[pve-devel] [PATCH] API2/Qemu: add unsecure and websocket options to vncpoxy also set qemu vnc server properties on the fly

Alexandre DERUMIER aderumier at odiso.com
Mon Jun 2 09:57:01 CEST 2014


This part is wrong 
------------------------- 




--- a/PVE/API2/Qemu.pm 
+++ b/PVE/API2/Qemu.pm 
@@ -1354,6 +1354,16 @@ __PACKAGE__->register_method({ 
properties => { 
node => get_standard_option('pve-node'), 
vmid => get_standard_option('pve-vmid'), 
+ unsecure => { 
+ optional => 1, 
+ type => 'boolean', 
+ description => "disables x509 auth", 
+ }, 
+ websocket => { 
+ optional => 1, 
+ type => 'boolean', 
+ description => "starts websockify instead of vncproxy", 
+ }, 
}, 
}, 




It's apply on wrong method ( vmcmdidx). 




__PACKAGE__->register_method({ 
name => 'vmcmdidx', 
path => '{vmid}/status', 
method => 'GET', 
proxyto => 'node', 
description => "Directory index", 
permissions => { 
user => 'all', 
}, 
parameters => { 
additionalProperties => 0, 
properties => { 
node => get_standard_option('pve-node'), 
vmid => get_standard_option('pve-vmid'), 
unsecure => { 
optional => 1, 
type => 'boolean', 
description => "disables x509 auth", 
}, 
websocket => { 
optional => 1, 
type => 'boolean', 
description => "starts websockify instead of vncproxy", 
}, 
}, 
}, 




	
Alexandre Derumier 
Ingénieur système et stockage 

Fixe : 03 20 68 90 88 
Fax : 03 20 68 90 81 

45 Bvd du Général Leclerc 59100 Roubaix 
12 rue Marivaux 75002 Paris 

MonSiteEstLent.com - Blog dédié à la webperformance et la gestion de pics de trafic 
----- Mail original -----

De: "Stefan Priebe" <s.priebe at profihost.ag> 
À: pve-devel at pve.proxmox.com 
Envoyé: Lundi 2 Juin 2014 09:44:33 
Objet: [pve-devel] [PATCH] API2/Qemu: add unsecure and websocket options to vncpoxy also set qemu vnc server properties on the fly 


Signed-off-by: Stefan Priebe <s.priebe at profihost.ag> 
--- 
PVE/API2/Qemu.pm | 38 +++++++++++++++++++++++++++++++++----- 
1 file changed, 33 insertions(+), 5 deletions(-) 

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm 
index e3aa24a..01de65b 100644 
--- a/PVE/API2/Qemu.pm 
+++ b/PVE/API2/Qemu.pm 
@@ -1354,6 +1354,16 @@ __PACKAGE__->register_method({ 
properties => { 
node => get_standard_option('pve-node'), 
vmid => get_standard_option('pve-vmid'), 
+ unsecure => { 
+ optional => 1, 
+ type => 'boolean', 
+ description => "disables x509 auth", 
+ }, 
+ websocket => { 
+ optional => 1, 
+ type => 'boolean', 
+ description => "starts websockify instead of vncproxy", 
+ }, 
}, 
}, 
returns => { 
@@ -1375,6 +1385,8 @@ __PACKAGE__->register_method({ 

my $vmid = $param->{vmid}; 
my $node = $param->{node}; 
+ my $unsecure = $param->{unsecure} // 0; 
+ my $websocket = $param->{websocket} // 0; 

my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists 

@@ -1392,7 +1404,7 @@ __PACKAGE__->register_method({ 

if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) { 
$remip = PVE::Cluster::remote_node_ip($node); 
- # NOTE: kvm VNC traffic is already TLS encrypted 
+ # NOTE: kvm VNC traffic is already TLS encrypted or is known unsecure 
$remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes', $remip]; 
} 

@@ -1407,6 +1419,8 @@ __PACKAGE__->register_method({ 

if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) { 

+ die "Unsecure mode is not supported in vga serial mode!" if $unsecure; 
+ 
my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ]; 
#my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}"; 
$cmd = ['/usr/bin/vncterm', '-rfbport', $port, 
@@ -1414,12 +1428,26 @@ __PACKAGE__->register_method({ 
'-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd]; 
} else { 

- my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid]; 
+ my $vnc_socket = PVE::QemuServer::vnc_socket($vmid); 

- my $qmstr = join(' ', @$qmcmd); 
+ if ($unsecure) { 
+ PVE::QemuServer::vm_mon_cmd($vmid, "change", device => 'vnc', target => "unix:$vnc_socket,password"); 
+ PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'vnc', password => $ticket); 
+ PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'vnc', time => "+30"); 
+ } else { 
+ PVE::QemuServer::vm_mon_cmd($vmid, "change", device => 'vnc', target => "unix:$vnc_socket,x509,password"); 
+ } 
+ 
+ if ($websocket) { 
+ $cmd = ["/usr/share/novnc/utils/wsproxy.py", '--run-once', '--timeout=90', '--idle-timeout=90', '--ssl-only', '--cert', '/etc/pve/local/pve-ssl.pem', '--key', '/etc/pve/local/pve-ssl.key', "--unix-target=$vnc_socket", $port]; 
+ } else { 
+ my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid]; 
+ 
+ my $qmstr = join(' ', @$qmcmd); 

- # also redirect stderr (else we get RFB protocol errors) 
- $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null"]; 
+ # also redirect stderr (else we get RFB protocol errors) 
+ $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null"]; 
+ } 
} 

PVE::Tools::run_command($cmd); 
-- 
1.7.10.4 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140602/68814761/attachment.htm>


More information about the pve-devel mailing list