[pve-devel] [PATCH] API2/Qemu: add unsecure and websocket options to vncpoxy also set qemu vnc server properties on the fly
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Mon Jun 2 11:53:27 CEST 2014
Hi,
ok the problem is this peace of code:
PVE::QemuServer::vm_mon_cmd($vmid, "change", device => 'vnc', target =>
"unix:$vnc_socket,x509,password");
this is executed local instead of the correct "target" node.
What is the easiest way to execute a vm_mon_cmd command on the correct node?
Stefan
Am 02.06.2014 11:21, schrieb Stefan Priebe - Profihost AG:
> It seems my patch breaks vncproxy forwarding from machine a to machine
> b. But i don't get what i've done wrong.
>
> If i'm connected to server A and want to use console of a vm that runs
> on server b i get:
>
> "TASK ERROR: unable to find configuration file for VM 2000 - no such
> machine"
>
> no matter if i use the java vnc console or the novnc one.
>
> Stefan
> Am 02.06.2014 10:28, schrieb Stefan Priebe - Profihost AG:
>>
>> I rebased that one on top of upstream/master and git could appliy it
>> correctly to the wrong method ;-) That's tricky.
>>
>> Stefan
>>
>> Am 02.06.2014 09:57, schrieb Alexandre DERUMIER:
>>> This part is wrong
>>> -------------------------
>>>
>>>
>>> --- a/PVE/API2/Qemu.pm
>>> +++ b/PVE/API2/Qemu.pm
>>> @@ -1354,6 +1354,16 @@ __PACKAGE__->register_method({
>>> properties => {
>>> node => get_standard_option('pve-node'),
>>> vmid => get_standard_option('pve-vmid'),
>>> + unsecure => {
>>> + optional => 1,
>>> + type => 'boolean',
>>> + description => "disables x509 auth",
>>> + },
>>> + websocket => {
>>> + optional => 1,
>>> + type => 'boolean',
>>> + description => "starts websockify instead of vncproxy",
>>> + },
>>> },
>>> },
>>>
>>>
>>> It's apply on wrong method (vmcmdidx).
>>>
>>>
>>> __PACKAGE__->register_method({
>>> name => 'vmcmdidx',
>>> path => '{vmid}/status',
>>> method => 'GET',
>>> proxyto => 'node',
>>> description => "Directory index",
>>> permissions => {
>>> user => 'all',
>>> },
>>> parameters => {
>>> additionalProperties => 0,
>>> properties => {
>>> node => get_standard_option('pve-node'),
>>> vmid => get_standard_option('pve-vmid'),
>>> unsecure => {
>>> optional => 1,
>>> type => 'boolean',
>>> description => "disables x509 auth",
>>> },
>>> websocket => {
>>> optional => 1,
>>> type => 'boolean',
>>> description => "starts websockify instead of vncproxy",
>>> },
>>> },
>>> },
>>>
>>>
>>>
>>>
>>> *Alexandre* *Derumier*
>>> *Ingénieur système et stockage*
>>>
>>> *Fixe :* 03 20 68 90 88
>>> *Fax :* 03 20 68 90 81
>>>
>>> 45 Bvd du Général Leclerc 59100 Roubaix
>>> 12 rue Marivaux 75002 Paris
>>>
>>> <https://twitter.com/OdisoHosting> <https://twitter.com/mindbaz> <https://www.linkedin.com/company/odiso> <http://www.viadeo.com/fr/company/odiso> <https://www.facebook.com/monsiteestlent>
>>>
>>> MonSiteEstLent.com <http://www.monsiteestlent.com/> - Blog dédié à la
>>> webperformance et la gestion de pics de trafic
>>>
>>>
>>> ------------------------------------------------------------------------
>>> *De: *"Stefan Priebe" <s.priebe at profihost.ag>
>>> *À: *pve-devel at pve.proxmox.com
>>> *Envoyé: *Lundi 2 Juin 2014 09:44:33
>>> *Objet: *[pve-devel] [PATCH] API2/Qemu: add unsecure and websocket
>>> options to vncpoxy also set qemu vnc server properties on the fly
>>>
>>>
>>> Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
>>> ---
>>> PVE/API2/Qemu.pm | 38 +++++++++++++++++++++++++++++++++-----
>>> 1 file changed, 33 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
>>> index e3aa24a..01de65b 100644
>>> --- a/PVE/API2/Qemu.pm
>>> +++ b/PVE/API2/Qemu.pm
>>> @@ -1354,6 +1354,16 @@ __PACKAGE__->register_method({
>>> properties => {
>>> node => get_standard_option('pve-node'),
>>> vmid => get_standard_option('pve-vmid'),
>>> + unsecure => {
>>> + optional => 1,
>>> + type => 'boolean',
>>> + description => "disables x509 auth",
>>> + },
>>> + websocket => {
>>> + optional => 1,
>>> + type => 'boolean',
>>> + description => "starts websockify instead of vncproxy",
>>> + },
>>> },
>>> },
>>> returns => {
>>> @@ -1375,6 +1385,8 @@ __PACKAGE__->register_method({
>>>
>>> my $vmid = $param->{vmid};
>>> my $node = $param->{node};
>>> + my $unsecure = $param->{unsecure} // 0;
>>> + my $websocket = $param->{websocket} // 0;
>>>
>>> my $conf = PVE::QemuServer::load_config($vmid, $node); # check
>>> if VM exists
>>>
>>> @@ -1392,7 +1404,7 @@ __PACKAGE__->register_method({
>>>
>>> if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
>>> $remip = PVE::Cluster::remote_node_ip($node);
>>> - # NOTE: kvm VNC traffic is already TLS encrypted
>>> + # NOTE: kvm VNC traffic is already TLS encrypted or is
>>> known unsecure
>>> $remcmd = ['/usr/bin/ssh', '-T', '-o', 'BatchMode=yes',
>>> $remip];
>>> }
>>>
>>> @@ -1407,6 +1419,8 @@ __PACKAGE__->register_method({
>>>
>>> if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
>>>
>>> + die "Unsecure mode is not supported in vga serial
>>> mode!" if $unsecure;
>>> +
>>> my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid,
>>> '-iface', $conf->{vga} ];
>>> #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
>>> $cmd = ['/usr/bin/vncterm', '-rfbport', $port,
>>> @@ -1414,12 +1428,26 @@ __PACKAGE__->register_method({
>>> '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
>>> } else {
>>>
>>> - my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
>>> + my $vnc_socket = PVE::QemuServer::vnc_socket($vmid);
>>>
>>> - my $qmstr = join(' ', @$qmcmd);
>>> + if ($unsecure) {
>>> + PVE::QemuServer::vm_mon_cmd($vmid, "change", device
>>> => 'vnc', target => "unix:$vnc_socket,password");
>>> + PVE::QemuServer::vm_mon_cmd($vmid, "set_password",
>>> protocol => 'vnc', password => $ticket);
>>> + PVE::QemuServer::vm_mon_cmd($vmid,
>>> "expire_password", protocol => 'vnc', time => "+30");
>>> + } else {
>>> + PVE::QemuServer::vm_mon_cmd($vmid, "change", device
>>> => 'vnc', target => "unix:$vnc_socket,x509,password");
>>> + }
>>> +
>>> + if ($websocket) {
>>> + $cmd = ["/usr/share/novnc/utils/wsproxy.py",
>>> '--run-once', '--timeout=90', '--idle-timeout=90', '--ssl-only',
>>> '--cert', '/etc/pve/local/pve-ssl.pem', '--key',
>>> '/etc/pve/local/pve-ssl.key', "--unix-target=$vnc_socket", $port];
>>> + } else {
>>> + my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy',
>>> $vmid];
>>> +
>>> + my $qmstr = join(' ', @$qmcmd);
>>>
>>> - # also redirect stderr (else we get RFB protocol errors)
>>> - $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout,
>>> '-c', "$qmstr 2>/dev/null"];
>>> + # also redirect stderr (else we get RFB protocol
>>> errors)
>>> + $cmd = ['/bin/nc', '-l', '-p', $port, '-w',
>>> $timeout, '-c', "$qmstr 2>/dev/null"];
>>> + }
>>> }
>>>
>>> PVE::Tools::run_command($cmd);
>>> --
>>> 1.7.10.4
>>>
>>> _______________________________________________
>>> pve-devel mailing list
>>> pve-devel at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>>
More information about the pve-devel
mailing list