[pve-devel] [PATCH manager v2] proxy: ui: vm console: autodetect novnc or xtermjs

Tue Feb 25 16:48:07 CET 2025

I sent a v3 that implements the functionality in the UI alone.

https://lore.proxmox.com/pve-devel/20250225154706.1108094-1-a.lauterer@proxmox.com/T/#u

On  2025-02-03  11:01, Fiona Ebner wrote:
> Am 25.11.24 um 11:04 schrieb Aaron Lauterer:
>> Some users configure their VMs to use serial as their display. The big
>> benefit is that in combination with the xtermjs remote console, copy &
>> paste works a lot better than via novnc.
>>
>> Unfortunately, the main console panel defaulted to novnc, not matter
>> what the guest had configured. One always had to open the console of the
>> VM in a separate window to make use of xtermjs.
>>
>> This patch changes the behavior and lets it autodetect the guest
>> configuration to either use xtermjs or novnc.
>>
>> If we previously selected the console submenu in one VM and then
>> switched to another VM, the console submenu is the preselect item for
>> the VM we switched to. But at this point, the default would be used
>> (novnc), making it an unpleasant experience. If we would use the same
>> mechanism as for the top right console button - `me.mon()` - it would
>> work, but only if we (re)select the console submenu after the first API
>> call to `nodes/{nola}/qemu/{vmid}/status` finished. On the initial
>> load, if the console is the active submenu, it would still default to
>> novnc.
>>
>> While we probably could have implemented in just in the UI, for example
>> by waiting until the first call to `status` is done, this would
>> potentially introduce "laggyness" when opening the console.
> 
> Wondering why you would need vmstatus() for this? Isn't all the
> information already present in the VM configuration?
> 
>>
>> Another option is to handle it in the backend. The backend can then
>> check the VM config and override the novnc/xtermjs setting. The result
>> is, that even when switching VMs in the web UI with the console submenu
>> selected, it will load xtermjs for the VMs that use it.
>>
>> We only do it if the HTTP call has the new 'autodetect' parameter
>> enabled. Additionally we introduce a permission check for 'VM.Console'
>> at this level and only adjust the used console if the user does have the
>> correct permissions. Otherwise we leak the existence of the VM to
>> unauthorized users if it has 'serial' configured due to the change in
>> the returned console (noVNC/xtermjs).
>>
>> The actual check if the user is allowed to access the console is
>> happening once the loaded console implementation establishes a
>> connection to the console API endpoint of the guest. But at this point,
>> either the noVNC or xtermjs console is already sent to the user's
>> browser.
>>
>> Potential further improvements could be to also check the console
>> settings in datacenter.cfg and consider it. As that isn't checked in the
>> inline console panel for CTs and VMs at all, with out without this
>> patch.
>> The setting does have an impact on the buttons that open the console in
>> a new window.
>>
>> Signed-off-by: Aaron Lauterer <a.lauterer at proxmox.com>
>> ---
>> Another thing that I noticed is that the property we use to decide if we
>> enable xtermjs for VMs in the top right console button, and for now also
>> in this patch, only checks if the VM has a serial device configured.
>> PVE::QemuServer::vmstatus() calls `conf_has_serial()`.
>>
>> A better approach would be to have a vmstatus property that actually
>> tells us if the VM has serial set as display option. As the display
>> could be set to something else, even if a serial device exists. There
>> are other use-cases for a serial device in the VM, like passing through
>> an actual serial port.
>>
>> But I didn't want to open that can of worms just yet ;)
>>
> 
> Again, can't this be done just via the configuration?
> 
>> diff --git a/PVE/Service/pveproxy.pm b/PVE/Service/pveproxy.pm
>> index ac108545..4cd281c7 100755
>> --- a/PVE/Service/pveproxy.pm
>> +++ b/PVE/Service/pveproxy.pm
>> @@ -228,6 +228,22 @@ sub get_index {
>>       my $novnc = defined($args->{console}) && $args->{novnc};
>>       my $xtermjs = defined($args->{console}) && $args->{xtermjs};
>>   
>> +    my $rpcenv = PVE::RPCEnvironment::get();
>> +    if (
>> +	defined($args->{console})
>> +	&& $args->{console} eq 'kvm'
>> +	&& $args->{autodetect}
> 
> The name 'autodetect' is too generic, maybe 'console-autodetect'?
> 
> To me, it really feels like the caller should just directly pass in
> either novnc or xtermjs as the argument depending on what it actually
> wants. pveproxy calling into vmstatus() feels weird.
> 
>> +	&& $username
>> +	&& $rpcenv->check_full($username, "/vms/$args->{vmid}", ["VM.Console"], 1, 1)
>> +    ) {
>> +	my $vmid = $args->{vmid};
>> +	my $vmstatus = PVE::QemuServer::vmstatus($vmid);
> 
> Missing "use" statement for PVE::QemuServer.
> 
>> +	if (defined($vmstatus->{$vmid}) && $vmstatus->{$vmid}->{serial}) {
>> +		$novnc = 0;
>> +		$xtermjs = 1;
>> +	}
>> +    }
>> +
>>       my $langfile = -f "$basedirs->{i18n}/pve-lang-$lang.js" ? 1 : 0;
>>   
>>       my $version = PVE::pvecfg::version();