[pve-devel] [PATCH] API2/Qemu: add unsecure and websocket options to vncpoxy also set qemu vnc server properties on the fly
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Mon Jun 2 10:28:47 CEST 2014
I rebased that one on top of upstream/master and git could appliy it
correctly to the wrong method ;-) That's tricky.
Stefan
Am 02.06.2014 09:57, schrieb Alexandre DERUMIER:
> This part is wrong
> -------------------------
>
>
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -1354,6 +1354,16 @@ __PACKAGE__->register_method({
> properties => {
> node => get_standard_option('pve-node'),
> vmid => get_standard_option('pve-vmid'),
> + unsecure => {
> + optional => 1,
> + type => 'boolean',
> + description => "disables x509 auth",
> + },
> + websocket => {
> + optional => 1,
> + type => 'boolean',
> + description => "starts websockify instead of vncproxy",
> + },
> },
> },
>
>
> It's apply on wrong method (vmcmdidx).
>
>
> __PACKAGE__->register_method({
> name => 'vmcmdidx',
> path => '{vmid}/status',
> method => 'GET',
> proxyto => 'node',
> description => "Directory index",
> permissions => {
> user => 'all',
> },
> parameters => {
> additionalProperties => 0,
> properties => {
> node => get_standard_option('pve-node'),
> vmid => get_standard_option('pve-vmid'),
> unsecure => {
> optional => 1,
> type => 'boolean',
> description => "disables x509 auth",
> },
> websocket => {
> optional => 1,
> type => 'boolean',
> description => "starts websockify instead of vncproxy",
> },
> },
> },
>
>
>
>
> *Alexandre* *Derumier*
> *Ingénieur système et stockage*
>
> *Fixe :* 03 20 68 90 88
> *Fax :* 03 20 68 90 81
>
> 45 Bvd du Général Leclerc 59100 Roubaix
> 12 rue Marivaux 75002 Paris
>
> <https://twitter.com/OdisoHosting> <https://twitter.com/mindbaz> <https://www.linkedin.com/company/odiso> <http://www.viadeo.com/fr/company/odiso> <https://www.facebook.com/monsiteestlent>
>
> MonSiteEstLent.com <http://www.monsiteestlent.com/> - Blog dédié à la
> webperformance et la gestion de pics de trafic
>
>
> ------------------------------------------------------------------------
> *De: *"Stefan Priebe" <s.priebe at profihost.ag>
> *À: *pve-devel at pve.proxmox.com
> *Envoyé: *Lundi 2 Juin 2014 09:44:33
> *Objet: *[pve-devel] [PATCH] API2/Qemu: add unsecure and websocket
> options to vncpoxy also set qemu vnc server properties on the fly
>
>
> Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
> ---
> PVE/API2/Qemu.pm | 38 +++++++++++++++++++++++++++++++++-----
> 1 file changed, 33 insertions(+), 5 deletions(-)
>
> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index e3aa24a..01de65b 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -1354,6 +1354,16 @@ __PACKAGE__->register_method({
> properties => {
> node => get_standard_option('pve-node'),
> vmid => get_standard_option('pve-vmid'),
> + unsecure => {
> + optional => 1,
> + type => 'boolean',
> + description => "disables x509 auth",
> + },
> + websocket => {
> + optional => 1,
> + type => 'boolean',
> + description => "starts websockify instead of vncproxy",
> + },
> },
> },
> returns => {
> @@ -1375,6 +1385,8 @@ __PACKAGE__->register_method({
>
> my $vmid = $param->{vmid};
> my $node = $param->{node};
> + my $unsecure = $param->{unsecure} // 0;
> + my $websocket = $param->{websocket} // 0;
>
> my $conf = PVE::QemuServer::load_config($vmid, $node); # check
> if VM exists
>
> @@ -1392,7 +1404,7 @@ __PACKAGE__->register_method({
>
> if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
> $remip = PVE::Cluster::remote_node_ip($node);
> - # NOTE: kvm VNC traffic is already TLS encrypted
> + # NOTE: kvm VNC traffic is already TLS encrypted or is
> known unsecure
> $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes',
> $remip];
> }
>
> @@ -1407,6 +1419,8 @@ __PACKAGE__->register_method({
>
> if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
>
> + die "Unsecure mode is not supported in vga serial
> mode!" if $unsecure;
> +
> my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid,
> '-iface', $conf->{vga} ];
> #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
> $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
> @@ -1414,12 +1428,26 @@ __PACKAGE__->register_method({
> '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
> } else {
>
> - my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
> + my $vnc_socket = PVE::QemuServer::vnc_socket($vmid);
>
> - my $qmstr = join(' ', @$qmcmd);
> + if ($unsecure) {
> + PVE::QemuServer::vm_mon_cmd($vmid, "change", device
> => 'vnc', target => "unix:$vnc_socket,password");
> + PVE::QemuServer::vm_mon_cmd($vmid, "set_password",
> protocol => 'vnc', password => $ticket);
> + PVE::QemuServer::vm_mon_cmd($vmid,
> "expire_password", protocol => 'vnc', time => "+30");
> + } else {
> + PVE::QemuServer::vm_mon_cmd($vmid, "change", device
> => 'vnc', target => "unix:$vnc_socket,x509,password");
> + }
> +
> + if ($websocket) {
> + $cmd = ["/usr/share/novnc/utils/wsproxy.py",
> '--run-once', '--timeout=90', '--idle-timeout=90', '--ssl-only',
> '--cert', '/etc/pve/local/pve-ssl.pem', '--key',
> '/etc/pve/local/pve-ssl.key', "--unix-target=$vnc_socket", $port];
> + } else {
> + my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy',
> $vmid];
> +
> + my $qmstr = join(' ', @$qmcmd);
>
> - # also redirect stderr (else we get RFB protocol errors)
> - $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout,
> '-c', "$qmstr 2>/dev/null"];
> + # also redirect stderr (else we get RFB protocol
> errors)
> + $cmd = ['/bin/nc', '-l', '-p', $port, '-w',
> $timeout, '-c', "$qmstr 2>/dev/null"];
> + }
> }
>
> PVE::Tools::run_command($cmd);
> --
> 1.7.10.4
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
More information about the pve-devel
mailing list