94d87bce21
Modules import nova.config for two reasons right now - firstly, to reference nova.config.CONF and, secondly, if they use one of the options defined in nova.config. Often modules import nova.openstack.common.cfg and nova.config which is a bit pointless since they could just use cfg.CONF if they just want to nova.config in order to reference CONF. Let's just use cfg.CONF everywhere and we can explicitly state where we actually require options defined in nova.config. Change-Id: Ie4184a74e3e78c99658becb18dce1c2087e450bb
160 lines
5.5 KiB
Python
Executable File
160 lines
5.5 KiB
Python
Executable File
#!/usr/bin/env python
|
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright (c) 2012 OpenStack, LLC.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
'''
|
|
Websocket proxy that is compatible with OpenStack Nova.
|
|
Leverages websockify.py by Joel Martin
|
|
'''
|
|
|
|
import Cookie
|
|
import os
|
|
import socket
|
|
import sys
|
|
|
|
import websockify
|
|
|
|
from nova import config
|
|
from nova.consoleauth import rpcapi as consoleauth_rpcapi
|
|
from nova import context
|
|
from nova.openstack.common import cfg
|
|
from nova.openstack.common import log as logging
|
|
from nova.openstack.common import rpc
|
|
from nova import utils
|
|
|
|
|
|
opts = [
|
|
cfg.BoolOpt('record',
|
|
default=False,
|
|
help='Record sessions to FILE.[session_number]'),
|
|
cfg.BoolOpt('daemon',
|
|
default=False,
|
|
help='Become a daemon (background process)'),
|
|
cfg.BoolOpt('ssl_only',
|
|
default=False,
|
|
help='Disallow non-encrypted connections'),
|
|
cfg.BoolOpt('source_is_ipv6',
|
|
default=False,
|
|
help='Source is ipv6'),
|
|
cfg.StrOpt('cert',
|
|
default='self.pem',
|
|
help='SSL certificate file'),
|
|
cfg.StrOpt('key',
|
|
default=None,
|
|
help='SSL key file (if separate from cert)'),
|
|
cfg.StrOpt('web',
|
|
default='/usr/share/novnc',
|
|
help='Run webserver on same port. Serve files from DIR.'),
|
|
cfg.StrOpt('novncproxy_host',
|
|
default='0.0.0.0',
|
|
help='Host on which to listen for incoming requests'),
|
|
cfg.IntOpt('novncproxy_port',
|
|
default=6080,
|
|
help='Port on which to listen for incoming requests'),
|
|
]
|
|
|
|
CONF = cfg.CONF
|
|
CONF.register_cli_opts(opts)
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
class NovaWebSocketProxy(websockify.WebSocketProxy):
|
|
def __init__(self, *args, **kwargs):
|
|
websockify.WebSocketProxy.__init__(self, unix_target=None,
|
|
target_cfg=None,
|
|
ssl_target=None, *args, **kwargs)
|
|
|
|
def new_client(self):
|
|
"""
|
|
Called after a new WebSocket connection has been established.
|
|
"""
|
|
cookie = Cookie.SimpleCookie()
|
|
cookie.load(self.headers.getheader('cookie'))
|
|
token = cookie['token'].value
|
|
ctxt = context.get_admin_context()
|
|
rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
|
|
connect_info = rpcapi.check_token(ctxt, token=token)
|
|
|
|
if not connect_info:
|
|
LOG.audit("Invalid Token: %s", token)
|
|
raise Exception("Invalid Token")
|
|
|
|
host = connect_info['host']
|
|
port = int(connect_info['port'])
|
|
|
|
# Connect to the target
|
|
self.msg("connecting to: %s:%s" % (host, port))
|
|
LOG.audit("connecting to: %s:%s" % (host, port))
|
|
tsock = self.socket(host, port, connect=True)
|
|
|
|
# Handshake as necessary
|
|
if connect_info.get('internal_access_path'):
|
|
tsock.send("CONNECT %s HTTP/1.1\r\n\r\n" %
|
|
connect_info['internal_access_path'])
|
|
while True:
|
|
data = tsock.recv(4096, socket.MSG_PEEK)
|
|
if data.find("\r\n\r\n") != -1:
|
|
if not data.split("\r\n")[0].find("200"):
|
|
LOG.audit("Invalid Connection Info %s", token)
|
|
raise Exception("Invalid Connection Info")
|
|
tsock.recv(len(data))
|
|
break
|
|
|
|
if self.verbose and not self.daemon:
|
|
print(self.traffic_legend)
|
|
|
|
# Start proxying
|
|
try:
|
|
self.do_proxy(tsock)
|
|
except Exception:
|
|
if tsock:
|
|
tsock.shutdown(socket.SHUT_RDWR)
|
|
tsock.close()
|
|
self.vmsg("%s:%s: Target closed" % (host, port))
|
|
LOG.audit("%s:%s: Target closed" % (host, port))
|
|
raise
|
|
|
|
|
|
if __name__ == '__main__':
|
|
if CONF.ssl_only and not os.path.exists(CONF.cert):
|
|
parser.error("SSL only and %s not found" % CONF.cert)
|
|
|
|
# Setup flags
|
|
config.parse_args(sys.argv)
|
|
|
|
# Check to see if novnc html/js/css files are present
|
|
if not os.path.exists(CONF.web):
|
|
print "Can not find novnc html/js/css files at %s." % CONF.web
|
|
sys.exit(-1)
|
|
|
|
# Create and start the NovaWebSockets proxy
|
|
server = NovaWebSocketProxy(listen_host=CONF.novncproxy_host,
|
|
listen_port=CONF.novncproxy_port,
|
|
source_is_ipv6=CONF.source_is_ipv6,
|
|
verbose=CONF.verbose,
|
|
cert=CONF.cert,
|
|
key=CONF.key,
|
|
ssl_only=CONF.ssl_only,
|
|
daemon=CONF.daemon,
|
|
record=CONF.record,
|
|
web=CONF.web,
|
|
target_host='ignore',
|
|
target_port='ignore',
|
|
wrap_mode='exit',
|
|
wrap_cmd=None)
|
|
server.start_server()
|