Release/1.2.0 (#172)

Release/1.2.0
isard-vdi · Jun 21, 2019 · 89eb223 · 89eb223
2 parents 9a0970a + 5bc63b6
commit 89eb223
Show file tree

Hide file tree

Showing 48 changed files with 726 additions and 491 deletions.
diff --git a/.env b/.env
@@ -1,2 +1 @@
-TAG=1.0
-TAG_DEVEL=1.1
+TAG=1.2.0
diff --git a/.gitignore b/.gitignore
@@ -25,6 +25,7 @@ logs/*
 .idea/
 webapp/.idea/
 engine/.idea/
+.vscode
 
 #pytest
 .pytest_cache

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,25 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.2.0] - 2019-06-21 | La Pedriza
+
+### Added
+- Create desktops automatically when a user from a specific category / group logs in [#134](https://github.com/isard-vdi/isard/issues/134)
+- Ephimeral desktops for a specific category / group [#133](https://github.com/isard-vdi/isard/issues/133)
+- New Docker and Docker Compose developing system [#160](https://github.com/isard-vdi/isard/issues/160)
+- Set predefined desktops when adding users in bulk [#138](https://github.com/isard-vdi/isard/issues/138)
+
+### Changed
+
+- Improved the XML definitions to boost the video performance [#157](https://github.com/isard-vdi/isard/issues/157)
+
+### Fixed
+- Add minimum template name length [#136](https://github.com/isard-vdi/isard/issues/136)
+- Fix hypervisor port variable type when updating an hypervisor [#137](https://github.com/isard-vdi/isard/issues/137)
+- Fix VNC port variable type when updating it [#139](https://github.com/isard-vdi/isard/issues/139)
+- Remote hyper port 22 restriction [#149](https://github.com/isard-vdi/isard/issues/149)
+- In some cases, the SSH keys weren't copied to the hypervisor [#155](https://github.com/isard-vdi/isard/issues/155)
+
 ## [1.1.1] - 2019-03-19
 
 ### Fixed

diff --git a/build-docker-images.sh b/build-docker-images.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Check that the version number was provided
 if [ -z "$1" ]; then
@@ -32,7 +32,6 @@ fi
 
 # Array containing all the images to build
 images=(
-	#alpine-pandas
 	#grafana
 	nginx
 	hypervisor

diff --git a/docker-compose.devel.yml b/docker-compose.devel.yml
@@ -0,0 +1,23 @@
+version: "3.5"
+services:
+  isard-database:
+    container_name: isard-database-devel
+    ports:
+      - "8080:8080"      
+      - "28015:28015"
+
+  isard-nginx:
+    container_name: isard-nginx-devel
+
+  isard-hypervisor:
+    container_name: isard-hypervisor-devel
+    ports:
+      - "2022:22"
+
+  isard-app:
+    container_name: isard-app-devel
+    ports:
+      - "5000:5000"       
+      - "5555:5555"
+    build:
+      target: development
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -9,8 +9,6 @@ services:
       - isard_network
     image: rethinkdb
     restart: unless-stopped
-    logging:
-        driver: none
 
   isard-nginx:
     container_name: isard-nginx
@@ -23,7 +21,10 @@ services:
       - "443:443"
     networks:
       - isard_network
-    image: isard/nginx:1
+    image: isard/nginx:${TAG}
+    build:
+      context: .
+      dockerfile: dockers/nginx/Dockerfile    
     restart: unless-stopped
     depends_on:
       - isard-app
@@ -40,7 +41,10 @@ services:
       - "55900-55999:55900-55999"
     networks:
       - isard_network
-    image: isard/hypervisor:1
+    image: isard/hypervisor:${TAG}
+    build:
+      context: .
+      dockerfile: dockers/hypervisor/Dockerfile    
     privileged: true
     restart: unless-stopped
 
@@ -58,7 +62,11 @@ services:
       - "isard-engine:127.0.0.1"
     networks:
       - isard_network
-    image: isard/app:1
+    image: isard/app:${TAG}
+    build:
+      context: .
+      dockerfile: dockers/app/Dockerfile
+      target: production
     restart: unless-stopped
     depends_on:
       - isard-database

diff --git a/dockers/alpine-pandas/Dockerfile b/dockers/alpine-pandas/Dockerfile
diff --git a/dockers/app/Dockerfile b/dockers/app/Dockerfile
@@ -1,27 +1,55 @@
-FROM isard/alpine-pandas:latest
+FROM alpine:3.8 as production
 MAINTAINER isard <[email protected]>
 
-RUN apk add --no-cache bash yarn py3-libvirt py3-paramiko py3-lxml py3-pexpect py3-openssl py3-bcrypt py3-gevent py3-flask py3-netaddr py3-requests curl openssh-client
+RUN apk add --no-cache \
+	yarn \
+	py3-libvirt \
+	py3-paramiko \
+	py3-lxml \
+	py3-pexpect \
+	py3-openssl \
+	py3-bcrypt \
+	py3-gevent \
+	py3-flask \
+	py3-netaddr \
+	py3-requests \
+	curl \
+	openssh-client \
+	supervisor
+
+RUN apk add --no-cache --virtual .build_deps \
+	build-base \
+	python3-dev \
+	libffi-dev \
+	openssl-dev 
+RUN pip3 install --no-cache-dir pandas
+RUN apk del .build_deps
 
 COPY dockers/app/requirements.pip3 /requirements.pip3
 RUN pip3 install --no-cache-dir -r requirements.pip3
 
-RUN mkdir -p /root/.ssh
-RUN echo "Host isard-hypervisor \
+# Create the required directories
+RUN mkdir -p /var/log/supervisor /isard /root/.ssh
+
+# Configure SSH
+RUN echo -e "Host isard-hypervisor\n \
 	StrictHostKeyChecking no" >/root/.ssh/config
 RUN chmod 600 /root/.ssh/config
 
-RUN apk add --no-cache supervisor
-RUN mkdir -p /var/log/supervisor
+# Copy the isard source
+COPY ./src /isard
+RUN mv /isard/isard.conf.docker /isard/isard.conf
+
+COPY dockers/app/certs.sh /
+COPY dockers/app/add-hypervisor.sh /
 COPY dockers/app/supervisord.conf /etc/supervisord.conf
 
 EXPOSE 5000
 
-COPY dockers/app/certs.sh /
-COPY dockers/app/add-hypervisor.sh /
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
 
-RUN mkdir /isard
-ADD ./src /isard
-RUN mv /isard/isard.conf.docker /isard/isard.conf
+FROM production as development
+RUN pip3 install --no-cache-dir ipython pytest
+RUN apk add --no-cache --update bash vim openssh bash
 
 CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
diff --git a/dockers/app/add-hypervisor.sh b/dockers/app/add-hypervisor.sh
@@ -18,7 +18,7 @@ then
     USER=root
 fi
 
-apk add sshpass
+apk add --no-cache sshpass
 if [ -f /NEWHYPER ]
 then
     rm /NEWHYPER

diff --git a/dockers/app/certs.sh b/dockers/app/certs.sh
@@ -26,10 +26,11 @@ then
 else
     echo "$auth_keys not found, generating new ones."
     cat /dev/zero | ssh-keygen -q -N ""
-    #Copy new host key to authorized_keys (so isard-hypervisor can get it also)
-    cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
 fi
 
+#Copy new host key to authorized_keys (so isard-hypervisor can get it also)
+cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
+
 # Now scan for isard-hypervisor for 10 seconds (should be more than enough)
 echo "Scanning isard-hypervisor key..."
 ssh-keyscan -T 10 isard-hypervisor > /root/.ssh/known_hosts
diff --git a/dockers/app/requirements.pip3 b/dockers/app/requirements.pip3
@@ -7,4 +7,3 @@ graphyte==1.4
 pem==18.2.0
 Flask-Login==0.4.1
 xmltodict==0.11.0
-
diff --git a/dockers/hypervisor/Dockerfile b/dockers/hypervisor/Dockerfile
@@ -1,45 +1,53 @@
-FROM isard/alpine-pandas:1.0.0
+FROM alpine:3.9
 MAINTAINER isard <[email protected]>
 
-RUN pip3 uninstall pandas pytz python-dateutil six -y
+RUN apk add --no-cache \
+    qemu-system-x86_64 \
+    libvirt \
+    netcat-openbsd \
+    libvirt-daemon \
+    dbus \
+    polkit \
+    qemu-img \
+    openssh \
+    curl \
+    python3 \
+    supervisor
+
+RUN apk add --no-cache --virtual .build_deps \
+    build-base \
+    python3-dev 
+RUN pip3 install --no-cache-dir websockify==0.8.0
+RUN apk del .build_deps
 
-RUN apk --no-cache add qemu-system-x86_64 libvirt netcat-openbsd libvirt-daemon dbus polkit qemu-img
 RUN ln -s /usr/bin/qemu-system-x86_64 /usr/bin/qemu-kvm
-RUN apk add openssh curl bash
-RUN ssh-keygen -A
-ADD dockers/hypervisor/reset-hyper.sh /
-RUN chmod 744 reset-hyper.sh
 
+# SSH configuration
 RUN echo "root:isard" |chpasswd
-RUN sed -i 's|[#]*PermitRootLogin prohibit-password|PermitRootLogin yes|g' /etc/ssh/sshd_config
-RUN sed -i 's|[#]*PasswordAuthentication yes|PasswordAuthentication yes|g' /etc/ssh/sshd_config
-RUN sed -i 's|[#]*ChallengeResponseAuthentication yes|ChallengeResponseAuthentication yes|g' /etc/ssh/sshd_config
-RUN sed -i 's|[#]*UsePAM yes|UsePAM yes|g' /etc/ssh/sshd_config
-
-RUN echo "listen_tls = 0" >> /etc/libvirt/libvirtd.conf; 
-RUN echo 'listen_tcp = 1' >> /etc/libvirt/libvirtd.conf;
-
-# libvirt configuration and certs
-RUN echo 'spice_listen = "0.0.0.0"' >> /etc/libvirt/qemu.conf && \
-echo 'spice_tls = 1' >> /etc/libvirt/qemu.conf && \
-echo 'spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"' >> /etc/libvirt/qemu.conf
-RUN mkdir -p /etc/pki/libvirt-spice
-
-RUN apk add --no-cache --virtual .build_deps build-base python3-dev 
-RUN pip3 install --no-cache-dir websockify==0.8.0
-RUN apk del .build_deps
-ADD dockers/hypervisor/start_proxy.py /
+RUN ssh-keygen -A
+RUN sed -i \
+    -e 's|[#]*PermitRootLogin prohibit-password|PermitRootLogin yes|g' \
+    -e 's|[#]*PasswordAuthentication yes|PasswordAuthentication yes|g' \
+    -e 's|[#]*ChallengeResponseAuthentication yes|ChallengeResponseAuthentication yes|g' \
+    -e 's|[#]*UsePAM yes|UsePAM yes|g' /etc/ssh/sshd_config
+
+# Libvirt configuration and certs
+RUN echo -e "listen_tls = 0\n \
+    listen_tcp = 1" >> /etc/libvirt/libvirtd.conf
+RUN echo -e 'spice_listen = "0.0.0.0"\n \
+    spice_tls = 1\n \
+    spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"' >> /etc/libvirt/qemu.conf
+
+# Create the required directories
+RUN mkdir -p /etc/pki/libvirt-spice /var/log/supervisor
+
+COPY dockers/hypervisor/reset-hyper.sh /
+COPY dockers/hypervisor/start_proxy.py /
+COPY dockers/hypervisor/supervisord.conf /etc/supervisord.conf
 
-EXPOSE 22
 EXPOSE 5900-5950
 EXPOSE 55900-55950
 
-VOLUME ["/isard" ]
-
-RUN apk add --no-cache supervisor
-RUN mkdir -p /var/log/supervisor
-COPY dockers/hypervisor/supervisord.conf /etc/supervisord.conf
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
-
-
+VOLUME [ "/isard" ]
 
+CMD [ "/usr/bin/supervisord", "-c", "/etc/supervisord.conf" ]
diff --git a/dockers/hypervisor/requirements.pip3 b/dockers/hypervisor/requirements.pip3
diff --git a/dockers/hypervisor/reset-hyper.sh b/dockers/hypervisor/reset-hyper.sh
@@ -5,7 +5,7 @@ then
     exit 1
 fi
 
-/bin/rm -v /etc/ssh/ssh_host_*
+rm -v /etc/ssh/ssh_host_*
 ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
 ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
 echo "root:$PASSWORD" |chpasswd

diff --git a/dockers/hypervisor/start_proxy.py b/dockers/hypervisor/start_proxy.py
@@ -1,16 +1,21 @@
+#!/usr/bin/env python3
+
 import multiprocessing
 import websockify
 import socket
-servers={}
+
+servers = {}
 procs = {}
 
 for i in range(50):
-    servers[i]=websockify.WebSocketProxy(listen_host='0.0.0.0',
-                             listen_port=55900+i,
-                             target_host=socket.getfqdn(),
-                             target_port=5900+i,
-                             cert="/etc/pki/libvirt-spice/server-cert.pem",
-                             key="/etc/pki/libvirt-spice/server-key.pem")
+    servers[i] = websockify.WebSocketProxy(
+        listen_host="0.0.0.0",
+        listen_port=55900 + i,
+        target_host=socket.getfqdn(),
+        target_port=5900 + i,
+        cert="/etc/pki/libvirt-spice/server-cert.pem",
+        key="/etc/pki/libvirt-spice/server-key.pem",
+    )
     procs[i] = multiprocessing.Process(target=servers[i].start_server)
     procs[i].start()
-Original file line number
+Diff line change
@@ Expand Up / @@ -25,6 +25,7 @@ logs/* @@
     .idea/
     webapp/.idea/
     engine/.idea/
+    .vscode
     #pytest
     .pytest_cache
@@ Expand Down @@
Original file line number	Diff line number	Diff line change
Expand Up		@@ -7,4 +7,3 @@ graphyte==1.4
		pem==18.2.0
		Flask-Login==0.4.1
		xmltodict==0.11.0