def lookup(self, *ident):
report_tool = DebugReportsModel.get_system_report_tool()
try:
SoftwareUpdate()
except Exception:
update_tool = False
else:
update_tool = True
try:
repo = Repositories()
except Exception:
repo_mngt_tool = None
else:
repo_mngt_tool = repo._pkg_mnger.TYPE
return {
'libvirt_stream_protocols': self.libvirt_stream_protocols,
'qemu_spice': self._qemu_support_spice(),
'qemu_stream': self.qemu_stream,
'screenshot': VMScreenshot.get_stream_test_result(),
'system_report_tool': bool(report_tool),
'update_tool': update_tool,
'repo_mngt_tool': repo_mngt_tool,
'federation': kconfig.get("server", "federation"),
'auth': kconfig.get("authentication", "method"),
'kernel_vfio': self.kernel_vfio,
'nm_running': FeatureTests.is_nm_running(),
'mem_hotplug_support': self.mem_hotplug_support
}
def new_ws_proxy():
try:
os.makedirs(WS_TOKENS_DIR, mode=0755)
except OSError as e:
if e.errno == errno.EEXIST:
pass
cert = config.get('server', 'ssl_cert')
key = config.get('server', 'ssl_key')
if not (cert and key):
cert = '%s/wok-cert.pem' % paths.conf_dir
key = '%s/wok-key.pem' % paths.conf_dir
params = {'listen_host': '127.0.0.1',
'listen_port': config.get('server', 'websockets_port'),
'ssl_only': False}
# old websockify: do not use TokenFile
if not tokenFile:
params['target_cfg'] = WS_TOKENS_DIR
# websockify 0.7 and higher: use TokenFile
else:
params['token_plugin'] = TokenFile(src=WS_TOKENS_DIR)
def start_proxy():
server = WebSocketProxy(**params)
server.start_server()
proc = Process(target=start_proxy)
proc.start()
return proc
def new_ws_proxy():
try:
os.makedirs(WS_TOKENS_DIR, mode=0755)
except OSError as e:
if e.errno == errno.EEXIST:
pass
cert = config.get('server', 'ssl_cert')
key = config.get('server', 'ssl_key')
if not (cert and key):
cert = '%s/wok-cert.pem' % paths.conf_dir
key = '%s/wok-key.pem' % paths.conf_dir
params = {
'web': os.path.join(paths.ui_dir, 'pages/websockify'),
'listen_port': config.get('display', 'display_proxy_port'),
'target_cfg': WS_TOKENS_DIR,
'key': key,
'cert': cert,
'ssl_only': True
}
def start_proxy():
server = WebSocketProxy(**params)
server.start_server()
proc = Process(target=start_proxy)
proc.start()
return proc
def authenticate(username, password):
ldap_server = config.get("authentication", "ldap_server").strip('"')
ldap_search_base = config.get("authentication",
"ldap_search_base").strip('"')
ldap_search_filter = config.get("authentication",
"ldap_search_filter",
vars={
"username":
username.encode("utf-8")
}).strip('"')
connect = ldap.open(ldap_server)
try:
result = connect.search_s(ldap_search_base, ldap.SCOPE_SUBTREE,
ldap_search_filter)
if len(result) == 0:
entity = ldap_search_filter % {'username': username}
raise ldap.LDAPError("Invalid ldap entity:%s" % entity)
connect.bind_s(result[0][0], password)
connect.unbind_s()
return True
except ldap.INVALID_CREDENTIALS:
# invalid user password
raise OperationFailed("WOKAUTH0002E")
except ldap.NO_SUCH_OBJECT:
# ldap search base specified wrongly.
raise OperationFailed("WOKAUTH0005E", {
"item": 'ldap_search_base',
"value": ldap_search_base
})
except ldap.LDAPError, e:
arg = {"username": username, "code": e.message}
raise OperationFailed("WOKAUTH0001E", arg)
def authenticate(username, password):
ldap_server = config.get('authentication', 'ldap_server').strip('"')
ldap_search_base = config.get(
'authentication', 'ldap_search_base').strip('"')
ldap_search_filter = config.get(
'authentication',
'ldap_search_filter',
vars={'username': username.encode('utf-8')},
).strip('"')
connect = ldap.open(ldap_server)
try:
result = connect.search_s(
ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter
)
if len(result) == 0:
entity = ldap_search_filter % {'username': username}
raise ldap.LDAPError(f'Invalid ldap entity: {entity}')
connect.bind_s(result[0][0], password)
connect.unbind_s()
return True
except ldap.INVALID_CREDENTIALS:
# invalid user password
raise OperationFailed('WOKAUTH0002E')
except ldap.NO_SUCH_OBJECT:
# ldap search base specified wrongly.
raise OperationFailed(
'WOKAUTH0005E', {'item': 'ldap_search_base',
'value': ldap_search_base}
)
except ldap.LDAPError as e:
arg = {'username': username, 'code': str(e)}
raise OperationFailed('WOKAUTH0001E', arg)
def new_ws_proxy():
try:
os.makedirs(WS_TOKENS_DIR, mode=0755)
except OSError as e:
if e.errno == errno.EEXIST:
pass
cert = config.get('server', 'ssl_cert')
key = config.get('server', 'ssl_key')
if not (cert and key):
cert = '%s/wok-cert.pem' % paths.conf_dir
key = '%s/wok-key.pem' % paths.conf_dir
params = {'listen_host': '127.0.0.1',
'listen_port': config.get('server', 'websockets_port'),
'target_cfg': WS_TOKENS_DIR,
'ssl_only': False}
def start_proxy():
server = WebSocketProxy(**params)
server.start_server()
proc = Process(target=start_proxy)
proc.start()
return proc
def lookup(self, *ident):
report_tool = DebugReportsModel.get_system_report_tool()
try:
SoftwareUpdate()
except Exception:
update_tool = False
else:
update_tool = True
try:
repo = Repositories()
except Exception:
repo_mngt_tool = None
else:
repo_mngt_tool = repo._pkg_mnger.TYPE
return {'libvirt_stream_protocols': self.libvirt_stream_protocols,
'qemu_spice': self._qemu_support_spice(),
'qemu_stream': self.qemu_stream,
'screenshot': VMScreenshot.get_stream_test_result(),
'system_report_tool': bool(report_tool),
'update_tool': update_tool,
'repo_mngt_tool': repo_mngt_tool,
'federation': kconfig.get("server", "federation"),
'auth': kconfig.get("authentication", "method"),
'kernel_vfio': self.kernel_vfio,
'nm_running': FeatureTests.is_nm_running(),
'mem_hotplug_support': self.mem_hotplug_support
}
def lookup(self, name):
return {
'ssl_port': config.get('server', 'ssl_port'),
'websockets_port': config.get('server', 'websockets_port'),
'auth': config.get('authentication', 'method'),
'version': get_version()
}
def new_ws_proxy():
try:
os.makedirs(WS_TOKENS_DIR, mode=0755)
except OSError as e:
if e.errno == errno.EEXIST:
pass
cert = config.get('server', 'ssl_cert')
key = config.get('server', 'ssl_key')
if not (cert and key):
cert = '%s/wok-cert.pem' % paths.conf_dir
key = '%s/wok-key.pem' % paths.conf_dir
params = {
'listen_host': '127.0.0.1',
'listen_port': config.get('server', 'websockets_port'),
'ssl_only': False
}
# old websockify: do not use TokenFile
if not tokenFile:
params['target_cfg'] = WS_TOKENS_DIR
# websockify 0.7 and higher: use TokenFile
else:
params['token_plugin'] = TokenFile(src=WS_TOKENS_DIR)
def start_proxy():
server = WebSocketProxy(**params)
server.start_server()
proc = Process(target=start_proxy)
proc.start()
return proc
def authenticate(username, password):
ldap_server = config.get("authentication", "ldap_server").strip('"')
ldap_search_base = config.get(
"authentication", "ldap_search_base").strip('"')
ldap_search_filter = config.get(
"authentication", "ldap_search_filter",
vars={"username": username.encode("utf-8")}).strip('"')
connect = ldap.open(ldap_server)
try:
result = connect.search_s(
ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter)
if len(result) == 0:
entity = ldap_search_filter % {'username': username}
raise ldap.LDAPError("Invalid ldap entity:%s" % entity)
connect.bind_s(result[0][0], password)
connect.unbind_s()
return True
except ldap.INVALID_CREDENTIALS:
# invalid user password
raise OperationFailed("WOKAUTH0002E")
except ldap.NO_SUCH_OBJECT:
# ldap search base specified wrongly.
raise OperationFailed("WOKAUTH0005E", {"item": 'ldap_search_base',
"value": ldap_search_base})
except ldap.LDAPError, e:
arg = {"username": username, "code": e.message}
raise OperationFailed("WOKAUTH0001E", arg)
def new_ws_proxy():
try:
os.makedirs(WS_TOKENS_DIR, mode=0755)
except OSError as e:
if e.errno == errno.EEXIST:
pass
cert = config.get('server', 'ssl_cert')
key = config.get('server', 'ssl_key')
if not (cert and key):
cert = '%s/wok-cert.pem' % paths.conf_dir
key = '%s/wok-key.pem' % paths.conf_dir
params = {'web': os.path.join(paths.ui_dir, 'pages/websockify'),
'listen_port': config.get('display', 'display_proxy_port'),
'target_cfg': WS_TOKENS_DIR,
'key': key, 'cert': cert, 'ssl_only': True}
def start_proxy():
server = WebSocketProxy(**params)
server.start_server()
proc = Process(target=start_proxy)
proc.start()
return proc
def lookup(self, *ident):
return {'libvirt_stream_protocols': self.libvirt_stream_protocols,
'qemu_spice': self._qemu_support_spice(),
'qemu_stream': self.qemu_stream,
'screenshot': VMScreenshot.get_stream_test_result(),
'federation': kconfig.get("server", "federation"),
'auth': kconfig.get("authentication", "method"),
'kernel_vfio': self.kernel_vfio,
'nm_running': FeatureTests.is_nm_running(),
'mem_hotplug_support': self.mem_hotplug_support
}
def lookup(self, *ident):
return {
'libvirt_stream_protocols': self.libvirt_stream_protocols,
'qemu_spice': self._qemu_support_spice(),
'qemu_stream': self.qemu_stream,
'screenshot': VMScreenshot.get_stream_test_result(),
'federation': kconfig.get("server", "federation"),
'auth': kconfig.get("authentication", "method"),
'kernel_vfio': self.kernel_vfio,
'nm_running': FeatureTests.is_nm_running(),
'mem_hotplug_support': self.mem_hotplug_support
}
def __init__(self, **kargs):
# check federation feature is enabled on Kimchi server
if not config.get("kimchi", {}).get("federation", False):
return
# register server on openslp
hostname = socket.getfqdn(wok_config.get("server", "host"))
port = wok_config.get("server", "ssl_port")
self.url = hostname + ":" + port
cmd = ["slptool", "register", "service:wokd://%s" % self.url]
out, error, ret = run_command(cmd)
if out and len(out) != 0:
wok_log.error("Unable to register server on openSLP." " Details: %s" % out)
cherrypy.engine.subscribe("exit", self._peer_deregister)
def get_roles(self):
admin_ids = config.get("authentication",
"ldap_admin_id").strip('"').split(',')
for admin_id in admin_ids:
if self.user[USER_NAME] == admin_id.strip():
self.user[USER_ROLES] = dict.fromkeys(tabs, 'admin')
return self.user[USER_ROLES]
def __init__(self, **kargs):
# check federation feature is enabled on Wok server
if not config.get('server', 'federation') == 'on':
return
# register server on openslp
hostname = socket.getfqdn()
port = config.get("server", "proxy_port")
self.url = hostname + ":" + port
cmd = ["slptool", "register", "service:wokd://%s" % self.url]
out, error, ret = run_command(cmd)
if out and len(out) != 0:
wok_log.error("Unable to register server on openSLP."
" Details: %s" % out)
cherrypy.engine.subscribe('exit', self._peer_deregister)
def get_roles(self):
admin_ids = config.get(
"authentication", "ldap_admin_id").strip('"').split(',')
for admin_id in admin_ids:
if self.user[USER_NAME] == admin_id.strip():
self.user[USER_ROLES] = dict.fromkeys(tabs, 'admin')
return self.user[USER_ROLES]
def new_ws_proxy():
try:
os.makedirs(WS_TOKENS_DIR, mode=0755)
except OSError as e:
if e.errno == errno.EEXIST:
pass
params = {'listen_host': '127.0.0.1',
'listen_port': config.get('server', 'websockets_port'),
'ssl_only': False}
# old websockify: do not use TokenFile
if not tokenFile:
params['target_cfg'] = WS_TOKENS_DIR
# websockify 0.7 and higher: use TokenFile
else:
params['token_plugin'] = TokenFile(src=WS_TOKENS_DIR)
def start_proxy():
try:
server = WebSocketProxy(RequestHandlerClass=CustomHandler,
**params)
except TypeError:
server = CustomHandler(**params)
server.start_server()
proc = Process(target=start_proxy)
proc.start()
return proc
def _get_role(self):
admin_ids = config.get(
"authentication", "ldap_admin_id").strip('"').split(',')
for admin_id in admin_ids:
if self.name == admin_id.strip():
return 'admin'
return 'user'
def new_ws_proxy():
try:
os.makedirs(WS_TOKENS_DIR, mode=0o755)
except OSError as e:
if e.errno == errno.EEXIST:
pass
params = {
'listen_host': '127.0.0.1',
'listen_port': config.get('server', 'websockets_port'),
'ssl_only': False,
}
# old websockify: do not use TokenFile
if not tokenFile:
params['target_cfg'] = WS_TOKENS_DIR
# websockify 0.7 and higher: use TokenFile
else:
params['token_plugin'] = TokenFile(src=WS_TOKENS_DIR)
def start_proxy():
try:
server = WebSocketProxy(RequestHandlerClass=CustomHandler,
**params)
except TypeError:
server = CustomHandler(**params)
server.start_server()
proc = Process(target=start_proxy)
proc.start()
return proc
def __init__(self, **kargs):
# check federation feature is enabled on Wok server
if not config.get('server', 'federation') == 'on':
return
# register server on openslp
hostname = socket.getfqdn()
port = config.get('server', 'proxy_port')
self.url = hostname + ':' + port
cmd = ['slptool', 'register', f'service:wokd://{self.url}']
out, error, ret = run_command(cmd)
if out and len(out) != 0:
wok_log.error(
f'Unable to register server on openSLP. ' f'Details: {out}')
cherrypy.engine.subscribe('exit', self._peer_deregister)
def login(username, password, **kwargs):
auth_args = {
'auth_type': config.get('authentication', 'method'),
'username': username,
'password': password,
}
user = User.get(auth_args)
if not user:
debug('User cannot be verified with the supplied password')
return None
debug('User verified, establishing session')
cherrypy.session.acquire_lock()
cherrypy.session.regenerate()
cherrypy.session[USER_NAME] = username
cherrypy.session[USER_GROUPS] = user.groups
cherrypy.session[USER_ROLE] = user.role
cherrypy.session[template.REFRESH] = time.time()
cherrypy.session.release_lock()
return {
USER_NAME: user.name,
USER_GROUPS: user.groups,
USER_ROLE: user.role
}
def _get_role(self):
admin_ids = config.get(
"authentication", "ldap_admin_id").strip('"').split(',')
for admin_id in admin_ids:
if self.name == admin_id.strip():
return 'admin'
return 'user'
def check_auth_session():
"""
A user is considered authenticated if we have an established session open
for the user.
"""
cherrypy.session.acquire_lock()
session = cherrypy.session.get(USER_NAME, None)
cherrypy.session.release_lock()
if session is not None:
debug(f'Session authenticated for user {session}')
wokRobot = cherrypy.request.headers.get('Wok-Robot')
if wokRobot == 'wok-robot':
if (
time.time() - cherrypy.session[template.REFRESH]
> int(config.get('server', 'session_timeout')) * 60
):
cherrypy.session[USER_NAME] = None
cherrypy.lib.sessions.expire()
raise cherrypy.HTTPError(401, 'sessionTimeout')
else:
cherrypy.session[template.REFRESH] = time.time()
return True
debug('Session not found')
return False
def _get_user(self, _user_id):
ldap_server = config.get('authentication', 'ldap_server').strip('"')
ldap_search_base = config.get(
'authentication', 'ldap_search_base').strip('"')
ldap_search_filter = config.get(
'authentication', 'ldap_search_filter',
vars={'username': _user_id.encode('utf-8')}).strip('"')
connect = ldap.open(ldap_server)
try:
result = connect.search_s(
ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter)
if len(result) == 0:
raise NotFoundError('KCHAUTH0004E', {'user_id': _user_id})
return result[0][1]
except ldap.NO_SUCH_OBJECT:
raise NotFoundError('KCHAUTH0004E', {'user_id': _user_id})
def _get_user(self, _user_id):
ldap_server = config.get("authentication", "ldap_server").strip('"')
ldap_search_base = config.get(
"authentication", "ldap_search_base").strip('"')
ldap_search_filter = config.get(
"authentication", "ldap_search_filter",
vars={"username": _user_id.encode("utf-8")}).strip('"')
connect = ldap.open(ldap_server)
try:
result = connect.search_s(
ldap_search_base, ldap.SCOPE_SUBTREE, ldap_search_filter)
if len(result) == 0:
raise NotFoundError("KCHAUTH0004E", {'user_id': _user_id})
return result[0][1]
except ldap.NO_SUCH_OBJECT:
raise NotFoundError("KCHAUTH0004E", {'user_id': _user_id})
def _listen(self, guest, console):
"""Accepts client connections.
Each connection is directly linked to the desired guest console. Thus
any data received from the client can be send to the guest console as
well as any response from the guest console can be send back to the
client console.
"""
client, client_addr = self._socket.accept()
session_timeout = wok_config.get('server', 'session_timeout')
client.settimeout(int(session_timeout) * 60)
wok_log.info('[%s] Client connected to %s', self.name,
self._guest_name)
# register the callback to receive any data from the console
console.eventAddCallback(libvirt.VIR_STREAM_EVENT_READABLE,
self._send_to_client, client)
# start the libvirt event loop in a python thread
libvirt_loop = threading.Thread(target=self.libvirt_event_loop,
args=(guest, client))
libvirt_loop.start()
while True:
data = ''
try:
data = client.recv(1024)
except Exception as e:
wok_log.info(
'[%s] Client disconnected from %s: %s',
self.name,
self._guest_name,
str(e),
)
break
if not data or data == CTRL_Q:
break
# if the console can no longer be accessed, close everything
# and quits
try:
console.send(data)
except Exception:
wok_log.info('[%s] Console of %s is not accessible', self.name,
self._guest_name)
break
# clear used resources when the connection is closed and, if possible,
# tell the client the connection was lost.
try:
client.send(b'\\r\\n\\r\\nClient disconnected\\r\\n')
except Exception:
pass
def _listen(self, guest, console):
"""Accepts client connections.
Each connection is directly linked to the desired guest console. Thus
any data received from the client can be send to the guest console as
well as any response from the guest console can be send back to the
client console.
"""
client, client_addr = self._socket.accept()
session_timeout = wok_config.get('server', 'session_timeout')
client.settimeout(int(session_timeout) * 60)
wok_log.info('[%s] Client connected to %s', self.name,
self._guest_name)
# register the callback to receive any data from the console
console.eventAddCallback(libvirt.VIR_STREAM_EVENT_READABLE,
self._send_to_client,
client)
# start the libvirt event loop in a python thread
libvirt_loop = threading.Thread(target=self.libvirt_event_loop,
args=(guest, client))
libvirt_loop.start()
while True:
data = ''
try:
data = client.recv(1024)
except Exception as e:
wok_log.info('[%s] Client disconnected from %s: %s',
self.name, self._guest_name, e.message)
break
if not data or data == CTRL_Q:
break
# if the console can no longer be accessed, close everything
# and quits
try:
console.send(data)
except:
wok_log.info('[%s] Console of %s is not accessible',
self.name, self._guest_name)
break
# clear used resources when the connection is closed and, if possible,
# tell the client the connection was lost.
try:
client.send('\r\n\r\nClient disconnected\r\n')
except:
pass
def _get_user(self, _user_id):
ldap_server = config.get("authentication", "ldap_server").strip('"')
ldap_search_base = config.get("authentication",
"ldap_search_base").strip('"')
ldap_search_filter = config.get("authentication",
"ldap_search_filter",
vars={
"username":
_user_id.encode("utf-8")
}).strip('"')
connect = ldap.open(ldap_server)
try:
result = connect.search_s(ldap_search_base, ldap.SCOPE_SUBTREE,
ldap_search_filter)
if len(result) == 0:
raise NotFoundError("KCHAUTH0004E", {'user_id': _user_id})
return result[0][1]
except ldap.NO_SUCH_OBJECT:
raise NotFoundError("KCHAUTH0004E", {'user_id': _user_id})
def _check_default_pools(self):
pools = {}
default_pool = tmpl_defaults["storagepool"]
default_pool = default_pool.split("/")[-1]
pools[default_pool] = {}
if default_pool == "default":
pools[default_pool] = {"path": "/var/lib/libvirt/images"}
if config.get("server", "create_iso_pool") == "true":
pools["ISO"] = {"path": "/var/lib/kimchi/isos"}
error_msg = (
"Please, check the configuration in %s/template.conf to "
"ensure it has a valid storage pool." % PluginPaths("kimchi").conf_dir
)
conn = self.conn.get()
for pool_name in pools:
try:
pool = conn.storagePoolLookupByName(pool_name)
except libvirt.libvirtError, e:
pool_path = pools[pool_name].get("path")
if pool_path is None:
msg = "Fatal: Unable to find storage pool %s. " + error_msg
wok_log.error(msg % pool_name)
wok_log.error("Details: %s", e.message)
sys.exit(1)
# Try to create the pool
pool = E.pool(E.name(pool_name), type="dir")
pool.append(E.target(E.path(pool_path)))
xml = ET.tostring(pool)
try:
pool = conn.storagePoolDefineXML(xml, 0)
except libvirt.libvirtError, e:
msg = "Fatal: Unable to create storage pool %s. "
msg += error_msg
wok_log.error(msg % pool_name)
wok_log.error("Details: %s", e.message)
sys.exit(1)
# Build and set autostart value to pool
# Ignore error as the pool was already successfully created
try:
# Add build step to make sure target directory created
# The build process may fail when the pool directory
# already exists on system
pool.build(libvirt.VIR_STORAGE_POOL_BUILD_NEW)
pool.setAutostart(1)
except:
pass
def _check_default_pools(self):
pools = {}
default_pool = tmpl_defaults['storagepool']
default_pool = default_pool.split('/')[-1]
pools[default_pool] = {}
if default_pool == 'default':
pools[default_pool] = {'path': '/var/lib/libvirt/images'}
if config.get("server", "create_iso_pool") == "true":
pools['ISO'] = {'path': '/var/lib/kimchi/isos'}
error_msg = ("Please, check the configuration in %s/template.conf to "
"ensure it has a valid storage pool." %
PluginPaths('kimchi').conf_dir)
conn = self.conn.get()
for pool_name in pools:
try:
pool = conn.storagePoolLookupByName(pool_name)
except libvirt.libvirtError, e:
pool_path = pools[pool_name].get('path')
if pool_path is None:
msg = "Fatal: Unable to find storage pool %s. " + error_msg
wok_log.error(msg % pool_name)
wok_log.error("Details: %s", e.message)
sys.exit(1)
# Try to create the pool
pool = E.pool(E.name(pool_name), type='dir')
pool.append(E.target(E.path(pool_path)))
xml = ET.tostring(pool)
try:
pool = conn.storagePoolDefineXML(xml, 0)
except libvirt.libvirtError, e:
msg = "Fatal: Unable to create storage pool %s. "
msg += error_msg
wok_log.error(msg % pool_name)
wok_log.error("Details: %s", e.message)
sys.exit(1)
# Build and set autostart value to pool
# Ignore error as the pool was already successfully created
try:
# Add build step to make sure target directory created
# The build process may fail when the pool directory
# already exists on system
pool.build(libvirt.VIR_STORAGE_POOL_BUILD_NEW)
pool.setAutostart(1)
except:
pass
def __init__(self):
log = os.path.join(config.get("logging", "log_dir"), REQUEST_LOG_FILE)
h = logging.handlers.WatchedFileHandler(log, 'a')
h.setFormatter(logging.Formatter('%(message)s'))
self.handler = h
self.logger = logging.getLogger(WOK_REQUEST_LOGGER)
self.logger.setLevel(logging.INFO)
self.logger.addHandler(self.handler)
# start request log's downloadable temporary files removal task
interval = LOG_DOWNLOAD_TIMEOUT * SECONDS_PER_HOUR
self.clean_task = BackgroundTask(interval, self.cleanLogFiles)
self.clean_task.start()
def __init__(self):
log = os.path.join(config.get("logging", "log_dir"), REQUEST_LOG_FILE)
h = logging.handlers.WatchedFileHandler(log, 'a')
h.setFormatter(logging.Formatter('%(message)s'))
self.handler = h
self.logger = logging.getLogger(WOK_REQUEST_LOGGER)
self.logger.setLevel(logging.INFO)
self.logger.addHandler(self.handler)
# start request log's downloadable temporary files removal task
interval = LOG_DOWNLOAD_TIMEOUT * SECONDS_PER_HOUR
self.clean_task = BackgroundTask(interval, self.cleanLogFiles)
self.clean_task.start()
def get_list(self):
# check federation feature is enabled on Wok server
if not config.get('server', 'federation') == 'on':
return []
cmd = ["slptool", "findsrvs", "service:wokd"]
out, error, ret = run_command(cmd)
if ret != 0:
return []
peers = []
for server in out.strip().split("\n"):
match = re.match("service:wokd://(.*?),.*", server)
peer = match.group(1)
if peer != self.url:
peers.append("https://" + peer)
return peers
def get_list(self):
# check federation feature is enabled on Kimchi server
if config.get("server", "federation") == "off":
return []
cmd = ["slptool", "findsrvs", "service:wokd"]
out, error, ret = run_command(cmd)
if ret != 0:
return []
peers = []
for server in out.strip().split("\n"):
match = re.match("service:wokd://(.*?),.*", server)
peer = match.group(1)
if peer != self.url:
peers.append("https://" + peer)
return peers
def login(username, password, **kwargs):
auth_args = {'auth_type': config.get("authentication", "method"),
'username': username,
'password': password}
user = User.get(auth_args)
if not user:
debug("User cannot be verified with the supplied password")
return None
debug("User verified, establishing session")
cherrypy.session.acquire_lock()
cherrypy.session.regenerate()
cherrypy.session[USER_NAME] = username
cherrypy.session[USER_GROUPS] = user.get_groups()
cherrypy.session[USER_ROLES] = user.get_roles()
cherrypy.session[REFRESH] = time.time()
cherrypy.session.release_lock()
return user.get_user()
def login(username, password, **kwargs):
auth_args = {'auth_type': config.get("authentication", "method"),
'username': username,
'password': password}
user = User.get(auth_args)
if not user:
debug("User cannot be verified with the supplied password")
return None
debug("User verified, establishing session")
cherrypy.session.acquire_lock()
cherrypy.session.regenerate()
cherrypy.session[USER_NAME] = username
cherrypy.session[USER_GROUPS] = user.get_groups()
cherrypy.session[USER_ROLES] = user.get_roles()
cherrypy.session[REFRESH] = time.time()
cherrypy.session.release_lock()
return user.get_user()
def login(username, password, **kwargs):
auth_args = {'auth_type': config.get("authentication", "method"),
'username': username.encode('utf-8'),
'password': password.encode('utf-8')}
user = User.get(auth_args)
if not user:
debug("User cannot be verified with the supplied password")
return None
debug("User verified, establishing session")
cherrypy.session.acquire_lock()
cherrypy.session.regenerate()
cherrypy.session[USER_NAME] = username
cherrypy.session[USER_GROUPS] = user.groups
cherrypy.session[USER_ROLE] = user.role
cherrypy.session[template.REFRESH] = time.time()
cherrypy.session.release_lock()
return {USER_NAME: user.name, USER_GROUPS: user.groups,
USER_ROLE: user.role}
def lookup(self, *ident):
report_tool = DebugReportsModel.get_system_report_tool()
try:
SoftwareUpdate()
except Exception:
update_tool = False
else:
update_tool = True
try:
repo = Repositories()
except Exception:
repo_mngt_tool = None
else:
repo_mngt_tool = repo._pkg_mnger.TYPE
return {'system_report_tool': bool(report_tool),
'update_tool': update_tool,
'repo_mngt_tool': repo_mngt_tool,
'federation': kconfig.get("server", "federation")
}
def lookup(self, *ident):
report_tool = DebugReportsModel.get_system_report_tool()
try:
SoftwareUpdate()
except Exception:
update_tool = False
else:
update_tool = True
try:
repo = Repositories()
except Exception:
repo_mngt_tool = None
else:
repo_mngt_tool = repo._pkg_mnger.TYPE
return {'system_report_tool': bool(report_tool),
'update_tool': update_tool,
'repo_mngt_tool': repo_mngt_tool,
'federation': kconfig.get("server", "federation")
}
def check_auth_session():
"""
A user is considered authenticated if we have an established session open
for the user.
"""
cherrypy.session.acquire_lock()
session = cherrypy.session.get(USER_NAME, None)
cherrypy.session.release_lock()
if session is not None:
debug("Session authenticated for user %s" % session)
wokRobot = cherrypy.request.headers.get('Wok-Robot')
if wokRobot == "wok-robot":
if (time.time() - cherrypy.session[REFRESH] >
int(config.get('server', 'session_timeout')) * 60):
cherrypy.session[USER_NAME] = None
cherrypy.lib.sessions.expire()
raise cherrypy.HTTPError(401, "sessionTimeout")
else:
cherrypy.session[REFRESH] = time.time()
return True
debug("Session not found")
return False
def __init__(self, options):
# Check proxy configuration
check_proxy_config()
make_dirs = [
os.path.abspath(config.get_log_download_path()),
os.path.abspath(configParser.get("logging", "log_dir")),
os.path.dirname(os.path.abspath(options.access_log)),
os.path.dirname(os.path.abspath(options.error_log)),
os.path.dirname(os.path.abspath(config.get_object_store()))
]
for directory in make_dirs:
if not os.path.isdir(directory):
os.makedirs(directory)
self.configObj = WokConfig()
# We'll use the session timeout (= 10 minutes) and the
# nginx timeout (= 10 minutes). This monitor isn't involved
# in anything other than monitor the timeout of the connection,
# thus it is safe to unsubscribe.
cherrypy.engine.timeout_monitor.unsubscribe()
cherrypy.tools.nocache = cherrypy.Tool('on_end_resource', set_no_cache)
cherrypy.tools.wokauth = cherrypy.Tool('before_handler', auth.wokauth)
# Setting host to 127.0.0.1. This makes wok run
# as a localhost app, inaccessible to the outside
# directly. You must go through the proxy.
cherrypy.server.socket_host = '127.0.0.1'
cherrypy.server.socket_port = options.cherrypy_port
max_body_size_in_bytes = eval(options.max_body_size) * 1024
cherrypy.server.max_request_body_size = max_body_size_in_bytes
cherrypy.log.access_file = options.access_log
cherrypy.log.error_file = options.error_log
logLevel = LOGGING_LEVEL.get(options.log_level, logging.DEBUG)
dev_env = options.environment != 'production'
# Enable cherrypy screen logging if running environment
# is not 'production'
if dev_env:
cherrypy.log.screen = True
# close standard file handlers because we are going to use a
# watchedfiled handler, otherwise we will have two file handlers
# pointing to the same file, duplicating log enries
for handler in cherrypy.log.access_log.handlers[:]:
if isinstance(handler, logging.FileHandler):
cherrypy.log.access_log.removeHandler(handler)
for handler in cherrypy.log.error_log.handlers[:]:
if isinstance(handler, logging.FileHandler):
cherrypy.log.error_log.removeHandler(handler)
# Create handler to access log file
h = logging.handlers.WatchedFileHandler(options.access_log, 'a',
delay=1)
h.setLevel(logLevel)
h.setFormatter(cherrypy._cplogging.logfmt)
# Add access log file to cherrypy configuration
cherrypy.log.access_log.addHandler(h)
# Create handler to error log file
h = SafeWatchedFileHandler(options.error_log, 'a', delay=1)
h.setLevel(logLevel)
h.setFormatter(cherrypy._cplogging.logfmt)
# Add error log file to cherrypy configuration
cherrypy.log.error_log.addHandler(h)
# start request logger
self.reqLogger = RequestLogger()
# Handling running mode
if not dev_env:
cherrypy.config.update({'environment': 'production'})
if hasattr(options, 'model'):
model_instance = options.model
else:
model_instance = model.Model()
for ident, node in sub_nodes.items():
if node.url_auth:
cfg = self.configObj
ident = "/%s" % ident
cfg[ident] = {'tools.wokauth.on': True}
self.app = cherrypy.tree.mount(WokRoot(model_instance, dev_env),
options.server_root, self.configObj)
self._load_plugins(options)
cherrypy.lib.sessions.init()
def __init__(self, options):
# Launch reverse proxy
start_proxy(options)
make_dirs = [
os.path.abspath(config.get_log_download_path()),
os.path.abspath(configParser.get("logging", "log_dir")),
os.path.dirname(os.path.abspath(options.access_log)),
os.path.dirname(os.path.abspath(options.error_log)),
os.path.dirname(os.path.abspath(config.get_object_store())),
]
for directory in make_dirs:
if not os.path.isdir(directory):
os.makedirs(directory)
self.configObj = WokConfig()
# We'll use the session timeout (= 10 minutes) and the
# nginx timeout (= 10 minutes). This monitor isn't involved
# in anything other than monitor the timeout of the connection,
# thus it is safe to unsubscribe.
cherrypy.engine.timeout_monitor.unsubscribe()
cherrypy.tools.nocache = cherrypy.Tool("on_end_resource", set_no_cache)
cherrypy.tools.wokauth = cherrypy.Tool("before_handler", auth.wokauth)
# Setting host to 127.0.0.1. This makes wok run
# as a localhost app, inaccessible to the outside
# directly. You must go through the proxy.
cherrypy.server.socket_host = "127.0.0.1"
cherrypy.server.socket_port = options.cherrypy_port
max_body_size_in_bytes = eval(options.max_body_size) * 1024
cherrypy.server.max_request_body_size = max_body_size_in_bytes
cherrypy.log.access_file = options.access_log
cherrypy.log.error_file = options.error_log
logLevel = LOGGING_LEVEL.get(options.log_level, logging.DEBUG)
dev_env = options.environment != "production"
# Enable cherrypy screen logging if running environment
# is not 'production'
if dev_env:
cherrypy.log.screen = True
# close standard file handlers because we are going to use a
# watchedfiled handler, otherwise we will have two file handlers
# pointing to the same file, duplicating log enries
for handler in cherrypy.log.access_log.handlers[:]:
if isinstance(handler, logging.FileHandler):
cherrypy.log.access_log.removeHandler(handler)
for handler in cherrypy.log.error_log.handlers[:]:
if isinstance(handler, logging.FileHandler):
cherrypy.log.error_log.removeHandler(handler)
# Create handler to access log file
h = logging.handlers.WatchedFileHandler(options.access_log, "a", delay=1)
h.setLevel(logLevel)
h.setFormatter(cherrypy._cplogging.logfmt)
# Add access log file to cherrypy configuration
cherrypy.log.access_log.addHandler(h)
# Create handler to error log file
h = SafeWatchedFileHandler(options.error_log, "a", delay=1)
h.setLevel(logLevel)
h.setFormatter(cherrypy._cplogging.logfmt)
# Add error log file to cherrypy configuration
cherrypy.log.error_log.addHandler(h)
# start request logger
self.reqLogger = RequestLogger()
# only add logrotate if wok is installed
if paths.installed:
# redefine logrotate configuration according to wok.conf
logrotate_file = os.path.join(paths.logrotate_dir, "wokd.in")
with open(logrotate_file) as template:
data = template.read()
data = Template(data)
data = data.safe_substitute(log_dir=configParser.get("logging", "log_dir"))
# Write file to be used for nginx.
config_file = open(os.path.join(paths.logrotate_dir, "wokd"), "w")
config_file.write(data)
config_file.close()
# Handling running mode
if not dev_env:
cherrypy.config.update({"environment": "production"})
if hasattr(options, "model"):
model_instance = options.model
else:
model_instance = model.Model()
for ident, node in sub_nodes.items():
if node.url_auth:
cfg = self.configObj
ident = "/%s" % ident
cfg[ident] = {"tools.wokauth.on": True}
self.app = cherrypy.tree.mount(WokRoot(model_instance, dev_env), config=self.configObj)
self._load_plugins(options)
# Terminate proxy when cherrypy server is terminated
cherrypy.engine.subscribe("exit", terminate_proxy)
cherrypy.lib.sessions.init()
def _get_request_host():
host = cherrypy.request.headers.get('Host')
if not host:
host = wok_config.get("server", "host")
host = host.split(':')[0]
return host
def __init__(self, **args):
auth_type = config.get('authentication', 'method')
for klass in UsersModel.__subclasses__():
if auth_type == klass.auth_type:
self.user = klass(**args)
def lookup(self, name):
proxy_port = kconfig.get('display', 'display_proxy_port')
return {'display_proxy_port': proxy_port,
'version': get_version()}
def __init__(self, **args):
auth_type = config.get("authentication", "method")
for klass in GroupsModel.__subclasses__():
if auth_type == klass.auth_type:
self.grp = klass(**args)
def __init__(self, options):
# Launch reverse proxy
start_proxy(options)
make_dirs = [
os.path.abspath(config.get_log_download_path()),
os.path.abspath(configParser.get("logging", "log_dir")),
os.path.dirname(os.path.abspath(options.access_log)),
os.path.dirname(os.path.abspath(options.error_log)),
os.path.dirname(os.path.abspath(config.get_object_store()))
]
for directory in make_dirs:
if not os.path.isdir(directory):
os.makedirs(directory)
self.configObj = WokConfig()
# We'll use the session timeout (= 10 minutes) and the
# nginx timeout (= 10 minutes). This monitor isn't involved
# in anything other than monitor the timeout of the connection,
# thus it is safe to unsubscribe.
cherrypy.engine.timeout_monitor.unsubscribe()
cherrypy.tools.nocache = cherrypy.Tool('on_end_resource', set_no_cache)
cherrypy.tools.wokauth = cherrypy.Tool('before_handler', auth.wokauth)
# Setting host to 127.0.0.1. This makes wok run
# as a localhost app, inaccessible to the outside
# directly. You must go through the proxy.
cherrypy.server.socket_host = '127.0.0.1'
cherrypy.server.socket_port = options.cherrypy_port
max_body_size_in_bytes = eval(options.max_body_size) * 1024
cherrypy.server.max_request_body_size = max_body_size_in_bytes
cherrypy.log.access_file = options.access_log
cherrypy.log.error_file = options.error_log
logLevel = LOGGING_LEVEL.get(options.log_level, logging.DEBUG)
dev_env = options.environment != 'production'
# Enable cherrypy screen logging if running environment
# is not 'production'
if dev_env:
cherrypy.log.screen = True
# close standard file handlers because we are going to use a
# watchedfiled handler, otherwise we will have two file handlers
# pointing to the same file, duplicating log enries
for handler in cherrypy.log.access_log.handlers[:]:
if isinstance(handler, logging.FileHandler):
cherrypy.log.access_log.removeHandler(handler)
for handler in cherrypy.log.error_log.handlers[:]:
if isinstance(handler, logging.FileHandler):
cherrypy.log.error_log.removeHandler(handler)
# Create handler to access log file
h = logging.handlers.WatchedFileHandler(options.access_log, 'a',
delay=1)
h.setLevel(logLevel)
h.setFormatter(cherrypy._cplogging.logfmt)
# Add access log file to cherrypy configuration
cherrypy.log.access_log.addHandler(h)
# Create handler to error log file
h = SafeWatchedFileHandler(options.error_log, 'a', delay=1)
h.setLevel(logLevel)
h.setFormatter(cherrypy._cplogging.logfmt)
# Add error log file to cherrypy configuration
cherrypy.log.error_log.addHandler(h)
# start request logger
self.reqLogger = RequestLogger()
# only add logrotate if wok is installed
if paths.installed:
# redefine logrotate configuration according to wok.conf
data = Template(LOGROTATE_TEMPLATE)
data = data.safe_substitute(
log_dir=configParser.get("logging", "log_dir"),
log_size=configParser.get("logging", "log_size")
)
# Write file to be used for nginx.
config_file = open(os.path.join(paths.logrotate_dir, "wokd"), "w")
config_file.write(data)
config_file.close()
# Handling running mode
if not dev_env:
cherrypy.config.update({'environment': 'production'})
if hasattr(options, 'model'):
model_instance = options.model
else:
model_instance = model.Model()
for ident, node in sub_nodes.items():
if node.url_auth:
cfg = self.configObj
ident = "/%s" % ident
cfg[ident] = {'tools.wokauth.on': True}
self.app = cherrypy.tree.mount(WokRoot(model_instance, dev_env),
config=self.configObj)
self._load_plugins(options)
# Terminate proxy when cherrypy server is terminated
cherrypy.engine.subscribe('exit', terminate_proxy)
cherrypy.lib.sessions.init()
def lookup(self, name):
proxy_port = kconfig.get('display', 'display_proxy_port')
return {'display_proxy_port': proxy_port, 'version': get_version()}
def lookup(self, name):
return {'ssl_port': config.get('server', 'ssl_port'),
'websockets_port': config.get('server', 'websockets_port'),
'auth': config.get('authentication', 'method'),
'version': get_version()}
def __init__(self, options):
# Update config.config with the command line values
# So the whole application will have access to accurate values
for sec in config.config.sections():
for item in config.config.options(sec):
if hasattr(options, item):
config.config.set(sec, item, str(getattr(options, item)))
# Check proxy configuration
if not hasattr(options, 'no_proxy') or not options.no_proxy:
check_proxy_config()
make_dirs = [
os.path.abspath(config.get_log_download_path()),
os.path.abspath(configParser.get("logging", "log_dir")),
os.path.dirname(os.path.abspath(options.access_log)),
os.path.dirname(os.path.abspath(options.error_log)),
os.path.dirname(os.path.abspath(config.get_object_store())),
os.path.abspath(config.get_wstokens_dir())
]
for directory in make_dirs:
if not os.path.isdir(directory):
os.makedirs(directory)
self.configObj = WokConfig()
# We'll use the session timeout (= 10 minutes) and the
# nginx timeout (= 10 minutes). This monitor isn't involved
# in anything other than monitor the timeout of the connection,
# thus it is safe to unsubscribe.
cherrypy.engine.timeout_monitor.unsubscribe()
cherrypy.tools.nocache = cherrypy.Tool('on_end_resource', set_no_cache)
cherrypy.tools.wokauth = cherrypy.Tool('before_handler', auth.wokauth)
# Setting host to 127.0.0.1. This makes wok run
# as a localhost app, inaccessible to the outside
# directly. You must go through the proxy.
cherrypy.server.socket_host = '127.0.0.1'
cherrypy.server.socket_port = options.cherrypy_port
max_body_size_in_bytes = eval(options.max_body_size) * 1024
cherrypy.server.max_request_body_size = max_body_size_in_bytes
cherrypy.log.access_file = options.access_log
cherrypy.log.error_file = options.error_log
logLevel = LOGGING_LEVEL.get(options.log_level, logging.INFO)
dev_env = options.environment != 'production'
# Enable cherrypy screen logging if running environment
# is not 'production'
if dev_env:
cherrypy.log.screen = True
# close standard file handlers because we are going to use a
# watchedfiled handler, otherwise we will have two file handlers
# pointing to the same file, duplicating log enries
for handler in cherrypy.log.access_log.handlers[:]:
if isinstance(handler, logging.FileHandler):
cherrypy.log.access_log.removeHandler(handler)
for handler in cherrypy.log.error_log.handlers[:]:
if isinstance(handler, logging.FileHandler):
cherrypy.log.error_log.removeHandler(handler)
# set logLevel
cherrypy.log.access_log.setLevel(logLevel)
cherrypy.log.error_log.setLevel(logLevel)
# Create handler to access log file
h = logging.handlers.WatchedFileHandler(options.access_log,
'a',
delay=1)
h.setLevel(logLevel)
h.setFormatter(cherrypy._cplogging.logfmt)
# Add access log file to cherrypy configuration
cherrypy.log.access_log.addHandler(h)
# Create handler to error log file
h = SafeWatchedFileHandler(options.error_log, 'a', delay=1)
h.setLevel(logLevel)
h.setFormatter(cherrypy._cplogging.logfmt)
# Add error log file to cherrypy configuration
cherrypy.log.error_log.addHandler(h)
# start request logger
self.reqLogger = RequestLogger()
# Handling running mode
if not dev_env:
cherrypy.config.update({'environment': 'production'})
for ident, node in sub_nodes.items():
if node.url_auth:
cfg = self.configObj
ident = "/%s" % ident
cfg[ident] = {'tools.wokauth.on': True}
cherrypy.tree.mount(WokRoot(model.Model(), dev_env),
options.server_root, self.configObj)
self._start_websocket_server()
self._load_plugins()
cherrypy.lib.sessions.init()
def __init__(self, **args):
auth_type = config.get("authentication", "method")
for klass in GroupsModel.__subclasses__():
if auth_type == klass.auth_type:
self.grp = klass(**args)
def _get_request_host():
host = cherrypy.request.headers.get('Host')
if not host:
host = wok_config.get("server", "host")
host = host.split(':')[0]
return host
