}
${slapos-toolbox:eggs}
${python-cffi:egg}
${python-cffi:egg}
${lxml-python:egg}
websockify
${slapos-cookbook:eggs}
${slapos-cookbook:eggs}
erp5.util
erp5.util
# BBB: eggs used as recipe should be kept otherwise sections depending
# BBB: eggs used as recipe should be kept otherwise sections depending
# on it can't be uninstalled
# on it can't be uninstalled
collective.recipe.shelloutput
collective.recipe.shelloutput
scripts =
# Only generate the interpreter script to avoid conflicts with scripts
websockify
# for eggs that are also generated by another section, like slapos.toolbox
scripts = ${:interpreter}
# Create all templates that will be used to deploy instances
# Create all templates that will be used to deploy instances
[download-base]
[download-base]
...
@@ -97,6 +88,9 @@ output = ${buildout:directory}/template.cfg
...
@@ -97,6 +88,9 @@ output = ${buildout:directory}/template.cfg
[template-nbd]
[template-nbd]
<= download-base
<= download-base
[template-nginx]
<= download-base
[template-ansible-promise]
[template-ansible-promise]
<= download-base
<= download-base
...
@@ -135,9 +129,3 @@ context =
...
@@ -135,9 +129,3 @@ context =
[whitelist-domains-default]
[whitelist-domains-default]
<= download-base
<= download-base
[versions]
websockify = 0.9.0
gitdb = 0.6.4
pycurl = 7.43.0
smmap = 0.9.0
software/kvm/template/nginx_conf.in
0 → 100644
View file @
f48a06ec
worker_processes {{ params['nb-workers'] }};
pid {{ params['path-pid'] }};
error_log {{ params['path-error-log'] }};
daemon off;
events {
worker_connections 1024;
accept_mutex off;
}
http {
include {{ mime }};
default_type application/octet-stream;
types_hash_bucket_size 64;
access_log {{ params['path-access-log'] }} combined;
index novnc.html;
upstream vnc_proxy {
server {{ params['websocket-ip'] }}:{{ params['websocket-port'] }};
}
server {
listen [{{ params['ip'] }}]:{{ params['port'] }} ssl http2;
server_name _;
ssl_certificate {{ ca['cert-file'] }};
ssl_certificate_key {{ ca['key-file'] }};
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
keepalive_timeout 5;
client_body_temp_path {{ tempdir['client-body-temp-path'] }};
proxy_temp_path {{ tempdir['proxy-temp-path'] }};
fastcgi_temp_path {{ tempdir['fastcgi-temp-path'] }};
uwsgi_temp_path {{ tempdir['uwsgi-temp-path'] }};
scgi_temp_path {{ tempdir['scgi-temp-path'] }};
# path for static files
root {{ docroot }};
location /{{ params['websocket-path'] }} {
proxy_http_version 1.1;
proxy_pass http://vnc_proxy/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# VNC connection timeout
proxy_read_timeout 61s;
# Disable cache
proxy_buffering off;
}
}
}
software/kvm/template/template-kvm-run.in
View file @
f48a06ec
...
@@ -62,7 +62,7 @@ cluster_doc_port = {{ parameter_dict.get("cluster-doc-port") }}
...
@@ -62,7 +62,7 @@ cluster_doc_port = {{ parameter_dict.get("cluster-doc-port") }}
auto_ballooning = '{{ parameter_dict.get("auto-ballooning") }}' in ('true', 'True', '1')
auto_ballooning = '{{ parameter_dict.get("auto-ballooning") }}' in ('true', 'True', '1')
vm_name = '{{ parameter_dict.get("name") }}'
vm_name = '{{ parameter_dict.get("name") }}'
# If a device (ie.: /dev/sdb) is provided, use it instead
# If a device (ie.: /dev/sdb) is provided, use it instead
# the disk_path with disk_format
# the disk_path with disk_format
disk_info_list = []
disk_info_list = []
for disk_device_path in '{{ parameter_dict.get("disk-device-path", "") }}'.split():
for disk_device_path in '{{ parameter_dict.get("disk-device-path", "") }}'.split():
...
@@ -145,7 +145,7 @@ def getMapStorageList(disk_storage_dict, external_disk_number):
...
@@ -145,7 +145,7 @@ def getMapStorageList(disk_storage_dict, external_disk_number):
if id_list:
if id_list:
if not map_f_exist:
if not map_f_exist:
# shuffle the list to not write disk in data1, data2, ... everytime
# shuffle the list to not write disk in data1, data2, ... everytime
shuffle(id_list)
shuffle(id_list)
if external_disk_number < last_amount:
if external_disk_number < last_amount:
# Drop created disk is not allowed
# Drop created disk is not allowed
...
@@ -277,7 +277,7 @@ ram = '%sM,slots=128,maxmem=%sM' % (init_ram_size, ram_max_size)
...
@@ -277,7 +277,7 @@ ram = '%sM,slots=128,maxmem=%sM' % (init_ram_size, ram_max_size)
kvm_argument_list = [qemu_path,
kvm_argument_list = [qemu_path,
'-enable-kvm', '-smp', smp, '-name', vm_name, '-m', ram, '-vga', 'std',
'-enable-kvm', '-smp', smp, '-name', vm_name, '-m', ram, '-vga', 'std',
'-vnc', '%s:1,
ipv4=on,password
=on' % listen_ip,
'-vnc', '%s:1,
password=on,websocket
=on' % listen_ip,
'-boot', 'order=cd,menu=on',
'-boot', 'order=cd,menu=on',
'-qmp', 'unix:%s,server,nowait' % socket_path,
'-qmp', 'unix:%s,server,nowait' % socket_path,
'-pidfile', pid_file_path, '-msg', 'timestamp=on',
'-pidfile', pid_file_path, '-msg', 'timestamp=on',
...
...
software/kvm/test/test.py
View file @
f48a06ec
...
@@ -212,7 +212,8 @@ i0:kvm-{kvm-hash-value}-on-watch RUNNING
...
@@ -212,7 +212,8 @@ i0:kvm-{kvm-hash-value}-on-watch RUNNING
i0:kvm_controller EXITED
i0:kvm_controller EXITED
i0:monitor-httpd-{hash}-on-watch RUNNING
i0:monitor-httpd-{hash}-on-watch RUNNING
i0:monitor-httpd-graceful EXITED
i0:monitor-httpd-graceful EXITED
i0:websockify-{hash}-on-watch RUNNING
i0:nginx-graceful EXITED
i0:nginx-on-watch RUNNING
i0:whitelist-domains-download-{hash} RUNNING
i0:whitelist-domains-download-{hash} RUNNING
i0:whitelist-firewall-{hash} RUNNING"""
,
i0:whitelist-firewall-{hash} RUNNING"""
,
self
.
getProcessInfo
()
self
.
getProcessInfo
()
...
@@ -702,11 +703,12 @@ ir2:kvm-{kvm-hash-value}-on-watch RUNNING
...
@@ -702,11 +703,12 @@ ir2:kvm-{kvm-hash-value}-on-watch RUNNING
ir2:kvm_controller EXITED
ir2:kvm_controller EXITED
ir2:monitor-httpd-{hash}-on-watch RUNNING
ir2:monitor-httpd-{hash}-on-watch RUNNING
ir2:monitor-httpd-graceful EXITED
ir2:monitor-httpd-graceful EXITED
ir2:nginx-graceful EXITED
ir2:nginx-on-watch RUNNING
ir2:notifier-on-watch RUNNING
ir2:notifier-on-watch RUNNING
ir2:resilient_sshkeys_authority-on-watch RUNNING
ir2:resilient_sshkeys_authority-on-watch RUNNING
ir2:sshd-graceful EXITED
ir2:sshd-graceful EXITED
ir2:sshd-on-watch RUNNING
ir2:sshd-on-watch RUNNING
ir2:websockify-{hash}-on-watch RUNNING
ir2:whitelist-domains-download-{hash} RUNNING
ir2:whitelist-domains-download-{hash} RUNNING
ir2:whitelist-firewall-{hash} RUNNING
ir2:whitelist-firewall-{hash} RUNNING
ir3:bootstrap-monitor EXITED
ir3:bootstrap-monitor EXITED
...
@@ -2295,7 +2297,8 @@ ihs0:kvm-{kvm-hash-value}-on-watch RUNNING
...
@@ -2295,7 +2297,8 @@ ihs0:kvm-{kvm-hash-value}-on-watch RUNNING
ihs0:kvm_controller EXITED
ihs0:kvm_controller EXITED
ihs0:monitor-httpd-{hash}-on-watch RUNNING
ihs0:monitor-httpd-{hash}-on-watch RUNNING
ihs0:monitor-httpd-graceful EXITED
ihs0:monitor-httpd-graceful EXITED
ihs0:websockify-{hash}-on-watch RUNNING
ihs0:nginx-graceful EXITED
ihs0:nginx-on-watch RUNNING
ihs0:whitelist-domains-download-{hash} RUNNING
ihs0:whitelist-domains-download-{hash} RUNNING
ihs0:whitelist-firewall-{hash} RUNNING"""
,
ihs0:whitelist-firewall-{hash} RUNNING"""
,
self
.
getProcessInfo
()
self
.
getProcessInfo
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment