Merge branch 'vnc_console' of git://github.com/sleepsonthefloor/nova into vnc_console

Conflicts:
	nova/virt/libvirt_conn.py

11 files changed, 566 insertions, 0 deletions

diff --git a/bin/nova-vnc-proxy b/bin/nova-vnc-proxy
new file mode 100755
index 000000000..ea2533dc3
--- /dev/null
+++ b/bin/nova-vnc-proxy
@@ -0,0 +1,94 @@
+#!/usr/bin/env python
+# pylint: disable-msg=C0103
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2010 United States Government as represented by the
+# Administrator of the National Aeronautics and Space Administration.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+"""VNC Console Proxy Server"""
+
+import eventlet
+import gettext
+import os
+import sys
+
+possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
+                                   os.pardir,
+                                   os.pardir))
+if os.path.exists(os.path.join(possible_topdir, 'nova', '__init__.py')):
+    sys.path.insert(0, possible_topdir)
+
+gettext.install('nova', unicode=1)
+
+from nova import flags
+from nova import log as logging
+from nova import utils
+from nova import wsgi
+from nova import version
+from nova.vnc import auth
+from nova.vnc import proxy
+
+LOG = logging.getLogger('nova.vnc-proxy')
+
+FLAGS = flags.FLAGS
+flags.DEFINE_string('vnc_proxy_wwwroot', '/var/lib/nova/noVNC/',
+                     'Full path to noVNC directory')
+flags.DEFINE_boolean('vnc_debug', False,
+                     'Enable debugging features, like token bypassing')
+flags.DEFINE_integer('vnc_proxy_port', 6080,
+                     'Port that the VNC proxy should bind to')
+flags.DEFINE_string('vnc_proxy_iface', '0.0.0.0',
+                     'Address that the VNC proxy should bind to')
+flags.DEFINE_integer('vnc_token_ttl', 300,
+                     'How many seconds before deleting tokens')
+flags.DEFINE_flag(flags.HelpFlag())
+flags.DEFINE_flag(flags.HelpshortFlag())
+flags.DEFINE_flag(flags.HelpXMLFlag())
+
+if __name__ == "__main__":
+    utils.default_flagfile()
+    FLAGS(sys.argv)
+    logging.setup()
+
+    LOG.audit(_("Starting nova-vnc-proxy node (version %s)"),
+              version.version_string_with_vcs())
+
+    if not (os.path.exists(FLAGS.vnc_proxy_wwwroot) and
+            os.path.exists(FLAGS.vnc_proxy_wwwroot + '/vnc_auto.html')):
+        LOG.info(_("Missing vnc_proxy_wwwroot (version %s)"),
+                    FLAGS.vnc_proxy_wwwroot)
+        LOG.info(_("You need a slightly modified version of noVNC "
+                   "to work with the nova-vnc-proxy"))
+        LOG.info(_("Check out the most recent nova noVNC code: %s"),
+                   "git://github.com/sleepsonthefloor/noVNC.git")
+        LOG.info(_("And drop it in %s"), FLAGS.vnc_proxy_wwwroot)
+        exit(1)
+
+    app = proxy.WebsocketVNCProxy(FLAGS.vnc_proxy_wwwroot)
+
+    LOG.audit(_("Allowing access to the following files: %s"),
+              app.get_whitelist())
+
+    with_logging = auth.LoggingMiddleware(app)
+
+    if FLAGS.vnc_debug:
+        with_auth = proxy.DebugMiddleware(with_logging)
+    else:
+        with_auth = auth.NovaAuthMiddleware(with_logging)
+
+    server = wsgi.Server()
+    server.start(with_auth, FLAGS.vnc_proxy_port, host=FLAGS.vnc_proxy_iface)
+    server.wait()
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index e257e44e7..c63d59382 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -536,6 +536,12 @@ class CloudController(object):
         return self.compute_api.get_ajax_console(context,
                                                  instance_id=instance_id)
 
+    def get_vnc_console(self, context, instance_id, **kwargs):
+        ec2_id = instance_id
+        instance_id = ec2_id_to_id(ec2_id)
+        return self.compute_api.get_vnc_console(context,
+                                                instance_id=instance_id)
+
     def describe_volumes(self, context, volume_id=None, **kwargs):
         if volume_id:
             volumes = []
diff --git a/nova/compute/api.py b/nova/compute/api.py
index 01eead4ac..5ba7d7585 100644
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -584,6 +584,23 @@ class API(base.Base):
         return {'url': '%s/?token=%s' % (FLAGS.ajax_console_proxy_url,
                 output['token'])}
 
+    def get_vnc_console(self, context, instance_id):
+        """Get a url to an AJAX Console"""
+        instance = self.get(context, instance_id)
+        output = self._call_compute_message('get_vnc_console',
+                                            context,
+                                            instance_id)
+        rpc.cast(context, '%s' % FLAGS.vnc_console_proxy_topic,
+                 {'method': 'authorize_vnc_console',
+                  'args': {'token': output['token'], 'host': output['host'],
+                  'port': output['port']}})
+
+        time.sleep(1)
+
+        return {'url': '%s/vnc_auto.html?token=%s&host=%s&port=%s' %
+                (FLAGS.vnc_console_proxy_url,
+                output['token'], 'hostignore', 'portignore')}
+
     def get_console_output(self, context, instance_id):
         """Get console output for an an instance"""
         return self._call_compute_message('get_console_output',
diff --git a/nova/compute/manager.py b/nova/compute/manager.py
index ac63f68ea..24ab2f510 100644
--- a/nova/compute/manager.py
+++ b/nova/compute/manager.py
@@ -714,6 +714,15 @@ class ComputeManager(manager.Manager):
 
         return self.driver.get_ajax_console(instance_ref)
 
+    @exception.wrap_exception
+    def get_vnc_console(self, context, instance_id):
+        """Return connection information for an vnc console"""
+        context = context.elevated()
+        LOG.debug(_("instance %s: getting vnc console"), instance_id)
+        instance_ref = self.db.instance_get(context, instance_id)
+
+        return self.driver.get_vnc_console(instance_ref)
+
     @checks_instance_lock
     def attach_volume(self, context, instance_id, volume_id, mountpoint):
         """Attach a volume to an instance."""
diff --git a/nova/flags.py b/nova/flags.py
index 9123e9ac7..904373a0b 100644
--- a/nova/flags.py
+++ b/nova/flags.py
@@ -281,6 +281,16 @@ DEFINE_string('ajax_console_proxy_url',
                in the form "http://127.0.0.1:8000"')
 DEFINE_string('ajax_console_proxy_port',
                8000, 'port that ajax_console_proxy binds')
+DEFINE_string('vnc_console_proxy_topic', 'vnc_proxy',
+              'the topic vnc proxy nodes listen on')
+DEFINE_string('vnc_console_proxy_url',
+              'http://127.0.0.1:6080',
+              'location of vnc console proxy, \
+               in the form "http://127.0.0.1:6080"')
+DEFINE_string('vnc_compute_host_iface', '0.0.0.0',
+              'the compute host interface on which vnc server should listen')
+DEFINE_bool('vnc_enabled', True,
+            'enable vnc related features')
 DEFINE_bool('verbose', False, 'show debug output')
 DEFINE_boolean('fake_rabbit', False, 'use a fake rabbit')
 DEFINE_bool('fake_network', False,
diff --git a/nova/virt/libvirt.xml.template b/nova/virt/libvirt.xml.template
index ef2d2cd6b..c6e7d0a45 100644
--- a/nova/virt/libvirt.xml.template
+++ b/nova/virt/libvirt.xml.template
@@ -101,5 +101,8 @@
             <target port='0'/>
         </serial>
 
+#if $getVar('vnc_compute_host_iface', False)
+        <graphics type='vnc' port='-1' autoport='yes' keymap='en-us' listen='${vnc_host_iface}'/>
+#end if
     </devices>
 </domain>
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index f264cf619..75d438bb6 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -533,6 +533,23 @@ class LibvirtConnection(object):
         subprocess.Popen(cmd, shell=True)
         return {'token': token, 'host': host, 'port': port}
 
+    @exception.wrap_exception
+    def get_vnc_console(self, instance):
+        def get_vnc_port_for_instance(instance_name):
+            virt_dom = self._conn.lookupByName(instance_name)
+            xml = virt_dom.XMLDesc(0)
+            dom = minidom.parseString(xml)
+
+            for graphic in dom.getElementsByTagName('graphics'):
+                if graphic.getAttribute('type') == 'vnc':
+                    return graphic.getAttribute('port')
+
+        port = get_vnc_port_for_instance(instance['name'])
+        token = str(uuid.uuid4())
+        host = instance['host']
+
+        return {'token': token, 'host': host, 'port': port}
+
     _image_sems = {}
 
     @staticmethod
@@ -761,6 +778,10 @@ class LibvirtConnection(object):
 
         if gateway_v6:
             xml_info['gateway_v6'] = gateway_v6 + "/128"
+        if FLAGS.vnc_enabled:
+            xml_info['vnc_compute_host_iface'] = FLAGS.vnc_compute_host_iface
+        if ra_server:
+            xml_info['ra_server'] = ra_server + "/128"
         if not rescue:
             if instance['kernel_id']:
                 xml_info['kernel'] = xml_info['basepath'] + "/kernel"
diff --git a/nova/vnc/__init__.py b/nova/vnc/__init__.py
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/nova/vnc/__init__.py
diff --git a/nova/vnc/auth.py b/nova/vnc/auth.py
new file mode 100644
index 000000000..676cb2360
--- /dev/null
+++ b/nova/vnc/auth.py
@@ -0,0 +1,112 @@
+#!/usr/bin/env python
+# pylint: disable-msg=C0103
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2010 United States Government as represented by the
+# Administrator of the National Aeronautics and Space Administration.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+"""Auth Components for VNC Console"""
+
+import time
+import urlparse
+import webob
+from webob import Request
+
+from nova import flags
+from nova import log as logging
+from nova import rpc
+from nova import utils
+from nova import wsgi
+from nova import vnc
+
+LOG = logging.getLogger('nova.vnc-proxy')
+FLAGS = flags.FLAGS
+
+
+class NovaAuthMiddleware(object):
+    """Implementation of Middleware to Handle Nova Auth"""
+
+    def __init__(self, app):
+        self.app = app
+        self.register_listeners()
+
+    @webob.dec.wsgify
+    def __call__(self, req):
+        token = req.params.get('token')
+
+        if not token:
+            referrer = req.environ.get('HTTP_REFERER')
+            auth_params = urlparse.parse_qs(urlparse.urlparse(referrer).query)
+            if 'token' in auth_params:
+                token = auth_params['token'][0]
+
+        if not token in self.tokens:
+            LOG.audit(_("Unauthorized Access: (%s)"), req.environ)
+            return webob.exc.HTTPForbidden(detail='Unauthorized')
+
+        if req.path == vnc.proxy.WS_ENDPOINT:
+            req.environ['vnc_host'] = self.tokens[token]['args']['host']
+            req.environ['vnc_port'] = int(self.tokens[token]['args']['port'])
+
+        return req.get_response(self.app)
+
+    def register_listeners(self):
+        middleware = self
+        middleware.tokens = {}
+
+        class Callback:
+            def __call__(self, data, message):
+                if data['method'] == 'authorize_vnc_console':
+                    token = data['args']['token']
+                    LOG.audit(_("Received Token: %s)"), token)
+                    middleware.tokens[token] = \
+                      {'args': data['args'], 'last_activity_at': time.time()}
+
+        def delete_expired_tokens():
+            now = time.time()
+            to_delete = []
+            for k, v in middleware.tokens.items():
+                if now - v['last_activity_at'] > FLAGS.vnc_token_ttl:
+                    to_delete.append(k)
+
+            for k in to_delete:
+                LOG.audit(_("Deleting Token: %s)"), k)
+                del middleware.tokens[k]
+
+        conn = rpc.Connection.instance(new=True)
+        consumer = rpc.TopicConsumer(
+                        connection=conn,
+                        topic=FLAGS.vnc_console_proxy_topic)
+        consumer.register_callback(Callback())
+
+        utils.LoopingCall(consumer.fetch, auto_ack=True,
+                          enable_callbacks=True).start(0.1)
+        utils.LoopingCall(delete_expired_tokens).start(1)
+
+
+class LoggingMiddleware(object):
+    def __init__(self, app):
+        self.app = app
+
+    @webob.dec.wsgify
+    def __call__(self, req):
+
+        if req.path == vnc.proxy.WS_ENDPOINT:
+            LOG.info(_("Received Websocket Request: %s"), req.url)
+        else:
+            LOG.info(_("Received Request: %s"), req.url)
+
+        return req.get_response(self.app)
diff --git a/nova/vnc/proxy.py b/nova/vnc/proxy.py
new file mode 100644
index 000000000..dea838e3d
--- /dev/null
+++ b/nova/vnc/proxy.py
@@ -0,0 +1,131 @@
+#!/usr/bin/env python
+# pylint: disable-msg=C0103
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2010 United States Government as represented by the
+# Administrator of the National Aeronautics and Space Administration.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+"""Eventlet WSGI Services to proxy VNC.  No nova deps."""
+
+from base64 import b64encode, b64decode
+import eventlet
+from eventlet import wsgi
+from eventlet import websocket
+import os
+from webob import Request
+import webob
+
+WS_ENDPOINT = '/data'
+
+
+class WebsocketVNCProxy(object):
+    """Class to proxy from websocket to vnc server"""
+
+    def __init__(self, wwwroot):
+        self.wwwroot = wwwroot
+        self.whitelist = {}
+        for root, dirs, files in os.walk(wwwroot):
+            hidden_dirs = []
+            for d in dirs:
+                if d.startswith('.'):
+                    hidden_dirs.append(d)
+            for d in hidden_dirs:
+                dirs.remove(d)
+            for name in files:
+                if not str(name).startswith('.'):
+                    filename = os.path.join(root, name)
+                    self.whitelist[filename] = True
+
+    def get_whitelist(self):
+        return self.whitelist.keys()
+
+    def sock2ws(self, source, dest):
+        try:
+            while True:
+                d = source.recv(32384)
+                if d == '':
+                    break
+                d = b64encode(d)
+                dest.send(d)
+        except:
+            source.close()
+            dest.close()
+
+    def ws2sock(self, source, dest):
+        try:
+            while True:
+                d = source.wait()
+                if d is None:
+                    break
+                d = b64decode(d)
+                dest.sendall(d)
+        except:
+            source.close()
+            dest.close()
+
+    def proxy_connection(self, environ, start_response):
+        @websocket.WebSocketWSGI
+        def _handle(client):
+            server = eventlet.connect((client.environ['vnc_host'],
+                                       client.environ['vnc_port']))
+            t1 = eventlet.spawn(self.ws2sock, client, server)
+            t2 = eventlet.spawn(self.sock2ws, server, client)
+            t1.wait()
+            t2.wait()
+        _handle(environ, start_response)
+
+    def __call__(self, environ, start_response):
+        req = Request(environ)
+        if req.path == WS_ENDPOINT:
+            return self.proxy_connection(environ, start_response)
+        else:
+            if req.path == '/':
+                fname = '/vnc_auto.html'
+            else:
+                fname = req.path
+
+            fname = (self.wwwroot + fname).replace('//', '/')
+            if not fname in self.whitelist:
+                start_response('404 Not Found',
+                               [('content-type', 'text/html')])
+                return "Not Found"
+
+            base, ext = os.path.splitext(fname)
+            if ext == '.js':
+                mimetype = 'application/javascript'
+            elif ext == '.css':
+                mimetype = 'text/css'
+            elif ext in ['.svg', '.jpg', '.png', '.gif']:
+                mimetype = 'image'
+            else:
+                mimetype = 'text/html'
+
+            start_response('200 OK', [('content-type', mimetype)])
+            return open(os.path.join(fname)).read()
+
+
+class DebugMiddleware(object):
+    """Debug middleware.  Skip auth, get vnc port and host from query string"""
+
+    def __init__(self, app):
+        self.app = app
+
+    @webob.dec.wsgify
+    def __call__(self, req):
+        if req.path == WS_ENDPOINT:
+            req.environ['vnc_host'] = req.params.get('host')
+            req.environ['vnc_port'] = int(req.params.get('port'))
+        return req.get_response(self.app)
diff --git a/tools/euca-get-vnc-console b/tools/euca-get-vnc-console
new file mode 100755
index 000000000..bd2788f03
--- /dev/null
+++ b/tools/euca-get-vnc-console
@@ -0,0 +1,163 @@
+#!/usr/bin/env python
+# pylint: disable-msg=C0103
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2010 United States Government as represented by the
+# Administrator of the National Aeronautics and Space Administration.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+"""Euca add-on to use vnc console"""
+
+import getopt
+import os
+import sys
+
+# If ../nova/__init__.py exists, add ../ to Python search path, so that
+# it will override what happens to be installed in /usr/(local/)lib/python...
+possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
+                                   os.pardir,
+                                   os.pardir))
+if os.path.exists(os.path.join(possible_topdir, 'nova', '__init__.py')):
+    sys.path.insert(0, possible_topdir)
+
+import boto
+import nova
+from boto.ec2.connection import EC2Connection
+from euca2ools import Euca2ool, InstanceValidationError, Util, ConnectionFailed
+
+usage_string = """
+Retrieves a url to an vnc console terminal
+
+euca-get-vnc-console [-h, --help] [--version] [--debug] instance_id
+
+REQUIRED PARAMETERS
+
+instance_id: unique identifier for the instance show the console output for.
+
+OPTIONAL PARAMETERS
+
+"""
+
+
+# This class extends boto to add VNCConsole functionality
+class NovaEC2Connection(EC2Connection):
+
+    def get_vnc_console(self, instance_id):
+        """
+        Retrieves a console connection for the specified instance.
+
+        :type instance_id: string
+        :param instance_id: The instance ID of a running instance on the cloud.
+
+        :rtype: :class:`VNCConsole`
+        """
+
+        class VNCConsole:
+            def __init__(self, parent=None):
+                self.parent = parent
+                self.instance_id = None
+                self.url = None
+
+            def startElement(self, name, attrs, connection):
+                return None
+
+            def endElement(self, name, value, connection):
+                if name == 'instanceId':
+                    self.instance_id = value
+                elif name == 'url':
+                    self.url = value
+                else:
+                    setattr(self, name, value)
+
+        params = {}
+        return self.get_object('GetVNCConsole',
+                               {'InstanceId': instance_id}, VNCConsole)
+
+
+def override_connect_ec2(aws_access_key_id=None,
+                         aws_secret_access_key=None, **kwargs):
+    return NovaEC2Connection(aws_access_key_id,
+                             aws_secret_access_key, **kwargs)
+
+# override boto's connect_ec2 method, so that we can use NovaEC2Connection
+boto.connect_ec2 = override_connect_ec2
+
+
+def usage(status=1):
+    print usage_string
+    Util().usage()
+    sys.exit(status)
+
+
+def version():
+    print Util().version()
+    sys.exit()
+
+
+def display_console_output(console_output):
+    print console_output.instance_id
+    print console_output.timestamp
+    print console_output.output
+
+
+def display_vnc_console_output(console_output):
+    print console_output.url
+
+
+def main():
+    try:
+        euca = Euca2ool()
+    except Exception, e:
+        print e
+        usage()
+
+    instance_id = None
+
+    for name, value in euca.opts:
+        if name in ('-h', '--help'):
+            usage(0)
+        elif name == '--version':
+            version()
+        elif name == '--debug':
+            debug = True
+
+    for arg in euca.args:
+        instance_id = arg
+        break
+
+    if instance_id:
+        try:
+            euca.validate_instance_id(instance_id)
+        except InstanceValidationError:
+            print 'Invalid instance id'
+            sys.exit(1)
+
+        try:
+            euca_conn = euca.make_connection()
+        except ConnectionFailed, e:
+            print e.message
+            sys.exit(1)
+        try:
+            console_output = euca_conn.get_vnc_console(instance_id)
+        except Exception, ex:
+            euca.display_error_and_exit('%s' % ex)
+
+        display_vnc_console_output(console_output)
+    else:
+        print 'instance_id must be specified'
+        usage()
+
+if __name__ == "__main__":
+    main()