GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2025-12-12 09:10:30 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

improved users/groups

Browse Source
This commit is contained in:
Devaev Maxim 2019-05-10 14:36:28 +03:00
parent 03c3caa35e
commit 18fa69b779
15 changed files with 56 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.dockerignore
View File

@ -4,6 +4,7 @@
/build/ /build/
/dist/ /dist/
/kvmd.egg-info/ /kvmd.egg-info/
/testenv/run/
/testenv/.tox/ /testenv/.tox/
/testenv/.mypy_cache/ /testenv/.mypy_cache/
/.git/ /.git/

6
Makefile
View File

@ -50,7 +50,7 @@ tox: testenv
run: testenv run: testenv
sudo modprobe loop sudo modprobe loop
- docker run --rm --name kvmd \ - docker run --rm --name kvmd \
--volume `pwd`/testenv/run:/run:rw \ --volume `pwd`/testenv/run:/run/kvmd:rw \
--volume `pwd`/testenv:/testenv:ro \ --volume `pwd`/testenv:/testenv:ro \
--volume `pwd`/kvmd:/kvmd:ro \ --volume `pwd`/kvmd:/kvmd:ro \
--volume `pwd`/web:/usr/share/kvmd/web:ro \ --volume `pwd`/web:/usr/share/kvmd/web:ro \
@ -65,7 +65,7 @@ run: testenv
&& cp /usr/share/kvmd/configs.default/kvmd/*.yaml /etc/kvmd \ && cp /usr/share/kvmd/configs.default/kvmd/*.yaml /etc/kvmd \
&& cp /usr/share/kvmd/configs.default/kvmd/*passwd /etc/kvmd \ && cp /usr/share/kvmd/configs.default/kvmd/*passwd /etc/kvmd \
&& cp /testenv/main.yaml /etc/kvmd \ && cp /testenv/main.yaml /etc/kvmd \
&& nginx -c /etc/kvmd/nginx/nginx.conf \ && nginx -c /etc/kvmd/nginx/nginx.conf -g 'user http; error_log stderr;' \
&& ln -s $(TESTENV_VIDEO) /dev/kvmd-video \ && ln -s $(TESTENV_VIDEO) /dev/kvmd-video \
&& (losetup -d /dev/kvmd-msd || true) \ && (losetup -d /dev/kvmd-msd || true) \
&& losetup /dev/kvmd-msd /root/loop.img \ && losetup /dev/kvmd-msd /root/loop.img \
@ -76,7 +76,7 @@ run: testenv
run-ipmi: testenv run-ipmi: testenv
- docker run --rm --name kvmd-ipmi \ - docker run --rm --name kvmd-ipmi \
--volume `pwd`/testenv/run:/run:rw \ --volume `pwd`/testenv/run:/run/kvmd:rw \
--volume `pwd`/testenv:/testenv:ro \ --volume `pwd`/testenv:/testenv:ro \
--volume `pwd`/kvmd:/kvmd:ro \ --volume `pwd`/kvmd:/kvmd:ro \
--volume `pwd`/configs:/usr/share/kvmd/configs.default:ro \ --volume `pwd`/configs:/usr/share/kvmd/configs.default:ro \

6
PKGBUILD
View File

@ -65,6 +65,7 @@ package_kvmd() {
mkdir -p "$pkgdir/usr/lib/systemd/system" mkdir -p "$pkgdir/usr/lib/systemd/system"
cp configs/os/systemd/*.service "$pkgdir/usr/lib/systemd/system" cp configs/os/systemd/*.service "$pkgdir/usr/lib/systemd/system"
cp configs/os/tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/kvmd.conf"
mkdir -p "$pkgdir/usr/share/kvmd" mkdir -p "$pkgdir/usr/share/kvmd"
cp -r web "$pkgdir/usr/share/kvmd" cp -r web "$pkgdir/usr/share/kvmd"
@ -78,7 +79,7 @@ package_kvmd() {
find "$pkgdir" -name ".gitignore" -delete find "$pkgdir" -name ".gitignore" -delete
sed -i -e "s/^#PROD//g" "$_cfgdir/nginx/nginx.conf" sed -i -e "s/^#PROD//g" "$_cfgdir/nginx/nginx.conf"
find "$_cfgdir" -type f -exec chmod 444 '{}' \; find "$_cfgdir" -type f -exec chmod 444 '{}' \;
chmod 440 "$_cfgdir/kvmd"/*passwd chmod 400 "$_cfgdir/kvmd"/*passwd
mkdir -p "$pkgdir/etc/kvmd/nginx/ssl" mkdir -p "$pkgdir/etc/kvmd/nginx/ssl"
chmod 750 "$pkgdir/etc/kvmd/nginx/ssl" chmod 750 "$pkgdir/etc/kvmd/nginx/ssl"
@ -87,7 +88,8 @@ package_kvmd() {
done done
rm "$pkgdir/etc/kvmd"/{auth.yaml,meta.yaml} rm "$pkgdir/etc/kvmd"/{auth.yaml,meta.yaml}
cp "$_cfgdir/kvmd"/{auth.yaml,meta.yaml} "$pkgdir/etc/kvmd" cp "$_cfgdir/kvmd"/{auth.yaml,meta.yaml} "$pkgdir/etc/kvmd"
cp -a "$_cfgdir/kvmd/"*passwd "$pkgdir/etc/kvmd" cp "$_cfgdir/kvmd/"*passwd "$pkgdir/etc/kvmd"
chmod 600 "$_cfgdir/kvmd/"*passwd
for path in "$_cfgdir/nginx"/*.conf; do for path in "$_cfgdir/nginx"/*.conf; do
ln -sf "/usr/share/kvmd/configs.default/nginx/`basename $path`" "$pkgdir/etc/kvmd/nginx" ln -sf "/usr/share/kvmd/configs.default/nginx/`basename $path`" "$pkgdir/etc/kvmd/nginx"
done done

6
configs/kvmd/main/v1-hdmi.yaml
View File

@ -5,7 +5,7 @@ logging: !include logging.yaml
kvmd: kvmd:
server: server:
unix: /run/kvmd.sock unix: /run/kvmd/kvmd.sock
unix_rm: true unix_rm: true
unix_mode: 0660 unix_mode: 0660
@ -27,7 +27,7 @@ kvmd:
device: /dev/kvmd-msd device: /dev/kvmd-msd
streamer: streamer:
unix: /run/ustreamer.sock unix: /run/kvmd/ustreamer.sock
cmd: cmd:
- "/usr/bin/ustreamer" - "/usr/bin/ustreamer"
- "--device=/dev/kvmd-video" - "--device=/dev/kvmd-video"
@ -45,4 +45,4 @@ kvmd:
ipmi: ipmi:
kvmd: kvmd:
unix: /run/kvmd.sock unix: /run/kvmd/kvmd.sock

6
configs/kvmd/main/v1-vga.yaml
View File

@ -5,7 +5,7 @@ logging: !include logging.yaml
kvmd: kvmd:
server: server:
unix: /run/kvmd.sock unix: /run/kvmd/kvmd.sock
unix_rm: true unix_rm: true
unix_mode: 0660 unix_mode: 0660
@ -30,7 +30,7 @@ kvmd:
cap_pin: 17 cap_pin: 17
conv_pin: 18 conv_pin: 18
init_restart_after: 1 init_restart_after: 1
unix: /run/ustreamer.sock unix: /run/kvmd/ustreamer.sock
cmd: cmd:
- "/usr/bin/ustreamer" - "/usr/bin/ustreamer"
- "--device=/dev/kvmd-video" - "--device=/dev/kvmd-video"
@ -49,4 +49,4 @@ kvmd:
ipmi: ipmi:
kvmd: kvmd:
unix: /run/kvmd.sock unix: /run/kvmd/kvmd.sock

5
configs/nginx/nginx.conf
View File

@ -1,4 +1,3 @@
user kvmd-nginx;
worker_processes 4; worker_processes 4;
# error_log /tmp/kvmd-nginx.error.log; # error_log /tmp/kvmd-nginx.error.log;
@ -35,11 +34,11 @@ http {
uwsgi_temp_path /tmp/kvmd-nginx.uwsgi_temp; uwsgi_temp_path /tmp/kvmd-nginx.uwsgi_temp;
upstream kvmd { upstream kvmd {
server unix:/run/kvmd.sock fail_timeout=0s max_fails=0; server unix:/run/kvmd/kvmd.sock fail_timeout=0s max_fails=0;
} }
upstream ustreamer { upstream ustreamer {
server unix:/run/ustreamer.sock fail_timeout=0s max_fails=0; server unix:/run/kvmd/ustreamer.sock fail_timeout=0s max_fails=0;
} }
include /usr/share/kvmd/extras/*/nginx.ctx-http.conf; include /usr/share/kvmd/extras/*/nginx.ctx-http.conf;

6
configs/os/systemd/kvmd-ipmi.service
View File

@ -1,10 +1,10 @@
[Unit] [Unit]
Description=IPMI to KVMD proxy Description=Pi-KVM - IPMI to KVMD proxy
After=kvmd.service After=kvmd.service
[Service] [Service]
User=kvmd User=kvmd-ipmi
Group=kvmd Group=kvmd-ipmi
Type=simple Type=simple
Restart=always Restart=always
RestartSec=3 RestartSec=3

6
configs/os/systemd/kvmd-nginx.service
View File

@ -1,14 +1,14 @@
[Unit] [Unit]
Description=Nginx instance for KVMD Description=Pi-KVM - HTTP entrypoint
After=network.target network-online.target nss-lookup.target kvmd.service After=network.target network-online.target nss-lookup.target kvmd.service
[Service] [Service]
Type=forking Type=forking
PIDFile=/run/kvmd-nginx.pid PIDFile=/run/kvmd/nginx.pid
PrivateDevices=yes PrivateDevices=yes
SyslogLevel=err SyslogLevel=err
ExecStart=/usr/bin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd-nginx.pid; error_log stderr;' ExecStart=/usr/bin/nginx -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf -g 'pid /run/kvmd/nginx.pid; user kvmd-nginx; error_log stderr;'
ExecReload=/usr/bin/nginx -s reload -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf ExecReload=/usr/bin/nginx -s reload -p /etc/kvmd/nginx -c /etc/kvmd/nginx/nginx.conf
KillSignal=SIGQUIT KillSignal=SIGQUIT
KillMode=mixed KillMode=mixed

2
configs/os/systemd/kvmd-tc358743.service
View File

@ -1,5 +1,5 @@
[Unit] [Unit]
Description=Loads EDID data to TC358743 Description=Pi-KVM - EDID loader for TC358743
After=systemd-modules-load.service After=systemd-modules-load.service
Before=kvmd.service Before=kvmd.service

2
configs/os/systemd/kvmd.service
View File

@ -1,5 +1,5 @@
[Unit] [Unit]
Description=The main Pi-KVM daemon Description=Pi-KVM - The main daemon
After=network.target network-online.target nss-lookup.target After=network.target network-online.target nss-lookup.target
[Service] [Service]

1
configs/os/tmpfiles.conf Normal file
View File

@ -0,0 +1 @@
D /run/kvmd 0775 kvmd kvmd -

37
kvmd.install
View File

@ -8,19 +8,36 @@ post_install() {
post_upgrade() { post_upgrade() {
echo "==> Configuring KVMD users and groups ..." echo "==> Configuring KVMD users and groups ..."
id kvmd &>/dev/null || useradd -r -c "The main Pi-KVM daemon" -s /sbin/nologin kvmd _create_user kvmd "Pi-KVM - The main daemon"
for group in gpio uucp systemd-journal; do _add_user_to_group kvmd gpio
(groupmems -l -g "$group" | grep kvmd >/dev/null) || groupmems -g "$group" -a kvmd _add_user_to_group kvmd uucp
done _add_user_to_group kvmd systemd-journal
id kvmd-nginx &>/dev/null || useradd -r -c "Pi-KVM Nginx Server" -s /sbin/nologin kvmd-nginx _create_user kvmd-ipmi "Pi-KVM - IPMI to KVMD proxy"
(groupmems -l -g kvmd | grep kvmd-nginx >/dev/null) || groupmems -g kvmd -a kvmd-nginx _add_user_to_group kvmd-ipmi kvmd
chown root:kvmd \ _create_user kvmd-nginx "Pi-KVM - HTTP entrypoint"
/usr/share/kvmd/configs.default/kvmd/*passwd \ _add_user_to_group kvmd-nginx kvmd
/etc/kvmd/*passwd
chown kvmd:kvmd /etc/kvmd/htpasswd
chown kvmd-ipmi:kvmd-ipmi /etc/kvmd/ipmipasswd
chmod 600 /etc/kvmd/*passwd
} }
post_remove() { post_remove() {
userdel kvmd &>/dev/null _delete_user kvmd-nginx
_delete_user kvmd-ipmi
_delete_user kvmd
}
_create_user() {
id "$1" &>/dev/null || useradd -r -c "$2" -s /sbin/nologin "$1"
}
_delete_user() {
userdel "$1" &>/dev/null
}
_add_user_to_group() {
(groupmems -l -g "$2" | grep "$1" >/dev/null) || groupmems -g "$2" -a "$1"
} }

2
scripts/kvmd-gencert
View File

@ -34,8 +34,8 @@ cd /etc/kvmd/nginx/ssl
openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 3650 \ openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 3650 \
-subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost" -subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost"
chown -R root:http /etc/kvmd/nginx/ssl
chown -R root:kvmd-nginx /etc/kvmd/nginx/ssl
chmod 400 server.key chmod 400 server.key
chmod 444 server.crt chmod 444 server.crt
chmod 750 /etc/kvmd/nginx/ssl chmod 750 /etc/kvmd/nginx/ssl

1
testenv/Dockerfile
View File

@ -37,7 +37,6 @@ RUN pkg-install \
COPY testenv/requirements.txt requirements.txt COPY testenv/requirements.txt requirements.txt
RUN pip install -r requirements.txt RUN pip install -r requirements.txt
RUN useradd -r -c "Pi-KVM Nginx Server" -s /sbin/nologin kvmd-nginx
RUN mkdir -p /etc/kvmd/nginx RUN mkdir -p /etc/kvmd/nginx
CMD /bin/bash CMD /bin/bash

6
testenv/main.yaml
View File

@ -1,6 +1,6 @@
kvmd: kvmd:
server: server:
unix: /run/kvmd.sock unix: /run/kvmd/kvmd.sock
unix_rm: true unix_rm: true
unix_mode: 0666 unix_mode: 0666
@ -26,7 +26,7 @@ kvmd:
cap_pin: 17 cap_pin: 17
conv_pin: 18 conv_pin: 18
init_restart_after: 1 init_restart_after: 1
unix: /run/ustreamer.sock unix: /run/kvmd/ustreamer.sock
cmd: cmd:
- "/usr/bin/ustreamer" - "/usr/bin/ustreamer"
- "--device=/dev/kvmd-video" - "--device=/dev/kvmd-video"
@ -40,6 +40,6 @@ kvmd:
ipmi: ipmi:
kvmd: kvmd:
unix: /run/kvmd.sock unix: /run/kvmd/kvmd.sock
logging: !include logging.yaml logging: !include logging.yaml