proxmox-mirrors/qemu-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/qemu-server synced 2025-06-15 12:48:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

spiceproxy: remove socat, and return data to access the new spiceproxy server

Browse Source
This commit is contained in:
Dietmar Maurer 2013-06-26 13:13:58 +02:00
parent eb15737004
commit 3309e65afa
2 changed files with 14 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
PVE/API2/Qemu.pm
View File

@ -1325,7 +1325,7 @@ __PACKAGE__->register_method({
__PACKAGE__->register_method({ __PACKAGE__->register_method({
name => 'spiceproxy', name => 'spiceproxy',
path => '{vmid}/spiceproxy', path => '{vmid}/spiceproxy',
method => 'GET', # fixme: should be POST, but howto handle that in the HTML client method => 'GET',
protected => 1, protected => 1,
proxyto => 'node', # fixme: use direct connections or ssh tunnel? proxyto => 'node', # fixme: use direct connections or ssh tunnel?
permissions => { permissions => {
@ -1344,6 +1344,7 @@ __PACKAGE__->register_method({
properties => { properties => {
type => { type => 'string' }, type => { type => 'string' },
password => { type => 'string' }, password => { type => 'string' },
proxy => { type => 'string' },
host => { type => 'string' }, host => { type => 'string' },
port => { type => 'integer' }, port => { type => 'integer' },
}, },
@ -1358,8 +1359,6 @@ __PACKAGE__->register_method({
my $vmid = $param->{vmid}; my $vmid = $param->{vmid};
my $node = $param->{node}; my $node = $param->{node};
my $port = PVE::Tools::next_vnc_port();
my $remip; my $remip;
# Note: we currectly use "proxyto => 'node'", so this code will never trigger # Note: we currectly use "proxyto => 'node'", so this code will never trigger
@ -1367,12 +1366,7 @@ __PACKAGE__->register_method({
$remip = PVE::Cluster::remote_node_ip($node); $remip = PVE::Cluster::remote_node_ip($node);
} }
my $authpath = "/vms/$vmid"; my ($ticket, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $node);
my $ticket = PVE::AccessControl::assemble_spice_ticket($authuser, $authpath);
# limit ticket length to 59 charachters
$ticket = substr($ticket, 0, 59);
my $timeout = 10; my $timeout = 10;
@ -1380,54 +1374,12 @@ __PACKAGE__->register_method({
PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket); PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'spice', password => $ticket);
PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30"); PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'spice', time => "+30");
my $remcmd = []; #fixme # allow access for group www-data to the spice socket,
# so that spiceproxy can access it
my $realcmd = sub { my $socket = PVE::QemuServer::spice_socket($vmid);
my $upid = shift; my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n";
chown 0, $gid, $socket;
syslog('info', "starting spice proxy $upid\n"); chmod 0770, $socket;
my $socket = PVE::QemuServer::spice_socket($vmid);
my $cmd = ['/usr/bin/socat', '-d', '-d',
"TCP-LISTEN:$port,reuseaddr,fork" ];
if ($remip) {
push @$cmd, "EXEC:'ssh root@$remip socat STDIO UNIX-CONNECT:$socket";
} else {
push @$cmd, "UNIX-CONNECT:$socket";
}
my $conn_count = 0;
my $parser = sub {
my $line = shift;
print "$line\n";
if ($line =~ /successfully connected from/) {
$conn_count++;
} elsif ($line =~ /N exiting with status/ || $line =~ m/N exit\(/) {
$conn_count--;
die "client exit\n" if $conn_count <= 0;
}
};
eval {
# kill socat if we do not get any connection within $timeout seconds
local $SIG{ALRM} = sub { die "got timeout\n" if $conn_count <= 0; };
alarm($timeout);
PVE::Tools::run_command($cmd, errfunc => $parser, outfunc => sub{});
};
if (my $err = $@) {
die $err if $err !~ m/client exit$/;
}
return;
};
my $upid = $rpcenv->fork_worker('spiceproxy', $vmid, $authuser, $realcmd);
PVE::Tools::wait_for_vnc_port($port);
# fimxe: ?? # fimxe: ??
my $host = `hostname -f` || PVE::INotify::nodename(); my $host = `hostname -f` || PVE::INotify::nodename();
@ -1435,10 +1387,10 @@ __PACKAGE__->register_method({
return { return {
type => 'spice', type => 'spice',
host => $host, host => $proxyticket,
port => $port, proxy => $host,
password => $ticket, port => 0, # not used for now
upid => $upid, password => $ticket
}; };
}}); }});

2
control.in
View File

@ -3,7 +3,7 @@ Version: @@VERSION@@-@@PKGRELEASE@@
Section: admin Section: admin
Priority: optional Priority: optional
Architecture: @@ARCH@@ Architecture: @@ARCH@@
Depends: libc6 (>= 2.7-18), perl (>= 5.10.0-19), libterm-readline-gnu-perl, pve-qemu-kvm (>= 1.4-4) | pve-qemu-kvm-2.6.18, netcat-traditional, libpve-storage-perl, pve-cluster, redhat-cluster-pve, libjson-perl, libjson-xs-perl, libio-multiplex-perl, socat Depends: libc6 (>= 2.7-18), perl (>= 5.10.0-19), libterm-readline-gnu-perl, pve-qemu-kvm (>= 1.4-4) | pve-qemu-kvm-2.6.18, netcat-traditional, libpve-storage-perl, pve-cluster, redhat-cluster-pve, libjson-perl, libjson-xs-perl, libio-multiplex-perl
Conflicts: netcat-openbsd Conflicts: netcat-openbsd
Maintainer: Proxmox Support Team <support@proxmox.com> Maintainer: Proxmox Support Team <support@proxmox.com>
Description: Qemu Server Tools Description: Qemu Server Tools