Skip to content

P
pve-manager
Commit ce1626a7 authored by Dietmar Maurer's avatar Dietmar Maurer
Browse files
Options

factor out common code into run_spiceterm

parent e480871a
Hide whitespace changes
Inline Side-by-side
Showing with 90 additions and 135 deletions
PVE/API2/Nodes.pm
View file @ ce1626a7
......@@ -8,6 +8,7 @@ use Time::Local qw(timegm_nocheck);
use HTTP::Status qw(:constants);
use PVE::pvecfg;
use PVE::Tools;
use PVE::API2Tools;
use PVE::ProcFSTools;
use PVE::SafeSyslog;
use PVE::Cluster qw(cfs_read_file);
......@@ -821,23 +822,9 @@ __PACKAGE__->register_method ({
my $node = $param->{node};
my $proxy = $param->{proxy};
if (!$proxy) {
my $host = `hostname -f` || PVE::INotify::nodename();
chomp $host;
$proxy = $host;
}
my $authpath = "/nodes/$node";
my ($ticket, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, 0, $node);
my $filename = "/etc/pve/local/pve-ssl.pem";
my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
my $cacert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192);
$cacert =~ s/\n/\\n/g;
my $port = PVE::Tools::next_spice_port();
my $permissions = 'Sys.Console';
my $shcmd;
......@@ -852,56 +839,9 @@ __PACKAGE__->register_method ({
$shcmd = [ '/bin/login' ];
}
my $timeout = 10;
my $cmd = ['/usr/bin/spiceterm', '--port', $port, '--addr', '127.0.0.1',
'--timeout', $timeout, '--authpath', $authpath,
'--permissions', 'Sys.Console'];
my $dcconf = PVE::Cluster::cfs_read_file('datacenter.cfg');
push @$cmd, '--keymap', $dcconf->{keyboard} if $dcconf->{keyboard};
push @$cmd, '--', @$shcmd;
my $realcmd = sub {
my $upid = shift;
syslog ('info', "starting spiceterm $upid\n");
my $cmdstr = join (' ', @$cmd);
syslog ('info', "launch command: $cmdstr");
eval {
foreach my $k (keys %ENV) {
next if $k eq 'PATH' || $k eq 'TERM' || $k eq 'USER' || $k eq 'HOME';
delete $ENV{$k};
}
$ENV{PWD} = '/';
$ENV{SPICE_TICKET} = $ticket;
PVE::Tools::run_command($cmd, errmsg => "spiceterm failed");
};
if (my $err = $@) {
syslog ('err', $err);
}
my $title = "Shell on '$node'";
return;
};
my $upid = $rpcenv->fork_worker('spiceshell', "", $user, $realcmd);
PVE::Tools::wait_for_vnc_port($port);
return {
type => 'spice',
title => "Shell on '$node'",
host => $proxyticket, # this break tls hostname verification, so we need to use 'host-subject'
proxy => "http://$proxy:3128",
'tls-port' => $port,
'host-subject' => $subject,
ca => $cacert,
password => $ticket,
'delete-this-file' => 1,
};
return PVE::API2Tools::run_spiceterm($authpath, $permissions, 0, $node, $proxy, $title, $shcmd);
}});
__PACKAGE__->register_method({
......
PVE/API2/OpenVZ.pm
View file @ ce1626a7
......@@ -938,85 +938,21 @@ __PACKAGE__->register_method ({
code => sub {
my ($param) = @_;
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
my $vmid = $param->{vmid};
my $node = $param->{node};
my $proxy = $param->{proxy};
if (!$proxy) {
my $host = `hostname -f` || PVE::INotify::nodename();
chomp $host;
$proxy = $host;
}
my $authpath = "/vms/$vmid";
my $permissions = 'VM.Console';
my ($ticket, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $node);
my $filename = "/etc/pve/local/pve-ssl.pem";
my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
my $cacert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192);
$cacert =~ s/\n/\\n/g;
my $port = PVE::Tools::next_spice_port();
my $shcmd = ['/usr/bin/dtach', '-A',
"/var/run/dtach/vzctlconsole$vmid",
'-r', 'winch', '-z',
'/usr/sbin/vzctl', 'console', $vmid];
my $remip;
my $timeout = 10;
my $cmd = ['/usr/bin/spiceterm', '--port', $port, '--addr', '127.0.0.1',
'--timeout', $timeout, '--authpath', $authpath,
'--permissions', 'VM.Console'];
my $dcconf = PVE::Cluster::cfs_read_file('datacenter.cfg');
push @$cmd, '--keymap', $dcconf->{keyboard} if $dcconf->{keyboard};
push @$cmd, '--',
'/usr/bin/dtach', '-A',
"/var/run/dtach/vzctlconsole$vmid",
'-r', 'winch', '-z',
'/usr/sbin/vzctl', 'console', $vmid;
my $realcmd = sub {
my $upid = shift;
my $title = "CT $vmid";
syslog('info', "starting openvz vnc proxy $upid\n");
eval {
foreach my $k (keys %ENV) {
next if $k eq 'PATH' || $k eq 'TERM' || $k eq 'USER' || $k eq 'HOME';
delete $ENV{$k};
}
$ENV{PWD} = '/';
$ENV{SPICE_TICKET} = $ticket;
run_command($cmd, errmsg => "spiceterm failed");
};
if (my $err = $@) {
syslog ('err', $err);
}
return;
};
my $upid = $rpcenv->fork_worker('spiceproxy', $vmid, $authuser, $realcmd);
PVE::Tools::wait_for_vnc_port($port);
return {
type => 'spice',
title => "Shell on '$node'",
host => $proxyticket, # this break tls hostname verification, so we need to use 'host-subject'
proxy => "http://$proxy:3128",
'tls-port' => $port,
'host-subject' => $subject,
ca => $cacert,
password => $ticket,
'delete-this-file' => 1,
};
return PVE::API2Tools::run_spiceterm($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd);
}});
__PACKAGE__->register_method({
......
PVE/API2Tools.pm
View file @ ce1626a7
......@@ -6,6 +6,7 @@ use PVE::Tools;
use Digest::MD5 qw(md5_hex);
use URI;
use URI::Escape;
use PVE::SafeSyslog;
my $hwaddress;
......@@ -133,4 +134,82 @@ sub parse_http_proxy {
return ("$host:$port", $username, $password);
}
sub run_spiceterm {
my ($authpath, $permissions, $vmid, $node, $proxy, $title, $shcmd) = @_;
my $rpcenv = PVE::RPCEnvironment::get();
my $authuser = $rpcenv->get_user();
if (!$proxy) {
my $host = `hostname -f` || PVE::INotify::nodename();
chomp $host;
$proxy = $host;
}
my ($ticket, $proxyticket) = PVE::AccessControl::assemble_spice_ticket($authuser, $vmid, $node);
my $filename = "/etc/pve/local/pve-ssl.pem";
my $subject = PVE::QemuServer::read_x509_subject_spice($filename);
my $cacert = PVE::Tools::file_get_contents("/etc/pve/pve-root-ca.pem", 8192);
$cacert =~ s/\n/\\n/g;
my $port = PVE::Tools::next_spice_port();
my $timeout = 10;
my $cmd = ['/usr/bin/spiceterm', '--port', $port, '--addr', '127.0.0.1',
'--timeout', $timeout, '--authpath', $authpath,
'--permissions', $permissions];
my $dcconf = PVE::Cluster::cfs_read_file('datacenter.cfg');
push @$cmd, '--keymap', $dcconf->{keyboard} if $dcconf->{keyboard};
push @$cmd, '--', @$shcmd;
my $realcmd = sub {
my $upid = shift;
syslog ('info', "starting spiceterm $upid - $title\n");
my $cmdstr = join (' ', @$cmd);
syslog ('info', "launch command: $cmdstr");
eval {
foreach my $k (keys %ENV) {
next if $k eq 'PATH' || $k eq 'TERM' || $k eq 'USER' || $k eq 'HOME';
delete $ENV{$k};
}
$ENV{PWD} = '/';
$ENV{SPICE_TICKET} = $ticket;
PVE::Tools::run_command($cmd, errmsg => "spiceterm failed");
};
if (my $err = $@) {
syslog ('err', $err);
}
return;
};
if ($vmid) {
$rpcenv->fork_worker('spiceproxy', $vmid, $authuser, $realcmd);
} else {
$rpcenv->fork_worker('spiceshell', undef, $authuser, $realcmd);
}
PVE::Tools::wait_for_vnc_port($port);
return {
type => 'spice',
title => $title,
host => $proxyticket, # this break tls hostname verification, so we need to use 'host-subject'
proxy => "http://$proxy:3128",
'tls-port' => $port,
'host-subject' => $subject,
ca => $cacert,
password => $ticket,
'delete-this-file' => 1,
};
}
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023