Add nova-novncproxy
* Adds the nova-novncproxy binary, to provide support for vnc + OpensStack nova * Adds the ability to pass an auth token in via url, which is subsequently passed back to the proxy as a cookie.
This commit is contained in:
parent
f84504bc63
commit
4c75210a4d
|
@ -0,0 +1,148 @@
|
|||
#!/usr/bin/env python
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright (c) 2012 Openstack, LLC.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#!/usr/bin/env python
|
||||
|
||||
'''
|
||||
Websocket proxy that is compatible with Openstack Nova.
|
||||
Leverages wsproxy.py by Joel Martin
|
||||
'''
|
||||
|
||||
import Cookie
|
||||
import socket
|
||||
import sys
|
||||
|
||||
import wsproxy
|
||||
|
||||
from nova import context
|
||||
from nova import flags
|
||||
from nova import rpc
|
||||
from nova import utils
|
||||
from nova.openstack.common import cfg
|
||||
|
||||
|
||||
opts = [
|
||||
cfg.BoolOpt('record',
|
||||
default=False,
|
||||
help='Record sessions to FILE.[session_number]'),
|
||||
cfg.BoolOpt('daemon',
|
||||
default=False,
|
||||
help='Become a daemon (background process)'),
|
||||
cfg.BoolOpt('ssl_only',
|
||||
default=False,
|
||||
help='Disallow non-encrypted connections'),
|
||||
cfg.BoolOpt('source_is_ipv6',
|
||||
default=False,
|
||||
help='Source is ipv6'),
|
||||
cfg.StrOpt('cert',
|
||||
default='self.pem',
|
||||
help='SSL certificate file'),
|
||||
cfg.StrOpt('key',
|
||||
default=None,
|
||||
help='SSL key file (if separate from cert)'),
|
||||
cfg.StrOpt('web',
|
||||
default='.',
|
||||
help='Run webserver on same port. Serve files from DIR.'),
|
||||
cfg.StrOpt('novncproxy_host',
|
||||
default='0.0.0.0',
|
||||
help='Host on which to listen for incoming requests'),
|
||||
cfg.IntOpt('novncproxy_port',
|
||||
default=6080,
|
||||
help='Port on which to listen for incoming requests'),
|
||||
]
|
||||
FLAGS = flags.FLAGS
|
||||
FLAGS.register_cli_opts(opts)
|
||||
|
||||
|
||||
class NovaWebSocketProxy(wsproxy.WebSocketProxy):
|
||||
def __init__(self, *args, **kwargs):
|
||||
wsproxy.WebSocketProxy.__init__(self, *args, **kwargs)
|
||||
|
||||
def new_client(self):
|
||||
"""
|
||||
Called after a new WebSocket connection has been established.
|
||||
"""
|
||||
cookie = Cookie.SimpleCookie()
|
||||
cookie.load(self.headers.getheader('cookie'))
|
||||
token = cookie['token'].value
|
||||
ctxt = context.get_admin_context()
|
||||
connect_info = rpc.call(ctxt, 'consoleauth',
|
||||
{'method': 'check_token',
|
||||
'args': {'token': token}})
|
||||
|
||||
if not connect_info:
|
||||
raise Exception("Invalid Token")
|
||||
|
||||
host = connect_info['host']
|
||||
port = int(connect_info['port'])
|
||||
|
||||
# Connect to the target
|
||||
self.msg("connecting to: %s:%s" % (
|
||||
host, port))
|
||||
tsock = self.socket(host, port,
|
||||
connect=True)
|
||||
|
||||
# Handshake as necessary
|
||||
if connect_info.get('internal_access_path'):
|
||||
tsock.send("CONNECT %s HTTP/1.1\r\n\r\n" %
|
||||
connect_info['internal_access_path'])
|
||||
while True:
|
||||
data = tsock.recv(4096, socket.MSG_PEEK)
|
||||
if data.find("\r\n\r\n") != -1:
|
||||
if not data.split("\r\n")[0].find("200"):
|
||||
raise Exception("Invalid Connection Info")
|
||||
tsock.recv(len(data))
|
||||
break
|
||||
|
||||
if self.verbose and not self.daemon:
|
||||
print(self.traffic_legend)
|
||||
|
||||
# Start proxying
|
||||
try:
|
||||
self.do_proxy(tsock)
|
||||
except:
|
||||
if tsock:
|
||||
tsock.shutdown(socket.SHUT_RDWR)
|
||||
tsock.close()
|
||||
self.vmsg("%s:%s: Target closed" % (host, port))
|
||||
raise
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
if FLAGS.ssl_only and not os.path.exists(FLAGS.cert):
|
||||
parser.error("SSL only and %s not found" % FLAGS.cert)
|
||||
|
||||
# Setup flags
|
||||
utils.default_flagfile()
|
||||
FLAGS(sys.argv)
|
||||
|
||||
# Create and start the NovaWebSockets proxy
|
||||
server = NovaWebSocketProxy(listen_host=FLAGS.novncproxy_host,
|
||||
listen_port=FLAGS.novncproxy_port,
|
||||
source_is_ipv6=FLAGS.source_is_ipv6,
|
||||
verbose=FLAGS.verbose,
|
||||
cert=FLAGS.cert,
|
||||
key=FLAGS.key,
|
||||
ssl_only=FLAGS.ssl_only,
|
||||
daemon=FLAGS.daemon,
|
||||
record=FLAGS.record,
|
||||
web=FLAGS.web,
|
||||
target_host='ignore',
|
||||
target_port='ignore',
|
||||
wrap_mode='exit',
|
||||
wrap_cmd=None)
|
||||
server.start_server()
|
|
@ -84,14 +84,15 @@
|
|||
}
|
||||
|
||||
window.onload = function () {
|
||||
var host, port, password, path;
|
||||
var host, port, password, path, token;
|
||||
|
||||
$D('sendCtrlAltDelButton').style.display = "inline";
|
||||
$D('sendCtrlAltDelButton').onclick = sendCtrlAltDel;
|
||||
|
||||
document.title = unescape(WebUtil.getQueryVar('title', 'noVNC'));
|
||||
host = WebUtil.getQueryVar('host', null);
|
||||
port = WebUtil.getQueryVar('port', null);
|
||||
token = WebUtil.getQueryVar('token', null);
|
||||
host = window.location.hostname;
|
||||
port = window.location.port;
|
||||
password = WebUtil.getQueryVar('password', '');
|
||||
path = WebUtil.getQueryVar('path', 'websockify');
|
||||
if ((!host) || (!port)) {
|
||||
|
@ -109,6 +110,12 @@
|
|||
'view_only': WebUtil.getQueryVar('view_only', false),
|
||||
'updateState': updateState,
|
||||
'onPasswordRequired': passwordRequired});
|
||||
|
||||
/* If a token variable is passed in, set the parameter in a cookie. This is
|
||||
used by nova-novncproxy. */
|
||||
if (token) {
|
||||
WebUtil.createCookie('token', token, 1)
|
||||
}
|
||||
rfb.connect(host, port, password, path);
|
||||
};
|
||||
</script>
|
||||
|
|
Loading…
Reference in New Issue