Merge branch 'master' into master

Author: catborise

README.md

@@ -385,55 +385,73 @@ python manage.py test
 
 ## LDAP Configuration
 
-The example settings are based on an OpenLDAP server with groups defined as "cn" of class "groupOfUniqueNames"
+The config options below can be changed in `webvirtcloud/settings.py` file. Variants for Active Directory and OpenLDAP are shown. This is a minimal config to get LDAP running, for further info read the [django-auth-ldap documentation](https://django-auth-ldap.readthedocs.io).
 
 Enable LDAP
 
 ```bash
-sudo sed -i "s/LDAP_ENABLED = False/LDAP_ENABLED = True/g"" /srv/webvirtcloud/webvirtcloud/settings.py
+sudo sed -i "s~#\"django_auth_ldap.backend.LDAPBackend\",~\"django_auth_ldap.backend.LDAPBackend\",~g" /srv/webvirtcloud/webvirtcloud/settings.py
 ```
 
-Set the LDAP server name and root DN
+Set the LDAP server name and bind DN
 
-```bash
-sudo sed -i "s/LDAP_URL = ''/LDAP_URL = 'myldap.server.com'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
-sudo sed -i "s/LDAP_ROOT_DN = ''/LDAP_ROOT_DN = 'dc=server,dc=com'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
-```
+```python
+# Active Directory
+AUTH_LDAP_SERVER_URI = "ldap://example.com"
+AUTH_LDAP_BIND_DN = "[email protected]"
+AUTH_LDAP_BIND_PASSWORD = "password"
 
-Set the passphrase to decrypt the password
-```bash
-sudo sed -i "s/pass:MYPASSPHRASE/pass:MYTRUEPASSPHRASE/g" /srv/webvirtcloud/webvirtcloud/.dec_ldap_pwd.sh
+# OpenLDAP
+AUTH_LDAP_SERVER_URI = "ldap://example.com"
+AUTH_LDAP_BIND_DN = "CN=username,CN=Users,OU=example,OU=com"
+AUTH_LDAP_BIND_PASSWORD = "password"
 ```
 
-Encrypt the password
-```bash
-echo MYPASSWORD | openssl enc -pbkdf2 -salt -pass pass:MYTRUEPASSPHRASE | base64
-```
+Set the user filter and user and group search base and filter
 
-Set the user that has browse access to LDAP and its password encrypted
+```python
+# Active Directory
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    "CN=Users,DC=example,DC=com", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)"
+)
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    "CN=Users,DC=example,DC=com", ldap.SCOPE_SUBTREE, "(objectClass=group)"
+)
+AUTH_LDAP_GROUP_TYPE = NestedActiveDirectoryGroupType()
 
-```bash
-sudo sed -i "s/LDAP_MASTER_DN = ''/LDAP_MASTER_DN = 'cn=admin,ou=users,dc=kendar,dc=org'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
-sudo sed -i "s/LDAP_MASTER_PW_ENC = ''/LDAP_MASTER_PW_ENC = 'MYPASSWORDENCRYPTED'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
+# OpenLDAP
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    "CN=Users,DC=example,DC=com", ldap.SCOPE_SUBTREE, "(cn=%(user)s)"
+)
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    "CN=Users,DC=example,DC=com", ldap.SCOPE_SUBTREE, "(objectClass=groupOfUniqueNames)"
+)
+AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()  # import needs to be changed at the top of settings.py
 ```
 
-Set the attribute that will be used to find the username, i usually use the cn
+Set group which is required to access WebVirtCloud. You may set this to `False` to disable this filter.
 
-```bash
-sudo sed -i "s/LDAP_USER_UID_PREFIX = ''/LDAP_USER_UID_PREFIX = 'cn'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
+```python
+AUTH_LDAP_REQUIRE_GROUP = "CN=WebVirtCloud Access,CN=Users,DC=example,DC=com"
 ```
 
-You can now create the filters to retrieve the users for the various group. This will be used during the user creation only
+Populate user fields with values from LDAP
 
-```bash
-sudo sed -i "s/LDAP_SEARCH_GROUP_FILTER_ADMINS = ''/LDAP_SEARCH_GROUP_FILTER_ADMINS = 'memberOf=cn=admins,dc=kendar,dc=org'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
-sudo sed -i "s/LDAP_SEARCH_GROUP_FILTER_STAFF = ''/LDAP_SEARCH_GROUP_FILTER_STAFF = 'memberOf=cn=staff,dc=kendar,dc=org'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
-sudo sed -i "s/LDAP_SEARCH_GROUP_FILTER_USERS = ''/LDAP_SEARCH_GROUP_FILTER_USERS = 'memberOf=cn=users,dc=kendar,dc=org'/g"" /srv/webvirtcloud/webvirtcloud/settings.py
+```python
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_staff": "CN=WebVirtCloud Staff,CN=Users,DC=example,DC=com",
+    "is_superuser": "CN=WebVirtCloud Admins,CN=Users,DC=example,DC=com",
+}
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail",
+}
 ```
 
-Now when you login with an LDAP user it will be assigned the rights defined. The user will be authenticated then with ldap and authorized through the WebVirtCloud permissions.
+Now when you login with an LDAP user it will be assigned the rights defined. The user will be authenticated then with LDAP and authorized through the WebVirtCloud permissions.
 
-If you'd like to move a user from ldap to WebVirtCloud, just change its password from the UI and (eventually) remove from the group in ldap
+If you'd like to move a user from ldap to WebVirtCloud, just change its password from the UI and (eventually) remove from the group in LDAP.
 
 
 ## REST API / BETA

accounts/templates/logout.html

@@ -1,4 +1,4 @@
-{% extends "base_auth.html" %}
+{% extends "base.html" %}
 {% load i18n %}
 {% block title %}
     {% trans "WebVirtCloud" %} - {% trans "Sign Out"%}
@@ -14,4 +14,4 @@ <h2>{% trans "Successful log out" %}</h2>
             </div>
         </div>
     </div>
-{% endblock %}
+{% endblock %}

admin/views.py

@@ -117,7 +117,7 @@ def user_create(request):
 @superuser_only
 def user_update(request, pk):
     user = get_object_or_404(User, pk=pk)
-    attributes = UserAttributes.objects.get(user=user)
+    attributes, attributes_created = UserAttributes.objects.get_or_create(user=user)
     user_form = forms.UserForm(request.POST or None, instance=user)
     attributes_form = forms.UserAttributesForm(
         request.POST or None, instance=attributes

appsettings/migrations/0009_alter_appsettings_id.py

@@ -0,0 +1,18 @@
+# Generated by Django 4.2.5 on 2023-10-30 17:00
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('appsettings', '0008_auto_20220905_1459'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='appsettings',
+            name='id',
+            field=models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID'),
+        ),
+    ]

appsettings/migrations/0010_auto_20231030_1305.py

@@ -0,0 +1,28 @@
+# Generated by Django 4.2.5 on 2023-10-30 17:05
+
+from django.db import migrations
+from django.utils.translation import gettext_lazy as _
+
+def add_default_settings(apps, schema_editor):
+    setting = apps.get_model("appsettings", "AppSettings")
+    db_alias = schema_editor.connection.alias
+    setting.objects.using(db_alias).bulk_create([
+        setting(35, _("VM NIC Type"), "INSTANCE_NIC_DEFAULT_TYPE", "default", "default,e1000,e1000e,rt18139,virtio", _("Change instance default NIC type"))
+    ])
+
+
+def del_default_settings(apps, schema_editor):
+    setting = apps.get_model("appsettings", "AppSettings")
+    db_alias = schema_editor.connection.alias
+    setting.objects.using(db_alias).filter(key="INSTANCE_NIC_DEFAULT_TYPE").delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('appsettings', '0009_alter_appsettings_id')
+    ]
+
+    operations = [
+        migrations.RunPython(add_default_settings,del_default_settings)
+    ]

conf/nginx/webvirtcloud.conf

@@ -14,7 +14,7 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for;
         proxy_set_header Host $host:$server_port;
-        proxy_set_header X-Forwarded-Proto $remote_addr;
+        proxy_set_header X-Forwarded-Proto http;
         proxy_set_header X-Forwarded-Ssl off;
         proxy_connect_timeout 1800;
         proxy_read_timeout 1800;
@@ -34,6 +34,12 @@ server {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
     }
+    location /websockify {
+        proxy_pass http://wsnovncd;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
 }
 
 upstream wsnovncd {

conf/requirements.txt

@@ -4,6 +4,7 @@ django-bootstrap-icons==0.8.6
 django-login-required-middleware==0.9.0
 django-otp==1.3.0
 django-qr-code==3.1.1
+django-auth-ldap==4.5.0
 gunicorn==21.2.0
 libsass==0.22.0
 libvirt-python==9.8.0

console/socketiod

@@ -176,7 +176,7 @@ def connect(sid, environ):
     if child_pid:
         # already started child process, don't start another
         # write a new line so that when a client refresh the shell prompt is printed
-        fd.write("\n")
+        os.write(fd, str.encode("\n"))
         return
 
     # create child process attached to a pty we can read from and write to
@@ -200,8 +200,13 @@ def disconnect(sid):
     global child_pid
 
     # kill pty process
-    os.kill(child_pid, signal.SIGKILL)
-    os.wait()
+    try:
+        os.kill(child_pid, signal.SIGKILL)
+        os.wait()
+    except ProcessLookupError:
+        pass
+    except ChildProcessError:
+        pass
 
     # reset the variables
     fd = None

instances/templates/create_instance_w2.html

@@ -200,7 +200,7 @@ <h5 class="modal-title">{% trans "Create Virtual Machine" %} ({{ flavor.label }}
                                                                         <div class="col-sm-7">
                                                                             <select class="form-select" name="net_model">
                                                                                 {% for model in net_models_host %}
-                                                                                <option value="{{ model }}" {% if model == 'default'  %} selected {% endif %}>{{ model }}</option>
+                                                                                <option value="{{ model }}" {% if model == default_nic_type %} selected {% endif %}>{{ model }}</option>
                                                                                 {% endfor %}
                                                                             </select>
                                                                         </div>
@@ -476,7 +476,7 @@ <h5 class="modal-title">{% trans "Create Virtual Machine" %} ({{ flavor.label }}
                             <div class="col-sm-7">
                                 <select class="form-select" name="net_model">
                                     {% for model in net_models_host %}
-                                    <option value="{{ model }}" {% if model == 'default'  %} selected {% endif %}>{{ model }}</option>
+                                    <option value="{{ model }}" {% if model == default_nic_type %} selected {% endif %}>{{ model }}</option>
                                     {% endfor %}
                                 </select>
                             </div>
@@ -728,7 +728,7 @@ <h5 class="modal-title">{% trans "Create Virtual Machine" %} ({{ flavor.label }}
                                 <div class="col-sm-7">
                                     <select class="form-select" name="net_model">
                                         {% for model in net_models_host %}
-                                        <option value="{{ model }}" {% if model == 'default'  %} selected {% endif %}>{{ model }}</option>
+                                        <option value="{{ model }}" {% if model == default_nic_type %} selected {% endif %}>{{ model }}</option>
                                         {% endfor %}
                                     </select>
                                 </div>

instances/utils.py

@@ -2,7 +2,7 @@
 import random
 import string
 
-from accounts.models import UserInstance
+from accounts.models import UserInstance, UserAttributes
 from appsettings.settings import app_settings
 from django.conf import settings
 from django.utils.translation import gettext_lazy as _
@@ -26,7 +26,7 @@ def get_clone_free_names(size=10):
 
 
 def check_user_quota(user, instance, cpu, memory, disk_size):
-    ua = user.userattributes
+    ua, attributes_created = UserAttributes.objects.get_or_create(user=user)
     msg = ""
 
     if user.is_superuser:
@@ -196,7 +196,7 @@ def get_dhcp_mac_address(vname):
 
 
 def get_random_mac_address():
-    mac = "52:54:00:%02x:%02x:%02x" % (
+    mac = settings.MAC_OUI + ":%02x:%02x:%02x" % (
         random.randint(0x00, 0xFF),
         random.randint(0x00, 0xFF),
         random.randint(0x00, 0xFF),

instances/views.py

@@ -1692,6 +1692,7 @@ def create_instance(request, compute_id, arch, machine):
         networks = sorted(conn.get_networks())
         nwfilters = conn.get_nwfilters()
         net_models_host = conn.get_network_models()
+        default_nic_type = app_settings.INSTANCE_NIC_DEFAULT_TYPE
         storages = sorted(conn.get_storages(only_actives=True))
         default_graphics = app_settings.QEMU_CONSOLE_DEFAULT_TYPE
         default_cdrom = app_settings.INSTANCE_CDROM_ADD

templates/403.html

@@ -1,4 +1,4 @@
-{% extends "base_auth.html" %}
+{% extends "base.html" %}
 {% load i18n %}
 {% block title %}{% trans "403" %}{% endblock %}
 {% block content %}

templates/404.html

@@ -1,4 +1,4 @@
-{% extends "base_auth.html" %}
+{% extends "base.html" %}
 {% load i18n %}
 {% block title %}{% trans "404" %}{% endblock %}
 {% block content %}

vrtManager/util.py

@@ -6,6 +6,8 @@
 import libvirt
 import lxml.etree as etree
 
+from django.conf import UserSettingsHolder, settings
+
 
 def is_kvm_available(xml):
     kvm_domains = get_xml_path(xml, "//domain/@type='kvm'")
@@ -15,10 +17,12 @@ def is_kvm_available(xml):
 def randomMAC():
     """Generate a random MAC address."""
     # qemu MAC
-    oui = [0x52, 0x54, 0x00]
-
-    mac = oui + [random.randint(0x00, 0xFF), random.randint(0x00, 0xFF), random.randint(0x00, 0xFF)]
-    return ":".join(map(lambda x: "%02x" % x, mac))
+    mac = settings.MAC_OUI + ":%02x:%02x:%02x" % (
+        random.randint(0x00, 0xFF),
+        random.randint(0x00, 0xFF),
+        random.randint(0x00, 0xFF),
+    )
+    return mac
 
 
 def randomUUID():

webvirtcloud.sh

@@ -174,7 +174,7 @@ configure_nginx () {
   fi
 
   novncd_port_escape="$(echo -n "$novncd_port"|sed -e 's/[](){}<>=:\!\?\+\|\/\&$*.^[]/\\&/g')"
-  sed -i "s|\\(server 127.0.0.1:\\).*|\\1$novncd_port_escape;|" "$nginxfile"
+  sed -i "s|server 127.0.0.1:6080;|server 127.0.0.1:$novncd_port_escape;|" "$nginxfile"
 
 }
 
@@ -424,9 +424,15 @@ until [[ $setupfqdn == "yes" ]] || [[ $setupfqdn == "no" ]]; do
 
   case $setupfqdn in
     [yY] | [yY][Ee][Ss] )
-    echo -n "  Q. What is the FQDN of your server? ($(hostname --fqdn)): "
-      read -r fqdn
+    fqdn=$(hostname --fqdn)
+    echo -n "  Q. What is the FQDN of your server? ($fqdn): "
+      read -r fqdn_from_user
       setupfqdn="yes"
+
+      if [ ! -z $fqdn_from_user ]; then
+        fqdn=$fqdn_from_user
+      fi
+
       echo "     Setting to $fqdn"
       echo ""
       ;;