Commit Graph

1694 Commits

Author SHA1 Message Date
Brian C. Lane
f113766f22 Lock the root account, except on live-iso
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.

Users will need to do one of these things:
 1. Use [[customizations.user]] in their blueprint to configure root or
    another user.
 2. Use [[customizations.sshkey]] to set a key for root
 2. Install a package that configures a user at install time
 3. Install a package that sets up a user at boot time (eg. cloud-init)

This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.

Resolves: rhbz#1626120
2018-09-28 14:30:58 -07:00
Brian C. Lane
2876211b14 Automatic commit of package [lorax-composer] release [19.7.23-1].
Created by command:

/usr/bin/tito tag
2018-09-19 08:30:34 -07:00
Brian C. Lane
2a85694c9b Fix depsolve version globbing
The blueprint version glob was being applied to the whole package NEVRA
by yum (it lacks a separate API for just globbing versions), so this
implements that in filterVersionGlob using fnmatchcase on the package
names, and the yum package verGT comparison on the versions for the
selected package.

Also includes tests.

Resolves: rhbz#1628114
2018-09-19 08:19:59 -07:00
Brian C. Lane
9685fdd7aa Fix /compose/cancel API documentation
It said /blueprints/cancel which is incorrect.
2018-08-29 10:06:25 -07:00
Brian C. Lane
b9afb2eb6b Automatic commit of package [lorax-composer] release [19.7.22-1].
Created by command:

/usr/bin/tito tag
2018-08-27 15:06:25 -07:00
Brian C. Lane
fd54205a5f Fix composer-cli blueprints changes to get correct total
blueprints/changes is different, each blueprint has it's own total,
limited by the call's limit. So it needs to find the max total of all
the requested blueprints.
2018-08-23 16:21:54 -07:00
Brian C. Lane
d17cb66195 Fix blueprints/list and blueprints/changes to return the correct total 2018-08-23 16:21:00 -07:00
Brian C. Lane
2e6f5fdf71 Add tests for limit=0 routes
Passing ?limit=0 to the blueprints/list, blueprints/changes,
projects/list, modules/list should always return the total possible
results, not 0.

Also move the composer-cli test_diff to the end so that it will work
consistently. Do this by naming it test_z_diff.
2018-08-23 16:17:33 -07:00
Brian C. Lane
e2c6ae906d Add a function to get_url_json_unlimited to retrieve the total
The blueprints/changes API is a bit different from the others, the total
that it includes is for each blueprint, not one total for all of them,
since there will be a different number of commits for each.

The function is passed the dict, and it can be used to select the total
to use for retrieving all of the results. If it isn't included it will
use data["total"] which works fine in most cases.
2018-08-23 15:29:26 -07:00
Brian C. Lane
8dd6096f5e Fix tests related to blueprint name changes 2018-08-21 15:08:58 -07:00
Brian C. Lane
3a3f358f9b Add 'example' to the example blueprint names 2018-08-21 14:02:30 -07:00
Brian C. Lane
c51000ce60 Don't include glusterfs.toml as an example blueprint 2018-08-21 12:25:57 -07:00
Brian C. Lane
a00b009f77 Add a pylorax.api.version number
lorax-composer is in a different package than lorax, so we need to use
its version number not lorax's when reporting the API /status/
2018-08-21 12:10:01 -07:00
Brian C. Lane
d0c4524253 composer-cli should not log to a file by default
The user can pass --log /path/to/logfile.log if they want logging
enabled.
2018-08-21 11:30:22 -07:00
Brian C. Lane
773613bc80 Add documentation for using a DVD as the package source 2018-08-21 11:27:55 -07:00
Lars Karlitski
a980309744 Set TCP listen backlog for API socket to SOMAXCONN
A value of 1 is too low for heavy users of the API, such as the weldr-web
interface.

This is also systemd's default for sockets it opens. Using lorax-composer with
socket activation already results in a backlog of SOMAXCONN connections.

(cherry picked from commit be5d50e6f3)
2018-08-20 15:23:53 -07:00
Brian C. Lane
3ea2946e08 Add a note about using lorax-composer.service
Update the docs to make it clear that .socket will be slow to respond to
the first request, and to use .service to speed it up.

(cherry picked from commit 83e5f3f885)
(cherry picked from commit c2f96b3d3b)
2018-08-13 16:58:15 -07:00
David Shea
c0c135426e In composer-cli, request all results
Add a limit argument to all potentially paginated results, equal to
whatever the composer backend is the total number of results. This still
has the potential to provide truncated data if the number of results
increases between the two HTTP requests.

Resolves: #404
2018-08-13 10:36:32 -04:00
Brian C. Lane
a81000529d Fix bash_completion.d typo 2018-08-10 14:35:38 -07:00
Chris Lumens
5dddef6f49 Fix a little bug in running "modules list". 2018-08-10 11:59:42 -04:00
David Shea
587f05e551 Add tests for /compose/status filter arguments 2018-08-10 10:18:27 -04:00
David Shea
c71c196157 Allow '*' as a uuid in /compose/status/<uuid>
This will display all UUIDs that match the filter arguments
2018-08-10 10:18:27 -04:00
David Shea
1b6e6254fe Add filter arguments to /compose/status
This adds the following optional arguments to the /compose/status route:

  - type, matches the compose_type field
  - status, matches the queue_status field
  - blueprint, matches the blueprint field
2018-08-10 10:18:27 -04:00
Brian C. Lane
fb85c841be Automatic commit of package [lorax-composer] release [19.7.21-1].
Created by command:

/usr/bin/tito tag
2018-08-09 15:46:45 -07:00
Brian C. Lane
acc7b811b6 Move disklabel and UEFI support to compose.py
Currently we are making MBR disk images for qcow2 and partitioned disk,
so the UEFI packages aren't required at this point.

Move the clearpart command into compose.py so that in the futute it can
use clearpart --disklabel to create a GPT image, and add the required
packages to the package set.
2018-08-09 15:13:58 -07:00
Chris Lumens
4cb15e0a0f Fix more tests.
These were broken due to me rebasing before sending a PR off.  They
should work now.
2018-08-09 16:11:32 -04:00
Chris Lumens
bf0318eab6 Change INVALID_NAME to INVALID_CHARS.
It's getting used in a whole lot more places now, so make it a bit more
generic sounding.
2018-08-09 16:11:32 -04:00
Chris Lumens
bc96f75992 Update composer-cli for the new error return types. 2018-08-09 16:11:32 -04:00
Chris Lumens
fd901c5e3f Add default error IDs everywhere else.
The idea here is to make sure all return points have the same type for
the error cases.  There's not really all that many, so they just go in
one patch.  Some of these could potentially turn into more specialized
errors later.
2018-08-09 16:11:32 -04:00
Chris Lumens
b3bb438254 Add error IDs to things that can go wrong when running a compose.
Note the exception string checking around compose_type.  I didn't really
want to introduce a new exception type just for this, but also didn't
want to duplicate strings.  I'd be open to other suggestions for how to
do this.
2018-08-09 16:11:32 -04:00
Chris Lumens
e43adfc7af Add error IDs for common source-related errors. 2018-08-09 16:11:32 -04:00
Chris Lumens
2adcfc9563 Add error IDs for unknown modules and unknown projects. 2018-08-09 16:11:32 -04:00
Chris Lumens
07528a431e Add error IDs for when an unknown commit is requested. 2018-08-09 16:11:32 -04:00
Chris Lumens
a925cc7ddb Add error IDs for when an unknown blueprint is requested.
This adds some fairly redundant code to the beginning of all the
blueprint routes to attempt reading a commit from git for the
blueprint's recipe.  If it succeeds, the blueprint exists and the route
can continue.  Otherwise, return an error.  Hopefully this doesn't slow
things down too much.
2018-08-09 16:11:32 -04:00
Chris Lumens
6497b4fb65 Add error IDs for when an unknown build UUID is requested.
Note that this also changes the return type of uuid_info to return None
when an unknown ID is given.  The other uuid_* functions are fine
because they are checked ahead of time.
2018-08-09 16:11:32 -04:00
Chris Lumens
d76e24053a Add error IDs for bad state conditions. 2018-08-09 16:11:32 -04:00
Chris Lumens
9677b012da Change the error return type for bad limit= and offset=.
Each element in the errors value is now a dict, with a msg field and an
id field.  The id field contains a value out of errors.py that can be
used by the front end to key on.  The msg field is the same as what's
been there.

The idea is to keep the number of IDs somewhat limited so there's not a
huge number of things for the front end to know.
2018-08-09 16:11:32 -04:00
Chris Lumens
4c3f93e329 Don't sort error messages.
This should make it easier to return more complex error structures.  It
also doesn't appear to matter - tests still pass without changes.
2018-08-09 16:11:32 -04:00
Brian C. Lane
d0e2c2308a Fix bash completion of compose info 2018-08-07 16:46:56 -07:00
Brian C. Lane
5d9aa457f4 Add + to the allowed API string character set 2018-08-07 15:16:20 -07:00
Brian C. Lane
97ca285cf2 Add job_* timestamp support to compose status 2018-08-07 14:05:53 -07:00
Brian C. Lane
eda5c9bde1 Add a test for the pylorax.api.timestamp functions 2018-08-07 10:51:06 -07:00
Will Woods
df7409f83d Add etc/bash_completion.d/composer-cli
Here's a bash_completion file for composer-cli! It completes known
commands, subcommands, and flags, plus arguments to flags that take
arguments, and if you've got write access to the socket it'll also
autocomplete:

* source names for commands that need source names
* blueprint names for commands that take blueprint names
* compose uuids for commands that take compose uuids
  * intelligently only suggests appropriate uuids - e.g. only
    suggests uuids of running composes for "compose cancel"

NOTE: bash completion scripts are horrible and this is no exception.
Please forgive me.
2018-08-07 12:57:34 -04:00
Will Woods
80b5a37036 composer-cli: clean up "list" commands
This patch does two things:

1) Add "compose list", which lists compose UUIDs and other basic info,
2) Fix up "blueprints list", "modules list", "sources list", and
   "compose types" so their output is just a plain list of identifiers
2018-08-07 12:57:34 -04:00
Brian C. Lane
86d79cd8a6 Add input string checks to the branch and format arguments
Make sure no UTF8 characters are allowed and return an error if they
are.

Also includes tests to make sure the correct error is returned.
2018-08-06 14:21:24 -07:00
Brian C. Lane
74f5def3d4 Add a test for invalid characters in the API route
Currently the code is not UTF8 safe, so we need to return a clear error
when invalid characters are passed in.

This also adds tests for the routes to confirm that an error is
correctly returned.
2018-08-06 13:24:24 -07:00
Chris Lumens
5daf2d416a Return a JSON error instead of a 404 on certain malformed URLs.
This handles the case where a route is requested, but without a required
parameter.  So, /blueprints/info is requested instead of
/blueprints/info/http-server.  It accomplishes this via a decorator, so
a lot of these route-related functions now have quite a few decorators
attached to them.

Typo'd URLs (/blueprints/nfo for instance) will still return a 404.  I
think this is a reasonable thing to do.
2018-08-06 13:38:14 -04:00
Chris Lumens
8e948e4a4d Return an error if /modules/info doesn't return anything.
Unfortunately, this isn't very useful if /modules/info is provided with
multiple modules.  yum doesn't traceback when doPackageLists is given
something that doesn't exist.  It just returns an empty list.  If
/modules/info is given just one module and yum gives us an empty list,
it's easy to say what happened.  If /modules/info is given several
modules and just one does not exist, we will not be able to detect that.

Fixing this would require doing more yum operations, which is likely to
slow things down and isn't the direction I want to be going.
2018-08-06 12:37:58 -04:00
Chris Lumens
6193a7c9d8 Update documentation (#409). 2018-08-06 12:04:00 -04:00
Chris Lumens
fdf4d63f3b Use constants instead of strings (#409). 2018-08-06 12:04:00 -04:00