[pve-devel] [PATCH manager v3 1/5] add termproxy api call for nodes

Wolfgang Bumiller w.bumiller at proxmox.com
Tue Dec 12 08:50:36 CET 2017


applied whole series

On Mon, Dec 11, 2017 at 02:55:26PM +0100, Dominik Csapak wrote:
> and add dependency for pve-xtermjs
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  PVE/API2/Nodes.pm | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  debian/control    |  1 +
>  2 files changed, 98 insertions(+)
> 
> diff --git a/PVE/API2/Nodes.pm b/PVE/API2/Nodes.pm
> index a97620ef..f11fd169 100644
> --- a/PVE/API2/Nodes.pm
> +++ b/PVE/API2/Nodes.pm
> @@ -155,6 +155,7 @@ __PACKAGE__->register_method ({
>  	    { name => 'rrddata' },# fixme: remove?
>  	    { name => 'replication' },
>  	    { name => 'vncshell' },
> +	    { name => 'termproxy' },
>  	    { name => 'spiceshell' },
>  	    { name => 'time' },
>  	    { name => 'dns' },
> @@ -758,6 +759,102 @@ __PACKAGE__->register_method ({
>  	};
>      }});
>  
> +__PACKAGE__->register_method ({
> +    name => 'termproxy',
> +    path => 'termproxy',
> +    method => 'POST',
> +    protected => 1,
> +    permissions => {
> +	description => "Restricted to users on realm 'pam'",
> +	check => ['perm', '/nodes/{node}', [ 'Sys.Console' ]],
> +    },
> +    description => "Creates a VNC Shell proxy.",
> +    parameters => {
> +	additionalProperties => 0,
> +	properties => {
> +	    node => get_standard_option('pve-node'),
> +	    upgrade => {
> +		type => 'boolean',
> +		description => "Run 'apt-get dist-upgrade' instead of normal shell.",
> +		optional => 1,
> +		default => 0,
> +	    },
> +	},
> +    },
> +    returns => {
> +	additionalProperties => 0,
> +	properties => {
> +	    user => { type => 'string' },
> +	    ticket => { type => 'string' },
> +	    port => { type => 'integer' },
> +	    upid => { type => 'string' },
> +	},
> +    },
> +    code => sub {
> +	my ($param) = @_;
> +
> +	my $rpcenv = PVE::RPCEnvironment::get();
> +
> +	my ($user, undef, $realm) = PVE::AccessControl::verify_username($rpcenv->get_user());
> +
> +	raise_perm_exc("realm != pam") if $realm ne 'pam';
> +
> +	my $node = $param->{node};
> +
> +	my $authpath = "/nodes/$node";
> +
> +	my $ticket = PVE::AccessControl::assemble_vnc_ticket($user, $authpath);
> +
> +	my ($remip, $family);
> +
> +	if ($node ne 'localhost' && $node ne PVE::INotify::nodename()) {
> +	    ($remip, $family) = PVE::Cluster::remote_node_ip($node);
> +	} else {
> +	    $family = PVE::Tools::get_host_address_family($node);
> +	}
> +
> +	my $port = PVE::Tools::next_vnc_port($family);
> +
> +	my $remcmd = $remip ?
> +	    ['/usr/bin/ssh', '-e', 'none', '-t', $remip , '--'] : [];
> +
> +	my $concmd;
> +
> +	if ($user eq 'root at pam') {
> +	    if ($param->{upgrade}) {
> +		my $upgradecmd = "pveupgrade --shell";
> +		$concmd = [ '/bin/bash', '-c', $upgradecmd ];
> +	    } else {
> +		$concmd = [ '/bin/login', '-f', 'root' ];
> +	    }
> +	} else {
> +	    $concmd = [ '/bin/login' ];
> +	}
> +
> +	my $realcmd = sub {
> +	    my $upid = shift;
> +
> +	    syslog ('info', "starting termproxy $upid\n");
> +
> +	    my $cmd = ['/usr/bin/termproxy', $port, '--path', $authpath,
> +		       '--perm', 'Sys.Console',  '--'];
> +	    push  @$cmd, @$remcmd, @$concmd;
> +
> +	    PVE::Tools::run_command($cmd);
> +	};
> +
> +	my $upid = $rpcenv->fork_worker('vncshell', "", $user, $realcmd);
> +
> +	PVE::Tools::wait_for_vnc_port($port);
> +
> +	return {
> +	    user => $user,
> +	    ticket => $ticket,
> +	    port => $port,
> +	    upid => $upid,
> +	};
> +    }});
> +
>  __PACKAGE__->register_method({
>      name => 'vncwebsocket',
>      path => 'vncwebsocket',
> diff --git a/debian/control b/debian/control
> index 9e399edc..88875342 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -59,6 +59,7 @@ Depends: apt-transport-https,
>           pve-docs,
>           pve-firewall,
>           pve-ha-manager,
> +         pve-xtermjs (>= 0.1-1),
>           qemu-server (>= 1.1-1),
>           rsync,
>           spiceterm,
> -- 
> 2.11.0




More information about the pve-devel mailing list