Browse Source

VNC Graphical console

Add framework to define independent graphical console interface
of a hardware type.

The initial prototype is available at https://review.openstack.org/#/c/547356/1
Change-Id: I0b398ffc153ea7dc80bddcfa5cfb520e17c315af
Partial-bug: #1567629
changes/74/306074/11
Mathieu Mitchell 3 years ago
parent
commit
e069f7fa65

+ 325
- 0
specs/approved/vnc-graphical-console.rst View File

@@ -0,0 +1,325 @@
1
+..
2
+ This work is licensed under a Creative Commons Attribution 3.0 Unported
3
+ License.
4
+
5
+ http://creativecommons.org/licenses/by/3.0/legalcode
6
+
7
+=====================
8
+VNC Graphical console
9
+=====================
10
+
11
+https://bugs.launchpad.net/ironic/+bug/1567629
12
+
13
+In addition to a serial console, allow ironic nodes to be accessed through a
14
+graphical console. This proposal presents the work required to create a new
15
+driver interface for accessing graphical console of a node.
16
+
17
+
18
+Problem description
19
+===================
20
+
21
+End users often have to troubleshoot their instances because they might have
22
+broken their boot configuration or locked themselves out with a firewall.
23
+Keyboard-Video-Mouse (KVM) access is often required for troubleshooting these
24
+types of issues as serial access is not always available or correctly
25
+configured. Also, KVM provides a better user experience as compared to serial
26
+console.
27
+
28
+Currently, ironic does not expose a node's KVM capabilities. As such, admin
29
+users and deployers have to find alternatives to provide KVM access to their
30
+users. Also, Horizon's VNC console is not supported for the ironic nodes
31
+provisioned by Nova.
32
+
33
+
34
+Proposed change
35
+===============
36
+
37
+* A new interface ``GraphicalConsoleInterface`` will be added. This interface
38
+  will essentially have the same class API as current ``ConsoleInterface``
39
+  interface (with ``start_console``, ``stop_console`` and ``get_console``
40
+  methods), but it will be possible to enable/disable/configure it
41
+  independently from serial console access.
42
+  As with other ironic driver interfaces and hardware types, operators
43
+  are free to choose which implementation of a graphical console access to use
44
+  by setting it to the one enabled and supported by corresponding hardware type
45
+  implementations.
46
+  The new interface will have following methods::
47
+
48
+    class GraphicalConsoleInterface(BaseInterface):
49
+        """Interface for graphical console-related actions."""
50
+        interface_type = "graphical_console"
51
+
52
+        @abc.abstractmethod
53
+        def start_console(self, task):
54
+            """Start a remote graphical console for the task's node.
55
+
56
+            This method should not raise an exception if console already started.
57
+
58
+            :param task: a TaskManager instance containing the node to act on.
59
+            """
60
+
61
+        @abc.abstractmethod
62
+        def stop_console(self, task):
63
+            """Stop the remote graphical console session for the task's node.
64
+
65
+            :param task: a TaskManager instance containing the node to act on.
66
+            """
67
+
68
+        @abc.abstractmethod
69
+        def get_console(self, task):
70
+            """Get connection information about the graphical console.
71
+
72
+            This method should return the necessary information for the
73
+            client to access the graphical console.
74
+
75
+            :param task: a TaskManager instance containing the node to act on.
76
+            :returns: the graphical console connection information.
77
+            """
78
+
79
+* The following new hardware interface implementations of
80
+  ``GraphicalConsoleInterface`` will be created.
81
+
82
+  + ``ipmitool-vnc`` - For accessing graphical console using VNC.
83
+  + ``no-graphical-console`` - For no graphical console.
84
+  + ``fake`` - For accessing fake graphical console used for testing.
85
+
86
+* New config options will be introduced for this interface which are as
87
+  follows:
88
+
89
+  + ``[DEFAULT]enabled_graphical_console_interfaces`` -  This config option
90
+    represents the list of enabled graphical console interfaces in ironic.
91
+    The default value is ``['no-graphical-console']``.
92
+
93
+  + ``[DEFAULT]default_graphical_console_interface`` - This config option
94
+    represents the default graphical console interface to be used with various
95
+    drivers. The default value will be ``no-graphical-console``.
96
+
97
+* Two new fields will be added to the Node object:
98
+
99
+  + ``graphical_console_interface`` - This field represents the supported
100
+    graphical  console interface for the node.
101
+
102
+  + ``graphical_console_enabled`` - This field will a Boolean value that will
103
+    represent the state of console. It will be set to True via request to start
104
+    the graphical console.
105
+
106
+* While a node unprovisioning, Ironic will stop all the graphical connections
107
+  to the node.
108
+
109
+Alternatives
110
+------------
111
+
112
+* Accept this limitation and only offer a serial console.
113
+
114
+* Use out-of-band KVM access provided by administrator without Ironic support.
115
+
116
+* Generalize and formalize concept of a ``console`` interface,
117
+  and allow to have arbitrary number of console interfaces
118
+  (from those declared as supported by a hardware type) to be active and
119
+  enabled for a particular node.
120
+
121
+Data model impact
122
+-----------------
123
+
124
+- A new node field ``graphical_console_enabled``, during upgrade/conversion
125
+  will be populated from ``default_graphical_console_interface`` config option
126
+  (``no-graphical-console`` by default).
127
+- new node field ``graphical_console_interface`` will be added.
128
+
129
+State Machine Impact
130
+--------------------
131
+
132
+None.
133
+
134
+
135
+REST API impact
136
+---------------
137
+
138
+* Add a new optional ``console_type`` parameter to
139
+  ``GET /v1/nodes/{node_ident}/states/console`` and
140
+  ``PUT /v1/nodes/{node_ident}/states/console`` APIs. This
141
+  parameter defines which type of console the Ironic users want to access.
142
+  The default value will be ``serial``. The possible values are as follows:
143
+
144
+  + ``serial`` - For accessing the serial console.
145
+  + ``graphical`` - For accessing the graphical console.
146
+
147
+  This parameter will be included in the query string.
148
+
149
+Example::
150
+
151
+    GET /v1/nodes/{node_ident}/states/console?console_type=graphical
152
+
153
+The response would be same as the console interface. A new 400 HTTP response
154
+will be returned if user provides a invalid ``console_type``.
155
+
156
+The API microversion will need to be bumped.
157
+
158
+
159
+Client (CLI) impact
160
+-------------------
161
+
162
+* A new option ``--type`` will be added to OSC command
163
+  ``openstack baremetal node console enable`` and
164
+  ``openstack baremetal node console disable``.
165
+
166
+* A new option ``--type`` will be added to OSC command
167
+  ``openstack baremetal node console show``.
168
+
169
+
170
+RPC API impact
171
+--------------
172
+
173
+* Add a new ``console_type`` parameter to ``get_console_information``
174
+
175
+* Add a new ``console_type`` parameter to ``set_console_mode``
176
+
177
+The RPC API microversion will need to be bumped.
178
+
179
+
180
+Driver API impact
181
+-----------------
182
+
183
+* The new ``GraphicalConsoleInterface`` will be included in the standardized
184
+  interfaces group. It is not a mandatory interface.
185
+
186
+Nova driver impact
187
+------------------
188
+
189
+Nova impacts are fully described in the VNC console support for Ironic
190
+driver [#]_ blueprint in Nova.
191
+
192
+Essentially, the Ironic virt driver will have to implement ``get_vnc_console``
193
+and call Ironic's get/set-console-mode with the ``graphical`` type.
194
+
195
+As per policy in Nova, changes cannot land until ironic and python-ironicclient
196
+changes have landed. The changes on the Nova side are fairly straightforward.
197
+
198
+
199
+Ramdisk impact
200
+--------------
201
+
202
+None.
203
+
204
+
205
+Security impact
206
+---------------
207
+
208
+* The VNC connection to the nodes are secured by a token generated while
209
+  creating the console in Nova.
210
+
211
+* With standalone Ironic deployment, this will return a URL and a user
212
+  could directly connect with it. The connection to the baremetal node
213
+  will not be secure.
214
+
215
+Other end user impact
216
+---------------------
217
+
218
+* The number of maximum connections per console, specifically VNC consoles is
219
+  implementation specific. Some servers are capable of multiple connections and
220
+  others aren't.
221
+
222
+
223
+Scalability impact
224
+------------------
225
+
226
+* As mentioned in the last section, the number of connections varies based on
227
+  the hardware.
228
+
229
+* TODO(mkrai): Update the number of connections a conductor can handle to
230
+  address Ruby's comment on PS7.
231
+
232
+
233
+Performance Impact
234
+------------------
235
+
236
+None.
237
+
238
+
239
+Other deployer impact
240
+---------------------
241
+
242
+* Adds ``enabled_graphical_console_interfaces`` config option.
243
+
244
+* Adds ``default_graphical_console_interface`` config option.
245
+
246
+Developer impact
247
+----------------
248
+
249
+Driver developers can now offer multiple console interfaces rather than
250
+sticking to a single one. This actually maps much better to the reality
251
+of servers often offering a Serial-on-LAN access along with a
252
+Keyboard-Video-Mouse access.
253
+
254
+
255
+Implementation
256
+==============
257
+
258
+Assignee(s)
259
+-----------
260
+
261
+Primary assignee:
262
+  * mkrai
263
+
264
+Other contributors:
265
+  * anupn
266
+
267
+Work Items
268
+----------
269
+
270
+* Introduce ``ipmitool.IPMIVNCConsole(BaseInterface)``
271
+
272
+* Add ``console_type`` support to the console REST API.
273
+
274
+* Add ``console_type`` support to the RPC methods.
275
+
276
+* Add ``console_type`` support to the OSC plugin.
277
+
278
+* Add graphical console support to VirtualBMC
279
+
280
+* Implement basic enable-disable + connect testing within devstack
281
+
282
+* Update documents to explain how graphical console can be used
283
+
284
+
285
+Dependencies
286
+============
287
+
288
+None.
289
+
290
+
291
+Testing
292
+=======
293
+
294
+* Unit tests
295
+
296
+* CI testing of ``ipmitool.IPMIVNCConsole`` with a basic enable-disable
297
+  connect test.
298
+
299
+* Add support for graphical console support in virtual BMC for gate test.
300
+
301
+
302
+Upgrades and Backwards Compatibility
303
+====================================
304
+
305
+Proper compatibility with Nova will be ensured. A newer Nova will continue to
306
+behave as it currently does when running with an older ironic. A newer ironic
307
+will expose features that Nova will simply not use.
308
+
309
+Backwards compatibility within ironic is assured through RPC versions.
310
+Additional care is taken to ensure out-of-tree drivers are still compatible
311
+because the code will specifically handle drivers not switched to the new
312
+hardware types. Specific tests covering this part will be added. Finally,
313
+compatibility with older API clients is assured through REST API microversions.
314
+
315
+
316
+Documentation Impact
317
+====================
318
+
319
+* Documentation will be updated.
320
+
321
+
322
+References
323
+==========
324
+
325
+.. [#] https://blueprints.launchpad.net/nova/+spec/ironic-vnc-console

+ 1
- 0
specs/not-implemented/vnc-graphical-console.rst View File

@@ -0,0 +1 @@
1
+../approved/vnc-graphical-console.rst

Loading…
Cancel
Save