Files
@ 75b0d3fd6303
Branch filter:
Location: kallithea/docs/dev/dbmigrations.rst - annotation
75b0d3fd6303
2.9 KiB
text/prs.fallenstein.rst
ssh: handle IPv6 ssh connections
Performing ssh actions towards Kallithea via an IPv6 connection gave the
following error:
$ hg incoming ssh://kallithea@example.com/repo
remote: Traceback (most recent call last):
remote: File ".../bin/kallithea-cli", line 11, in <module>
remote: load_entry_point('Kallithea', 'console_scripts', 'kallithea-cli')()
remote: File ".../python2.7/site-packages/click/core.py", line 764, in __call__
remote: return self.main(*args, **kwargs)
remote: File ".../python2.7/site-packages/click/core.py", line 717, in main
remote: rv = self.invoke(ctx)
remote: File ".../python2.7/site-packages/click/core.py", line 1137, in invoke
remote: return _process_result(sub_ctx.command.invoke(sub_ctx))
remote: File ".../python2.7/site-packages/click/core.py", line 956, in invoke
remote: return ctx.invoke(self.callback, **ctx.params)
remote: File ".../python2.7/site-packages/click/core.py", line 555, in invoke
remote: return callback(*args, **kwargs)
remote: File ".../kallithea/bin/kallithea_cli_base.py", line 79, in runtime_wrapper
remote: return annotated(*args, **kwargs)
remote: File ".../kallithea/bin/kallithea_cli_ssh.py", line 74, in ssh_serve
remote: vcs_handler.serve(user_id, key_id, client_ip)
remote: File ".../kallithea/lib/vcs/backends/ssh.py", line 65, in serve
remote: self.authuser = AuthUser.make(dbuser=dbuser, ip_addr=client_ip)
remote: File ".../kallithea/lib/auth.py", line 407, in make
remote: if not check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
remote: File ".../kallithea/lib/auth.py", line 860, in check_ip_access
remote: if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):
remote: File ".../kallithea/lib/ipaddr.py", line 76, in IPAddress
remote:
remote: ValueError: '2' does not appear to be an IPv4 or IPv6 address
abort: no suitable response from remote hg!
This was caused by IPv4-exclusive parsing of the SSH_CONNECTION variable.
With an IPv6 address starting with '2a02:1810:', only the first '2' would
survive.
According to 'man 1 ssh':
SSH_CONNECTION Identifies the client and server ends of the con‐
nection. The variable contains four space-sepa‐
rated values: client IP address, client port num‐
ber, server IP address, and server port number.
So, the client IP address will be the first space-separated word, regardless
of IPv4 or IPv6. Use that knowledge without further parsing.
(commit message by Thomas De Schampheleire)
Performing ssh actions towards Kallithea via an IPv6 connection gave the
following error:
$ hg incoming ssh://kallithea@example.com/repo
remote: Traceback (most recent call last):
remote: File ".../bin/kallithea-cli", line 11, in <module>
remote: load_entry_point('Kallithea', 'console_scripts', 'kallithea-cli')()
remote: File ".../python2.7/site-packages/click/core.py", line 764, in __call__
remote: return self.main(*args, **kwargs)
remote: File ".../python2.7/site-packages/click/core.py", line 717, in main
remote: rv = self.invoke(ctx)
remote: File ".../python2.7/site-packages/click/core.py", line 1137, in invoke
remote: return _process_result(sub_ctx.command.invoke(sub_ctx))
remote: File ".../python2.7/site-packages/click/core.py", line 956, in invoke
remote: return ctx.invoke(self.callback, **ctx.params)
remote: File ".../python2.7/site-packages/click/core.py", line 555, in invoke
remote: return callback(*args, **kwargs)
remote: File ".../kallithea/bin/kallithea_cli_base.py", line 79, in runtime_wrapper
remote: return annotated(*args, **kwargs)
remote: File ".../kallithea/bin/kallithea_cli_ssh.py", line 74, in ssh_serve
remote: vcs_handler.serve(user_id, key_id, client_ip)
remote: File ".../kallithea/lib/vcs/backends/ssh.py", line 65, in serve
remote: self.authuser = AuthUser.make(dbuser=dbuser, ip_addr=client_ip)
remote: File ".../kallithea/lib/auth.py", line 407, in make
remote: if not check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
remote: File ".../kallithea/lib/auth.py", line 860, in check_ip_access
remote: if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip):
remote: File ".../kallithea/lib/ipaddr.py", line 76, in IPAddress
remote:
remote: ValueError: '2' does not appear to be an IPv4 or IPv6 address
abort: no suitable response from remote hg!
This was caused by IPv4-exclusive parsing of the SSH_CONNECTION variable.
With an IPv6 address starting with '2a02:1810:', only the first '2' would
survive.
According to 'man 1 ssh':
SSH_CONNECTION Identifies the client and server ends of the con‐
nection. The variable contains four space-sepa‐
rated values: client IP address, client port num‐
ber, server IP address, and server port number.
So, the client IP address will be the first space-separated word, regardless
of IPv4 or IPv6. Use that knowledge without further parsing.
(commit message by Thomas De Schampheleire)
9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 7784a1212471 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 3158cf0dafb7 0080ffd8aea0 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d 9fd64dd2617d | =======================
Database schema changes
=======================
Kallithea uses Alembic for :ref:`database migrations <upgrade_db>`
(upgrades and downgrades).
If you are developing a Kallithea feature that requires database schema
changes, you should make a matching Alembic database migration script:
1. :ref:`Create a Kallithea configuration and database <setup>` for testing
the migration script, or use existing ``development.ini`` setup.
Ensure that this database is up to date with the latest database
schema *before* the changes you're currently developing. (Do not
create the database while your new schema changes are applied.)
2. Create a separate throwaway configuration for iterating on the actual
database changes::
kallithea-cli config-create temp.ini
Edit the file to change database settings. SQLite is typically fine,
but make sure to change the path to e.g. ``temp.db``, to avoid
clobbering any existing database file.
3. Make your code changes (including database schema changes in ``db.py``).
4. After every database schema change, recreate the throwaway database
to test the changes::
rm temp.db
kallithea-cli db-create -c temp.ini --repos=/var/repos --user=doe --email doe@example.com --password=123456 --no-public-access --force-yes
kallithea-cli repo-scan -c temp.ini
5. Once satisfied with the schema changes, auto-generate a draft Alembic
script using the development database that has *not* been upgraded.
(The generated script will upgrade the database to match the code.)
::
alembic -c development.ini revision -m "area: add cool feature" --autogenerate
6. Edit the script to clean it up and fix any problems.
Note that for changes that simply add columns, it may be appropriate
to not remove them in the downgrade script (and instead do nothing),
to avoid the loss of data. Unknown columns will simply be ignored by
Kallithea versions predating your changes.
7. Run ``alembic -c development.ini upgrade head`` to apply changes to
the (non-throwaway) database, and test the upgrade script. Also test
downgrades.
The included ``development.ini`` has full SQL logging enabled. If
you're using another configuration file, you may want to enable it
by setting ``level = DEBUG`` in section ``[handler_console_sql]``.
The Alembic migration script should be committed in the same revision as
the database schema (``db.py``) changes.
See the `Alembic documentation`__ for more information, in particular
the tutorial and the section about auto-generating migration scripts.
.. __: http://alembic.zzzcomputing.com/en/latest/
Troubleshooting
---------------
* If ``alembic --autogenerate`` responds "Target database is not up to
date", you need to either first use Alembic to upgrade the database
to the most recent version (before your changes), or recreate the
database from scratch (without your schema changes applied).
|