[pve-devel] [PATCH v2 container 1/1] add termproxy api call for lxc
Wolfgang Bumiller
w.bumiller at proxmox.com
Wed Dec 6 14:01:55 CET 2017
On Mon, Dec 04, 2017 at 11:51:54AM +0100, Dominik Csapak wrote:
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> changes since v1:
> * whitespace fix
> * removed unecessary return
> src/PVE/API2/LXC.pm | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 83 insertions(+)
>
> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
> index a1897c7..662e0a0 100644
> --- a/src/PVE/API2/LXC.pm
> +++ b/src/PVE/API2/LXC.pm
> @@ -463,6 +463,7 @@ __PACKAGE__->register_method({
> { subdir => 'config' },
> { subdir => 'status' },
> { subdir => 'vncproxy' },
> + { subdir => 'termproxy' },
> { subdir => 'vncwebsocket' },
> { subdir => 'spiceproxy' },
> { subdir => 'migrate' },
> @@ -760,6 +761,88 @@ __PACKAGE__->register_method ({
> };
> }});
>
> +__PACKAGE__->register_method ({
> + name => 'termproxy',
> + path => '{vmid}/termproxy',
> + method => 'POST',
> + protected => 1,
> + permissions => {
> + check => ['perm', '/vms/{vmid}', [ 'VM.Console' ]],
> + },
> + description => "Creates a TCP proxy connection.",
> + parameters => {
> + additionalProperties => 0,
> + properties => {
> + node => get_standard_option('pve-node'),
> + vmid => get_standard_option('pve-vmid'),
> + },
> + },
> + returns => {
> + additionalProperties => 0,
> + properties => {
> + user => { type => 'string' },
> + ticket => { type => 'string' },
> + port => { type => 'integer' },
> + upid => { type => 'string' },
> + },
> + },
> + code => sub {
> + my ($param) = @_;
> +
> + my $rpcenv = PVE::RPCEnvironment::get();
> +
> + my $authuser = $rpcenv->get_user();
> +
> + my $vmid = $param->{vmid};
> + my $node = $param->{node};
> +
> + my $authpath = "/vms/$vmid";
> +
> + my $ticket = PVE::AccessControl::assemble_vnc_ticket($authuser, $authpath);
> +
> + my ($remip, $family);
> +
> + if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
> + ($remip, $family) = PVE::Cluster::remote_node_ip($node);
> + } else {
> + $family = PVE::Tools::get_host_address_family($node);
> + }
> +
> + my $port = PVE::Tools::next_vnc_port($family);
> +
> + my $remcmd = $remip ?
> + ['/usr/bin/ssh', '-e', 'none', '-t', $remip] : [];
Series seems fine. I still have to nitpick here. I know all those
commands come from us and don't (or shouldn't) contain any user input,
but still: I'd like a '--' at the end here. Also, ssh concatenates the
remaining parameters with spaces and runs them though a shell, so
technically in that case we'd need quoting then as well...
(Same in other patches)
> +
> + my $conf = PVE::LXC::Config->load_config($vmid, $node);
> + my $concmd = PVE::LXC::get_console_command($vmid, $conf, 1);
> +
> + my $shcmd = [ '/usr/bin/dtach', '-A',
> + "/var/run/dtach/vzctlconsole$vmid",
> + '-r', 'winch', '-z', @$concmd];
Meh, dtach doesn't understand '--', what are they thinking...
> +
> + my $realcmd = sub {
> + my $upid = shift;
> +
> + syslog ('info', "starting lxc termproxy $upid\n");
> +
> + my $cmd = ['/usr/bin/termproxy', $port, '--'];
> + push @$cmd, @$remcmd, @$shcmd;
> +
> + PVE::Tools::run_command($cmd);
> + };
> +
> + my $upid = $rpcenv->fork_worker('vncproxy', $vmid, $authuser, $realcmd, 1);
> +
> + PVE::Tools::wait_for_vnc_port($port);
> +
> + return {
> + user => $authuser,
> + ticket => $ticket,
> + port => $port,
> + upid => $upid,
> + };
> + }});
> +
> __PACKAGE__->register_method({
> name => 'vncwebsocket',
> path => '{vmid}/vncwebsocket',
> --
> 2.11.0
More information about the pve-devel
mailing list