[master] noVNC Console Integration#3296
Conversation
|
For someone still use cloudstack 4.11.2 in production, #3283 |
|
@ustcweizhou To migrate from an existing installation, do we need to build a new systemvm template? Or are the changes to the CPVM applied online somehow? |
|
@DennisKonrad |
|
@rhtyd @svenvogel |
|
@ustcweizhou @svenvogel We already built the code and that worked fine. We are planning to try the feature next week. Then we can give feedback and test. |
|
Thanks @ustcweizhou I'm busy with work for at least two more weeks but I'll certainly review and help test the PR (and possible fix issues wrt xenserver/vmware testing). |
|
@ustcweizhou can you check and fix the pylint issues: (refer https://travis-ci.org/apache/cloudstack/jobs/524837786) It's probably best if we can fix the build to ignore novnc related source file and websockify python codebase |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✔centos6 ✔centos7 ✔debian. JID-2731 |
|
@blueorangutan test |
|
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-3548)
|
|
@ustcweizhou @svenvogel I did a small test with this last week but couldn't get it to work. I'm not sure but just deploying a new management server with this PR didn't work. Is there anything I needed to do to make it work? |
|
@DennisKonrad have you uploaded ssl certificate for console , and made some changes in global setting for domain suffix ? |
|
@ustcweizhou We do have: I somewhere uploaded a certificate but can't remember right now where one has to do that. But yes, we uploaded a certificate. If you mean internatl domain suffix: that's unchanged (still 'cloud.internal') |
|
@DennisKonrad by the way, what hypervisor do you use ? |
|
@ustcweizhou So the steps you provided. We have the setup like you described it already in place. Like i wrote: How can we use the novnc console without settings up things we already have in place? |
|
@DennisKonrad or do you still see the native console ? novnc.console.default should be true in global setting. |
|
@ustcweizhou No error, just not loading anything. I will try this again tomorror and report back. I'm not sure anymore if I correctly set the global variable. But the variable is present. If you have any questions I should check on please feel free to ask. |
|
@ustcweizhou can you fix build failure, see https://travis-ci.org/apache/cloudstack/jobs/524837786 |
4c9a24f to
4009001
Compare
4009001 to
9f84f65
Compare
This is downloaded by
"""
cd systemvm/debian/root/noVNC/
git clone https://github.com/kanaka/websockify utils/websockify
cd utils/websockify
git checkout v0.9.0
rm -rf .git/
"""
(1) new CSS (2) add clipboard (3) focus on vm
15aa755 to
114d4a8
Compare
|
So the error seems to be "Invalid client ip address" after looking in the novnc.log... Is this some security feature? @ustcweizhou |
|
@ustcweizhou do you have any plans on this? Our @davidjumani is going to work on it towards 4.15 milestone. |
yes @DennisKonrad (self.client_ip is source ip to management server, self.client_address[0] is source ip to novnc) If you use reverse proxy or load balancer (nginx, haproxy, pfsense,etc), it might be an issue. |
@rhtyd We will include current source code in our next version. it works fine for many years on our productions. |
|
@rhtyd Could you elaborate on what needs to be done by @davidjumani? |
|
@ustcweizhou I'll check why those ip's differ in my testing environment. |
@weizhouapache this sounds good. 👍we support this! this is a nice feature. is this console a multilanguage? |
|
@weizhouapache that's good to know. @DennisKonrad this PR is far from complete for general consumption, and possibly requires the following (and more): /cc @PaulAngus @davidjumani
|
|
@rhtyd I think novnc should be added as option and not as a complete replacement for the current console. The only change for that would be to not set novnc as the default in the global settings. If you have a complete replacement of the current console in mind that should be done by additional PRs and not by moving this PR into the far future. I responded to the complete list but to see it you have to click-open.
I'll test KVM extensively. Also I think the community will pick up this PR for the other hypervisors. Never the less I know a lot of features that are merged for usage with single hypervisor with remark to the possibilty to expand them later (just take a look at vm ingestion merged by you and boris).
This one I would like you to explain in more detail. If one uses CA framework you want it automatically to activate TLS for novnc? How would this work for a more complex setup like load balancing where TLS gets terminated at the load balancer?
That's great. We also have in mind to check this now that we figured out why the console was not working in our test env.
In my opinion that is a feature to add later. Having multiple views per VM seems to be desirable.
It more or less sounds like you do want to reimplement this PR in java so it works with the CA framework? I understand the concers for security but let's do not mix that with the integration in the CA framework.
That would indeed be great but in the "legacy" console this isn't working right now as well.
This PR implements novnc as option and I think it has to be off as default as well. It's cool that you want to implement HyperV support but I don't get why the milestone of this PR moves because of that?
Like written above this PR is not replacing the "legacy" console. Why do you suggest deprecating the "legacy" console? |
This PR at no time seems like a drop-in replacement to me. But I'm sure it cannot even become one if we block it. |
@rhtyd good you have many nice ideas ! |
@svenvogel we had some research to support multiple language keyboard in the past. |
@rhtyd @DennisKonrad @DaanHoogland @PaulAngus @svenvogel |
|
@ustcweizhou a SIG may not be necessary as this would most likely require few weeks (not months), once @davidjumani start this sometime next week any collaboration would be welcomed on the public PR. The bare minimum requirement would be that it works on all hypervisors with SSL/TLS certificates, in addition to the legacy console proxy. |
@weizhouapache I am all for it 👍. We don't do that enough. However we must think of a way to clearly mark features like than, and not be afraid to retract them if they turn out not ok. The, or an important thing to note there is that retracting is a backward incompatibility that we take on. |
@rhtyd good. expect to see it in coming few weeks. |
|
@ustcweizhou just to update @davidjumani has already started work on it and I'll be supporting him, we'll most likely start a draft PR in a week's time. |
@rhtyd good, thanks. |
|
@weizhouapache I'm closing this in favour of #3296. please re-open if I'm at fault. |
…-scclouds' Correção da validação de estados de CPVM em múltiplas zonas Closes #3296 See merge request scclouds/scclouds!1365
Description
This feature provides novnc console for virtual machines.
It is developed based on
(1) noVNC 1.1.0
(2) latest websockify
Some changes in cloudstack
(1) add a new servlet /novncconsole
(2) a websocket proxy based on websockify will be launched in CPVM.
(3) add vnc password authentication in websockify
(4) generate 'path' and decrypt it in websockify to connect to server/port and check vnc password.
Types of changes
Screenshots (if appropriate):
How Has This Been Tested?
(1) it works with ubuntu 16.04/qemu 2.5
(2) If consoleproxy.sslEnabled is changed, please restart management server and CPVM (or cloud service in CPVM). It determines http or https will be used in novnc console
(3) If novnc.console.default is true,novnc console will be default console on UI. If it is false, we still can access novnc console via /novncconsole?cmd=access&vm=XXX
(4) global setting novnc.encryption.key is hidden, it can be changed via cloudmonkey. Restart CPVM (or cloud service in CPVM) if it is changed.
TODOs