[pve-devel] [PATCH manager v3 1/5] add termproxy api call for nodes
Wolfgang Bumiller
w.bumiller at proxmox.com
Tue Dec 12 08:50:36 CET 2017
applied whole series
On Mon, Dec 11, 2017 at 02:55:26PM +0100, Dominik Csapak wrote:
> and add dependency for pve-xtermjs
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> PVE/API2/Nodes.pm | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> debian/control | 1 +
> 2 files changed, 98 insertions(+)
>
> diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
> index a97620ef..f11fd169 100644
> --- a/PVE/API2/Nodes.pm
> +++ b/PVE/API2/Nodes.pm
> @@ -155,6 +155,7 @@ __PACKAGE__->register_method ({
> { name => 'rrddata' },# fixme: remove?
> { name => 'replication' },
> { name => 'vncshell' },
> + { name => 'termproxy' },
> { name => 'spiceshell' },
> { name => 'time' },
> { name => 'dns' },
> @@ -758,6 +759,102 @@ __PACKAGE__->register_method ({
> };
> }});
>
> +__PACKAGE__->register_method ({
> + name => 'termproxy',
> + path => 'termproxy',
> + method => 'POST',
> + protected => 1,
> + permissions => {
> + description => "Restricted to users on realm 'pam'",
> + check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]],
> + },
> + description => "Creates a VNC Shell proxy.",
> + parameters => {
> + additionalProperties => 0,
> + properties => {
> + node => get_standard_option('pve-node'),
> + upgrade => {
> + type => 'boolean',
> + description => "Run 'apt-get dist-upgrade' instead of normal shell.",
> + optional => 1,
> + default => 0,
> + },
> + },
> + },
> + returns => {
> + additionalProperties => 0,
> + properties => {
> + user => { type => 'string' },
> + ticket => { type => 'string' },
> + port => { type => 'integer' },
> + upid => { type => 'string' },
> + },
> + },
> + code => sub {
> + my ($param) = @_;
> +
> + my $rpcenv = PVE::RPCEnvironment::get();
> +
> + my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user());
> +
> + raise_perm_exc("realm != pam") if $realm ne 'pam';
> +
> + my $node = $param->{node};
> +
> + my $authpath = "/nodes/$node";
> +
> + my $ticket = PVE::AccessControl::assemble_vnc_ticket($user, $authpath);
> +
> + my ($remip, $family);
> +
> + if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
> + ($remip, $family) = PVE::Cluster::remote_node_ip($node);
> + } else {
> + $family = PVE::Tools::get_host_address_family($node);
> + }
> +
> + my $port = PVE::Tools::next_vnc_port($family);
> +
> + my $remcmd = $remip ?
> + ['/usr/bin/ssh', '-e', 'none', '-t', $remip , '--'] : [];
> +
> + my $concmd;
> +
> + if ($user eq 'root at pam') {
> + if ($param->{upgrade}) {
> + my $upgradecmd = "pveupgrade --shell";
> + $concmd = [ '/bin/bash', '-c', $upgradecmd ];
> + } else {
> + $concmd = [ '/bin/login', '-f', 'root' ];
> + }
> + } else {
> + $concmd = [ '/bin/login' ];
> + }
> +
> + my $realcmd = sub {
> + my $upid = shift;
> +
> + syslog ('info', "starting termproxy $upid\n");
> +
> + my $cmd = ['/usr/bin/termproxy', $port, '--path', $authpath,
> + '--perm', 'Sys.Console', '--'];
> + push @$cmd, @$remcmd, @$concmd;
> +
> + PVE::Tools::run_command($cmd);
> + };
> +
> + my $upid = $rpcenv->fork_worker('vncshell', "", $user, $realcmd);
> +
> + PVE::Tools::wait_for_vnc_port($port);
> +
> + return {
> + user => $user,
> + ticket => $ticket,
> + port => $port,
> + upid => $upid,
> + };
> + }});
> +
> __PACKAGE__->register_method({
> name => 'vncwebsocket',
> path => 'vncwebsocket',
> diff --git a/debian/control b/debian/control
> index 9e399edc..88875342 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -59,6 +59,7 @@ Depends: apt-transport-https,
> pve-docs,
> pve-firewall,
> pve-ha-manager,
> + pve-xtermjs (>= 0.1-1),
> qemu-server (>= 1.1-1),
> rsync,
> spiceterm,
> --
> 2.11.0
More information about the pve-devel
mailing list