Merge pull request #4983 from KKoukiou/webui-remote-remove

webui: when using the remote option just relax the address that cockpit-ws binds to
rhinstaller · Aug 7, 2023 · 037917c · 037917c
2 parents fd6dee4 + 30d16cc
commit 037917c
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 43 deletions.
diff --git a/pyanaconda/ui/webui/__init__.py b/pyanaconda/ui/webui/__init__.py
@@ -89,22 +89,6 @@ def _print_message(self, msg):
     def run(self):
         """Run the interface."""
         log.debug("web-ui: starting cockpit web view")
-        if self.remote:
-            # Override the cockpit.service unit to allow root
-            with open("/etc/systemd/system/cockpit.service", "w") as f:
-                f.write("""
-[Unit]
-Description=Cockpit Web Service
-
-[Service]
-ExecStart=/usr/libexec/cockpit-ws --no-tls --port 9090 --local-session=cockpit-bridge
-""")
-            startProgram([
-                "/usr/bin/systemctl", "daemon-reload"
-            ])
-            startProgram([
-                "/usr/bin/systemctl", "enable", "--now", "cockpit.socket"
-            ])
 
         # Force Firefox to be used via the BROWSER environment variable.
         # This is read by cockpit-desktop and makes it launch Firefox in kiosk mode
@@ -117,8 +101,8 @@ def run(self):
             profile_name = FIREFOX_THEME_DEFAULT
 
         proc = startProgram(["/usr/libexec/webui-desktop",
-                            "/cockpit/@localhost/anaconda-webui/index.html",
-                            profile_name],
+                            "-t", profile_name, "-r", str(int(self.remote)),
+                            "/cockpit/@localhost/anaconda-webui/index.html"],
                             reset_lang=False)
         log.debug("cockpit web view has been started")
         with open("/run/anaconda/webui_script.pid", "w") as f:

diff --git a/ui/webui/build.js b/ui/webui/build.js
@@ -104,7 +104,7 @@ const context = await esbuild.context({
         }),
         cockpitPoEsbuildPlugin({ src_directory: "ui/webui/src/" }),
 
-        ...production ? [cockpitCompressPlugin()] : [],
+        cockpitCompressPlugin(),
         cockpitRsyncEsbuildPlugin({ dest: packageJson.name }),
 
         {

diff --git a/ui/webui/test/anacondalib.py b/ui/webui/test/anacondalib.py
@@ -40,7 +40,6 @@ def setUp(self):
 
         super().setUp()
 
-        self.machine.execute("systemctl restart cockpit")
         self.allow_journal_messages('.*cockpit.bridge-WARNING: Could not start ssh-agent.*')
 
     def resetStorage(self):

diff --git a/ui/webui/test/machine_install.py b/ui/webui/test/machine_install.py
@@ -129,7 +129,7 @@ def start(self):
                 f"--qemu-commandline="
                 "'-netdev user,id=hostnet0,"
                 f"hostfwd=tcp:{self.ssh_address}:{self.ssh_port}-:22,"
-                f"hostfwd=tcp:{self.web_address}:{self.web_port}-:9090 "
+                f"hostfwd=tcp:{self.web_address}:{self.web_port}-:80 "
                 "-device virtio-net-pci,netdev=hostnet0,id=net0,addr=0x4' "
                 f"--initrd-inject {self.payload_ks_path} "
                 f"--extra-args 'inst.ks=file:/{os.path.basename(self.payload_ks_path)}' "

diff --git a/ui/webui/test/webui_testvm.py b/ui/webui/test/webui_testvm.py
@@ -44,12 +44,9 @@ def cmd_cli():
         )
 
         # rsync development files over so /usr/local/share/cockpit is created with a development version
-        # after restarting cockpit.service cockpit-bridge will select the /usr/local/share version over the released version from
-        # the installed rpm package.
         if args.rsync:
             # Rather annoying the node_modules path needs to be explicitly added for webpack
             subprocess.check_call(["npm", "run", "build"], env={'RSYNC': args.host, "PATH": "/usr/bin/:node_modules/.bin", "LINT": "0"})
-            machine.execute("systemctl restart cockpit.service")
 
         # print marker that the VM is ready; tests can poll for this to wait for the VM
         print("RUNNING")

diff --git a/ui/webui/webui-desktop b/ui/webui/webui-desktop
@@ -22,28 +22,32 @@
 # have cockpit.socket enabled. The web server and browser run in an unshared
 # network namespace, and thus are totally isolated from everything else.
 #
-# Examples:
-#   cockpit-desktop /cockpit/@localhost/system/index.html
-#   cockpit-desktop network/firewall
-#   cockpit-desktop users
+# Usage:
+#     cockpit-desktop /cockpit/@localhost/system/index.html -t default -r 0
+# For testing purposes one can also make cockpit-ws bind to all addresses
+# (this is insecure and should not be used in prodcuction):
+#     cockpit-desktop /cockpit/@localhost/system/index.html -t default -r 1
 #
-# As an experimental/demo feature, the bridge can also be started on a remote
-# ssh host. The host name is given as (optional) second argument, which is
-# passed verbatim to ssh.
-#
-# Example:
-#   cockpit-desktop system svr1
-#   cockpit-desktop / username@svr1
 set -eu
 
 # exec_prefix= is set because the default /usr/libexec contains "${exec_prefix}"
 exec_prefix="/usr"
 libexecdir="/usr/libexec"
-if [ -z "${1:-}" ]; then
-    echo "Usage: $0 <Cockpit path> [ssh host]" >&2
-    exit 1
-fi
 
+THEME_ID="default"
+WEBUI_REMOTE=0
+while getopts t:r: option
+do
+    case "${option}"
+        in
+        t)THEME_ID=${OPTARG};;
+        r)WEBUI_REMOTE=${OPTARG};;
+        *) echo "Usage: $0 [-t THEME_ID] [-r WEBUI_REMOTE] <Cockpit path>" >&2
+       exit 1 ;;
+    esac
+done
+
+shift "$((OPTIND-1))"
 # Expand the commandline argument into a url
 case "$1" in
     /*)
@@ -63,7 +67,6 @@ esac
 # prepare empty firefox profile dir with theme based on the passed profile id
 FIREFOX_THEME_DIR="/usr/share/anaconda/firefox-theme"
 FIREFOX_PROFILE_PATH="/tmp/anaconda-firefox-profile"
-THEME_ID=$2
 
 # make sure the profile directory exists and is empty
 if [ -d ${FIREFOX_PROFILE_PATH} ]
@@ -85,10 +88,16 @@ BROWSER="/usr/bin/firefox --new-instance --window-size 1024,768 --profile ${FIRE
 # start browser in a temporary home dir, so that it does not interfere with your real one
 BROWSER_HOME=$(mktemp --directory --tmpdir cockpit.desktop.XXXXXX)
 
+WEBUI_ADDRESS="127.0.0.1"
+if [[ "$WEBUI_REMOTE" == "1" ]]
+then
+    WEBUI_ADDRESS="0.0.0.0"
+fi
+
 # forward parent stdin and stdout (from bridge) to cockpit-ws
 # it pretty well does not matter which port we use in our own namespace, so use standard http
 # disable /etc/cockpit/
-XDG_CONFIG_DIRS="$BROWSER_HOME" COCKPIT_SUPERUSER="pkexec" /usr/libexec/cockpit-ws -p 80 -a 127.0.0.90 --local-session=cockpit-bridge &
+XDG_CONFIG_DIRS="$BROWSER_HOME" COCKPIT_SUPERUSER="pkexec" /usr/libexec/cockpit-ws -p 80 -a "$WEBUI_ADDRESS" --no-tls --local-session=cockpit-bridge &
 WS_PID=$!
 exec 1>&2
 
@@ -105,15 +114,15 @@ trap 'cleanup' EXIT INT QUIT PIPE
 # if we have netcat, use it for waiting until ws is up
 if type nc >/dev/null 2>&1; then
     for _ in `seq 10`; do
-        nc -z 127.0.0.90 80 && break
+        nc -z "$WEBUI_ADDRESS" 80 && break
         sleep 0.5;
     done
 else
     # otherwise, just wait a bit
     sleep 3
 fi
 
-HOME="$BROWSER_HOME" $BROWSER http://127.0.0.90"$URL_PATH" &
+HOME="$BROWSER_HOME" $BROWSER http://"$WEBUI_ADDRESS""$URL_PATH" &
 B_PID=$!
 
 wait $B_PID