[pve-devel] [PATCH] API2/Qemu: add unsecure and websocket options to vncpoxy also set qemu vnc server properties on the fly

Stefan Priebe - Profihost AG s.priebe at profihost.ag
Mon Jun 2 11:21:51 CEST 2014


It seems my patch breaks vncproxy forwarding from machine a to machine
b. But i don't get what i've done wrong.

If i'm connected to server A and want to use console of a vm that runs
on server b i get:

"TASK ERROR: unable to find configuration file for VM 2000 - no such
machine"

no matter if i use the java vnc console or the novnc one.

Stefan
Am 02.06.2014 10:28, schrieb Stefan Priebe - Profihost AG:
> 
> I rebased that one on top of upstream/master and git could appliy it
> correctly to the wrong method ;-) That's tricky.
> 
> Stefan
> 
> Am 02.06.2014 09:57, schrieb Alexandre DERUMIER:
>> This part is wrong
>> -------------------------
>>
>>
>> --- a/PVE/API2/Qemu.pm
>> +++ b/PVE/API2/Qemu.pm
>> @@ -1354,6 +1354,16 @@ __PACKAGE__->register_method({
>>          properties => {
>>              node => get_standard_option('pve-node'),
>>              vmid => get_standard_option('pve-vmid'),
>> +            unsecure => {
>> +                optional => 1,
>> +                type => 'boolean',
>> +                description => "disables x509 auth",
>> +            },
>> +            websocket => {
>> +                optional => 1,
>> +                type => 'boolean',
>> +                description => "starts websockify instead of vncproxy",
>> +            },
>>          },
>>      },
>>
>>
>> It's apply on wrong method (vmcmdidx).
>>
>>
>> __PACKAGE__->register_method({
>>     name => 'vmcmdidx',
>>     path => '{vmid}/status',
>>     method => 'GET',
>>     proxyto => 'node',
>>     description => "Directory index",
>>     permissions => {
>>         user => 'all',
>>     },
>>     parameters => {
>>         additionalProperties => 0,
>>         properties => {
>>             node => get_standard_option('pve-node'),
>>             vmid => get_standard_option('pve-vmid'),
>>             unsecure => {
>>                 optional => 1,
>>                 type => 'boolean',
>>                 description => "disables x509 auth",
>>             },
>>             websocket => {
>>                 optional => 1,
>>                 type => 'boolean',
>>                 description => "starts websockify instead of vncproxy",
>>             },
>>         },
>>     },
>>
>>
>> 	
>>
>> *Alexandre* *Derumier* 
>> *Ingénieur système et stockage*
>>
>> *Fixe :* 03 20 68 90 88 
>> *Fax :* 03 20 68 90 81
>>
>> 45 Bvd du Général Leclerc 59100 Roubaix 
>> 12 rue Marivaux 75002 Paris
>>
>> <https://twitter.com/OdisoHosting> <https://twitter.com/mindbaz> <https://www.linkedin.com/company/odiso> <http://www.viadeo.com/fr/company/odiso> <https://www.facebook.com/monsiteestlent>
>>
>> MonSiteEstLent.com <http://www.monsiteestlent.com/> - Blog dédié à la
>> webperformance et la gestion de pics de trafic
>>
>>
>> ------------------------------------------------------------------------
>> *De: *"Stefan Priebe" <s.priebe at profihost.ag>
>> *À: *pve-devel at pve.proxmox.com
>> *Envoyé: *Lundi 2 Juin 2014 09:44:33
>> *Objet: *[pve-devel] [PATCH] API2/Qemu: add unsecure and websocket
>> options        to vncpoxy also set qemu vnc server properties on the fly
>>
>>
>> Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
>> ---
>>  PVE/API2/Qemu.pm |   38 +++++++++++++++++++++++++++++++++-----
>>  1 file changed, 33 insertions(+), 5 deletions(-)
>>
>> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
>> index e3aa24a..01de65b 100644
>> --- a/PVE/API2/Qemu.pm
>> +++ b/PVE/API2/Qemu.pm
>> @@ -1354,6 +1354,16 @@ __PACKAGE__->register_method({
>>          properties => {
>>              node => get_standard_option('pve-node'),
>>              vmid => get_standard_option('pve-vmid'),
>> +            unsecure => {
>> +                optional => 1,
>> +                type => 'boolean',
>> +                description => "disables x509 auth",
>> +            },
>> +            websocket => {
>> +                optional => 1,
>> +                type => 'boolean',
>> +                description => "starts websockify instead of vncproxy",
>> +            },
>>          },
>>      },
>>      returns => {
>> @@ -1375,6 +1385,8 @@ __PACKAGE__->register_method({
>>  
>>          my $vmid = $param->{vmid};
>>          my $node = $param->{node};
>> +        my $unsecure = $param->{unsecure} // 0;
>> +        my $websocket = $param->{websocket} // 0;
>>  
>>          my $conf = PVE::QemuServer::load_config($vmid, $node); # check
>> if VM exists
>>  
>> @@ -1392,7 +1404,7 @@ __PACKAGE__->register_method({
>>  
>>          if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
>>              $remip = PVE::Cluster::remote_node_ip($node);
>> -            # NOTE: kvm VNC traffic is already TLS encrypted
>> +            # NOTE: kvm VNC traffic is already TLS encrypted or is
>> known unsecure
>>              $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes',
>> $remip];
>>          }
>>  
>> @@ -1407,6 +1419,8 @@ __PACKAGE__->register_method({
>>  
>>              if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
>>  
>> +                die "Unsecure mode is not supported in vga serial
>> mode!" if $unsecure;
>> +
>>                  my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid,
>> '-iface', $conf->{vga} ];
>>                  #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
>>                  $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
>> @@ -1414,12 +1428,26 @@ __PACKAGE__->register_method({
>>                          '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
>>              } else {
>>  
>> -                my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
>> +                my $vnc_socket = PVE::QemuServer::vnc_socket($vmid);
>>  
>> -                my $qmstr = join(' ', @$qmcmd);
>> +                if ($unsecure) {
>> +                    PVE::QemuServer::vm_mon_cmd($vmid, "change", device
>> => 'vnc', target => "unix:$vnc_socket,password");
>> +                    PVE::QemuServer::vm_mon_cmd($vmid, "set_password",
>> protocol => 'vnc', password => $ticket);
>> +                    PVE::QemuServer::vm_mon_cmd($vmid,
>> "expire_password", protocol => 'vnc', time => "+30");
>> +                } else {
>> +                    PVE::QemuServer::vm_mon_cmd($vmid, "change", device
>> => 'vnc', target => "unix:$vnc_socket,x509,password");
>> +                }
>> +
>> +                if ($websocket) {
>> +                    $cmd = ["/usr/share/novnc/utils/wsproxy.py",
>> '--run-once', '--timeout=90', '--idle-timeout=90', '--ssl-only',
>> '--cert', '/etc/pve/local/pve-ssl.pem', '--key',
>> '/etc/pve/local/pve-ssl.key', "--unix-target=$vnc_socket", $port];
>> +                } else {
>> +                    my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy',
>> $vmid];
>> +
>> +                    my $qmstr = join(' ', @$qmcmd);
>>  
>> -                # also redirect stderr (else we get RFB protocol errors)
>> -                $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout,
>> '-c', "$qmstr 2>/dev/null"];
>> +                    # also redirect stderr (else we get RFB protocol
>> errors)
>> +                    $cmd = ['/bin/nc', '-l', '-p', $port, '-w',
>> $timeout, '-c', "$qmstr 2>/dev/null"];
>> +                }
>>              }
>>  
>>              PVE::Tools::run_command($cmd);
>> -- 
>> 1.7.10.4
>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>



More information about the pve-devel mailing list