Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Justin
slapos
Commits
ae17c3fe
Commit
ae17c3fe
authored
Dec 06, 2022
by
Thomas Gambier
🚴🏼
Browse files
Options
Browse Files
Download
Plain Diff
No websockify
See merge request
!1279
parents
7de0ccad
271dddc6
Changes
15
Show whitespace changes
Inline
Side-by-side
Showing
15 changed files
with
260 additions
and
152 deletions
+260
-152
setup.py
setup.py
+0
-1
slapos/recipe/novnc/__init__.py
slapos/recipe/novnc/__init__.py
+0
-52
software/beremiz-ide/buildout.hash.cfg
software/beremiz-ide/buildout.hash.cfg
+6
-2
software/beremiz-ide/instance-beremiz.cfg.jinja2.in
software/beremiz-ide/instance-beremiz.cfg.jinja2.in
+48
-27
software/beremiz-ide/instance.cfg.in
software/beremiz-ide/instance.cfg.in
+3
-1
software/beremiz-ide/nginx_conf.in
software/beremiz-ide/nginx_conf.in
+59
-0
software/beremiz-ide/software.cfg
software/beremiz-ide/software.cfg
+7
-4
software/caddy-frontend/software.cfg
software/caddy-frontend/software.cfg
+0
-3
software/kvm/buildout.hash.cfg
software/kvm/buildout.hash.cfg
+7
-3
software/kvm/instance-kvm.cfg.jinja2
software/kvm/instance-kvm.cfg.jinja2
+52
-34
software/kvm/instance.cfg.in
software/kvm/instance.cfg.in
+3
-0
software/kvm/software.cfg
software/kvm/software.cfg
+7
-19
software/kvm/template/nginx_conf.in
software/kvm/template/nginx_conf.in
+59
-0
software/kvm/template/template-kvm-run.in
software/kvm/template/template-kvm-run.in
+3
-3
software/kvm/test/test.py
software/kvm/test/test.py
+6
-3
No files found.
setup.py
View file @
ae17c3fe
...
@@ -121,7 +121,6 @@ setup(name=name,
...
@@ -121,7 +121,6 @@ setup(name=name,
'notifier = slapos.recipe.notifier:Recipe'
,
'notifier = slapos.recipe.notifier:Recipe'
,
'notifier.callback = slapos.recipe.notifier:Callback'
,
'notifier.callback = slapos.recipe.notifier:Callback'
,
'notifier.notify = slapos.recipe.notifier:Notify'
,
'notifier.notify = slapos.recipe.notifier:Notify'
,
'novnc = slapos.recipe.novnc:Recipe'
,
'onetimeupload = slapos.recipe.onetimeupload:Recipe'
,
'onetimeupload = slapos.recipe.onetimeupload:Recipe'
,
'pbs = slapos.recipe.pbs:Recipe'
,
'pbs = slapos.recipe.pbs:Recipe'
,
'postgres = slapos.recipe.postgres:Recipe'
,
'postgres = slapos.recipe.postgres:Recipe'
,
...
...
slapos/recipe/novnc/__init__.py
deleted
100644 → 0
View file @
7de0ccad
##############################################################################
#
# Copyright (c) 2011 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from
slapos.recipe.librecipe
import
GenericBaseRecipe
import
binascii
import
os
import
sys
class
Recipe
(
GenericBaseRecipe
):
"""
novnc instance configuration.
"""
def
install
(
self
):
return
self
.
createWrapper
(
self
.
options
[
'path'
],
(
self
.
options
[
'websockify-path'
],
'--web'
,
self
.
options
[
'novnc-location'
],
'--key=%s'
%
self
.
options
[
'ssl-key-path'
],
'--cert=%s'
%
self
.
options
[
'ssl-cert-path'
],
'--ssl-only'
,
'%s:%s'
%
(
self
.
options
[
'ip'
],
self
.
options
[
'port'
]),
'%s:%s'
%
(
self
.
options
[
'vnc-ip'
],
self
.
options
[
'vnc-port'
]),
),
wait_list
=
(
self
.
options
[
'ssl-key-path'
],
self
.
options
[
'ssl-cert-path'
]),
)
software/beremiz-ide/buildout.hash.cfg
View file @
ae17c3fe
...
@@ -15,11 +15,11 @@
...
@@ -15,11 +15,11 @@
[instance]
[instance]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
db7fe97f4c6b84cfadb7b5c68eab517a
md5sum =
e8aae0fe3a8bc3f006b8638ed326bbcb
[template-instance-beremiz]
[template-instance-beremiz]
filename = instance-beremiz.cfg.jinja2.in
filename = instance-beremiz.cfg.jinja2.in
md5sum =
9d59c9392636ab71f37b43fd8008fd10
md5sum =
2b990148e527117bcfb366f8b700c807
[template-instance-beremiz-test]
[template-instance-beremiz-test]
filename = instance-beremiz-test.cfg.jinja2.in
filename = instance-beremiz-test.cfg.jinja2.in
...
@@ -28,3 +28,7 @@ md5sum = a2fa2b9d3a225a1dd71db67bd4fea769
...
@@ -28,3 +28,7 @@ md5sum = a2fa2b9d3a225a1dd71db67bd4fea769
[template-fluxbox-menu.in]
[template-fluxbox-menu.in]
filename = fluxbox-menu.in
filename = fluxbox-menu.in
md5sum = 09560314eae0225b6085f8626f1a603a
md5sum = 09560314eae0225b6085f8626f1a603a
[template-nginx_conf.in]
filename = nginx_conf.in
md5sum = 9ca886120a99befe25ca761ddc54753c
software/beremiz-ide/instance-beremiz.cfg.jinja2.in
View file @
ae17c3fe
...
@@ -27,35 +27,55 @@ stop-on-error = true
...
@@ -27,35 +27,55 @@ stop-on-error = true
cert-file = ${directory:ssl}/beremiz.crt
cert-file = ${directory:ssl}/beremiz.crt
key-file = ${directory:ssl}/beremiz.key
key-file = ${directory:ssl}/beremiz.key
[novnc-instance]
[nginx-tempdir]
recipe = slapos.cookbook:novnc
recipe = slapos.cookbook:mkdirectory
path = ${directory:bin}/novnc
tmp = ${buildout:directory}/tmp
client-body-temp-path = ${:tmp}/client_body_temp_path
proxy-temp-path = ${:tmp}/proxy_temp_path
fastcgi-temp-path = ${:tmp}/fastcgi_temp_path
uwsgi-temp-path = ${:tmp}/uwsgi_temp_path
scgi-temp-path = ${:tmp}/scgi_temp_path
[nginx-launcher]
recipe = slapos.cookbook:wrapper
command-line = {{ nginx_executable }} -c ${nginx-config:output}
wrapper-path = ${directory:services}/nginx
[nginx-config]
recipe = slapos.recipe.template:jinja2
url = {{ template_nginx }}
output = ${directory:etc}/nginx.conf
context =
section params nginx-params
section ca gen-certificate
section tempdir nginx-tempdir
raw docroot {{ novnc_location }}
raw mime {{ nginx_mime }}
[nginx-params]
path-pid = ${directory:run}/nginx.pid
path-error-log = ${directory:log}/nginx-error.log
path-access-log = ${directory:log}/nginx-access.log
ip = {{ ipv6 }}
ip = {{ ipv6 }}
port = 6080
port = 6080
vnc-ip = {{ ipv4 }}
websocket-ip = {{ ipv4 }}
vnc-port = ${x11vnc:port}
websocket-port = ${x11vnc:port}
novnc-location = {{ novnc_location }}
websocket-path = websockify
websockify-path = {{ websockify_bin }}
nb-workers = 2
ssl-key-path = ${gen-certificate:key-file}
ssl-cert-path = ${gen-certificate:cert-file}
[nginx-graceful]
recipe = slapos.recipe.template
[websockify-sighandler]
output = ${directory:scripts}/nginx-graceful
recipe = slapos.cookbook:signalwrapper
inline =
wrapper-path = ${directory:bin}/websockify-sighandler
#!/bin/sh
wrapped-path = ${novnc-instance:path}
exec kill -s SIGHUP $(cat ${nginx-params:path-pid})
[websockify-sighandler-service]
recipe = slapos.cookbook:wrapper
command-line = ${websockify-sighandler:wrapper-path}
wrapper-path = ${directory:services}/websockify
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
[novnc-promise]
[novnc-promise]
<= monitor-promise-base
<= monitor-promise-base
promise = check_socket_listening
promise = check_socket_listening
name = novnc_promise.py
name = novnc_promise.py
config-host = ${n
ovnc-instance
:ip}
config-host = ${n
ginx-params
:ip}
config-port = ${n
ovnc-instance
:port}
config-port = ${n
ginx-params
:port}
[x11vnc]
[x11vnc]
recipe = slapos.cookbook:wrapper
recipe = slapos.cookbook:wrapper
...
@@ -216,7 +236,8 @@ recipe = slapos.cookbook:requestoptional
...
@@ -216,7 +236,8 @@ recipe = slapos.cookbook:requestoptional
shared = true
shared = true
config-https-only = True
config-https-only = True
config-type = websocket
config-type = websocket
config-url = https://[${novnc-instance:ip}]:${novnc-instance:port}
config-url = https://[${nginx-params:ip}]:${nginx-params:port}
config-websocket-path-list = ${nginx-params:websocket-path}
return = secure_access domain
return = secure_access domain
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
software-url = http://git.erp5.org/gitweb/slapos.git/blob_plain/HEAD:/software/apache-frontend/software.cfg
software-type = RootSoftwareInstance
software-type = RootSoftwareInstance
...
@@ -226,9 +247,8 @@ name = Beremiz VNC
...
@@ -226,9 +247,8 @@ name = Beremiz VNC
[publish-connection-information]
[publish-connection-information]
<= monitor-publish
<= monitor-publish
recipe = slapos.cookbook:publish
recipe = slapos.cookbook:publish
backend-url = https://[${novnc-instance:ip}]:${novnc-instance:port}/vnc.html?host=[${novnc-instance:ip}]&port=${novnc-instance:port}&encrypt=1
backend-url = https://[${nginx-params:ip}]:${nginx-params:port}/vnc.html?encrypt=1&password=${random-password:passwd}
url = ${request-vnc-frontend:connection-secure_access}/vnc.html?host=${request-vnc-frontend:connection-domain}&port=443&encrypt=1
url = ${request-vnc-frontend:connection-secure_access}/vnc.html?encrypt=1&password=${random-password:passwd}
vnc-password = ${random-password:passwd}
[buildout]
[buildout]
extends =
extends =
...
@@ -242,7 +262,8 @@ parts =
...
@@ -242,7 +262,8 @@ parts =
xserver-promise
xserver-promise
x11vnc-listen-promise
x11vnc-listen-promise
beremiz-x11
beremiz-x11
websockify-sighandler-service
nginx-launcher
nginx-graceful
request-vnc-frontend
request-vnc-frontend
generate-vnc-password
generate-vnc-password
publish-connection-information
publish-connection-information
...
...
software/beremiz-ide/instance.cfg.in
View file @
ae17c3fe
...
@@ -34,6 +34,7 @@ context =
...
@@ -34,6 +34,7 @@ context =
key computer_id slap-configuration:computer
key computer_id slap-configuration:computer
raw bin_directory {{ bin_directory }}
raw bin_directory {{ bin_directory }}
raw template_monitor {{ template_monitor_cfg }}
raw template_monitor {{ template_monitor_cfg }}
raw template_nginx {{ template_nginx }}
raw template_logrotate {{ logrotate_cfg }}
raw template_logrotate {{ logrotate_cfg }}
raw logrotate_cfg {{ logrotate_cfg }}
raw logrotate_cfg {{ logrotate_cfg }}
raw python_bin {{ python_bin }}
raw python_bin {{ python_bin }}
...
@@ -62,9 +63,10 @@ extra-context =
...
@@ -62,9 +63,10 @@ extra-context =
raw gtk3_location {{ gtk3_location }}
raw gtk3_location {{ gtk3_location }}
raw matiec_location {{ matiec_location }}
raw matiec_location {{ matiec_location }}
raw mesa_location {{ mesa_location }}
raw mesa_location {{ mesa_location }}
raw nginx_executable {{ nginx_executable }}
raw nginx_mime {{ nginx_mime }}
raw novnc_location {{ novnc_location }}
raw novnc_location {{ novnc_location }}
raw openssl_bin {{ openssl_location }}/bin/openssl
raw openssl_bin {{ openssl_location }}/bin/openssl
raw websockify_bin {{ bin_directory }}/websockify
raw x11vnc_bin {{ x11vnc_location }}/bin/x11vnc
raw x11vnc_bin {{ x11vnc_location }}/bin/x11vnc
raw xvfb_bin {{ xserver_location }}/bin/Xvfb
raw xvfb_bin {{ xserver_location }}/bin/Xvfb
raw xterm_bin {{ xterm_location }}/bin/xterm
raw xterm_bin {{ xterm_location }}/bin/xterm
...
...
software/beremiz-ide/nginx_conf.in
0 → 100644
View file @
ae17c3fe
worker_processes {{ params['nb-workers'] }};
pid {{ params['path-pid'] }};
error_log {{ params['path-error-log'] }};
daemon off;
events {
worker_connections 1024;
accept_mutex off;
}
http {
include {{ mime }};
default_type application/octet-stream;
types_hash_bucket_size 64;
access_log {{ params['path-access-log'] }} combined;
index novnc.html;
upstream vnc_proxy {
server {{ params['websocket-ip'] }}:{{ params['websocket-port'] }};
}
server {
listen [{{ params['ip'] }}]:{{ params['port'] }} ssl http2;
server_name _;
ssl_certificate {{ ca['cert-file'] }};
ssl_certificate_key {{ ca['key-file'] }};
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
keepalive_timeout 5;
client_body_temp_path {{ tempdir['client-body-temp-path'] }};
proxy_temp_path {{ tempdir['proxy-temp-path'] }};
fastcgi_temp_path {{ tempdir['fastcgi-temp-path'] }};
uwsgi_temp_path {{ tempdir['uwsgi-temp-path'] }};
scgi_temp_path {{ tempdir['scgi-temp-path'] }};
# path for static files
root {{ docroot }};
location /{{ params['websocket-path'] }} {
proxy_http_version 1.1;
proxy_pass http://vnc_proxy/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# VNC connection timeout
proxy_read_timeout 61s;
# Disable cache
proxy_buffering off;
}
}
}
software/beremiz-ide/software.cfg
View file @
ae17c3fe
...
@@ -9,7 +9,6 @@ extends =
...
@@ -9,7 +9,6 @@ extends =
../../component/noVNC/buildout.cfg
../../component/noVNC/buildout.cfg
../../component/nginx/buildout.cfg
../../component/nginx/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/lxml-python/buildout.cfg
../../component/numpy/buildout.cfg
../../component/numpy/openblas.cfg
../../component/numpy/openblas.cfg
../../component/matplotlib/buildout.cfg
../../component/matplotlib/buildout.cfg
../../component/wxpython/buildout.cfg
../../component/wxpython/buildout.cfg
...
@@ -74,10 +73,8 @@ recipe = zc.recipe.egg
...
@@ -74,10 +73,8 @@ recipe = zc.recipe.egg
eggs =
eggs =
${wxPython:egg}
${wxPython:egg}
${python-cryptography:egg}
${python-cryptography:egg}
${lxml-python:egg}
${matplotlib:egg}
${matplotlib:egg}
future
future
websockify
zeroconf2
zeroconf2
enum34
enum34
pyro
pyro
...
@@ -131,6 +128,7 @@ context =
...
@@ -131,6 +128,7 @@ context =
key template_instance_beremiz template-instance-beremiz:target
key template_instance_beremiz template-instance-beremiz:target
key template_instance_beremiz_test template-instance-beremiz-test:target
key template_instance_beremiz_test template-instance-beremiz-test:target
key template_logrotate template-logrotate-base:output
key template_logrotate template-logrotate-base:output
key template_nginx template-nginx_conf.in:target
key fontconfig_location fontconfig:location
key fontconfig_location fontconfig:location
key font_dejavu dejavu-fonts:location
key font_dejavu dejavu-fonts:location
key font_liberation liberation-fonts:location
key font_liberation liberation-fonts:location
...
@@ -144,6 +142,8 @@ context =
...
@@ -144,6 +142,8 @@ context =
key instance_template_type :type
key instance_template_type :type
key matiec_location matiec:location
key matiec_location matiec:location
key mesa_location mesa:location
key mesa_location mesa:location
key nginx_executable nginx-output:nginx
key nginx_mime nginx-output:mime
key novnc_location noVNC:location
key novnc_location noVNC:location
key nxdtest_template nxdtest-instance.cfg:output
key nxdtest_template nxdtest-instance.cfg:output
key python_bin :python-bin
key python_bin :python-bin
...
@@ -168,12 +168,15 @@ output = ${buildout:directory}/instance-beremiz-test.cfg.jinja2
...
@@ -168,12 +168,15 @@ output = ${buildout:directory}/instance-beremiz-test.cfg.jinja2
<= download-template
<= download-template
output = ${buildout:directory}/fluxbox-menu.in
output = ${buildout:directory}/fluxbox-menu.in
[template-nginx_conf.in]
<= download-template
output = ${buildout:directory}/nginx_conf.in
[versions]
[versions]
Pillow = 6.2.2
Pillow = 6.2.2
matplotlib = 2.2.5
matplotlib = 2.2.5
kiwisolver = 1.1.0
kiwisolver = 1.1.0
cycler = 0.10.0
cycler = 0.10.0
websockify = 0.9.0
Pyro = 3.16
Pyro = 3.16
zeroconf2 = 0.19.2
zeroconf2 = 0.19.2
cython = 0.29.24
cython = 0.29.24
...
...
software/caddy-frontend/software.cfg
View file @
ae17c3fe
...
@@ -10,7 +10,6 @@ extends =
...
@@ -10,7 +10,6 @@ extends =
../../component/6tunnel/buildout.cfg
../../component/6tunnel/buildout.cfg
../../component/xz-utils/buildout.cfg
../../component/xz-utils/buildout.cfg
../../component/rsyslogd/buildout.cfg
../../component/rsyslogd/buildout.cfg
../../component/numpy/buildout.cfg
../../component/haproxy/buildout.cfg
../../component/haproxy/buildout.cfg
../../component/nginx/buildout.cfg
../../component/nginx/buildout.cfg
../../component/findutils/buildout.cfg
../../component/findutils/buildout.cfg
...
@@ -57,7 +56,6 @@ depends = ${software-develop:recipe}
...
@@ -57,7 +56,6 @@ depends = ${software-develop:recipe}
recipe = zc.recipe.egg
recipe = zc.recipe.egg
eggs =
eggs =
software
software
websockify
[profile-common]
[profile-common]
recipe = slapos.recipe.template:jinja2
recipe = slapos.recipe.template:jinja2
...
@@ -226,6 +224,5 @@ plone.recipe.command = 1.1
...
@@ -226,6 +224,5 @@ plone.recipe.command = 1.1
pycrypto = 2.6.1
pycrypto = 2.6.1
smmap = 0.9.0
smmap = 0.9.0
websockify = 0.8.0
furl = 2.1.0
furl = 2.1.0
orderedmultidict = 1.0.1
orderedmultidict = 1.0.1
software/kvm/buildout.hash.cfg
View file @
ae17c3fe
...
@@ -15,11 +15,11 @@
...
@@ -15,11 +15,11 @@
[template]
[template]
filename = instance.cfg.in
filename = instance.cfg.in
md5sum =
a7978940fb9cdcc4e1ec33015ba640ba
md5sum =
b6204319cca4264b3c351d4dd1f2b5d0
[template-kvm]
[template-kvm]
filename = instance-kvm.cfg.jinja2
filename = instance-kvm.cfg.jinja2
md5sum =
69749ef4be49b970af9548d68e6d878
5
md5sum =
14a8433ca9f0038bb6cc4b68ef7ea8e
5
[template-kvm-cluster]
[template-kvm-cluster]
filename = instance-kvm-cluster.cfg.jinja2.in
filename = instance-kvm-cluster.cfg.jinja2.in
...
@@ -49,13 +49,17 @@ md5sum = 64aa1ce8785f6b94aabd787fa3443082
...
@@ -49,13 +49,17 @@ md5sum = 64aa1ce8785f6b94aabd787fa3443082
filename = instance-nbd.cfg.jinja2
filename = instance-nbd.cfg.jinja2
md5sum = e041e8011ad2ec7f104be173ef76f5e9
md5sum = e041e8011ad2ec7f104be173ef76f5e9
[template-nginx]
filename = template/nginx_conf.in
md5sum = 9ca886120a99befe25ca761ddc54753c
[template-ansible-promise]
[template-ansible-promise]
filename = template/ansible-promise.in
filename = template/ansible-promise.in
md5sum = 6328f99728284847b8dd1146aadeae1b
md5sum = 6328f99728284847b8dd1146aadeae1b
[template-kvm-run]
[template-kvm-run]
filename = template/template-kvm-run.in
filename = template/template-kvm-run.in
md5sum =
fa048a28da7362d570f5b6bd1e05d232
md5sum =
4ce3fc8072e1e010ee99651cb01d3b3d
[template-kvm-controller]
[template-kvm-controller]
filename = template/kvm-controller-run.in
filename = template/kvm-controller-run.in
...
...
software/kvm/instance-kvm.cfg.jinja2
View file @
ae17c3fe
...
@@ -643,31 +643,48 @@ promise = check_command_execute
...
@@ -643,31 +643,48 @@ promise = check_command_execute
name = qemu-virtual-machine-is-ready.py
name = qemu-virtual-machine-is-ready.py
config-command = ${kvm-started-bin:output}
config-command = ${kvm-started-bin:output}
[novnc-instance]
[nginx-tempdir]
recipe = slapos.cookbook:novnc
recipe = slapos.cookbook:mkdirectory
path = ${ca-novnc:executable}
tmp = ${buildout:directory}/tmp
client-body-temp-path = ${:tmp}/client_body_temp_path
proxy-temp-path = ${:tmp}/proxy_temp_path
fastcgi-temp-path = ${:tmp}/fastcgi_temp_path
uwsgi-temp-path = ${:tmp}/uwsgi_temp_path
scgi-temp-path = ${:tmp}/scgi_temp_path
[nginx-launcher]
recipe = slapos.cookbook:wrapper
command-line = ${ca-novnc:executable} -c ${nginx-config:output}
wrapper-path = ${directory:services}/nginx
[nginx-config]
recipe = slapos.recipe.template:jinja2
url = {{ template_nginx }}
output = ${directory:etc}/nginx.conf
context =
section params nginx-params
section ca ca-novnc
section tempdir nginx-tempdir
raw docroot {{ novnc_location }}
raw mime {{ nginx_mime }}
[nginx-params]
path-pid = ${directory:run}/nginx.pid
path-error-log = ${directory:log}/nginx-error.log
path-access-log = ${directory:log}/nginx-access.log
ip = ${slap-network-information:global-ipv6}
ip = ${slap-network-information:global-ipv6}
port = 6080
port = 6080
vnc-ip = ${kvm-parameter-dict:vnc-ip}
websocket-ip = ${kvm-parameter-dict:vnc-ip}
vnc-port = ${kvm-parameter-dict:vnc-port}
websocket-port = ${kvm-parameter-dict:vnc-port}
novnc-location = {{ novnc_location }}
websocket-path = websockify
websockify-path = {{ websockify_executable_location }}
nb-workers = 2
ssl-key-path = ${ca-novnc:key-file}
ssl-cert-path = ${ca-novnc:cert-file}
[nginx-graceful]
recipe = slapos.recipe.template
[websockify-sighandler]
output = ${directory:scripts}/nginx-graceful
recipe = slapos.cookbook:signalwrapper
inline =
wrapper-path = ${directory:bin}/websockify-sighandler
#!/bin/sh
wrapped-path = ${novnc-instance:path}
exec kill -s SIGHUP $(cat ${nginx-params:path-pid})
[websockify-sighandler-service]
recipe = slapos.cookbook:wrapper
command-line = ${websockify-sighandler:wrapper-path}
wrapper-path = ${directory:services}/websockify
hash-existing-files = ${buildout:directory}/software_release/buildout.cfg
wait-for-files =
${ca-novnc:key-file}
${ca-novnc:cert-file}
[certificate-authority]
[certificate-authority]
recipe = slapos.cookbook:certificate_authority
recipe = slapos.cookbook:certificate_authority
...
@@ -699,15 +716,15 @@ crl = ${directory:ca-dir}/crl/
...
@@ -699,15 +716,15 @@ crl = ${directory:ca-dir}/crl/
recipe = slapos.cookbook:certificate_authority.request
recipe = slapos.cookbook:certificate_authority.request
key-file = ${directory:novnc-conf}/novnc.key
key-file = ${directory:novnc-conf}/novnc.key
cert-file = ${directory:novnc-conf}/novnc.crt
cert-file = ${directory:novnc-conf}/novnc.crt
executable =
${directory:bin}/novnc
executable =
{{ nginx_executable }}
wrapper = ${directory:bin}/
websockify
wrapper = ${directory:bin}/
nginx-with-ca
[novnc-promise]
[novnc-promise]
<= monitor-promise-base
<= monitor-promise-base
promise = check_socket_listening
promise = check_socket_listening
name = novnc_promise.py
name = novnc_promise.py
config-host = ${n
ovnc-instance
:ip}
config-host = ${n
ginx-params
:ip}
config-port = ${n
ovnc-instance
:port}
config-port = ${n
ginx-params
:port}
#----------------
#----------------
...
@@ -748,7 +765,8 @@ partition-id = ${slap-connection:partition-id}
...
@@ -748,7 +765,8 @@ partition-id = ${slap-connection:partition-id}
shared = true
shared = true
config-https-only = True
config-https-only = True
config-type = websocket
config-type = websocket
config-url = https://[${novnc-instance:ip}]:${novnc-instance:port}
config-websocket-path-list = ${nginx-params:websocket-path}
config-url = https://[${nginx-params:ip}]:${nginx-params:port}
return = secure_access domain
return = secure_access domain
[request-slave-frontend]
[request-slave-frontend]
...
@@ -762,7 +780,7 @@ sla-instance_guid = ${slap-parameter:frontend-instance-guid}
...
@@ -762,7 +780,7 @@ sla-instance_guid = ${slap-parameter:frontend-instance-guid}
<= monitor-promise-base
<= monitor-promise-base
promise = check_url_available
promise = check_url_available
name = frontend_promise.py
name = frontend_promise.py
config-url = ${request-slave-frontend:connection-secure_access}
config-url = ${request-slave-frontend:connection-secure_access}
/vnc.html
{% if additional_frontend %}
{% if additional_frontend %}
[request-slave-frontend-additional]
[request-slave-frontend-additional]
...
@@ -823,10 +841,10 @@ blank-line =
...
@@ -823,10 +841,10 @@ blank-line =
<= monitor-publish
<= monitor-publish
recipe = slapos.cookbook:publish.serialised
recipe = slapos.cookbook:publish.serialised
ipv6 = ${slap-network-information:global-ipv6}
ipv6 = ${slap-network-information:global-ipv6}
backend-url = https://[${n
ovnc-instance:ip}]:${novnc-instance:port}/vnc.html?auto=1&
encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
backend-url = https://[${n
ginx-params:ip}]:${nginx-params:port}/vnc.html?
encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
url = ${request-slave-frontend:connection-secure_access}/vnc.html?
auto=1&
encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
url = ${request-slave-frontend:connection-secure_access}/vnc.html?encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
{% if additional_frontend %}
{% if additional_frontend %}
url-additional = ${request-slave-frontend-additional:connection-secure_access}/vnc.html?
auto=1&
encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
url-additional = ${request-slave-frontend-additional:connection-secure_access}/vnc.html?encrypt=1&password=${kvm-controller-parameter-dict:vnc-passwd}
{% endif %}
{% endif %}
{% set disk_number = len(storage_dict) -%}
{% set disk_number = len(storage_dict) -%}
maximum-extra-disk-amount = {{ disk_number }}
maximum-extra-disk-amount = {{ disk_number }}
...
@@ -1242,8 +1260,8 @@ parts =
...
@@ -1242,8 +1260,8 @@ parts =
kvm-controller-wrapper
kvm-controller-wrapper
kvm-vnc-promise
kvm-vnc-promise
kvm-disk-image-corruption-promise
kvm-disk-image-corruption-promise
websockify-sighandl
er
nginx-launch
er
websockify-sighandler-service
nginx-graceful
novnc-promise
novnc-promise
kvm-started-promise
kvm-started-promise
cron
cron
...
...
software/kvm/instance.cfg.in
View file @
ae17c3fe
...
@@ -89,6 +89,8 @@ extra-context =
...
@@ -89,6 +89,8 @@ extra-context =
raw logrotate_cfg ${template-logrotate-base:output}
raw logrotate_cfg ${template-logrotate-base:output}
raw novnc_location ${noVNC:location}
raw novnc_location ${noVNC:location}
raw netcat_bin ${netcat:location}/bin/netcat
raw netcat_bin ${netcat:location}/bin/netcat
raw nginx_executable ${nginx-output:nginx}
raw nginx_mime ${nginx-output:mime}
raw python_executable ${buildout:executable}
raw python_executable ${buildout:executable}
raw python_eggs_executable ${buildout:bin-directory}/${python-with-eggs:interpreter}
raw python_eggs_executable ${buildout:bin-directory}/${python-with-eggs:interpreter}
raw qemu_executable_location ${qemu:location}/bin/qemu-system-x86_64
raw qemu_executable_location ${qemu:location}/bin/qemu-system-x86_64
...
@@ -100,6 +102,7 @@ extra-context =
...
@@ -100,6 +102,7 @@ extra-context =
raw template_kvm_controller_run ${template-kvm-controller:target}
raw template_kvm_controller_run ${template-kvm-controller:target}
raw template_kvm_run ${template-kvm-run:target}
raw template_kvm_run ${template-kvm-run:target}
raw template_monitor ${monitor2-template:output}
raw template_monitor ${monitor2-template:output}
raw template_nginx ${template-nginx:target}
raw websockify_executable_location ${buildout:directory}/bin/websockify
raw websockify_executable_location ${buildout:directory}/bin/websockify
raw wipe_disk_wrapper ${buildout:directory}/bin/securedelete
raw wipe_disk_wrapper ${buildout:directory}/bin/securedelete
template-parts-destination = ${template-parts:target}
template-parts-destination = ${template-parts:target}
...
...
software/kvm/software.cfg
View file @
ae17c3fe
...
@@ -8,9 +8,8 @@ extends =
...
@@ -8,9 +8,8 @@ extends =
../../component/noVNC/buildout.cfg
../../component/noVNC/buildout.cfg
../../component/openssl/buildout.cfg
../../component/openssl/buildout.cfg
../../component/netcat/buildout.cfg
../../component/netcat/buildout.cfg
../../component/
lxml-python
/buildout.cfg
../../component/
nginx
/buildout.cfg
../../component/pycurl/buildout.cfg
../../component/pycurl/buildout.cfg
../../component/numpy/buildout.cfg
../../component/gzip/buildout.cfg
../../component/gzip/buildout.cfg
../../stack/slapos.cfg
../../stack/slapos.cfg
../../stack/resilient/buildout.cfg
../../stack/resilient/buildout.cfg
...
@@ -33,28 +32,20 @@ parts = ${:common-parts}
...
@@ -33,28 +32,20 @@ parts = ${:common-parts}
# In qemu builtin vnc server, and make it available only for localhost
# In qemu builtin vnc server, and make it available only for localhost
# so that only novnc can listen to it.
# so that only novnc can listen to it.
#XXX-Cedric: Check status of https://github.com/kanaka/noVNC/issues/13 to see
# When qemu has builtin support for websockets in vnc server to get rid of
# Websockify (socket <-> websocket proxy server) when it is ready.
# May solve previous XXX depending on the implementation.
#XXX-Cedric : add list of keyboard layouts (azerty/us querty/...) parameter to qemu
[python-with-eggs]
[python-with-eggs]
recipe = zc.recipe.egg
recipe = zc.recipe.egg
interpreter = ${:_buildout_section_name_}
interpreter = ${:_buildout_section_name_}
eggs =
eggs =
${slapos-toolbox:eggs}
${slapos-toolbox:eggs}
${python-cffi:egg}
${python-cffi:egg}
${lxml-python:egg}
websockify
${slapos-cookbook:eggs}
${slapos-cookbook:eggs}
erp5.util
erp5.util
# BBB: eggs used as recipe should be kept otherwise sections depending
# BBB: eggs used as recipe should be kept otherwise sections depending
# on it can't be uninstalled
# on it can't be uninstalled
collective.recipe.shelloutput
collective.recipe.shelloutput
scripts =
# Only generate the interpreter script to avoid conflicts with scripts
websockify
# for eggs that are also generated by another section, like slapos.toolbox
scripts = ${:interpreter}
# Create all templates that will be used to deploy instances
# Create all templates that will be used to deploy instances
[download-base]
[download-base]
...
@@ -97,6 +88,9 @@ output = ${buildout:directory}/template.cfg
...
@@ -97,6 +88,9 @@ output = ${buildout:directory}/template.cfg
[template-nbd]
[template-nbd]
<= download-base
<= download-base
[template-nginx]
<= download-base
[template-ansible-promise]
[template-ansible-promise]
<= download-base
<= download-base
...
@@ -135,9 +129,3 @@ context =
...
@@ -135,9 +129,3 @@ context =
[whitelist-domains-default]
[whitelist-domains-default]
<= download-base
<= download-base
[versions]
websockify = 0.9.0
gitdb = 0.6.4
pycurl = 7.43.0
smmap = 0.9.0
software/kvm/template/nginx_conf.in
0 → 100644
View file @
ae17c3fe
worker_processes {{ params['nb-workers'] }};
pid {{ params['path-pid'] }};
error_log {{ params['path-error-log'] }};
daemon off;
events {
worker_connections 1024;
accept_mutex off;
}
http {
include {{ mime }};
default_type application/octet-stream;
types_hash_bucket_size 64;
access_log {{ params['path-access-log'] }} combined;
index novnc.html;
upstream vnc_proxy {
server {{ params['websocket-ip'] }}:{{ params['websocket-port'] }};
}
server {
listen [{{ params['ip'] }}]:{{ params['port'] }} ssl http2;
server_name _;
ssl_certificate {{ ca['cert-file'] }};
ssl_certificate_key {{ ca['key-file'] }};
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
keepalive_timeout 5;
client_body_temp_path {{ tempdir['client-body-temp-path'] }};
proxy_temp_path {{ tempdir['proxy-temp-path'] }};
fastcgi_temp_path {{ tempdir['fastcgi-temp-path'] }};
uwsgi_temp_path {{ tempdir['uwsgi-temp-path'] }};
scgi_temp_path {{ tempdir['scgi-temp-path'] }};
# path for static files
root {{ docroot }};
location /{{ params['websocket-path'] }} {
proxy_http_version 1.1;
proxy_pass http://vnc_proxy/;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# VNC connection timeout
proxy_read_timeout 61s;
# Disable cache
proxy_buffering off;
}
}
}
software/kvm/template/template-kvm-run.in
View file @
ae17c3fe
...
@@ -277,7 +277,7 @@ ram = '%sM,slots=128,maxmem=%sM' % (init_ram_size, ram_max_size)
...
@@ -277,7 +277,7 @@ ram = '%sM,slots=128,maxmem=%sM' % (init_ram_size, ram_max_size)
kvm_argument_list = [qemu_path,
kvm_argument_list = [qemu_path,
'-enable-kvm', '-smp', smp, '-name', vm_name, '-m', ram, '-vga', 'std',
'-enable-kvm', '-smp', smp, '-name', vm_name, '-m', ram, '-vga', 'std',
'-vnc', '%s:1,
ipv4=on,password
=on' % listen_ip,
'-vnc', '%s:1,
password=on,websocket
=on' % listen_ip,
'-boot', 'order=cd,menu=on',
'-boot', 'order=cd,menu=on',
'-qmp', 'unix:%s,server,nowait' % socket_path,
'-qmp', 'unix:%s,server,nowait' % socket_path,
'-pidfile', pid_file_path, '-msg', 'timestamp=on',
'-pidfile', pid_file_path, '-msg', 'timestamp=on',
...
...
software/kvm/test/test.py
View file @
ae17c3fe
...
@@ -212,7 +212,8 @@ i0:kvm-{kvm-hash-value}-on-watch RUNNING
...
@@ -212,7 +212,8 @@ i0:kvm-{kvm-hash-value}-on-watch RUNNING
i0:kvm_controller EXITED
i0:kvm_controller EXITED
i0:monitor-httpd-{hash}-on-watch RUNNING
i0:monitor-httpd-{hash}-on-watch RUNNING
i0:monitor-httpd-graceful EXITED
i0:monitor-httpd-graceful EXITED
i0:websockify-{hash}-on-watch RUNNING
i0:nginx-graceful EXITED
i0:nginx-on-watch RUNNING
i0:whitelist-domains-download-{hash} RUNNING
i0:whitelist-domains-download-{hash} RUNNING
i0:whitelist-firewall-{hash} RUNNING"""
,
i0:whitelist-firewall-{hash} RUNNING"""
,
self
.
getProcessInfo
()
self
.
getProcessInfo
()
...
@@ -702,11 +703,12 @@ ir2:kvm-{kvm-hash-value}-on-watch RUNNING
...
@@ -702,11 +703,12 @@ ir2:kvm-{kvm-hash-value}-on-watch RUNNING
ir2:kvm_controller EXITED
ir2:kvm_controller EXITED
ir2:monitor-httpd-{hash}-on-watch RUNNING
ir2:monitor-httpd-{hash}-on-watch RUNNING
ir2:monitor-httpd-graceful EXITED
ir2:monitor-httpd-graceful EXITED
ir2:nginx-graceful EXITED
ir2:nginx-on-watch RUNNING
ir2:notifier-on-watch RUNNING
ir2:notifier-on-watch RUNNING
ir2:resilient_sshkeys_authority-on-watch RUNNING
ir2:resilient_sshkeys_authority-on-watch RUNNING
ir2:sshd-graceful EXITED
ir2:sshd-graceful EXITED
ir2:sshd-on-watch RUNNING
ir2:sshd-on-watch RUNNING
ir2:websockify-{hash}-on-watch RUNNING
ir2:whitelist-domains-download-{hash} RUNNING
ir2:whitelist-domains-download-{hash} RUNNING
ir2:whitelist-firewall-{hash} RUNNING
ir2:whitelist-firewall-{hash} RUNNING
ir3:bootstrap-monitor EXITED
ir3:bootstrap-monitor EXITED
...
@@ -2295,7 +2297,8 @@ ihs0:kvm-{kvm-hash-value}-on-watch RUNNING
...
@@ -2295,7 +2297,8 @@ ihs0:kvm-{kvm-hash-value}-on-watch RUNNING
ihs0:kvm_controller EXITED
ihs0:kvm_controller EXITED
ihs0:monitor-httpd-{hash}-on-watch RUNNING
ihs0:monitor-httpd-{hash}-on-watch RUNNING
ihs0:monitor-httpd-graceful EXITED
ihs0:monitor-httpd-graceful EXITED
ihs0:websockify-{hash}-on-watch RUNNING
ihs0:nginx-graceful EXITED
ihs0:nginx-on-watch RUNNING
ihs0:whitelist-domains-download-{hash} RUNNING
ihs0:whitelist-domains-download-{hash} RUNNING
ihs0:whitelist-firewall-{hash} RUNNING"""
,
ihs0:whitelist-firewall-{hash} RUNNING"""
,
self
.
getProcessInfo
()
self
.
getProcessInfo
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment