proxmox-mirrors/qemu-server
1
0
Fork 0
mirror of https://git.proxmox.com/git/qemu-server synced 2025-06-13 19:58:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

cleanup VNC websocket patch

Browse Source 
Pass ticket via ENV{LC_PVE_TICKET} to vncproxy. Also remove 'unsecure' option, because
this is implied if we want a websocket connection.
This commit is contained in:
Dietmar Maurer 2014-06-17 08:02:43 +02:00
parent b4d5c00063
commit 983d458216
2 changed files with 15 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
PVE/API2/Qemu.pm
View File

@ -1270,11 +1270,6 @@ __PACKAGE__->register_method({
properties => { properties => {
node => get_standard_option('pve-node'), node => get_standard_option('pve-node'),
vmid => get_standard_option('pve-vmid'), vmid => get_standard_option('pve-vmid'),
unsecure => {
optional => 1,
type => 'boolean',
description => "disables x509 auth",
},
websocket => { websocket => {
optional => 1, optional => 1,
type => 'boolean', type => 'boolean',
@ -1301,8 +1296,7 @@ __PACKAGE__->register_method({
my $vmid = $param->{vmid}; my $vmid = $param->{vmid};
my $node = $param->{node}; my $node = $param->{node};
my $unsecure = $param->{unsecure} // 0; my $websocket = $param->{websocket};
my $websocket = $param->{websocket} // 0;
my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists my $conf = PVE::QemuServer::load_config($vmid, $node); # check if VM exists
@ -1335,7 +1329,7 @@ __PACKAGE__->register_method({
if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) { if ($conf->{vga} && ($conf->{vga} =~ m/^serial\d+$/)) {
die "Unsecure mode is not supported in vga serial mode!" if $unsecure; die "Websocket mode is not supported in vga serial mode!" if $websocket;
my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ]; my $termcmd = [ '/usr/sbin/qm', 'terminal', $vmid, '-iface', $conf->{vga} ];
#my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}"; #my $termcmd = "/usr/bin/qm terminal -iface $conf->{vga}";
@ -1344,40 +1338,6 @@ __PACKAGE__->register_method({
'-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd]; '-perm', 'Sys.Console', '-c', @$remcmd, @$termcmd];
} else { } else {
my $vnc_socket = PVE::QemuServer::vnc_socket($vmid);
if (defined $remip) {
my $perlcode = "";
if ($unsecure) {
$perlcode = qq|
use PVE::QemuServer;
PVE::QemuServer::vm_mon_cmd($vmid, "change", device => "vnc", target => "unix:$vnc_socket,password");
PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => "vnc", password => "$ticket");
PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => "vnc", time => "+30");
|;
} else {
$perlcode = qq|
use PVE::QemuServer;
PVE::QemuServer::vm_mon_cmd($vmid, "change", device => "vnc", target => "unix:$vnc_socket,x509,password");
|;
}
PVE::Tools::run_command([@$remcmd, 'perl', '-'], input => $perlcode, outfunc => sub {print shift;}, errfunc => sub {print STDERR shift;});
} else {
if ($unsecure) {
PVE::QemuServer::vm_mon_cmd($vmid, "change", device => 'vnc', target => "unix:$vnc_socket,password");
PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'vnc', password => $ticket);
PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'vnc', time => "+30");
} else {
PVE::QemuServer::vm_mon_cmd($vmid, "change", device => 'vnc', target => "unix:$vnc_socket,x509,password");
}
}
my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid]; my $qmcmd = [@$remcmd, "/usr/sbin/qm", 'vncproxy', $vmid];
my $qmstr = join(' ', @$qmcmd); my $qmstr = join(' ', @$qmcmd);
@ -1386,7 +1346,8 @@ __PACKAGE__->register_method({
$cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null"]; $cmd = ['/bin/nc', '-l', '-p', $port, '-w', $timeout, '-c', "$qmstr 2>/dev/null"];
if ($websocket) { if ($websocket) {
$cmd = ["/usr/share/novnc/utils/wsproxy.py", '--run-once', "--timeout=$timeout", "--idle-timeout=$timeout", '--ssl-only', '--cert', '/etc/pve/local/pve-ssl.pem', '--key', '/etc/pve/local/pve-ssl.key', $port, '--', @$cmd]; $ENV{LC_PVE_TICKET} = $ticket;
$cmd = ["/usr/share/novnc-pve/utils/wsproxy.py", '--run-once', "--timeout=$timeout", "--idle-timeout=$timeout", '--ssl-only', '--cert', '/etc/pve/local/pve-ssl.pem', '--key', '/etc/pve/local/pve-ssl.key', $port, '--', @$cmd];
} }
} }

15
qm
View File

@ -45,9 +45,7 @@ my $upid_exit = sub {
my $nodename = PVE::INotify::nodename(); my $nodename = PVE::INotify::nodename();
sub run_vnc_proxy { sub run_vnc_proxy {
my ($vmid) = @_; my ($path) = @_;
my $path = PVE::QemuServer::vnc_socket($vmid);
my $c; my $c;
while ( ++$c < 10 && !-e $path ) { sleep(1); } while ( ++$c < 10 && !-e $path ) { sleep(1); }
@ -165,8 +163,17 @@ __PACKAGE__->register_method ({
my ($param) = @_; my ($param) = @_;
my $vmid = $param->{vmid}; my $vmid = $param->{vmid};
my $vnc_socket = PVE::QemuServer::vnc_socket($vmid);
run_vnc_proxy ($vmid); if (my $ticket = $ENV{LC_PVE_TICKET}) { # NOTE: ssh on debian only pass LC_* variables
PVE::QemuServer::vm_mon_cmd($vmid, "change", device => 'vnc', target => "unix:$vnc_socket,password");
PVE::QemuServer::vm_mon_cmd($vmid, "set_password", protocol => 'vnc', password => $ticket);
PVE::QemuServer::vm_mon_cmd($vmid, "expire_password", protocol => 'vnc', time => "+30");
} else {
PVE::QemuServer::vm_mon_cmd($vmid, "change", device => 'vnc', target => "unix:$vnc_socket,x509,password");
}
run_vnc_proxy($vnc_socket);
return undef; return undef;
}}); }});