From a3077cbb859a9237f9516ed0f073fe00839277c4 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 1 Nov 2010 16:25:56 -0700 Subject: basics to get proxied ajaxterm working with virsh --- bin/nova-ajax-proxy | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100755 bin/nova-ajax-proxy (limited to 'bin') diff --git a/bin/nova-ajax-proxy b/bin/nova-ajax-proxy new file mode 100755 index 000000000..1a0c896ee --- /dev/null +++ b/bin/nova-ajax-proxy @@ -0,0 +1,31 @@ +#!/usr/bin/python +from twisted.internet import reactor +from twisted.web import http +from twisted.web.proxy import Proxy, ProxyRequest +import urlparse, exceptions + +class AjaxProxyRequest(ProxyRequest): + def process(self): + if 'referer' in self.received_headers: + auth_uri = self.received_headers['referer'] + else: + auth_uri = self.uri + + try: + auth_params = urlparse.parse_qs(urlparse.urlparse(auth_uri).query) + parsed_uri = urlparse.urlparse(self.uri) + + self.uri = "http://%s:%s%s?%s"% (auth_params['host'][0], auth_params['port'][0], parsed_uri.path, parsed_uri.query) + + ProxyRequest.process(self) + except (exceptions.KeyError): + pass + +class AjaxProxy(Proxy): + requestFactory = AjaxProxyRequest + +factory = http.HTTPFactory() +factory.protocol = AjaxProxy + +reactor.listenTCP(8000, factory) +reactor.run() -- cgit From f98bb2b2dee4a0ff67a6548646a852686092c53f Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 22 Dec 2010 02:19:38 -0800 Subject: connecting ajax proxy to rabbit to allow token based security --- bin/nova-ajax-proxy | 71 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 64 insertions(+), 7 deletions(-) (limited to 'bin') diff --git a/bin/nova-ajax-proxy b/bin/nova-ajax-proxy index 1a0c896ee..cad496b26 100755 --- a/bin/nova-ajax-proxy +++ b/bin/nova-ajax-proxy @@ -1,8 +1,30 @@ #!/usr/bin/python + +import datetime +import os +import sys + +# If ../nova/__init__.py exists, add ../ to Python search path, so that +# it will override what happens to be installed in /usr/(local/)lib/python... +possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), + os.pardir, + os.pardir)) +if os.path.exists(os.path.join(possible_topdir, 'nova', '__init__.py')): + sys.path.insert(0, possible_topdir) + +from nova import utils +from nova import flags +from nova import rpc + +import exceptions +import logging +import urlparse + +FLAGS = flags.FLAGS from twisted.internet import reactor +from twisted.internet import task from twisted.web import http from twisted.web.proxy import Proxy, ProxyRequest -import urlparse, exceptions class AjaxProxyRequest(ProxyRequest): def process(self): @@ -20,12 +42,47 @@ class AjaxProxyRequest(ProxyRequest): ProxyRequest.process(self) except (exceptions.KeyError): pass - + class AjaxProxy(Proxy): + tokens = {} requestFactory = AjaxProxyRequest + + def start(self): + conn = rpc.Connection.instance(new=True) + self.consumer = rpc.TopicConsumer( + connection=conn, + topic=FLAGS.ajax_proxy_topic) + self.consumer.register_callback(self) + + task.LoopingCall(self.age).start(1.0) + task.LoopingCall(self.pollq).start(0.1) + + factory = http.HTTPFactory() + factory.protocol = AjaxProxy + + reactor.listenTCP(8000, factory) + reactor.run() + + def age(self): + pass + + def pollq(self): + self.consumer.fetch(auto_ack=True, enable_callbacks=True) -factory = http.HTTPFactory() -factory.protocol = AjaxProxy - -reactor.listenTCP(8000, factory) -reactor.run() + def __call__(self, data, message): + if data['method'] == 'authorize': + AjaxProxy.tokens['token'] = {'args': data['args'], 'born_at': datetime.datetime.now()} + + +if __name__ == '__main__': + utils.default_flagfile() + FLAGS(sys.argv) + + formatter = logging.Formatter('(%(name)s): %(levelname)s %(message)s') + handler = logging.StreamHandler() + handler.setFormatter(formatter) + logging.getLogger().addHandler(handler) + + ajaxproxy = AjaxProxy() + ajaxproxy.start() + -- cgit From 19f389b3dcc89f0115dc6fc1a6ca606338ad866a Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 22 Dec 2010 12:36:37 -0800 Subject: working connection security --- bin/nova-ajax-proxy | 57 ++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 16 deletions(-) (limited to 'bin') diff --git a/bin/nova-ajax-proxy b/bin/nova-ajax-proxy index cad496b26..76a70d246 100755 --- a/bin/nova-ajax-proxy +++ b/bin/nova-ajax-proxy @@ -1,8 +1,8 @@ #!/usr/bin/python -import datetime import os import sys +import time # If ../nova/__init__.py exists, add ../ to Python search path, so that # it will override what happens to be installed in /usr/(local/)lib/python... @@ -12,8 +12,9 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), if os.path.exists(os.path.join(possible_topdir, 'nova', '__init__.py')): sys.path.insert(0, possible_topdir) -from nova import utils +from nova import exception from nova import flags +from nova import utils from nova import rpc import exceptions @@ -23,10 +24,13 @@ import urlparse FLAGS = flags.FLAGS from twisted.internet import reactor from twisted.internet import task -from twisted.web import http +from twisted.web import error, http from twisted.web.proxy import Proxy, ProxyRequest + +flags.DEFINE_integer('ajax_console_idle_timeout', 300, + 'Seconds before idle connection destroyed') -class AjaxProxyRequest(ProxyRequest): +class AjaxConsoleProxyRequest(ProxyRequest): def process(self): if 'referer' in self.received_headers: auth_uri = self.received_headers['referer'] @@ -36,42 +40,63 @@ class AjaxProxyRequest(ProxyRequest): try: auth_params = urlparse.parse_qs(urlparse.urlparse(auth_uri).query) parsed_uri = urlparse.urlparse(self.uri) + + auth_info = auth_params['token'][0] + auth_info = AjaxConsoleProxy.tokens[auth_params['token'][0]] + args = auth_info['args'] + auth_info['last_activity_at'] = time.time() + - self.uri = "http://%s:%s%s?%s"% (auth_params['host'][0], auth_params['port'][0], parsed_uri.path, parsed_uri.query) + self.uri = ("http://%s:%s%s?token=%s"% ( + str(args['host']), + str(args['port']), + parsed_uri.path, + str(args['token']))) ProxyRequest.process(self) except (exceptions.KeyError): - pass + raise exception.NotAuthorized("Unauthorized Request") -class AjaxProxy(Proxy): - tokens = {} - requestFactory = AjaxProxyRequest +class AjaxConsoleProxy(Proxy): + #tokens = {} + tokens = {'key': {'args':'','last_activity_at':time.time()}} + requestFactory = AjaxConsoleProxyRequest def start(self): conn = rpc.Connection.instance(new=True) self.consumer = rpc.TopicConsumer( connection=conn, - topic=FLAGS.ajax_proxy_topic) + topic=FLAGS.ajax_console_proxy_topic) self.consumer.register_callback(self) task.LoopingCall(self.age).start(1.0) task.LoopingCall(self.pollq).start(0.1) factory = http.HTTPFactory() - factory.protocol = AjaxProxy + factory.protocol = AjaxConsoleProxy - reactor.listenTCP(8000, factory) + port = urlparse.urlparse(FLAGS.ajax_console_proxy_url).port + reactor.listenTCP(port, factory) reactor.run() def age(self): - pass + now = time.time() + print now + to_delete = [] + for k, v in AjaxConsoleProxy.tokens.items(): + if now - v['last_activity_at'] > FLAGS.ajax_console_idle_timeout: + to_delete.append(k) + + for k in to_delete: + print "del" + del AjaxConsoleProxy.tokens[k] def pollq(self): self.consumer.fetch(auto_ack=True, enable_callbacks=True) def __call__(self, data, message): - if data['method'] == 'authorize': - AjaxProxy.tokens['token'] = {'args': data['args'], 'born_at': datetime.datetime.now()} + if data['method'] == 'authorize_ajax_console': + AjaxConsoleProxy.tokens[data['args']['token']] = {'args': data['args'], 'born_at': time.time()} if __name__ == '__main__': @@ -83,6 +108,6 @@ if __name__ == '__main__': handler.setFormatter(formatter) logging.getLogger().addHandler(handler) - ajaxproxy = AjaxProxy() + ajaxproxy = AjaxConsoleProxy() ajaxproxy.start() -- cgit From 4e9b4c9ce31a7a50d7e38d5e0bd71718d5bb8b95 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 22 Dec 2010 18:52:43 -0800 Subject: minor notes, commit before rewriting proxy with eventlet --- bin/nova-ajax-proxy | 1 - 1 file changed, 1 deletion(-) (limited to 'bin') diff --git a/bin/nova-ajax-proxy b/bin/nova-ajax-proxy index 76a70d246..4948897cc 100755 --- a/bin/nova-ajax-proxy +++ b/bin/nova-ajax-proxy @@ -46,7 +46,6 @@ class AjaxConsoleProxyRequest(ProxyRequest): args = auth_info['args'] auth_info['last_activity_at'] = time.time() - self.uri = ("http://%s:%s%s?token=%s"% ( str(args['host']), str(args['port']), -- cgit From 4364a6e0570794fca841a7e5ecc8cecebf1bae9b Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 22 Dec 2010 23:41:07 -0800 Subject: rewrite proxy to not use twisted --- bin/nova-ajax-proxy | 128 ++++++++++++++++++++++++++-------------------------- 1 file changed, 63 insertions(+), 65 deletions(-) (limited to 'bin') diff --git a/bin/nova-ajax-proxy b/bin/nova-ajax-proxy index 4948897cc..52d7ee3de 100755 --- a/bin/nova-ajax-proxy +++ b/bin/nova-ajax-proxy @@ -12,101 +12,99 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), if os.path.exists(os.path.join(possible_topdir, 'nova', '__init__.py')): sys.path.insert(0, possible_topdir) +import webob.dec +import webob.exc + from nova import exception from nova import flags from nova import utils from nova import rpc +from nova import wsgi import exceptions import logging import urlparse FLAGS = flags.FLAGS -from twisted.internet import reactor -from twisted.internet import task -from twisted.web import error, http -from twisted.web.proxy import Proxy, ProxyRequest flags.DEFINE_integer('ajax_console_idle_timeout', 300, 'Seconds before idle connection destroyed') -class AjaxConsoleProxyRequest(ProxyRequest): - def process(self): - if 'referer' in self.received_headers: - auth_uri = self.received_headers['referer'] - else: - auth_uri = self.uri +import eventlet +from eventlet import greenthread +from eventlet.green import urllib2 + +class AjaxConsoleProxy(object): + tokens = {} + def __call__(self, environ, start_response): try: - auth_params = urlparse.parse_qs(urlparse.urlparse(auth_uri).query) - parsed_uri = urlparse.urlparse(self.uri) + req_url = '%s://%s%s?%s' % (environ['wsgi.url_scheme'], environ['HTTP_HOST'], environ['PATH_INFO'], environ['QUERY_STRING']) + if 'HTTP_REFERER' in environ: + auth_url = environ['HTTP_REFERER'] + else: + auth_url = req_url + + auth_params = urlparse.parse_qs(urlparse.urlparse(auth_url).query) + parsed_url = urlparse.urlparse(req_url) - auth_info = auth_params['token'][0] - auth_info = AjaxConsoleProxy.tokens[auth_params['token'][0]] + auth_info = AjaxConsoleProxy.tokens[auth_params['token'][0]] args = auth_info['args'] auth_info['last_activity_at'] = time.time() - self.uri = ("http://%s:%s%s?token=%s"% ( - str(args['host']), - str(args['port']), - parsed_uri.path, - str(args['token']))) + remote_url = ("http://%s:%s%s?token=%s"% ( + str(args['host']), + str(args['port']), + parsed_url.path, + str(args['token']))) - ProxyRequest.process(self) + opener = urllib2.urlopen(remote_url, environ['wsgi.input'].read()) + body = opener.read() + info = opener.info() + + start_response("200 OK", info.dict.items()) + return body except (exceptions.KeyError): - raise exception.NotAuthorized("Unauthorized Request") + start_response("401 NOT AUTHORIZED",[]) + return "Not Authorized" + except Exception: + start_response("500 ERROR",[]) + return "Server Error" + -class AjaxConsoleProxy(Proxy): - #tokens = {} - tokens = {'key': {'args':'','last_activity_at':time.time()}} - requestFactory = AjaxConsoleProxyRequest + def register_listeners(self): + class Callback: + def __call__(self, data, message): + if data['method'] == 'authorize_ajax_console': + AjaxConsoleProxy.tokens[data['args']['token']] = \ + {'args': data['args'], 'last_activity_at': time.time()} - def start(self): conn = rpc.Connection.instance(new=True) - self.consumer = rpc.TopicConsumer( + consumer = rpc.TopicConsumer( connection=conn, topic=FLAGS.ajax_console_proxy_topic) - self.consumer.register_callback(self) - - task.LoopingCall(self.age).start(1.0) - task.LoopingCall(self.pollq).start(0.1) - - factory = http.HTTPFactory() - factory.protocol = AjaxConsoleProxy - - port = urlparse.urlparse(FLAGS.ajax_console_proxy_url).port - reactor.listenTCP(port, factory) - reactor.run() - - def age(self): - now = time.time() - print now - to_delete = [] - for k, v in AjaxConsoleProxy.tokens.items(): - if now - v['last_activity_at'] > FLAGS.ajax_console_idle_timeout: - to_delete.append(k) - - for k in to_delete: - print "del" - del AjaxConsoleProxy.tokens[k] - - def pollq(self): - self.consumer.fetch(auto_ack=True, enable_callbacks=True) - - def __call__(self, data, message): - if data['method'] == 'authorize_ajax_console': - AjaxConsoleProxy.tokens[data['args']['token']] = {'args': data['args'], 'born_at': time.time()} + consumer.register_callback(Callback()) + + def delete_expired_tokens(): + now = time.time() + to_delete = [] + for k, v in AjaxConsoleProxy.tokens.items(): + if now - v['last_activity_at'] > FLAGS.ajax_console_idle_timeout: + to_delete.append(k) + for k in to_delete: + del AjaxConsoleProxy.tokens[k] + + utils.LoopingCall(consumer.fetch, auto_ack=True, + enable_callbacks=True).start(0.1) + utils.LoopingCall(delete_expired_tokens).start(1) if __name__ == '__main__': utils.default_flagfile() FLAGS(sys.argv) + server = wsgi.Server() + acp = AjaxConsoleProxy() + acp.register_listeners() + server.start(acp, FLAGS.ajax_console_proxy_port, host='0.0.0.0') + server.wait() - formatter = logging.Formatter('(%(name)s): %(levelname)s %(message)s') - handler = logging.StreamHandler() - handler.setFormatter(formatter) - logging.getLogger().addHandler(handler) - - ajaxproxy = AjaxConsoleProxy() - ajaxproxy.start() - -- cgit From 237326dd6b5905a18fc7ba740457ceb52164ab59 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 22 Dec 2010 23:46:21 -0800 Subject: some cleanup --- bin/nova-ajax-proxy | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) (limited to 'bin') diff --git a/bin/nova-ajax-proxy b/bin/nova-ajax-proxy index 52d7ee3de..df73b0adf 100755 --- a/bin/nova-ajax-proxy +++ b/bin/nova-ajax-proxy @@ -1,8 +1,15 @@ #!/usr/bin/python +from eventlet import greenthread +from eventlet.green import urllib2 + +import exceptions +import logging import os import sys import time +import urlparse + # If ../nova/__init__.py exists, add ../ to Python search path, so that # it will override what happens to be installed in /usr/(local/)lib/python... @@ -12,36 +19,28 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), if os.path.exists(os.path.join(possible_topdir, 'nova', '__init__.py')): sys.path.insert(0, possible_topdir) -import webob.dec -import webob.exc - -from nova import exception from nova import flags from nova import utils from nova import rpc from nova import wsgi -import exceptions -import logging -import urlparse - FLAGS = flags.FLAGS flags.DEFINE_integer('ajax_console_idle_timeout', 300, 'Seconds before idle connection destroyed') -import eventlet -from eventlet import greenthread -from eventlet.green import urllib2 class AjaxConsoleProxy(object): tokens = {} - def __call__(self, environ, start_response): + def __call__(self, env, start_response): try: - req_url = '%s://%s%s?%s' % (environ['wsgi.url_scheme'], environ['HTTP_HOST'], environ['PATH_INFO'], environ['QUERY_STRING']) - if 'HTTP_REFERER' in environ: - auth_url = environ['HTTP_REFERER'] + req_url = '%s://%s%s?%s' % (env['wsgi.url_scheme'], + env['HTTP_HOST'], + env['PATH_INFO'], + env['QUERY_STRING']) + if 'HTTP_REFERER' in env: + auth_url = env['HTTP_REFERER'] else: auth_url = req_url @@ -50,7 +49,7 @@ class AjaxConsoleProxy(object): auth_info = AjaxConsoleProxy.tokens[auth_params['token'][0]] args = auth_info['args'] - auth_info['last_activity_at'] = time.time() + auth_info['last_activity'] = time.time() remote_url = ("http://%s:%s%s?token=%s"% ( str(args['host']), @@ -58,7 +57,7 @@ class AjaxConsoleProxy(object): parsed_url.path, str(args['token']))) - opener = urllib2.urlopen(remote_url, environ['wsgi.input'].read()) + opener = urllib2.urlopen(remote_url, env['wsgi.input'].read()) body = opener.read() info = opener.info() @@ -77,7 +76,7 @@ class AjaxConsoleProxy(object): def __call__(self, data, message): if data['method'] == 'authorize_ajax_console': AjaxConsoleProxy.tokens[data['args']['token']] = \ - {'args': data['args'], 'last_activity_at': time.time()} + {'args': data['args'], 'last_activity': time.time()} conn = rpc.Connection.instance(new=True) consumer = rpc.TopicConsumer( @@ -89,7 +88,7 @@ class AjaxConsoleProxy(object): now = time.time() to_delete = [] for k, v in AjaxConsoleProxy.tokens.items(): - if now - v['last_activity_at'] > FLAGS.ajax_console_idle_timeout: + if now - v['last_activity'] > FLAGS.ajax_console_idle_timeout: to_delete.append(k) for k in to_delete: -- cgit From e6a01c663bbcd5fc5244c48b97ef0bef4ce524ea Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 22 Dec 2010 23:47:46 -0800 Subject: add in license --- bin/nova-ajax-proxy | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) (limited to 'bin') diff --git a/bin/nova-ajax-proxy b/bin/nova-ajax-proxy index df73b0adf..3adc1018c 100755 --- a/bin/nova-ajax-proxy +++ b/bin/nova-ajax-proxy @@ -1,4 +1,25 @@ -#!/usr/bin/python +#!/usr/bin/env python +# pylint: disable-msg=C0103 +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 United States Government as represented by the +# Administrator of the National Aeronautics and Space Administration. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Ajax Console Proxy Server""" + from eventlet import greenthread from eventlet.green import urllib2 -- cgit From 86b9e564fec24423485b5087e41584abd0de1da0 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Wed, 22 Dec 2010 23:49:10 -0800 Subject: more tweaks --- bin/nova-ajax-proxy | 3 --- 1 file changed, 3 deletions(-) (limited to 'bin') diff --git a/bin/nova-ajax-proxy b/bin/nova-ajax-proxy index 3adc1018c..bc828c5b1 100755 --- a/bin/nova-ajax-proxy +++ b/bin/nova-ajax-proxy @@ -20,7 +20,6 @@ """Ajax Console Proxy Server""" - from eventlet import greenthread from eventlet.green import urllib2 @@ -31,7 +30,6 @@ import sys import time import urlparse - # If ../nova/__init__.py exists, add ../ to Python search path, so that # it will override what happens to be installed in /usr/(local/)lib/python... possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), @@ -91,7 +89,6 @@ class AjaxConsoleProxy(object): start_response("500 ERROR",[]) return "Server Error" - def register_listeners(self): class Callback: def __call__(self, data, message): -- cgit From 50fe4b93ce2a015c31286d2b2de64a0128761086 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Thu, 23 Dec 2010 01:26:03 -0800 Subject: pep8 fixes --- bin/nova-ajax-proxy | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) (limited to 'bin') diff --git a/bin/nova-ajax-proxy b/bin/nova-ajax-proxy index bc828c5b1..53b779711 100755 --- a/bin/nova-ajax-proxy +++ b/bin/nova-ajax-proxy @@ -21,7 +21,7 @@ """Ajax Console Proxy Server""" from eventlet import greenthread -from eventlet.green import urllib2 +from eventlet.green import urllib2 import exceptions import logging @@ -45,9 +45,9 @@ from nova import wsgi FLAGS = flags.FLAGS -flags.DEFINE_integer('ajax_console_idle_timeout', 300, +flags.DEFINE_integer('ajax_console_idle_timeout', 300, 'Seconds before idle connection destroyed') - + class AjaxConsoleProxy(object): tokens = {} @@ -67,10 +67,10 @@ class AjaxConsoleProxy(object): parsed_url = urlparse.urlparse(req_url) auth_info = AjaxConsoleProxy.tokens[auth_params['token'][0]] - args = auth_info['args'] - auth_info['last_activity'] = time.time() + args = auth_info['args'] + auth_info['last_activity'] = time.time() - remote_url = ("http://%s:%s%s?token=%s"% ( + remote_url = ("http://%s:%s%s?token=%s" % ( str(args['host']), str(args['port']), parsed_url.path, @@ -83,10 +83,10 @@ class AjaxConsoleProxy(object): start_response("200 OK", info.dict.items()) return body except (exceptions.KeyError): - start_response("401 NOT AUTHORIZED",[]) + start_response("401 NOT AUTHORIZED", []) return "Not Authorized" except Exception: - start_response("500 ERROR",[]) + start_response("500 ERROR", []) return "Server Error" def register_listeners(self): @@ -112,7 +112,7 @@ class AjaxConsoleProxy(object): for k in to_delete: del AjaxConsoleProxy.tokens[k] - utils.LoopingCall(consumer.fetch, auto_ack=True, + utils.LoopingCall(consumer.fetch, auto_ack=True, enable_callbacks=True).start(0.1) utils.LoopingCall(delete_expired_tokens).start(1) @@ -124,4 +124,3 @@ if __name__ == '__main__': acp.register_listeners() server.start(acp, FLAGS.ajax_console_proxy_port, host='0.0.0.0') server.wait() - -- cgit From e4c1fa91e0245dc6f673c5ac8880a99bd3d0dea1 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Thu, 23 Dec 2010 01:32:15 -0800 Subject: better bin name, and pep8 --- bin/nova-ajax-console-proxy | 126 ++++++++++++++++++++++++++++++++++++++++++++ bin/nova-ajax-proxy | 126 -------------------------------------------- 2 files changed, 126 insertions(+), 126 deletions(-) create mode 100755 bin/nova-ajax-console-proxy delete mode 100755 bin/nova-ajax-proxy (limited to 'bin') diff --git a/bin/nova-ajax-console-proxy b/bin/nova-ajax-console-proxy new file mode 100755 index 000000000..53b779711 --- /dev/null +++ b/bin/nova-ajax-console-proxy @@ -0,0 +1,126 @@ +#!/usr/bin/env python +# pylint: disable-msg=C0103 +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010 United States Government as represented by the +# Administrator of the National Aeronautics and Space Administration. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Ajax Console Proxy Server""" + +from eventlet import greenthread +from eventlet.green import urllib2 + +import exceptions +import logging +import os +import sys +import time +import urlparse + +# If ../nova/__init__.py exists, add ../ to Python search path, so that +# it will override what happens to be installed in /usr/(local/)lib/python... +possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), + os.pardir, + os.pardir)) +if os.path.exists(os.path.join(possible_topdir, 'nova', '__init__.py')): + sys.path.insert(0, possible_topdir) + +from nova import flags +from nova import utils +from nova import rpc +from nova import wsgi + +FLAGS = flags.FLAGS + +flags.DEFINE_integer('ajax_console_idle_timeout', 300, + 'Seconds before idle connection destroyed') + + +class AjaxConsoleProxy(object): + tokens = {} + + def __call__(self, env, start_response): + try: + req_url = '%s://%s%s?%s' % (env['wsgi.url_scheme'], + env['HTTP_HOST'], + env['PATH_INFO'], + env['QUERY_STRING']) + if 'HTTP_REFERER' in env: + auth_url = env['HTTP_REFERER'] + else: + auth_url = req_url + + auth_params = urlparse.parse_qs(urlparse.urlparse(auth_url).query) + parsed_url = urlparse.urlparse(req_url) + + auth_info = AjaxConsoleProxy.tokens[auth_params['token'][0]] + args = auth_info['args'] + auth_info['last_activity'] = time.time() + + remote_url = ("http://%s:%s%s?token=%s" % ( + str(args['host']), + str(args['port']), + parsed_url.path, + str(args['token']))) + + opener = urllib2.urlopen(remote_url, env['wsgi.input'].read()) + body = opener.read() + info = opener.info() + + start_response("200 OK", info.dict.items()) + return body + except (exceptions.KeyError): + start_response("401 NOT AUTHORIZED", []) + return "Not Authorized" + except Exception: + start_response("500 ERROR", []) + return "Server Error" + + def register_listeners(self): + class Callback: + def __call__(self, data, message): + if data['method'] == 'authorize_ajax_console': + AjaxConsoleProxy.tokens[data['args']['token']] = \ + {'args': data['args'], 'last_activity': time.time()} + + conn = rpc.Connection.instance(new=True) + consumer = rpc.TopicConsumer( + connection=conn, + topic=FLAGS.ajax_console_proxy_topic) + consumer.register_callback(Callback()) + + def delete_expired_tokens(): + now = time.time() + to_delete = [] + for k, v in AjaxConsoleProxy.tokens.items(): + if now - v['last_activity'] > FLAGS.ajax_console_idle_timeout: + to_delete.append(k) + + for k in to_delete: + del AjaxConsoleProxy.tokens[k] + + utils.LoopingCall(consumer.fetch, auto_ack=True, + enable_callbacks=True).start(0.1) + utils.LoopingCall(delete_expired_tokens).start(1) + +if __name__ == '__main__': + utils.default_flagfile() + FLAGS(sys.argv) + server = wsgi.Server() + acp = AjaxConsoleProxy() + acp.register_listeners() + server.start(acp, FLAGS.ajax_console_proxy_port, host='0.0.0.0') + server.wait() diff --git a/bin/nova-ajax-proxy b/bin/nova-ajax-proxy deleted file mode 100755 index 53b779711..000000000 --- a/bin/nova-ajax-proxy +++ /dev/null @@ -1,126 +0,0 @@ -#!/usr/bin/env python -# pylint: disable-msg=C0103 -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Ajax Console Proxy Server""" - -from eventlet import greenthread -from eventlet.green import urllib2 - -import exceptions -import logging -import os -import sys -import time -import urlparse - -# If ../nova/__init__.py exists, add ../ to Python search path, so that -# it will override what happens to be installed in /usr/(local/)lib/python... -possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), - os.pardir, - os.pardir)) -if os.path.exists(os.path.join(possible_topdir, 'nova', '__init__.py')): - sys.path.insert(0, possible_topdir) - -from nova import flags -from nova import utils -from nova import rpc -from nova import wsgi - -FLAGS = flags.FLAGS - -flags.DEFINE_integer('ajax_console_idle_timeout', 300, - 'Seconds before idle connection destroyed') - - -class AjaxConsoleProxy(object): - tokens = {} - - def __call__(self, env, start_response): - try: - req_url = '%s://%s%s?%s' % (env['wsgi.url_scheme'], - env['HTTP_HOST'], - env['PATH_INFO'], - env['QUERY_STRING']) - if 'HTTP_REFERER' in env: - auth_url = env['HTTP_REFERER'] - else: - auth_url = req_url - - auth_params = urlparse.parse_qs(urlparse.urlparse(auth_url).query) - parsed_url = urlparse.urlparse(req_url) - - auth_info = AjaxConsoleProxy.tokens[auth_params['token'][0]] - args = auth_info['args'] - auth_info['last_activity'] = time.time() - - remote_url = ("http://%s:%s%s?token=%s" % ( - str(args['host']), - str(args['port']), - parsed_url.path, - str(args['token']))) - - opener = urllib2.urlopen(remote_url, env['wsgi.input'].read()) - body = opener.read() - info = opener.info() - - start_response("200 OK", info.dict.items()) - return body - except (exceptions.KeyError): - start_response("401 NOT AUTHORIZED", []) - return "Not Authorized" - except Exception: - start_response("500 ERROR", []) - return "Server Error" - - def register_listeners(self): - class Callback: - def __call__(self, data, message): - if data['method'] == 'authorize_ajax_console': - AjaxConsoleProxy.tokens[data['args']['token']] = \ - {'args': data['args'], 'last_activity': time.time()} - - conn = rpc.Connection.instance(new=True) - consumer = rpc.TopicConsumer( - connection=conn, - topic=FLAGS.ajax_console_proxy_topic) - consumer.register_callback(Callback()) - - def delete_expired_tokens(): - now = time.time() - to_delete = [] - for k, v in AjaxConsoleProxy.tokens.items(): - if now - v['last_activity'] > FLAGS.ajax_console_idle_timeout: - to_delete.append(k) - - for k in to_delete: - del AjaxConsoleProxy.tokens[k] - - utils.LoopingCall(consumer.fetch, auto_ack=True, - enable_callbacks=True).start(0.1) - utils.LoopingCall(delete_expired_tokens).start(1) - -if __name__ == '__main__': - utils.default_flagfile() - FLAGS(sys.argv) - server = wsgi.Server() - acp = AjaxConsoleProxy() - acp.register_listeners() - server.start(acp, FLAGS.ajax_console_proxy_port, host='0.0.0.0') - server.wait() -- cgit From 4edfa8ea26f8e820674e8bebbe34b6ed5885a69b Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Mon, 10 Jan 2011 13:44:45 -0800 Subject: consolidate boto_extensions.py and euca-get-ajax-console, fix bugs from previous trunk merge --- bin/nova-ajax-console-proxy | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'bin') diff --git a/bin/nova-ajax-console-proxy b/bin/nova-ajax-console-proxy index 53b779711..2bc407658 100755 --- a/bin/nova-ajax-console-proxy +++ b/bin/nova-ajax-console-proxy @@ -24,6 +24,7 @@ from eventlet import greenthread from eventlet.green import urllib2 import exceptions +import gettext import logging import os import sys @@ -38,9 +39,12 @@ possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]), if os.path.exists(os.path.join(possible_topdir, 'nova', '__init__.py')): sys.path.insert(0, possible_topdir) +gettext.install('nova', unicode=1) + from nova import flags -from nova import utils +from nova import log as logging from nova import rpc +from nova import utils from nova import wsgi FLAGS = flags.FLAGS @@ -48,6 +52,10 @@ FLAGS = flags.FLAGS flags.DEFINE_integer('ajax_console_idle_timeout', 300, 'Seconds before idle connection destroyed') +LOG = logging.getLogger('nova.ajax_console_proxy') +LOG.setLevel(logging.DEBUG) +LOG.addHandler(logging.StreamHandler()) + class AjaxConsoleProxy(object): tokens = {} @@ -83,6 +91,9 @@ class AjaxConsoleProxy(object): start_response("200 OK", info.dict.items()) return body except (exceptions.KeyError): + if env['PATH_INFO'] != '/favicon.ico': + LOG.audit("Unauthorized request %s, %s" + % (req_url, str(env))) start_response("401 NOT AUTHORIZED", []) return "Not Authorized" except Exception: -- cgit