e374fb0389
nova.flags is no longer needed except to load nova config options shared across multiple daemons. This removes nova.flags from the bin programs and makes sure that nova.flags is imported in nova.config for now. Change-Id: If066ac0070387bee4b41e6a78ad972f7a0955c75
160 lines
5.6 KiB
Python
Executable File
160 lines
5.6 KiB
Python
Executable File
#!/usr/bin/env python
|
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright (c) 2012 OpenStack, LLC.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
'''
|
|
Websocket proxy that is compatible with OpenStack Nova.
|
|
Leverages websockify.py by Joel Martin
|
|
'''
|
|
|
|
import Cookie
|
|
import os
|
|
import socket
|
|
import sys
|
|
|
|
import websockify
|
|
|
|
from nova import config
|
|
from nova.consoleauth import rpcapi as consoleauth_rpcapi
|
|
from nova import context
|
|
from nova.openstack.common import cfg
|
|
from nova.openstack.common import log as logging
|
|
from nova.openstack.common import rpc
|
|
from nova import utils
|
|
|
|
|
|
opts = [
|
|
cfg.BoolOpt('record',
|
|
default=False,
|
|
help='Record sessions to FILE.[session_number]'),
|
|
cfg.BoolOpt('daemon',
|
|
default=False,
|
|
help='Become a daemon (background process)'),
|
|
cfg.BoolOpt('ssl_only',
|
|
default=False,
|
|
help='Disallow non-encrypted connections'),
|
|
cfg.BoolOpt('source_is_ipv6',
|
|
default=False,
|
|
help='Source is ipv6'),
|
|
cfg.StrOpt('cert',
|
|
default='self.pem',
|
|
help='SSL certificate file'),
|
|
cfg.StrOpt('key',
|
|
default=None,
|
|
help='SSL key file (if separate from cert)'),
|
|
cfg.StrOpt('web',
|
|
default='/usr/share/novnc',
|
|
help='Run webserver on same port. Serve files from DIR.'),
|
|
cfg.StrOpt('novncproxy_host',
|
|
default='0.0.0.0',
|
|
help='Host on which to listen for incoming requests'),
|
|
cfg.IntOpt('novncproxy_port',
|
|
default=6080,
|
|
help='Port on which to listen for incoming requests'),
|
|
]
|
|
|
|
CONF = config.CONF
|
|
CONF.register_cli_opts(opts)
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
|
|
class NovaWebSocketProxy(websockify.WebSocketProxy):
|
|
def __init__(self, *args, **kwargs):
|
|
websockify.WebSocketProxy.__init__(self, unix_target=None,
|
|
target_cfg=None,
|
|
ssl_target=None, *args, **kwargs)
|
|
|
|
def new_client(self):
|
|
"""
|
|
Called after a new WebSocket connection has been established.
|
|
"""
|
|
cookie = Cookie.SimpleCookie()
|
|
cookie.load(self.headers.getheader('cookie'))
|
|
token = cookie['token'].value
|
|
ctxt = context.get_admin_context()
|
|
rpcapi = consoleauth_rpcapi.ConsoleAuthAPI()
|
|
connect_info = rpcapi.check_token(ctxt, token=token)
|
|
|
|
if not connect_info:
|
|
LOG.audit("Invalid Token: %s", token)
|
|
raise Exception("Invalid Token")
|
|
|
|
host = connect_info['host']
|
|
port = int(connect_info['port'])
|
|
|
|
# Connect to the target
|
|
self.msg("connecting to: %s:%s" % (host, port))
|
|
LOG.audit("connecting to: %s:%s" % (host, port))
|
|
tsock = self.socket(host, port, connect=True)
|
|
|
|
# Handshake as necessary
|
|
if connect_info.get('internal_access_path'):
|
|
tsock.send("CONNECT %s HTTP/1.1\r\n\r\n" %
|
|
connect_info['internal_access_path'])
|
|
while True:
|
|
data = tsock.recv(4096, socket.MSG_PEEK)
|
|
if data.find("\r\n\r\n") != -1:
|
|
if not data.split("\r\n")[0].find("200"):
|
|
LOG.audit("Invalid Connection Info %s", token)
|
|
raise Exception("Invalid Connection Info")
|
|
tsock.recv(len(data))
|
|
break
|
|
|
|
if self.verbose and not self.daemon:
|
|
print(self.traffic_legend)
|
|
|
|
# Start proxying
|
|
try:
|
|
self.do_proxy(tsock)
|
|
except Exception:
|
|
if tsock:
|
|
tsock.shutdown(socket.SHUT_RDWR)
|
|
tsock.close()
|
|
self.vmsg("%s:%s: Target closed" % (host, port))
|
|
LOG.audit("%s:%s: Target closed" % (host, port))
|
|
raise
|
|
|
|
|
|
if __name__ == '__main__':
|
|
if CONF.ssl_only and not os.path.exists(CONF.cert):
|
|
parser.error("SSL only and %s not found" % CONF.cert)
|
|
|
|
# Setup flags
|
|
config.parse_args(sys.argv)
|
|
|
|
# Check to see if novnc html/js/css files are present
|
|
if not os.path.exists(CONF.web):
|
|
print "Can not find novnc html/js/css files at %s." % CONF.web
|
|
sys.exit(-1)
|
|
|
|
# Create and start the NovaWebSockets proxy
|
|
server = NovaWebSocketProxy(listen_host=CONF.novncproxy_host,
|
|
listen_port=CONF.novncproxy_port,
|
|
source_is_ipv6=CONF.source_is_ipv6,
|
|
verbose=CONF.verbose,
|
|
cert=CONF.cert,
|
|
key=CONF.key,
|
|
ssl_only=CONF.ssl_only,
|
|
daemon=CONF.daemon,
|
|
record=CONF.record,
|
|
web=CONF.web,
|
|
target_host='ignore',
|
|
target_port='ignore',
|
|
wrap_mode='exit',
|
|
wrap_cmd=None)
|
|
server.start_server()
|