[pve-devel] [PATCH manager 1/5] add termproxy api call for nodes

Mon Dec 4 09:15:21 CET 2017

On 12/01/2017 09:29 AM, Dominik Csapak wrote:
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>

Please add a dependency to pve-xtermjs together with this here, for the
version which should get applied, adding it "later on" may let us forget
it  at all..

> ---
>  PVE/API2/Nodes.pm | 100 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 100 insertions(+)
> 
> diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
> index a97620ef..a1ed6b55 100644
> --- a/PVE/API2/Nodes.pm
> +++ b/PVE/API2/Nodes.pm
> @@ -155,6 +155,7 @@ __PACKAGE__->register_method ({
>  	    { name => 'rrddata' },# fixme: remove?
>  	    { name => 'replication' },
>  	    { name => 'vncshell' },
> +	    { name => 'termproxy' },
>  	    { name => 'spiceshell' },
>  	    { name => 'time' },
>  	    { name => 'dns' },
> @@ -758,6 +759,105 @@ __PACKAGE__->register_method ({
>  	};
>      }});
>  
> +__PACKAGE__->register_method ({
> +    name => 'termproxy',
> +    path => 'termproxy',
> +    method => 'POST',
> +    protected => 1,
> +    permissions => {
> +	description => "Restricted to users on realm 'pam'",
> +	check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]],
> +    },
> +    description => "Creates a VNC Shell proxy.",
> +    parameters => {
> +    	additionalProperties => 0,
spaces before the tab 

> +	properties => {
> +	    node => get_standard_option('pve-node'),
> +	    upgrade => {
> +		type => 'boolean',
> +		description => "Run 'apt-get dist-upgrade' instead of normal shell.",
> +		optional => 1,
> +		default => 0,
> +	    },
> +	},
> +    },
> +    returns => {
> +    	additionalProperties => 0,
spaces before the tab

> +	properties => {
> +	    user => { type => 'string' },
> +	    ticket => { type => 'string' },
> +	    port => { type => 'integer' },
> +	    upid => { type => 'string' },
> +	},
> +    },
> +    code => sub {
> +	my ($param) = @_;
> +
> +	my $rpcenv = PVE::RPCEnvironment::get();
> +
> +	my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user());
> +
> +	raise_perm_exc("realm != pam") if $realm ne 'pam';
> +
> +	my $node = $param->{node};
> +
> +	my $authpath = "/nodes/$node";
> +
> +	my $ticket = PVE::AccessControl::assemble_vnc_ticket($user, $authpath);
> +
> +	my ($remip, $family);
> +
> +	if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
> +	    ($remip, $family) = PVE::Cluster::remote_node_ip($node);
> +	} else {
> +	    $family = PVE::Tools::get_host_address_family($node);
> +	}
> +
> +	my $port = PVE::Tools::next_vnc_port($family);
> +
> +	my $remcmd = $remip ?
> +	    ['/usr/bin/ssh', '-e', 'none', '-t', $remip] : [];
> +
> +	my $concmd;
> +
> +	if ($user eq 'root at pam') {
> +	    if ($param->{upgrade}) {
> +		my $upgradecmd = "pveupgrade --shell";
> +		$concmd = [ '/bin/bash', '-c', $upgradecmd ];
> +	    } else {
> +		$concmd = [ '/bin/login', '-f', 'root' ];
> +	    }
> +	} else {
> +	    $concmd = [ '/bin/login' ];
> +	}
> +
> +
> +	my $timeout = 10;

$timeout is unused here

> +
> +	my $realcmd = sub {
> +	    my $upid = shift;
> +
> +	    syslog ('info', "starting termproxy $upid\n");
> +
> +	    my $cmd = ['/usr/bin/termproxy', $port, '--'];
> +	    push  @$cmd, @$remcmd, @$concmd;
> +
> +	    PVE::Tools::run_command($cmd);
> +	    return;

nit: return useless here

Looks good besides the mostly minor cosmetic things.

> +	};
> +
> +	my $upid = $rpcenv->fork_worker('vncshell', "", $user, $realcmd);
> +
> +	PVE::Tools::wait_for_vnc_port($port);
> +
> +	return {
> +	    user => $user,
> +	    ticket => $ticket,
> +	    port => $port,
> +	    upid => $upid,
> +	};
> +    }});
> +
>  __PACKAGE__->register_method({
>      name => 'vncwebsocket',
>      path => 'vncwebsocket',
> 