[pve-devel] [PATCH v2 container 1/1] add termproxy api call for lxc

Wolfgang Bumiller w.bumiller at proxmox.com
Wed Dec 6 14:01:55 CET 2017


On Mon, Dec 04, 2017 at 11:51:54AM +0100, Dominik Csapak wrote:
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> changes since v1:
> * whitespace fix
> * removed unecessary return
>  src/PVE/API2/LXC.pm | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 83 insertions(+)
> 
> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
> index a1897c7..662e0a0 100644
> --- a/src/PVE/API2/LXC.pm
> +++ b/src/PVE/API2/LXC.pm
> @@ -463,6 +463,7 @@ __PACKAGE__->register_method({
>  	    { subdir => 'config' },
>  	    { subdir => 'status' },
>  	    { subdir => 'vncproxy' },
> +	    { subdir => 'termproxy' },
>  	    { subdir => 'vncwebsocket' },
>  	    { subdir => 'spiceproxy' },
>  	    { subdir => 'migrate' },
> @@ -760,6 +761,88 @@ __PACKAGE__->register_method ({
>  	};
>      }});
>  
> +__PACKAGE__->register_method ({
> +    name => 'termproxy',
> +    path => '{vmid}/termproxy',
> +    method => 'POST',
> +    protected => 1,
> +    permissions => {
> +	check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
> +    },
> +    description => "Creates a TCP proxy connection.",
> +    parameters => {
> +	additionalProperties => 0,
> +	properties => {
> +	    node => get_standard_option('pve-node'),
> +	    vmid => get_standard_option('pve-vmid'),
> +	},
> +    },
> +    returns => {
> +	additionalProperties => 0,
> +	properties => {
> +	    user => { type => 'string' },
> +	    ticket => { type => 'string' },
> +	    port => { type => 'integer' },
> +	    upid => { type => 'string' },
> +	},
> +    },
> +    code => sub {
> +	my ($param) = @_;
> +
> +	my $rpcenv = PVE::RPCEnvironment::get();
> +
> +	my $authuser = $rpcenv->get_user();
> +
> +	my $vmid = $param->{vmid};
> +	my $node = $param->{node};
> +
> +	my $authpath = "/vms/$vmid";
> +
> +	my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
> +
> +	my ($remip, $family);
> +
> +	if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
> +	    ($remip, $family) = PVE::Cluster::remote_node_ip($node);
> +	} else {
> +	    $family = PVE::Tools::get_host_address_family($node);
> +	}
> +
> +	my $port = PVE::Tools::next_vnc_port($family);
> +
> +	my $remcmd = $remip ?
> +	    ['/usr/bin/ssh', '-e', 'none', '-t', $remip] : [];

Series seems fine. I still have to nitpick here. I know all those
commands come from us and don't (or shouldn't) contain any user input,
but still: I'd like a '--' at the end here. Also, ssh concatenates the
remaining parameters with spaces and runs them though a shell, so
technically in that case we'd need quoting then as well...
(Same in other patches)

> +
> +	my $conf = PVE::LXC::Config->load_config($vmid, $node);
> +	my $concmd = PVE::LXC::get_console_command($vmid, $conf, 1);
> +
> +	my $shcmd = [ '/usr/bin/dtach', '-A',
> +		      "/var/run/dtach/vzctlconsole$vmid",
> +		      '-r', 'winch', '-z', @$concmd];

Meh, dtach doesn't understand '--', what are they thinking...

> +
> +	my $realcmd = sub {
> +	    my $upid = shift;
> +
> +	    syslog ('info', "starting lxc termproxy $upid\n");
> +
> +	    my $cmd = ['/usr/bin/termproxy', $port, '--'];
> +	    push @$cmd, @$remcmd, @$shcmd;
> +
> +	    PVE::Tools::run_command($cmd);
> +	};
> +
> +	my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1);
> +
> +	PVE::Tools::wait_for_vnc_port($port);
> +
> +	return {
> +	    user => $authuser,
> +	    ticket => $ticket,
> +	    port => $port,
> +	    upid => $upid,
> +	};
> +    }});
> +
>  __PACKAGE__->register_method({
>      name => 'vncwebsocket',
>      path => '{vmid}/vncwebsocket',
> -- 
> 2.11.0




More information about the pve-devel mailing list