diff options
| author | root <root@tonbuntu> | 2011-01-12 09:24:57 +0000 |
|---|---|---|
| committer | Tarmac <> | 2011-01-12 09:24:57 +0000 |
| commit | 76fdd667f2efe7e2dc710fe0254437d176efb45c (patch) | |
| tree | dc3640acddec70efd4fef418a298ca53a1e6aa55 /nova/api | |
| parent | 78882d496b94915b8a6e2f2edce13e8129299982 (diff) | |
| parent | 7cfca5208766539ae368a9f0b8daba6103041f7f (diff) | |
| download | nova-76fdd667f2efe7e2dc710fe0254437d176efb45c.tar.gz nova-76fdd667f2efe7e2dc710fe0254437d176efb45c.tar.xz nova-76fdd667f2efe7e2dc710fe0254437d176efb45c.zip | |
This branch adds web based serial console access. Here is an overview of how it works (for libvirt):
1. User requests an ajax console for an instance_id (either through OS api, or tools/euca-get-ajax-console)
a. api server calls compute worker to complete request
b. compute worker parses an instance's xml to locate its pseudo terminal (/dev/pts/x)
c. compute worker spawns an ajaxterm daemon, bound to a random port in a specified range. socat is used to connect to /dev/pts/x. Note that ajaxterm was modified in the following ways:
i. dies after 5 minutes of inactivity
ii. now requires token authentication. Previously it was trivial to hijack an ajaxterm
d. compute worker returns ajaxterm connect information to the api server: port, host, token
e. api server casts connect information to the nova-ajax-console-proxy (a new service)
f. api server returns a url for the ajaxterm (eg. http://nova-ajax-console-proxy/?token=123)
2. User now has a url, and can paste it in a browser
a. Browser sends request to https://nova-ajax-console-proxy/?token=123
b. nova-ajax-console-proxy maps token to connect information
c. nova-ajax-console-proxy constructs a proxy to the ajaxterm that is running on the host machine. This is now done with eventlet, though previously it was done using twisted
3. User interacts with console through web browser
NOTE: For this to work as expected, serial console login must be enabled in the instance. Instructions for how to do this on ubuntu can be found here: https://help.ubuntu.com/community/SerialConsoleHowto. Note that you must actively log out of the serial console when you are finished, otherwise the console will remain open even after the ajaxterm term session has ended.
Also note that nova.sh has been modified in this branch to launch nova-ajax-console-proxy.
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/ec2/cloud.py | 5 | ||||
| -rw-r--r-- | nova/api/openstack/servers.py | 9 |
2 files changed, 14 insertions, 0 deletions
diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py index 135836348..39174d554 100644 --- a/nova/api/ec2/cloud.py +++ b/nova/api/ec2/cloud.py @@ -501,6 +501,11 @@ class CloudController(object): "Timestamp": now, "output": base64.b64encode(output)} + def get_ajax_console(self, context, instance_id, **kwargs): + ec2_id = instance_id[0] + internal_id = ec2_id_to_id(ec2_id) + return self.compute_api.get_ajax_console(context, internal_id) + def describe_volumes(self, context, volume_id=None, **kwargs): volumes = self.volume_api.get_all(context) # NOTE(vish): volume_id is an optional list of volume ids to filter by. diff --git a/nova/api/openstack/servers.py b/nova/api/openstack/servers.py index c8a9947f3..29af82533 100644 --- a/nova/api/openstack/servers.py +++ b/nova/api/openstack/servers.py @@ -283,6 +283,15 @@ class Controller(wsgi.Controller): return faults.Fault(exc.HTTPUnprocessableEntity()) return exc.HTTPAccepted() + def get_ajax_console(self, req, id): + """ Returns a url to an instance's ajaxterm console. """ + try: + self.compute_api.get_ajax_console(req.environ['nova.context'], + int(id)) + except exception.NotFound: + return faults.Fault(exc.HTTPNotFound()) + return exc.HTTPAccepted() + def diagnostics(self, req, id): """Permit Admins to retrieve server diagnostics.""" ctxt = req.environ["nova.context"] |