GitLab

Java VncViewer class has an issue with self-signed certificates.
With existing deployment it does not work if UI_MEDIA_URL uses
FQDN. Use the node's IP instead.

NOTE: In a linux (Debian) client add the following in
.java/deployment/deployment.properties:

deployment.security.level=MEDIUM

which will prompt to allow execution of the applet.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

This is necessary so that future migrations know where to start upgrading.

Each frontend method calls several backend methods.
Each backend method checks whether the user has permission to access the
specific path.
This results to several identical queries to the database.
This commit introduces the following optimization:
We keep 2 dictionaries:
* one for the allowed paths for read per user and
* another for the allowed paths for write per user
The lifespan of these dictionaries is a database transaction.
The dictionaries are updated appropriately after each successful query for
permissions and after actions that affect permissions
(delete & update object permissions).
Especially in the latter case the dictionaries are reset because it was
estimated that this is less expensive than identifying the affected paths.

/var/lib/vncauthproxy dir is created by package itself.
Thus mkdir -p to avoid error.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Add users files.

TODO: use vncauthproxy-passwd with correct conf settings
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Conflicts:
	ci/utils.py
	version

CachedAstakosClient is an internal class of kamaki.
Instead of using this, use the AstakosClient class that
kamaki re-exports from astakosclient library.

CachedAstakosClient is an internal class of kamaki.
Instead of using this, use the AstakosClient class that
kamaki re-exports from astakosclient library.

Don't use basicConfig inside astakosclient library. This function should
be called from the main thread. The user of our library should be able
to set a handler for `astakosclient' logger if she wants to.

This limit is configurable and is applied in the api level.

Refs: #4804

..which broke after applying pep8 fixes.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Kamaki changed its API and now AstakosClient has been renamed to
CachedAstakosClient whereas the AstakosClient class points to the
astakosclient package.

Those fixes concern errors that are introduced in latest
pep8 version (and not the wheezy's one).
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Pagination, filtering and sorting of tables in projects-list
and members-list view is done client-side using DataTables.js

- Validate key submission content size. Maximum allowed content size is
  configurable in userdata settings (USERDATA_SSH_KEY_MAX_CONTENT_LENGTH).
- Return 422 status code on submission validation errors.

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Introduce the concept of Roles and Components.

Roles are ns, mq, db, nfs, astakos, cyclades, pithos, cms, stats,
ganeti, master, and client.

Each role consists of various SynnefoComponents which  should define:

* commands to check installation prerequisites (check)
* packages to install (REQUIRED_PACKAGES)
* commands to prepare installation (prepare)
* configuration templates (configure)
* reload commands (restart)
* initialization commands (initialize)
* test commands (test)

SynnefoComponents are unaware of fabric environment. They
get initialized with a Host object and a Env object.

Host includes all the necessary info for the installation node
(ip, hostname, alias, fqdn..) and Env includes all the configuration info
(created after parsing config files)

After defining components, fabfile should just do the following:

@roles("somerole")
def setup_somerole_role():
  SetupSynnefoRole("SomeRole")

In case you want to run a component's specific method just run

RunComponentMethod(SomeComponent, "method_name", *args, **kwargs)

During a role setup you might have to retrieve info from other
components already installed (user token, backend id, etc.) Use
'execute' fabric method and fill env object with required info.

Make deployment re-entrant.

Check if specific component is already installed and if yes then skip it.

Currently this is done on node/component level. The component's
status on a target node is either ok or nothing.

Introduce conflicting components.

Two components might not be able/or should not coexist in the same
node, e.g. NFS and Mount. These conflicts are defined in CONFLICTS
dict in roles.py.

Sync ci and deploy conf files.

ci: Change node's password in nodes.conf

Always enable CSRF. Install CMS only if it resides on different
node than pithos, cyclades and astakos.

Add copyright headers.
Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Signed-off-by: Dimitris Aragiorgis <dimara@grnet.gr>

Delete all holdings with a holder that does not correspond to an accepted
user uuid. This is expected to affect only holdings with zero usage, because
an astakos migration has previously accepted users with non-zero usage for
some holding.

Due to a non-handled case during the introduction of the user moderation
framework, there can exist non-accepted users with non-zero quota usage.
This can have happened if a user was set inactive before that migration.

We accept such non-moderated or rejected users, but keep them inactive.

Revert deletion of holdings for non accepted users, introduced in cfc934f.

Don't attempt to show quota for non-accepted users, since they don't have
any.