Commit ae17c3fe authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

No websockify

See merge request nexedi/slapos!1279
parents 7de0ccad 271dddc6
Pipeline #25203 failed with stage
in 0 seconds
...@@ -121,7 +121,6 @@ setup(name=name, ...@@ -121,7 +121,6 @@ setup(name=name,
'notifier = slapos.recipe.notifier:Recipe', 'notifier = slapos.recipe.notifier:Recipe',
'notifier.callback = slapos.recipe.notifier:Callback', 'notifier.callback = slapos.recipe.notifier:Callback',
'notifier.notify = slapos.recipe.notifier:Notify', 'notifier.notify = slapos.recipe.notifier:Notify',
'novnc = slapos.recipe.novnc:Recipe',
'onetimeupload = slapos.recipe.onetimeupload:Recipe', 'onetimeupload = slapos.recipe.onetimeupload:Recipe',
'pbs = slapos.recipe.pbs:Recipe', 'pbs = slapos.recipe.pbs:Recipe',
'postgres = slapos.recipe.postgres:Recipe', 'postgres = slapos.recipe.postgres:Recipe',
......
##############################################################################
#
# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from slapos.recipe.librecipe import GenericBaseRecipe
import binascii
import os
import sys
class Recipe(GenericBaseRecipe):
"""
novnc instance configuration.
"""
def install(self):
return self.createWrapper(
self.options['path'],
(
self.options['websockify-path'],
'--web',
self.options['novnc-location'],
'--key=%s' % self.options['ssl-key-path'],
'--cert=%s' % self.options['ssl-cert-path'],
'--ssl-only',
'%s:%s' % (self.options['ip'], self.options['port']),
'%s:%s' % (self.options['vnc-ip'], self.options['vnc-port']),
),
wait_list=(self.options['ssl-key-path'],
self.options['ssl-cert-path']),
)
...@@ -15,11 +15,11 @@ ...@@ -15,11 +15,11 @@
[instance] [instance]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = db7fe97f4c6b84cfadb7b5c68eab517a md5sum = e8aae0fe3a8bc3f006b8638ed326bbcb
[template-instance-beremiz] [template-instance-beremiz]
filename = instance-beremiz.cfg.jinja2.in filename = instance-beremiz.cfg.jinja2.in
md5sum = 9d59c9392636ab71f37b43fd8008fd10 md5sum = 2b990148e527117bcfb366f8b700c807
[template-instance-beremiz-test] [template-instance-beremiz-test]
filename = instance-beremiz-test.cfg.jinja2.in filename = instance-beremiz-test.cfg.jinja2.in
...@@ -28,3 +28,7 @@ md5sum = a2fa2b9d3a225a1dd71db67bd4fea769 ...@@ -28,3 +28,7 @@ md5sum = a2fa2b9d3a225a1dd71db67bd4fea769
[template-fluxbox-menu.in] [template-fluxbox-menu.in]
filename = fluxbox-menu.in filename = fluxbox-menu.in
md5sum = 09560314eae0225b6085f8626f1a603a md5sum = 09560314eae0225b6085f8626f1a603a
[template-nginx_conf.in]
filename = nginx_conf.in
md5sum = 9ca886120a99befe25ca761ddc54753c
...@@ -27,35 +27,55 @@ stop-on-error = true ...@@ -27,35 +27,55 @@ stop-on-error = true
cert-file = ${directory:ssl}/beremiz.crt cert-file = ${directory:ssl}/beremiz.crt
key-file = ${directory:ssl}/beremiz.key key-file = ${directory:ssl}/beremiz.key
[novnc-instance] [nginx-tempdir]
recipe = slapos.cookbook:novnc recipe = slapos.cookbook:mkdirectory
path = ${directory:bin}/novnc tmp = ${buildout:directory}/tmp
client-body-temp-path = ${:tmp}/client_body_temp_path
proxy-temp-path = ${:tmp}/proxy_temp_path
fastcgi-temp-path = ${:tmp}/fastcgi_temp_path
uwsgi-temp-path = ${:tmp}/uwsgi_temp_path
scgi-temp-path = ${:tmp}/scgi_temp_path
[nginx-launcher]
recipe = slapos.cookbook:wrapper
command-line = {{ nginx_executable }} -c ${nginx-config:output}
wrapper-path = ${directory:services}/nginx
[nginx-config]
recipe = slapos.recipe.template:jinja2
url = {{ template_nginx }}
output = ${directory:etc}/nginx.conf
context =
section params nginx-params
section ca gen-certificate
section tempdir nginx-tempdir
raw docroot {{ novnc_location }}
raw mime {{ nginx_mime }}
[nginx-params]
path-pid = ${directory:run}/nginx.pid
path-error-log = ${directory:log}/nginx-error.log
path-access-log = ${directory:log}/nginx-access.log
ip = {{ ipv6 }} ip = {{ ipv6 }}
port = 6080 port = 6080
vnc-ip = {{ ipv4 }} websocket-ip = {{ ipv4 }}
vnc-port = ${x11vnc:port} websocket-port = ${x11vnc:port}
novnc-location = {{ novnc_location }} websocket-path = websockify
websockify-path = {{ websockify_bin }} nb-workers = 2
ssl-key-path = ${gen-certificate:key-file}
ssl-cert-path = ${gen-certificate:cert-file} [nginx-graceful]
recipe = slapos.recipe.template
[websockify-sighandler] output = ${directory:scripts}/nginx-graceful
recipe = slapos.cookbook:signalwrapper inline =
wrapper-path = ${directory:bin}/websockify-sighandler #!/bin/sh
wrapped-path = ${novnc-instance:path} exec kill -s SIGHUP $(cat ${nginx-params:path-pid})
[websockify-sighandler-service]
recipe = slapos.cookbook:wrapper
command-line = ${websockify-sighandler:wrapper-path}
wrapper-path = ${directory:services}/websockify
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[novnc-promise] [novnc-promise]
<= monitor-promise-base <= monitor-promise-base
promise = check_socket_listening promise = check_socket_listening
name = novnc_promise.py name = novnc_promise.py
config-host = ${novnc-instance:ip} config-host = ${nginx-params:ip}
config-port = ${novnc-instance:port} config-port = ${nginx-params:port}
[x11vnc] [x11vnc]
recipe = slapos.cookbook:wrapper recipe = slapos.cookbook:wrapper
...@@ -216,7 +236,8 @@ recipe = slapos.cookbook:requestoptional ...@@ -216,7 +236,8 @@ recipe = slapos.cookbook:requestoptional
shared = true shared = true
config-https-only = True config-https-only = True
config-type = websocket config-type = websocket
config-url = https://[${novnc-instance:ip}]:${novnc-instance:port} config-url = https://[${nginx-params:ip}]:${nginx-params:port}
config-websocket-path-list = ${nginx-params:websocket-path}
return = secure_access domain return = secure_access domain
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
software-type = RootSoftwareInstance software-type = RootSoftwareInstance
...@@ -226,9 +247,8 @@ name = Beremiz VNC ...@@ -226,9 +247,8 @@ name = Beremiz VNC
[publish-connection-information] [publish-connection-information]
<= monitor-publish <= monitor-publish
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
backend-url = https://[${novnc-instance:ip}]:${novnc-instance:port}/vnc.html?host=[${novnc-instance:ip}]&port=${novnc-instance:port}&encrypt=1 backend-url = https://[${nginx-params:ip}]:${nginx-params:port}/vnc.html?encrypt=1&password=${random-password:passwd}
url = ${request-vnc-frontend:connection-secure_access}/vnc.html?host=${request-vnc-frontend:connection-domain}&port=443&encrypt=1 url = ${request-vnc-frontend:connection-secure_access}/vnc.html?encrypt=1&password=${random-password:passwd}
vnc-password = ${random-password:passwd}
[buildout] [buildout]
extends = extends =
...@@ -242,7 +262,8 @@ parts = ...@@ -242,7 +262,8 @@ parts =
xserver-promise xserver-promise
x11vnc-listen-promise x11vnc-listen-promise
beremiz-x11 beremiz-x11
websockify-sighandler-service nginx-launcher
nginx-graceful
request-vnc-frontend request-vnc-frontend
generate-vnc-password generate-vnc-password
publish-connection-information publish-connection-information
......
...@@ -34,6 +34,7 @@ context = ...@@ -34,6 +34,7 @@ context =
key computer_id slap-configuration:computer key computer_id slap-configuration:computer
raw bin_directory {{ bin_directory }} raw bin_directory {{ bin_directory }}
raw template_monitor {{ template_monitor_cfg }} raw template_monitor {{ template_monitor_cfg }}
raw template_nginx {{ template_nginx }}
raw template_logrotate {{ logrotate_cfg }} raw template_logrotate {{ logrotate_cfg }}
raw logrotate_cfg {{ logrotate_cfg }} raw logrotate_cfg {{ logrotate_cfg }}
raw python_bin {{ python_bin }} raw python_bin {{ python_bin }}
...@@ -62,9 +63,10 @@ extra-context = ...@@ -62,9 +63,10 @@ extra-context =
raw gtk3_location {{ gtk3_location }} raw gtk3_location {{ gtk3_location }}
raw matiec_location {{ matiec_location }} raw matiec_location {{ matiec_location }}
raw mesa_location {{ mesa_location }} raw mesa_location {{ mesa_location }}
raw nginx_executable {{ nginx_executable }}
raw nginx_mime {{ nginx_mime }}
raw novnc_location {{ novnc_location }} raw novnc_location {{ novnc_location }}
raw openssl_bin {{ openssl_location }}/bin/openssl raw openssl_bin {{ openssl_location }}/bin/openssl
raw websockify_bin {{ bin_directory }}/websockify
raw x11vnc_bin {{ x11vnc_location }}/bin/x11vnc raw x11vnc_bin {{ x11vnc_location }}/bin/x11vnc
raw xvfb_bin {{ xserver_location }}/bin/Xvfb raw xvfb_bin {{ xserver_location }}/bin/Xvfb
raw xterm_bin {{ xterm_location }}/bin/xterm raw xterm_bin {{ xterm_location }}/bin/xterm
......
worker_processes {{ params['nb-workers'] }};
pid {{ params['path-pid'] }};
error_log {{ params['path-error-log'] }};
daemon off;
events {
worker_connections 1024;
accept_mutex off;
}
http {
include {{ mime }};
default_type application/octet-stream;
types_hash_bucket_size 64;
access_log {{ params['path-access-log'] }} combined;
index novnc.html;
upstream vnc_proxy {
server {{ params['websocket-ip'] }}:{{ params['websocket-port'] }};
}
server {
listen [{{ params['ip'] }}]:{{ params['port'] }} ssl http2;
server_name _;
ssl_certificate {{ ca['cert-file'] }};
ssl_certificate_key {{ ca['key-file'] }};
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
keepalive_timeout 5;
client_body_temp_path {{ tempdir['client-body-temp-path'] }};
proxy_temp_path {{ tempdir['proxy-temp-path'] }};
fastcgi_temp_path {{ tempdir['fastcgi-temp-path'] }};
uwsgi_temp_path {{ tempdir['uwsgi-temp-path'] }};
scgi_temp_path {{ tempdir['scgi-temp-path'] }};
# path for static files
root {{ docroot }};
location /{{ params['websocket-path'] }} {
proxy_http_version 1.1;
proxy_pass http://vnc_proxy/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# VNC connection timeout
proxy_read_timeout 61s;
# Disable cache
proxy_buffering off;
}
}
}
...@@ -9,7 +9,6 @@ extends = ...@@ -9,7 +9,6 @@ extends =
../../component/noVNC/buildout.cfg ../../component/noVNC/buildout.cfg
../../component/nginx/buildout.cfg ../../component/nginx/buildout.cfg
../../component/lxml-python/buildout.cfg ../../component/lxml-python/buildout.cfg
../../component/numpy/buildout.cfg
../../component/numpy/openblas.cfg ../../component/numpy/openblas.cfg
../../component/matplotlib/buildout.cfg ../../component/matplotlib/buildout.cfg
../../component/wxpython/buildout.cfg ../../component/wxpython/buildout.cfg
...@@ -74,10 +73,8 @@ recipe = zc.recipe.egg ...@@ -74,10 +73,8 @@ recipe = zc.recipe.egg
eggs = eggs =
${wxPython:egg} ${wxPython:egg}
${python-cryptography:egg} ${python-cryptography:egg}
${lxml-python:egg}
${matplotlib:egg} ${matplotlib:egg}
future future
websockify
zeroconf2 zeroconf2
enum34 enum34
pyro pyro
...@@ -131,6 +128,7 @@ context = ...@@ -131,6 +128,7 @@ context =
key template_instance_beremiz template-instance-beremiz:target key template_instance_beremiz template-instance-beremiz:target
key template_instance_beremiz_test template-instance-beremiz-test:target key template_instance_beremiz_test template-instance-beremiz-test:target
key template_logrotate template-logrotate-base:output key template_logrotate template-logrotate-base:output
key template_nginx template-nginx_conf.in:target
key fontconfig_location fontconfig:location key fontconfig_location fontconfig:location
key font_dejavu dejavu-fonts:location key font_dejavu dejavu-fonts:location
key font_liberation liberation-fonts:location key font_liberation liberation-fonts:location
...@@ -144,6 +142,8 @@ context = ...@@ -144,6 +142,8 @@ context =
key instance_template_type :type key instance_template_type :type
key matiec_location matiec:location key matiec_location matiec:location
key mesa_location mesa:location key mesa_location mesa:location
key nginx_executable nginx-output:nginx
key nginx_mime nginx-output:mime
key novnc_location noVNC:location key novnc_location noVNC:location
key nxdtest_template nxdtest-instance.cfg:output key nxdtest_template nxdtest-instance.cfg:output
key python_bin :python-bin key python_bin :python-bin
...@@ -168,12 +168,15 @@ output = ${buildout:directory}/instance-beremiz-test.cfg.jinja2 ...@@ -168,12 +168,15 @@ output = ${buildout:directory}/instance-beremiz-test.cfg.jinja2
<= download-template <= download-template
output = ${buildout:directory}/fluxbox-menu.in output = ${buildout:directory}/fluxbox-menu.in
[template-nginx_conf.in]
<= download-template
output = ${buildout:directory}/nginx_conf.in
[versions] [versions]
Pillow = 6.2.2 Pillow = 6.2.2
matplotlib = 2.2.5 matplotlib = 2.2.5
kiwisolver = 1.1.0 kiwisolver = 1.1.0
cycler = 0.10.0 cycler = 0.10.0
websockify = 0.9.0
Pyro = 3.16 Pyro = 3.16
zeroconf2 = 0.19.2 zeroconf2 = 0.19.2
cython = 0.29.24 cython = 0.29.24
......
...@@ -10,7 +10,6 @@ extends = ...@@ -10,7 +10,6 @@ extends =
../../component/6tunnel/buildout.cfg ../../component/6tunnel/buildout.cfg
../../component/xz-utils/buildout.cfg ../../component/xz-utils/buildout.cfg
../../component/rsyslogd/buildout.cfg ../../component/rsyslogd/buildout.cfg
../../component/numpy/buildout.cfg
../../component/haproxy/buildout.cfg ../../component/haproxy/buildout.cfg
../../component/nginx/buildout.cfg ../../component/nginx/buildout.cfg
../../component/findutils/buildout.cfg ../../component/findutils/buildout.cfg
...@@ -57,7 +56,6 @@ depends = ${software-develop:recipe} ...@@ -57,7 +56,6 @@ depends = ${software-develop:recipe}
recipe = zc.recipe.egg recipe = zc.recipe.egg
eggs = eggs =
software software
websockify
[profile-common] [profile-common]
recipe = slapos.recipe.template:jinja2 recipe = slapos.recipe.template:jinja2
...@@ -226,6 +224,5 @@ plone.recipe.command = 1.1 ...@@ -226,6 +224,5 @@ plone.recipe.command = 1.1
pycrypto = 2.6.1 pycrypto = 2.6.1
smmap = 0.9.0 smmap = 0.9.0
websockify = 0.8.0
furl = 2.1.0 furl = 2.1.0
orderedmultidict = 1.0.1 orderedmultidict = 1.0.1
...@@ -15,11 +15,11 @@ ...@@ -15,11 +15,11 @@
[template] [template]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = a7978940fb9cdcc4e1ec33015ba640ba md5sum = b6204319cca4264b3c351d4dd1f2b5d0
[template-kvm] [template-kvm]
filename = instance-kvm.cfg.jinja2 filename = instance-kvm.cfg.jinja2
md5sum = 69749ef4be49b970af9548d68e6d8785 md5sum = 14a8433ca9f0038bb6cc4b68ef7ea8e5
[template-kvm-cluster] [template-kvm-cluster]
filename = instance-kvm-cluster.cfg.jinja2.in filename = instance-kvm-cluster.cfg.jinja2.in
...@@ -49,13 +49,17 @@ md5sum = 64aa1ce8785f6b94aabd787fa3443082 ...@@ -49,13 +49,17 @@ md5sum = 64aa1ce8785f6b94aabd787fa3443082
filename = instance-nbd.cfg.jinja2 filename = instance-nbd.cfg.jinja2
md5sum = e041e8011ad2ec7f104be173ef76f5e9 md5sum = e041e8011ad2ec7f104be173ef76f5e9
[template-nginx]
filename = template/nginx_conf.in
md5sum = 9ca886120a99befe25ca761ddc54753c
[template-ansible-promise] [template-ansible-promise]
filename = template/ansible-promise.in filename = template/ansible-promise.in
md5sum = 6328f99728284847b8dd1146aadeae1b md5sum = 6328f99728284847b8dd1146aadeae1b
[template-kvm-run] [template-kvm-run]
filename = template/template-kvm-run.in filename = template/template-kvm-run.in
md5sum = fa048a28da7362d570f5b6bd1e05d232 md5sum = 4ce3fc8072e1e010ee99651cb01d3b3d
[template-kvm-controller] [template-kvm-controller]
filename = template/kvm-controller-run.in filename = template/kvm-controller-run.in
......
...@@ -643,31 +643,48 @@ promise = check_command_execute ...@@ -643,31 +643,48 @@ promise = check_command_execute
name = qemu-virtual-machine-is-ready.py name = qemu-virtual-machine-is-ready.py
config-command = ${kvm-started-bin:output} config-command = ${kvm-started-bin:output}
[novnc-instance] [nginx-tempdir]
recipe = slapos.cookbook:novnc recipe = slapos.cookbook:mkdirectory
path = ${ca-novnc:executable} tmp = ${buildout:directory}/tmp
client-body-temp-path = ${:tmp}/client_body_temp_path
proxy-temp-path = ${:tmp}/proxy_temp_path
fastcgi-temp-path = ${:tmp}/fastcgi_temp_path
uwsgi-temp-path = ${:tmp}/uwsgi_temp_path
scgi-temp-path = ${:tmp}/scgi_temp_path
[nginx-launcher]
recipe = slapos.cookbook:wrapper
command-line = ${ca-novnc:executable} -c ${nginx-config:output}
wrapper-path = ${directory:services}/nginx
[nginx-config]
recipe = slapos.recipe.template:jinja2
url = {{ template_nginx }}
output = ${directory:etc}/nginx.conf
context =
section params nginx-params
section ca ca-novnc
section tempdir nginx-tempdir
raw docroot {{ novnc_location }}
raw mime {{ nginx_mime }}
[nginx-params]
path-pid = ${directory:run}/nginx.pid
path-error-log = ${directory:log}/nginx-error.log
path-access-log = ${directory:log}/nginx-access.log
ip = ${slap-network-information:global-ipv6} ip = ${slap-network-information:global-ipv6}
port = 6080 port = 6080
vnc-ip = ${kvm-parameter-dict:vnc-ip} websocket-ip = ${kvm-parameter-dict:vnc-ip}
vnc-port = ${kvm-parameter-dict:vnc-port} websocket-port = ${kvm-parameter-dict:vnc-port}
novnc-location = {{ novnc_location }} websocket-path = websockify
websockify-path = {{ websockify_executable_location }} nb-workers = 2
ssl-key-path = ${ca-novnc:key-file}
ssl-cert-path = ${ca-novnc:cert-file} [nginx-graceful]
recipe = slapos.recipe.template
[websockify-sighandler] output = ${directory:scripts}/nginx-graceful
recipe = slapos.cookbook:signalwrapper inline =
wrapper-path = ${directory:bin}/websockify-sighandler #!/bin/sh
wrapped-path = ${novnc-instance:path} exec kill -s SIGHUP $(cat ${nginx-params:path-pid})
[websockify-sighandler-service]
recipe = slapos.cookbook:wrapper
command-line = ${websockify-sighandler:wrapper-path}
wrapper-path = ${directory:services}/websockify
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
wait-for-files =
${ca-novnc:key-file}
${ca-novnc:cert-file}
[certificate-authority] [certificate-authority]
recipe = slapos.cookbook:certificate_authority recipe = slapos.cookbook:certificate_authority
...@@ -699,15 +716,15 @@ crl = ${directory:ca-dir}/crl/ ...@@ -699,15 +716,15 @@ crl = ${directory:ca-dir}/crl/
recipe = slapos.cookbook:certificate_authority.request recipe = slapos.cookbook:certificate_authority.request
key-file = ${directory:novnc-conf}/novnc.key key-file = ${directory:novnc-conf}/novnc.key
cert-file = ${directory:novnc-conf}/novnc.crt cert-file = ${directory:novnc-conf}/novnc.crt
executable = ${directory:bin}/novnc executable = {{ nginx_executable }}
wrapper = ${directory:bin}/websockify wrapper = ${directory:bin}/nginx-with-ca
[novnc-promise] [novnc-promise]
<= monitor-promise-base <= monitor-promise-base
promise = check_socket_listening promise = check_socket_listening
name = novnc_promise.py name = novnc_promise.py
config-host = ${novnc-instance:ip} config-host = ${nginx-params:ip}
config-port = ${novnc-instance:port} config-port = ${nginx-params:port}
#---------------- #----------------
...@@ -748,7 +765,8 @@ partition-id = ${slap-connection:partition-id} ...@@ -748,7 +765,8 @@ partition-id = ${slap-connection:partition-id}
shared = true shared = true
config-https-only = True config-https-only = True
config-type = websocket config-type = websocket
config-url = https://[${novnc-instance:ip}]:${novnc-instance:port} config-websocket-path-list = ${nginx-params:websocket-path}
config-url = https://[${nginx-params:ip}]:${nginx-params:port}
return = secure_access domain return = secure_access domain
[request-slave-frontend] [request-slave-frontend]
...@@ -762,7 +780,7 @@ sla-instance_guid = ${slap-parameter:frontend-instance-guid} ...@@ -762,7 +780,7 @@ sla-instance_guid = ${slap-parameter:frontend-instance-guid}
<= monitor-promise-base <= monitor-promise-base
promise = check_url_available promise = check_url_available
name = frontend_promise.py name = frontend_promise.py
config-url = ${request-slave-frontend:connection-secure_access} config-url = ${request-slave-frontend:connection-secure_access}/vnc.html
{% if additional_frontend %} {% if additional_frontend %}
[request-slave-frontend-additional] [request-slave-frontend-additional]
...@@ -823,10 +841,10 @@ blank-line = ...@@ -823,10 +841,10 @@ blank-line =
<= monitor-publish <= monitor-publish
recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
ipv6 = ${slap-network-information:global-ipv6} ipv6 = ${slap-network-information:global-ipv6}
backend-url = https://[${novnc-instance:ip}]:${novnc-instance:port}/vnc.html?auto=1&encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd} backend-url = https://[${nginx-params:ip}]:${nginx-params:port}/vnc.html?encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
url = ${request-slave-frontend:connection-secure_access}/vnc.html?auto=1&encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd} url = ${request-slave-frontend:connection-secure_access}/vnc.html?encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
{% if additional_frontend %} {% if additional_frontend %}
url-additional = ${request-slave-frontend-additional:connection-secure_access}/vnc.html?auto=1&encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd} url-additional = ${request-slave-frontend-additional:connection-secure_access}/vnc.html?encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
{% endif %} {% endif %}
{% set disk_number = len(storage_dict) -%} {% set disk_number = len(storage_dict) -%}
maximum-extra-disk-amount = {{ disk_number }} maximum-extra-disk-amount = {{ disk_number }}
...@@ -1242,8 +1260,8 @@ parts = ...@@ -1242,8 +1260,8 @@ parts =
kvm-controller-wrapper kvm-controller-wrapper
kvm-vnc-promise kvm-vnc-promise
kvm-disk-image-corruption-promise kvm-disk-image-corruption-promise
websockify-sighandler nginx-launcher
websockify-sighandler-service nginx-graceful
novnc-promise novnc-promise
kvm-started-promise kvm-started-promise
cron cron
......
...@@ -89,6 +89,8 @@ extra-context = ...@@ -89,6 +89,8 @@ extra-context =
raw logrotate_cfg ${template-logrotate-base:output} raw logrotate_cfg ${template-logrotate-base:output}
raw novnc_location ${noVNC:location} raw novnc_location ${noVNC:location}
raw netcat_bin ${netcat:location}/bin/netcat raw netcat_bin ${netcat:location}/bin/netcat
raw nginx_executable ${nginx-output:nginx}
raw nginx_mime ${nginx-output:mime}
raw python_executable ${buildout:executable} raw python_executable ${buildout:executable}
raw python_eggs_executable ${buildout:bin-directory}/${python-with-eggs:interpreter} raw python_eggs_executable ${buildout:bin-directory}/${python-with-eggs:interpreter}
raw qemu_executable_location ${qemu:location}/bin/qemu-system-x86_64 raw qemu_executable_location ${qemu:location}/bin/qemu-system-x86_64
...@@ -100,6 +102,7 @@ extra-context = ...@@ -100,6 +102,7 @@ extra-context =
raw template_kvm_controller_run ${template-kvm-controller:target} raw template_kvm_controller_run ${template-kvm-controller:target}
raw template_kvm_run ${template-kvm-run:target} raw template_kvm_run ${template-kvm-run:target}
raw template_monitor ${monitor2-template:output} raw template_monitor ${monitor2-template:output}
raw template_nginx ${template-nginx:target}
raw websockify_executable_location ${buildout:directory}/bin/websockify raw websockify_executable_location ${buildout:directory}/bin/websockify
raw wipe_disk_wrapper ${buildout:directory}/bin/securedelete raw wipe_disk_wrapper ${buildout:directory}/bin/securedelete
template-parts-destination = ${template-parts:target} template-parts-destination = ${template-parts:target}
......
...@@ -8,9 +8,8 @@ extends = ...@@ -8,9 +8,8 @@ extends =
../../component/noVNC/buildout.cfg ../../component/noVNC/buildout.cfg
../../component/openssl/buildout.cfg ../../component/openssl/buildout.cfg
../../component/netcat/buildout.cfg ../../component/netcat/buildout.cfg
../../component/lxml-python/buildout.cfg ../../component/nginx/buildout.cfg
../../component/pycurl/buildout.cfg ../../component/pycurl/buildout.cfg
../../component/numpy/buildout.cfg
../../component/gzip/buildout.cfg ../../component/gzip/buildout.cfg
../../stack/slapos.cfg ../../stack/slapos.cfg
../../stack/resilient/buildout.cfg ../../stack/resilient/buildout.cfg
...@@ -33,28 +32,20 @@ parts = ${:common-parts} ...@@ -33,28 +32,20 @@ parts = ${:common-parts}
# In qemu builtin vnc server, and make it available only for localhost # In qemu builtin vnc server, and make it available only for localhost
# so that only novnc can listen to it. # so that only novnc can listen to it.
#XXX-Cedric: Check status of https://github.com/kanaka/noVNC/issues/13 to see
# When qemu has builtin support for websockets in vnc server to get rid of
# Websockify (socket <-> websocket proxy server) when it is ready.
# May solve previous XXX depending on the implementation.
#XXX-Cedric : add list of keyboard layouts (azerty/us querty/...) parameter to qemu
[python-with-eggs] [python-with-eggs]
recipe = zc.recipe.egg recipe = zc.recipe.egg
interpreter = ${:_buildout_section_name_} interpreter = ${:_buildout_section_name_}
eggs = eggs =
${slapos-toolbox:eggs} ${slapos-toolbox:eggs}
${python-cffi:egg} ${python-cffi:egg}
${lxml-python:egg}
websockify
${slapos-cookbook:eggs} ${slapos-cookbook:eggs}
erp5.util erp5.util
# BBB: eggs used as recipe should be kept otherwise sections depending # BBB: eggs used as recipe should be kept otherwise sections depending
# on it can't be uninstalled # on it can't be uninstalled
collective.recipe.shelloutput collective.recipe.shelloutput
scripts = # Only generate the interpreter script to avoid conflicts with scripts
websockify # for eggs that are also generated by another section, like slapos.toolbox
scripts = ${:interpreter}
# Create all templates that will be used to deploy instances # Create all templates that will be used to deploy instances
[download-base] [download-base]
...@@ -97,6 +88,9 @@ output = ${buildout:directory}/template.cfg ...@@ -97,6 +88,9 @@ output = ${buildout:directory}/template.cfg
[template-nbd] [template-nbd]
<= download-base <= download-base
[template-nginx]
<= download-base
[template-ansible-promise] [template-ansible-promise]
<= download-base <= download-base
...@@ -135,9 +129,3 @@ context = ...@@ -135,9 +129,3 @@ context =
[whitelist-domains-default] [whitelist-domains-default]
<= download-base <= download-base
[versions]
websockify = 0.9.0
gitdb = 0.6.4
pycurl = 7.43.0
smmap = 0.9.0
worker_processes {{ params['nb-workers'] }};
pid {{ params['path-pid'] }};
error_log {{ params['path-error-log'] }};
daemon off;
events {
worker_connections 1024;
accept_mutex off;
}
http {
include {{ mime }};
default_type application/octet-stream;
types_hash_bucket_size 64;
access_log {{ params['path-access-log'] }} combined;
index novnc.html;
upstream vnc_proxy {
server {{ params['websocket-ip'] }}:{{ params['websocket-port'] }};
}
server {
listen [{{ params['ip'] }}]:{{ params['port'] }} ssl http2;
server_name _;
ssl_certificate {{ ca['cert-file'] }};
ssl_certificate_key {{ ca['key-file'] }};
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
keepalive_timeout 5;
client_body_temp_path {{ tempdir['client-body-temp-path'] }};
proxy_temp_path {{ tempdir['proxy-temp-path'] }};
fastcgi_temp_path {{ tempdir['fastcgi-temp-path'] }};
uwsgi_temp_path {{ tempdir['uwsgi-temp-path'] }};
scgi_temp_path {{ tempdir['scgi-temp-path'] }};
# path for static files
root {{ docroot }};
location /{{ params['websocket-path'] }} {
proxy_http_version 1.1;
proxy_pass http://vnc_proxy/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# VNC connection timeout
proxy_read_timeout 61s;
# Disable cache
proxy_buffering off;
}
}
}
...@@ -62,7 +62,7 @@ cluster_doc_port = {{ parameter_dict.get("cluster-doc-port") }} ...@@ -62,7 +62,7 @@ cluster_doc_port = {{ parameter_dict.get("cluster-doc-port") }}
auto_ballooning = '{{ parameter_dict.get("auto-ballooning") }}' in ('true', 'True', '1') auto_ballooning = '{{ parameter_dict.get("auto-ballooning") }}' in ('true', 'True', '1')
vm_name = '{{ parameter_dict.get("name") }}' vm_name = '{{ parameter_dict.get("name") }}'
# If a device (ie.: /dev/sdb) is provided, use it instead # If a device (ie.: /dev/sdb) is provided, use it instead
# the disk_path with disk_format # the disk_path with disk_format
disk_info_list = [] disk_info_list = []
for disk_device_path in '{{ parameter_dict.get("disk-device-path", "") }}'.split(): for disk_device_path in '{{ parameter_dict.get("disk-device-path", "") }}'.split():
...@@ -145,7 +145,7 @@ def getMapStorageList(disk_storage_dict, external_disk_number): ...@@ -145,7 +145,7 @@ def getMapStorageList(disk_storage_dict, external_disk_number):
if id_list: if id_list:
if not map_f_exist: if not map_f_exist:
# shuffle the list to not write disk in data1, data2, ... everytime # shuffle the list to not write disk in data1, data2, ... everytime
shuffle(id_list) shuffle(id_list)
if external_disk_number < last_amount: if external_disk_number < last_amount:
# Drop created disk is not allowed # Drop created disk is not allowed
...@@ -277,7 +277,7 @@ ram = '%sM,slots=128,maxmem=%sM' % (init_ram_size, ram_max_size) ...@@ -277,7 +277,7 @@ ram = '%sM,slots=128,maxmem=%sM' % (init_ram_size, ram_max_size)
kvm_argument_list = [qemu_path, kvm_argument_list = [qemu_path,
'-enable-kvm', '-smp', smp, '-name', vm_name, '-m', ram, '-vga', 'std', '-enable-kvm', '-smp', smp, '-name', vm_name, '-m', ram, '-vga', 'std',
'-vnc', '%s:1,ipv4=on,password=on' % listen_ip, '-vnc', '%s:1,password=on,websocket=on' % listen_ip,
'-boot', 'order=cd,menu=on', '-boot', 'order=cd,menu=on',
'-qmp', 'unix:%s,server,nowait' % socket_path, '-qmp', 'unix:%s,server,nowait' % socket_path,
'-pidfile', pid_file_path, '-msg', 'timestamp=on', '-pidfile', pid_file_path, '-msg', 'timestamp=on',
......
...@@ -212,7 +212,8 @@ i0:kvm-{kvm-hash-value}-on-watch RUNNING ...@@ -212,7 +212,8 @@ i0:kvm-{kvm-hash-value}-on-watch RUNNING
i0:kvm_controller EXITED i0:kvm_controller EXITED
i0:monitor-httpd-{hash}-on-watch RUNNING i0:monitor-httpd-{hash}-on-watch RUNNING
i0:monitor-httpd-graceful EXITED i0:monitor-httpd-graceful EXITED
i0:websockify-{hash}-on-watch RUNNING i0:nginx-graceful EXITED
i0:nginx-on-watch RUNNING
i0:whitelist-domains-download-{hash} RUNNING i0:whitelist-domains-download-{hash} RUNNING
i0:whitelist-firewall-{hash} RUNNING""", i0:whitelist-firewall-{hash} RUNNING""",
self.getProcessInfo() self.getProcessInfo()
...@@ -702,11 +703,12 @@ ir2:kvm-{kvm-hash-value}-on-watch RUNNING ...@@ -702,11 +703,12 @@ ir2:kvm-{kvm-hash-value}-on-watch RUNNING
ir2:kvm_controller EXITED ir2:kvm_controller EXITED
ir2:monitor-httpd-{hash}-on-watch RUNNING ir2:monitor-httpd-{hash}-on-watch RUNNING
ir2:monitor-httpd-graceful EXITED ir2:monitor-httpd-graceful EXITED
ir2:nginx-graceful EXITED
ir2:nginx-on-watch RUNNING
ir2:notifier-on-watch RUNNING ir2:notifier-on-watch RUNNING
ir2:resilient_sshkeys_authority-on-watch RUNNING ir2:resilient_sshkeys_authority-on-watch RUNNING
ir2:sshd-graceful EXITED ir2:sshd-graceful EXITED
ir2:sshd-on-watch RUNNING ir2:sshd-on-watch RUNNING
ir2:websockify-{hash}-on-watch RUNNING
ir2:whitelist-domains-download-{hash} RUNNING ir2:whitelist-domains-download-{hash} RUNNING
ir2:whitelist-firewall-{hash} RUNNING ir2:whitelist-firewall-{hash} RUNNING
ir3:bootstrap-monitor EXITED ir3:bootstrap-monitor EXITED
...@@ -2295,7 +2297,8 @@ ihs0:kvm-{kvm-hash-value}-on-watch RUNNING ...@@ -2295,7 +2297,8 @@ ihs0:kvm-{kvm-hash-value}-on-watch RUNNING
ihs0:kvm_controller EXITED ihs0:kvm_controller EXITED
ihs0:monitor-httpd-{hash}-on-watch RUNNING ihs0:monitor-httpd-{hash}-on-watch RUNNING
ihs0:monitor-httpd-graceful EXITED ihs0:monitor-httpd-graceful EXITED
ihs0:websockify-{hash}-on-watch RUNNING ihs0:nginx-graceful EXITED
ihs0:nginx-on-watch RUNNING
ihs0:whitelist-domains-download-{hash} RUNNING ihs0:whitelist-domains-download-{hash} RUNNING
ihs0:whitelist-firewall-{hash} RUNNING""", ihs0:whitelist-firewall-{hash} RUNNING""",
self.getProcessInfo() self.getProcessInfo()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment