Commit a50345c8 authored by Dietmar Maurer's avatar Dietmar Maurer

convert spiceproxy into a PVE::Service class

parent 31059552
include ../../defines.mk include ../../defines.mk
SOURCES=pvestatd.pm pveproxy.pm pvedaemon.pm SOURCES=pvestatd.pm pveproxy.pm pvedaemon.pm spiceproxy.pm
.PHONY: install .PHONY: install
install: ${SOURCES} install: ${SOURCES}
......
package PVE::Service::spiceproxy;
# Note: In theory, all this can be done by 'pveproxy' daemon. But some
# API call still have blocking code, so we use a separate daemon to avoid
# that the console gets blocked.
use strict;
use warnings;
use PVE::SafeSyslog;
use PVE::Daemon;
use PVE::API2Tools;
use PVE::API2;
use PVE::HTTPServer;
use base qw(PVE::Daemon);
my $cmdline = [$0, @ARGV];
my %daemon_options = (
max_workers => 1, # todo: do we need more?
restart_on_error => 5,
stop_wait_time => 15,
leave_children_open_on_reload => 1,
setuid => 'www-data',
setgid => 'www-data',
pidfile => '/var/run/pveproxy/spiceproxy.pid',
);
my $daemon = __PACKAGE__->new('spiceproxy', $cmdline, %daemon_options);
sub init {
my ($self) = @_;
# we use same ALLOW/DENY/POLICY as pveproxy
my $proxyconf = PVE::API2Tools::read_proxy_config();
my $accept_lock_fn = "/var/lock/spiceproxy.lck";
my $lockfh = IO::File->new(">>${accept_lock_fn}") ||
die "unable to open lock file '${accept_lock_fn}' - $!\n";
my $family = PVE::Tools::get_host_address_family($self->{nodename});
my $socket = $self->create_reusable_socket(3128, undef, $family);
$self->{server_config} = {
base_handler_class => 'PVE::API2',
keep_alive => 0,
max_conn => 500,
lockfile => $accept_lock_fn,
socket => $socket,
lockfh => $lockfh,
debug => $self->{debug},
spiceproxy => 1,
trusted_env => 0,
logfile => '/var/log/pveproxy/access.log',
allow_from => $proxyconf->{ALLOW_FROM},
deny_from => $proxyconf->{DENY_FROM},
policy => $proxyconf->{POLICY},
};
}
sub run {
my ($self) = @_;
my $server = PVE::HTTPServer->new(%{$self->{server_config}});
$server->run();
}
$daemon->register_start_command();
$daemon->register_restart_command(1);
$daemon->register_stop_command();
$daemon->register_status_command();
our $cmddef = {
start => [ __PACKAGE__, 'start', []],
restart => [ __PACKAGE__, 'restart', []],
stop => [ __PACKAGE__, 'stop', []],
status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
};
1;
__END__
=head1 NAME
spiceproxy - SPICE proxy server for Proxmox VE
=head1 SYNOPSIS
=include synopsis
=head1 DESCRIPTION
SPICE proxy server for Proxmox VE. Listens on port 3128.
=head1 Host based access control
It is possible to configure apache2 like access control lists. Values are read
from file /etc/default/pveproxy (see 'pveproxy' for details).
=head1 FILES
/etc/default/pveproxy
=include pve_copyright
...@@ -2,7 +2,7 @@ include ../defines.mk ...@@ -2,7 +2,7 @@ include ../defines.mk
SUBDIRS = init.d ocf test SUBDIRS = init.d ocf test
SERVICES = pvestatd pveproxy pvedaemon SERVICES = pvestatd pveproxy pvedaemon spiceproxy
CLITOOLS = vzdump pvesubscription CLITOOLS = vzdump pvesubscription
SCRIPTS = \ SCRIPTS = \
...@@ -12,7 +12,6 @@ SCRIPTS = \ ...@@ -12,7 +12,6 @@ SCRIPTS = \
pvesh \ pvesh \
pveam \ pveam \
pvebanner \ pvebanner \
spiceproxy \
pveversion \ pveversion \
pvemailforward.pl \ pvemailforward.pl \
pveupgrade \ pveupgrade \
...@@ -24,7 +23,6 @@ SERVICE_MANS = $(addsuffix .8, ${SERVICES}) ...@@ -24,7 +23,6 @@ SERVICE_MANS = $(addsuffix .8, ${SERVICES})
CLI_MANS = \ CLI_MANS = \
$(addsuffix .1, ${CLITOOLS}) \ $(addsuffix .1, ${CLITOOLS}) \
pveceph.1 \ pveceph.1 \
spiceproxy.1 \
pveversion.1 \ pveversion.1 \
pveupgrade.1 \ pveupgrade.1 \
pveperf.1 pveperf.1
...@@ -69,9 +67,6 @@ pveperf.1.pod: pveperf ...@@ -69,9 +67,6 @@ pveperf.1.pod: pveperf
perl -I.. -T -e "use PVE::CLI::$*; PVE::CLI::$*->generate_bash_completions();" >$@.tmp perl -I.. -T -e "use PVE::CLI::$*; PVE::CLI::$*->generate_bash_completions();" >$@.tmp
mv $@.tmp $@ mv $@.tmp $@
spiceproxy.1.pod: spiceproxy
perl -I.. -T ./spiceproxy printmanpod >$@
pvectl.1.pod: pvectl pvectl.1.pod: pvectl
perl -I.. ./pvectl printmanpod >$@ perl -I.. ./pvectl printmanpod >$@
......
#!/usr/bin/perl -T #!/usr/bin/perl -T
# Note: In theory, all this can be done by 'pveproxy' daemon. But some
# API call still have blocking code, so we use a separate daemon to avoid
# that the console gets blocked.
$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin'; $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
use strict; use strict;
use warnings; use warnings;
use PVE::Service::spiceproxy;
use PVE::SafeSyslog;
use PVE::Daemon;
use PVE::API2Tools;
use PVE::API2;
use PVE::HTTPServer;
use base qw(PVE::Daemon);
$SIG{'__WARN__'} = sub { $SIG{'__WARN__'} = sub {
my $err = $@; my $err = $@;
...@@ -28,106 +17,13 @@ $SIG{'__WARN__'} = sub { ...@@ -28,106 +17,13 @@ $SIG{'__WARN__'} = sub {
$@ = $err; $@ = $err;
}; };
my $cmdline = [$0, @ARGV]; my $prepare = sub {
my %daemon_options = (
max_workers => 1, # todo: do we need more?
restart_on_error => 5,
stop_wait_time => 15,
leave_children_open_on_reload => 1,
setuid => 'www-data',
setgid => 'www-data',
pidfile => '/var/run/pveproxy/spiceproxy.pid',
);
my $daemon = __PACKAGE__->new('spiceproxy', $cmdline, %daemon_options);
sub prepare {
my $rundir="/var/run/pveproxy"; my $rundir="/var/run/pveproxy";
if (mkdir($rundir, 0700)) { # only works at first start if we are root) if (mkdir($rundir, 0700)) { # only works at first start if we are root)
my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n"; my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n";
my $uid = getpwnam('www-data') || die "getpwnam failed - $!\n"; my $uid = getpwnam('www-data') || die "getpwnam failed - $!\n";
chown($uid, $gid, $rundir); chown($uid, $gid, $rundir);
} }
}
sub init {
my ($self) = @_;
# we use same ALLOW/DENY/POLICY as pveproxy
my $proxyconf = PVE::API2Tools::read_proxy_config();
my $accept_lock_fn = "/var/lock/spiceproxy.lck";
my $lockfh = IO::File->new(">>${accept_lock_fn}") ||
die "unable to open lock file '${accept_lock_fn}' - $!\n";
my $family = PVE::Tools::get_host_address_family($self->{nodename});
my $socket = $self->create_reusable_socket(3128, undef, $family);
$self->{server_config} = {
base_handler_class => 'PVE::API2',
keep_alive => 0,
max_conn => 500,
lockfile => $accept_lock_fn,
socket => $socket,
lockfh => $lockfh,
debug => $self->{debug},
spiceproxy => 1,
trusted_env => 0,
logfile => '/var/log/pveproxy/access.log',
allow_from => $proxyconf->{ALLOW_FROM},
deny_from => $proxyconf->{DENY_FROM},
policy => $proxyconf->{POLICY},
};
}
sub run {
my ($self) = @_;
my $server = PVE::HTTPServer->new(%{$self->{server_config}});
$server->run();
}
$daemon->register_start_command();
$daemon->register_restart_command(1);
$daemon->register_stop_command();
$daemon->register_status_command();
my $cmddef = {
start => [ __PACKAGE__, 'start', []],
restart => [ __PACKAGE__, 'restart', []],
stop => [ __PACKAGE__, 'stop', []],
status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
}; };
my $cmd = shift; PVE::Service::spiceproxy->run_cli(undef, undef, $prepare);
PVE::CLIHandler::handle_cmd($cmddef, $0, $cmd, \@ARGV, undef, $0, \&prepare);
exit (0);
__END__
=head1 NAME
spiceproxy - SPICE proxy server for Proxmox VE
=head1 SYNOPSIS
=include synopsis
=head1 DESCRIPTION
SPICE proxy server for Proxmox VE. Listens on port 3128.
=head1 Host based access control
It is possible to configure apache2 like access control lists. Values are read
from file /etc/default/pveproxy (see 'pveproxy' for details).
=head1 FILES
/etc/default/pveproxy
=include pve_copyright
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment