openstack
/
nova-specs
Code Issues Proposed changes

Propose a new API microversion for a spice-direct console. 

This spec covers the functionality required to support a Kerbside
style "spice-direct" console type. The biggest change is a new
API microversion, although there is also some ancillary changes
around other console functionality (encryption, sound, etc).

Change-Id: If87e5ce2f1049b5276a12e64b71cc3088cc197ca
This commit is contained in:
Michael Still 2024-04-06 09:11:20 +11:00
parent ae9a0631ea
commit 787ff3a7c1
1 changed files with 343 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

343
specs/2024.2/approved/libvirt-spice-direct-consoles.rst Normal file
View File

@ -0,0 +1,343 @@
..
This work is licensed under a Creative Commons Attribution 3.0 Unported
License.
http://creativecommons.org/licenses/by/3.0/legalcode
==========================================
libvirt SPICE direct consoles
==========================================
https://blueprints.launchpad.net/nova/+spec/libvirt-spice-direct-consoles
This specification proposes modifications to Nova's libvirt driver to support
"direct" SPICE VDI consoles. These consoles are "direct" in that they are not
intended to use a HTML5 transcoding proxy to access, and instead the user would
use a native SPICE client like `remote-viewer`. Such a facility enables a much
richer virtual desktop experience that Nova current supports, in return for
relatively minor changes to Nova.
Problem description
===================
The SPICE protocol was added to Nova a long time ago, and still represents the
richest and most performant option for remote desktops using Nova. However at
the moment, Horizon's HTML5 transcoding proxy is the only way to access these
SPICE consoles, and the HTML5 interface does not support many of the more novel
features of the SPICE protocol, nor does it support high resolution desktops
well.
The proposed solution is relatively simple -- add an API microversion which
makes it possible to create a "spice-direct" console, and to lookup connection
details for that console from the API. The new console type and microversion is
required because we need to be able to lookup both the insecure and secure TCP
ports for the console, as well as the hypervisor IP address. While this is
similar to what the HTML5 proxy does, it is distinct enough to require an
API change.
This specification also covers tweaks the to the libvirt domain XML to enrich
the desktop experience provided by such a direct console, such as:
* requiring an encrypted connection
* allowing concurrent users as supported by SPICE
* USB device passthrough from client to guest
* sound support
The proposed changes allow direct connection to a SPICE console from a SPICE
native client like `remote-viewer`. Without additional software, this implies
that such a client would have network connectivity to relatively arbitrary TCP
ports on the hypervisor hosting the instance. However, a SPICE protocol native
proxy now exists, and a parallel proposal to this one proposes adding support
for it to Kolla-Ansible. This proxy is called Kerbside, and more details are
available at https://github.com/shakenfist/kerbside. That is, with the proxy
deployed there is effectively no change to the network exposure of Nova
hypervisors.
Use Cases
---------
*As a developer, I don't want these changes to make the Nova codebase even more
complicated.* The changes proposed a relatively contained -- a single new API
microversion, some changes to the domain XML generation code, and associated
tests.
*As a deployer, I want to be able to use OpenStack to provide rich virtual
desktops to my users.* This change facilitates such functionality, but does
require additional deployment steps such as setup to TLS certificates for your
hypervisors and management of a SPICE native proxy. There is a sample
implementation using Kolla-Ansible available, but other deployment systems
would need to integrate this functionality for it to be generally available.
*As a deployer who doesn't want rich desktop consoles, I don't want this
functionality to complicate my deployment.* When disabled, the changes to
deployments are minor -- for example the extra USB passthrough devices and
sound devices in the domain XML are all deployer configurable and can be
disabled.
*As an end user, I would like access to a richer desktop experience than is
currently available.* Once these changes are integrated and Kerbside deployed,
a further change to either Horizon or Skyline will be required to orchestrate
console access via Kerbside. It is expected the complete end to end
functionality will take several releases to land before a fully seamless
experience is available. Once fully implemented, Horizon and Skyline will be
capable of delivering a `.vv` configuration file for a specific console to a
client, who will then have seamless access to their virtual desktop.
Proposed change
===============
As part of prototyping this functionality, a series of patches to Nova were
developed. These are available at XXX. They are:
* Allow Nova to require secured SPICE connections, via a new `require_secure`
configuration option in the SPICE configuration group.
* Add an API microversion to expose SPICE "direct" consoles.
Alternatives
------------
Unfortunately the SPICE HTML5 proxy does not meet the needs to many remote
desktop users. Realistically OpenStack does not currently have a way of
providing these rich desktop consoles to users. Instead, other systems such as
Citrix are used for this functionality.
Data model impact
-----------------
None.
REST API impact
---------------
This specification adds a new console type, "spice-direct", which provides
the connection information required to talk the native SPICE protocol
directly to qemu on the hypervisor. This is intended to be fronted
by a proxy which will handle authentication separately.
A new microversion is introduced which adds the type "spice-direct"
to the existing "spice" protocol.
An example request:
```
POST /servers/<uuid>/remote-consoles
{
"remote_console": {
"protocol": "spice",
"type": "spice-direct"
}
}
```
An example response:
```
{
"remote_console": {
"protocol": "spice",
"type": "spice-direct",
"host": "localhost",
"port": 5900,
"tls_port": 5901
}
}
```
This implies that the JSON schema for `create` console call would change to
something like this:
```
create_v297 = {
'type': 'object',
'properties': {
'remote_console': {
'type': 'object',
'properties': {
'protocol': {
'type': 'string',
'enum': ['vnc', 'spice', 'rdp', 'serial', 'mks'],
},
'type': {
'type': 'string',
'enum': ['novnc', 'xvpvnc', 'spice-html5', 'spice-direct',
'serial', 'webmks'],
},
},
'required': ['protocol', 'type'],
'additionalProperties': False,
},
},
'required': ['remote_console'],
'additionalProperties': False,
}
```
And that the JSON schema for the `get_spice_console` would change to
something like this:
```
get_spice_console_v297 = {
'type': 'object',
'properties': {
'os-getSPICEConsole': {
'type': 'object',
'properties': {
'type': {
'type': 'string',
'enum': ['spice-html5', 'spice-direct'],
},
},
'required': ['type'],
'additionalProperties': False,
},
},
'required': ['os-getSPICEConsole'],
'additionalProperties': False,
}
```
For a SPICE direct console, a return value like this would be returned:
```
{
'remote_console': {
'protocol': 'spice',
'type': 'spice-direct',
'host': 'fakespiceconsole.com',
'port': 6969,
'tls_port': 6970
}
}
```
Security impact
---------------
Arguably none. Nova already exposes SPICE consoles on TCP ports on the
hypervisor. The API functionality to discover the insecure port already exists
for the purposes of the HTML5 transcoding proxy. While the proposed change
makes this more directly accessible, it also adds support for TLS encryption
of the consoles, and would require a misconfigured network to expose these
ports to end users.
Notifications impact
--------------------
None.
Other end user impact
---------------------
None.
Performance Impact
------------------
None.
Other deployer impact
---------------------
As discussed, a complete implementation requires deployment systems to
integrate the Kerbside SPICE proxy, as well as modifications to front ends
such as Horizon and Skyline to orchestrate consoles via Kerbside. However,
those are outside the scope of a Nova specification.
The following configuration options are added by the proposed changes:
* `spice.require_secure`: defaults to `False`, the current hard coded
default. Whether to require secure TLS connections to SPICE consoles. If
you're providing direct access to SPICE consoles instead of using the
HTML5 proxy, you may wish those connections to be encrypted. If so, set
this value to True. Note that use of secure consoles requires that you
setup TLS certificates on each hypervisor.
* `spice.allow_concurrent`: defaults to `False`, the current hard coded
default. Whether to allow concurrent access to SPICE consoles. SPICE
supports multiple users accessing the same console simultaneously, with
some reduced functionality for the second and subsequent users. Set this
option to True to enable concurrent access to SPICE consoles.
* `spice.debug_logging`: defaults to `False`, the current hard coded
default. Whether to emit SPICE debug logs or not to the qemu log. These
debug logs are verbose, but can help diagnose some connectivity issues.
* `spice.sound_enabled`: defaults to `False`, the current hard coded
default. Whether to include a sound device for instance when SPICE
consoles are enabled. Configuring this on a per flavor or per image basis
was considered, but the additional complexity doesn't seem justified
compared to a sound device which emits no sound if the client isn't
capable of using it. An `ich6` sound device is always used.
Additionally, if SPICE consoles are enabled, then USB passthrough devices are
created in the guest. These devices are harmless if not used by a client
capable of using USB passthrough.
Developer impact
----------------
None.
Upgrade impact
--------------
None.
Implementation
==============
Assignee(s)
-----------
Primary assignee:
mikal
Other contributors:
None
Feature Liaison
---------------
Liason needed.
Work Items
----------
Land the patches at XXX in the order specified there, with any modifications
requested by the Nova team during code review.
Dependencies
============
None.
Testing
=======
Testing graphical user interfaces in the gate is hard. However, test for the
API microversion will be added, and manual testing of the console functionality
has occurred on the prototype and will be redone as the patches land.
Documentation Impact
====================
The Operators Guide will need to be updated to cover the new functionality and
configuration options. The End User's guide will need to be updated to
explain usage once the functionality is fully integrated.
References
==========
None.
History
=======
.. list-table:: Revisions
:header-rows: 1
* - Release Name
- Description
* - 2024.2 Dalmatian
- Introduced