proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-04-29 04:42:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
d2b85ba226
pve-manager/bin/spiceproxy

165 lines
4.0 KiB
Perl
Executable File
Raw Blame History

#!/usr/bin/perl -T
# Note: In theory, all this can be done by 'pveproxy' daemon. But som API call
# still have blocking code, so we use a separate daemon to avoid that the console
# get blocked.
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
use strict;
use warnings;
use English;
use Socket qw(IPPROTO_TCP TCP_NODELAY SOMAXCONN);
use IO::Socket::INET;
use PVE::SafeSyslog;
use PVE::Daemon;
use PVE::APIDaemon; # fixme: remove
use PVE::API2;
use base qw(PVE::Daemon);
$SIG{'__WARN__'} = sub {
my $err = $@;
my $t = $_[0];
chomp $t;
print STDERR "$t\n";
syslog('warning', "%s", $t);
$@ = $err;
};
my $cmdline = [$0, @ARGV];
my %daemon_options = (
max_workers => 1, # fixme: do we need more?
restart_on_error => 5,
stop_wait_time => 15,
leave_children_open_on_reload => 1,
run_dir => '/var/run/pveproxy',
);
my $daemon = __PACKAGE__->new('spiceproxy', $cmdline, %daemon_options);
my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n";
POSIX::setgid($gid) || die "setgid $gid failed - $!\n";
$EGID = "$gid $gid"; # this calls setgroups
my $uid = getpwnam('www-data') || die "getpwnam failed - $!\n";
POSIX::setuid($uid) || die "setuid $uid failed - $!\n";
# just to be sure
die "detected strange uid/gid\n" if !($UID == $uid && $EUID == $uid && $GID eq "$gid $gid" && $EGID eq "$gid $gid");
sub init {
my ($self) = @_;
# we use same ALLOW/DENY/POLICY as pveproxy
my $proxyconf = PVE::APIDaemon::read_proxy_config();
my $accept_lock_fn = "/var/lock/spiceproxy.lck";
my $lockfh = IO::File->new(">>${accept_lock_fn}") ||
die "unable to open lock file '${accept_lock_fn}' - $!\n";
my ($socket, $sockfd);
if (defined($sockfd = $ENV{PVE_DAEMON_SOCKET_3128}) &&
$self->{env_restart_pve_daemon}) {
die "unable to parse socket fd '$sockfd'\n"
if $sockfd !~ m/^(\d+)$/;
$sockfd = $1; # untaint
$socket = IO::Socket::INET->new;
$socket->fdopen($sockfd, 'w') ||
die "cannot fdopen file descriptor '$sockfd' - $!\n";
} else {
$socket = IO::Socket::INET->new(
LocalAddr => undef, # all interfaces
LocalPort => 3128,
Listen => SOMAXCONN,
Proto => 'tcp',
ReuseAddr => 1) ||
die "unable to create socket - $@\n";
# we often observe delays when using Nagle algorithm,
# so we disable that to maximize performance
setsockopt($socket, IPPROTO_TCP, TCP_NODELAY, 1);
$ENV{PVE_DAEMON_SOCKET_3128} = $socket->fileno;
}
# remove FD_CLOEXEC bit to reuse on exec
$socket->fcntl(Fcntl::F_SETFD(), 0);
$self->{server_config} = {
base_handler_class => 'PVE::API2',
keep_alive => 0,
max_conn => 500,
lockfile => $accept_lock_fn,
socket => $socket,
lockfh => $lockfh,
debug => $self->{debug},
spiceproxy => 1,
trusted_env => 0,
logfile => '/var/log/pveproxy/access.log',
allow_from => $proxyconf->{ALLOW_FROM},
deny_from => $proxyconf->{DENY_FROM},
policy => $proxyconf->{POLICY},
};
}
sub run {
my ($self) = @_;
my $server = PVE::HTTPServer->new(%{$self->{server_config}});
$server->run();
}
$daemon->register_start_command();
$daemon->register_restart_command(0);
$daemon->register_reload_command();
$daemon->register_stop_command();
$daemon->register_status_command();
my $cmddef = {
start => [ __PACKAGE__, 'start', []],
restart => [ __PACKAGE__, 'restart', []],
reload => [ __PACKAGE__, 'reload', []],
stop => [ __PACKAGE__, 'stop', []],
status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
};
my $cmd = shift;
PVE::CLIHandler::handle_cmd($cmddef, $0, $cmd, \@ARGV, undef, $0);
exit (0);
__END__
=head1 NAME
spiceproxy - SPICE proxy server for Proxmox VE
=head1 SYNOPSIS
=include synopsis
=head1 DESCRIPTION
SPICE proxy server for Proxmox VE. Listens on port 3128.
=head1 Host based access control
It is possible to configure apache2 like access control lists. Values are read
from file /etc/default/pveproxy (see 'pveproxy' for details).
=head1 FILES
/etc/default/pveproxy
=include pve_copyright
Reference in New Issue View Git Blame Copy Permalink