openstack
/
nova
Code Issues Proposed changes

Remove 'nova-xvpvncproxy' 

This legacy service is no longer used and was deprecated during the
Stein cycle [1]. It's time to say adios and remove them in their
entirety. This is pretty straightforward, with the sole exception of
schema for the 'remote-consoles' API, which has to continue supporting
requests for type 'xvpvnc' even if we can't fulfil those requests now.

[1] https://review.opendev.org/#/c/610076/

Part of blueprint remove-xvpvncproxy

Depends-On: https://review.opendev.org/695853
Change-Id: I2f7f2379d0cd54e4d0a91008ddb44858cfc5a4cf
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This commit is contained in:
Stephen Finucane 2019-08-16 01:19:59 +01:00
parent 4cb8136e95
commit 02eb9cffe6
29 changed files with 33 additions and 830 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
api-guide/source/server_concepts.rst
View File

@ -783,12 +783,11 @@ Server Consoles
Server Consoles can also be supplied after server launched. There are several
server console services available. First, users can get the console output
from the specified server and can limit the lines of console text by setting
the length. Second, users can access multiple types of remote consoles. The
user can use novnc, xvpvnc, rdp-html5, spice-html5, serial, and webmks(start
from microversion 2.8) through either the OpenStack dashboard or the command
line. Refer to :nova-doc:`Configure remote console access
<admin/remote-console-access.html>`. Specifically for Xenserver, it provides
the ability to create, delete, detail, list specified server vnc consoles.
the length. Secondly, users can access multiple types of remote consoles. The
user can use ``novnc``, ``rdp-html5``, ``spice-html5``, ``serial``, and
``webmks`` (starting from microversion 2.8) through either the OpenStack
dashboard or the command line. Refer to :nova-doc:`Configure remote console
access <admin/remote-console-access.html>`.
Server networks
~~~~~~~~~~~~~~~

4
api-ref/source/parameters.yaml
View File

@ -5284,7 +5284,7 @@ os-getVNCConsole:
type: object
os-getVNCConsole-type:
description: |
The type of VNC console. The valid values are ``novnc`` and ``xvpvnc``.
The type of VNC console. The only valid value is ``novnc``.
in: body
required: true
type: string
@ -5833,7 +5833,7 @@ remote_console_protocol:
type: string
remote_console_type:
description: |
The type of remote console. The valid values are ``novnc``, ``xvpvnc``,
The type of remote console. The valid values are ``novnc``,
``rdp-html5``, ``spice-html5``, ``serial``, and ``webmks``. The type
``webmks`` is added since Microversion ``2.8``.
in: body

3
api-ref/source/servers-action-remote-consoles.inc
View File

@ -175,9 +175,6 @@ Gets a VNC console for a server.
Specify the ``os-getVNCConsole`` action in the request body.
The supported connection types are ``novnc``, ``xvpvnc``. Such as connect
with ``novnc``, set ``type`` parameter to ``novnc``.
Normal response codes: 200
Error response codes: badRequest(400), unauthorized(401), forbidden(403), itemNotFound(404),

4
api-ref/source/servers-remote-consoles.inc
View File

@ -17,9 +17,7 @@ The API provides a unified request for creating a remote console. The user can
get a URL to connect the console from this API. The URL includes the token
which is used to get permission to access the console. Servers may support
different console protocols. To return a remote console using a specific
protocol, such as RDP, set the ``protocol`` parameter to ``rdp``. For the same
protocol, there may be different connection types such as ``vnc protocol and
novnc type`` or ``vnc protocol and xvpvnc type``.
protocol, such as RDP, set the ``protocol`` parameter to ``rdp``.
Normal response codes: 200

1
doc/source/_extra/.htaccess
View File

@ -41,7 +41,6 @@ redirectmatch 301 ^/nova/([^/]+)/man/nova-scheduler.html$ /nova/$1/cli/nova-sche
redirectmatch 301 ^/nova/([^/]+)/man/nova-serialproxy.html$ /nova/$1/cli/nova-serialproxy.html
redirectmatch 301 ^/nova/([^/]+)/man/nova-spicehtml5proxy.html$ /nova/$1/cli/nova-spicehtml5proxy.html
redirectmatch 301 ^/nova/([^/]+)/man/nova-status.html$ /nova/$1/cli/nova-status.html
redirectmatch 301 ^/nova/([^/]+)/man/nova-xvpvncproxy.html$ /nova/$1/cli/nova-xvpvncproxy.html
redirectmatch 301 ^/nova/([^/]+)/notifications.html$ /nova/$1/reference/notifications.html
redirectmatch 301 ^/nova/([^/]+)/placement.html$ /nova/$1/user/placement.html
redirectmatch 301 ^/nova/([^/]+)/placement_dev.html$ /nova/$1/contributor/placement.html

80
doc/source/admin/remote-console-access.rst
View File

@ -526,68 +526,6 @@ For example, to configure this via a ``nova.conf`` file:
mksproxy_base_url = https://127.0.0.1:6090/
XVP-based VNC console
---------------------
VNC is a graphical console with wide support among many hypervisors and
clients. Xen VNC Proxy (XVP) provides VNC support via a simple Java client.
.. deprecated:: 19.0.0
:program:`nova-xvpvnxproxy` is deprecated since 19.0.0 (Stein) and will be
removed in an upcoming release.
Configuration
~~~~~~~~~~~~~
To enable the XVP VNC console service, you must configure both the
:program:`nova-xvpvncproxy` service and the :program:`nova-compute` service.
Most options are defined in the :oslo.config:group:`vnc` group.
The :program:`nova-xvpvncproxy` service accepts the following options.
- :oslo.config:option:`daemon`
- :oslo.config:option:`ssl_only`
- :oslo.config:option:`source_is_ipv6`
- :oslo.config:option:`cert`
- :oslo.config:option:`key`
- :oslo.config:option:`web`
- :oslo.config:option:`vnc.xvpvncproxy_host`
- :oslo.config:option:`vnc.xvpvncproxy_port`
For example, to configure this via a ``nova-xvpvncproxy.conf`` file:
.. code-block:: ini
[vnc]
xvpvncproxy_host = 0.0.0.0
xvpvncproxy_port = 6081
The :program:`nova-compute` service requires the following options to configure
XVP-based VNC support.
- :oslo.config:option:`vnc.enabled`
- :oslo.config:option:`vnc.xvpvncproxy_base_url`
- :oslo.config:option:`vnc.server_listen`
- :oslo.config:option:`vnc.server_proxyclient_address`
- :oslo.config:option:`vnc.keymap`
For example, to configure this via a ``nova.conf`` file:
.. code-block:: ini
[vnc]
enabled = True
xvpvncproxy_base_url = http://IP_ADDRESS:6081/console
server_listen = 127.0.0.1
server_proxyclient_address = 127.0.0.1
keymap = en-us
Replace ``IP_ADDRESS`` with the IP address from which the proxy is accessible
by the outside world. For example, this may be the management interface IP
address of the controller or the VIP.
.. _about-nova-consoleauth:
About ``nova-consoleauth``
@ -602,13 +540,6 @@ outlined below could leverage. Token authentication was moved to the database in
Frequently Asked Questions
--------------------------
- **Q: What is the difference between ``nova-xvpvncproxy`` and
``nova-novncproxy``?**
A: ``nova-xvpvncproxy``, which ships with OpenStack Compute, is a proxy that
supports a simple Java client. ``nova-novncproxy`` uses noVNC to provide VNC
support through a web browser.
- **Q: I want VNC support in the OpenStack dashboard. What services do I
need?**
@ -634,7 +565,6 @@ Frequently Asked Questions
# These flags help construct a connection data structure
server_proxyclient_address=192.168.1.2
novncproxy_base_url=http://172.24.1.1:6080/vnc_auto.html
xvpvncproxy_base_url=http://172.24.1.1:6081/console
# This is the address where the underlying vncserver (not the proxy)
# will listen for connections.
@ -642,11 +572,11 @@ Frequently Asked Questions
.. note::
``novncproxy_base_url`` and ``xvpvncproxy_base_url`` use a public IP; this
is the URL that is ultimately returned to clients, which generally do not
have access to your private network. Your PROXYSERVER must be able to
reach ``server_proxyclient_address``, because that is the address over
which the VNC connection is proxied.
``novncproxy_base_url`` uses a public IP; this is the URL that is
ultimately returned to clients, which generally do not have access to your
private network. Your PROXYSERVER must be able to reach
``server_proxyclient_address``, because that is the address over which the
VNC connection is proxied.
- **Q: My noVNC does not work with recent versions of web browsers. Why?**

11
doc/source/cli/index.rst
View File

@ -75,14 +75,3 @@ are documented for completeness and debugging if something goes wrong.
:maxdepth: 1
nova-rootwrap
Deprecated Services
-------------------
The following services are deprecated in nova. They should not be used in new
deployments, but are documented for existing ones.
.. toctree::
:maxdepth: 1
nova-xvpvncproxy

54
doc/source/cli/nova-xvpvncproxy.rst
View File

@ -1,54 +0,0 @@
================
nova-xvpvncproxy
================
----------------------------
XVP VNC Console Proxy Server
----------------------------
:Author: openstack@lists.openstack.org
:Copyright: OpenStack Foundation
:Manual section: 1
:Manual group: cloud computing
Synopsis
========
::
nova-xvpvncproxy [options]
Description
===========
:program:`nova-xvpvncproxy` is a server daemon that serves the Nova XVP VNC
Console Proxy service, which provides an XVP-based VNC Console Proxy for use
with the Xen hypervisor.
.. deprecated:: 19.0.0
:program:`nova-xvpvnxproxy` is deprecated since 19.0.0 (Stein) and will be
removed in an upcoming release.
Options
=======
**General options**
Files
=====
* ``/etc/nova/nova.conf``
* ``/etc/nova/policy.json``
* ``/etc/nova/rootwrap.conf``
* ``/etc/nova/rootwrap.d/``
See Also
========
* :nova-doc:`OpenStack Nova <>`
Bugs
====
* Nova bugs are managed at `Launchpad <https://bugs.launchpad.net/nova>`__

1
doc/source/conf.py
View File

@ -93,7 +93,6 @@ _man_pages = [
('nova-serialproxy', u'Cloud controller fabric'),
('nova-spicehtml5proxy', u'Cloud controller fabric'),
('nova-status', u'Cloud controller fabric'),
('nova-xvpvncproxy', u'Cloud controller fabric'),
]
man_pages = [

9
doc/source/install/get-started-compute.rst
View File

@ -61,15 +61,6 @@ OpenStack Compute consists of the following areas and their components:
Provides a proxy for accessing running instances through a SPICE connection.
Supports browser-based HTML5 client.
``nova-xvpvncproxy`` daemon
Provides a proxy for accessing running instances through a VNC connection.
Supports an OpenStack-specific Java client.
.. deprecated:: 19.0.0
:program:`nova-xvpvnxproxy` is deprecated since 19.0.0 (Stein) and will be
removed in an upcoming release.
The queue
A central hub for passing messages between daemons. Usually implemented with
`RabbitMQ <https://www.rabbitmq.com/>`__ but

1
doc/test/redirect-tests.txt
View File

@ -41,7 +41,6 @@
/nova/latest/man/nova-serialproxy.html 301 /nova/latest/cli/nova-serialproxy.html
/nova/latest/man/nova-spicehtml5proxy.html 301 /nova/latest/cli/nova-spicehtml5proxy.html
/nova/latest/man/nova-status.html 301 /nova/latest/cli/nova-status.html
/nova/latest/man/nova-xvpvncproxy.html 301 /nova/latest/cli/nova-xvpvncproxy.html
/nova/latest/notifications.html 301 /nova/latest/reference/notifications.html
/nova/latest/placement.html 301 /nova/latest/user/placement.html
/nova/latest/placement_dev.html 301 /nova/latest/contributor/placement.html

42
nova/cmd/xvpvncproxy.py
View File

@ -1,42 +0,0 @@
# Copyright (c) 2010 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""XVP VNC Console Proxy Server."""
import sys
from oslo_log import log as logging
from oslo_reports import guru_meditation_report as gmr
from oslo_reports import opts as gmr_opts
import nova.conf
from nova import config
from nova import service
from nova import version
from nova.vnc import xvp_proxy
CONF = nova.conf.CONF
def main():
config.parse_args(sys.argv)
logging.setup(config.CONF, "nova")
gmr_opts.set_defaults(CONF)
gmr.TextGuruMeditation.setup_autorun(version, conf=CONF)
wsgi_server = xvp_proxy.get_wsgi_server()
service.serve(wsgi_server)
service.wait()

2
nova/compute/manager.py
View File

@ -6672,8 +6672,6 @@ class ComputeManager(manager.Manager):
# For essex, novncproxy_base_url must include the full path
# including the html file (like http://myhost/vnc_auto.html)
access_url_base = CONF.vnc.novncproxy_base_url
elif console_type == 'xvpvnc':
access_url_base = CONF.vnc.xvpvncproxy_base_url
else:
raise exception.ConsoleTypeInvalid(console_type=console_type)

2
nova/conf/__init__.py
View File

@ -67,7 +67,6 @@ from nova.conf import vnc
from nova.conf import workarounds
from nova.conf import wsgi
from nova.conf import xenserver
from nova.conf import xvp
from nova.conf import zvm
CONF = cfg.CONF
@ -119,7 +118,6 @@ vnc.register_opts(CONF)
workarounds.register_opts(CONF)
wsgi.register_opts(CONF)
xenserver.register_opts(CONF)
xvp.register_opts(CONF)
zvm.register_opts(CONF)
remote_debug.register_cli_opts(CONF)

84
nova/conf/vnc.py
View File

@ -115,90 +115,6 @@ Related options:
* novncproxy_port
"""),
cfg.HostAddressOpt(
'xvpvncproxy_host',
default='0.0.0.0',
deprecated_group='DEFAULT',
deprecated_for_removal=True,
deprecated_since='19.0.0',
deprecated_reason="""
The ``nova-xvpvnxproxy`` service is deprecated and will be removed in an
upcoming release.
""",
help="""
IP address or hostname that the XVP VNC console proxy should bind to.
The VNC proxy is an OpenStack component that enables compute service
users to access their instances through VNC clients. Xen provides
the Xenserver VNC Proxy, or XVP, as an alternative to the
websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
XVP clients are Java-based.
This option sets the private address to which the XVP VNC console proxy
service should bind to.
Related options:
* xvpvncproxy_port
* xvpvncproxy_base_url
"""),
cfg.PortOpt(
'xvpvncproxy_port',
default=6081,
deprecated_group='DEFAULT',
deprecated_for_removal=True,
deprecated_since='19.0.0',
deprecated_reason="""
The ``nova-xvpvnxproxy`` service is deprecated and will be removed in an
upcoming release.
""",
help="""
Port that the XVP VNC console proxy should bind to.
The VNC proxy is an OpenStack component that enables compute service
users to access their instances through VNC clients. Xen provides
the Xenserver VNC Proxy, or XVP, as an alternative to the
websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
XVP clients are Java-based.
This option sets the private port to which the XVP VNC console proxy
service should bind to.
Related options:
* xvpvncproxy_host
* xvpvncproxy_base_url
"""),
cfg.URIOpt(
'xvpvncproxy_base_url',
default='http://127.0.0.1:6081/console',
deprecated_group='DEFAULT',
deprecated_for_removal=True,
deprecated_since='19.0.0',
deprecated_reason="""
The ``nova-xvpvnxproxy`` service is deprecated and will be removed in an
upcoming release.
""",
help="""
Public URL address of XVP VNC console proxy.
The VNC proxy is an OpenStack component that enables compute service
users to access their instances through VNC clients. Xen provides
the Xenserver VNC Proxy, or XVP, as an alternative to the
websocket-based noVNC proxy used by Libvirt. In contrast to noVNC,
XVP clients are Java-based.
This option sets the public base URL to which client systems will
connect. XVP clients can use this address to connect to the XVP
instance and, by extension, the VNC sessions.
Related options:
* xvpvncproxy_host
* xvpvncproxy_port
"""),
]
CLI_OPTS = [

63
nova/conf/xvp.py
View File

@ -1,63 +0,0 @@
# Copyright 2016 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from nova.conf import paths
xvp_group = cfg.OptGroup(
'xvp',
title='XVP options',
help="""
Configuration options for XVP.
xvp (Xen VNC Proxy) is a proxy server providing password-protected VNC-based
access to the consoles of virtual machines hosted on Citrix XenServer.
"""
)
xvp_opts = [
cfg.StrOpt('console_xvp_conf_template',
default=paths.basedir_def('nova/console/xvp.conf.template'),
deprecated_group='DEFAULT',
help='XVP conf template'),
cfg.StrOpt('console_xvp_conf',
default='/etc/xvp.conf',
deprecated_group='DEFAULT',
help='Generated XVP conf file'),
cfg.StrOpt('console_xvp_pid',
default='/var/run/xvp.pid',
deprecated_group='DEFAULT',
help='XVP master process pid file'),
cfg.StrOpt('console_xvp_log',
default='/var/log/xvp.log',
deprecated_group='DEFAULT',
help='XVP log file'),
cfg.PortOpt('console_xvp_multiplex_port',
default=5900,
deprecated_group='DEFAULT',
help='Port for XVP to multiplex VNC connections on'),
]
def register_opts(conf):
conf.register_group(xvp_group)
conf.register_opts(xvp_opts, group=xvp_group)
def list_opts():
return {
xvp_group: xvp_opts
}

9
nova/console/__init__.py
View File

@ -11,12 +11,11 @@
# under the License.
"""
:mod:`nova.console` -- Console Proxy to set up VM console access
(i.e. with xvp)
=====================================================
:mod:`nova.console` -- Wrappers around console proxies
======================================================
.. automodule:: nova.console
:platform: Unix
:synopsis: Wrapper around console proxies such as xvp to set up
multitenant VM console access
:synopsis: Wrapper around console proxies such as noVNC to set up
multi-tenant VM console access.
"""

16
nova/console/xvp.conf.template
View File

@ -1,16 +0,0 @@
# One time password use with time window
OTP ALLOW IPCHECK HTTP 60
{% if multiplex_port %}
MULTIPLEX {{ multiplex_port }}
{% endif %}
{% for pool in pools %}
POOL {{ pool.address }}
DOMAIN {{ pool.address }}
MANAGER root {{ pool.password }}
HOST {{ pool.address }}
VM - dummy 0123456789ABCDEF
{% for console in pool.console %}
VM {% if multiplex_port %}-{% else %}{{ console.port }} # {{ console.instance_name }} {{ console.password|pass_encode }}{% endif %}
{% endfor %}
{% endfor %}

183
nova/console/xvp.py
View File

@ -1,183 +0,0 @@
# Copyright (c) 2010 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""XVP (Xenserver VNC Proxy) driver."""
import os
import signal
import jinja2
from oslo_concurrency import processutils
from oslo_log import log as logging
from oslo_utils import excutils
import nova.conf
from nova import context
from nova.db import api as db
from nova.i18n import _
CONF = nova.conf.CONF
LOG = logging.getLogger(__name__)
class XVPConsoleProxy(object):
"""Sets up XVP config, and manages XVP daemon."""
def __init__(self):
self.xvpconf_template = open(CONF.xvp.console_xvp_conf_template).read()
self.host = CONF.host # default, set by manager.
super(XVPConsoleProxy, self).__init__()
@property
def console_type(self):
return 'vnc+xvp'
def get_port(self, context):
"""Get available port for consoles that need one."""
# TODO(mdragon): implement port selection for non multiplex ports,
# we are not using that, but someone else may want
# it.
return CONF.xvp.console_xvp_multiplex_port
def setup_console(self, context, console):
"""Sets up actual proxies."""
self._rebuild_xvp_conf(context.elevated())
def teardown_console(self, context, console):
"""Tears down actual proxies."""
self._rebuild_xvp_conf(context.elevated())
def init_host(self):
"""Start up any config'ed consoles on start."""
ctxt = context.get_admin_context()
self._rebuild_xvp_conf(ctxt)
def fix_pool_password(self, password):
"""Trim password to length, and encode."""
return self._xvp_encrypt(password, is_pool_password=True)
def fix_console_password(self, password):
"""Trim password to length, and encode."""
return self._xvp_encrypt(password)
def _rebuild_xvp_conf(self, context):
LOG.debug('Rebuilding xvp conf')
pools = [pool for pool in
db.console_pool_get_all_by_host_type(context, self.host,
self.console_type)
if pool['consoles']]
if not pools:
LOG.debug('No console pools!')
self._xvp_stop()
return
conf_data = {'multiplex_port': CONF.xvp.console_xvp_multiplex_port,
'pools': pools}
tmpl_path, tmpl_file = os.path.split(CONF.injected_network_template)
env = jinja2.Environment( # nosec
loader=jinja2.FileSystemLoader(tmpl_path)) # nosec
env.filters['pass_encode'] = self.fix_console_password
template = env.get_template(tmpl_file)
self._write_conf(template.render(conf_data))
self._xvp_restart()
def _write_conf(self, config):
try:
LOG.debug('Re-wrote %s', CONF.xvp.console_xvp_conf)
with open(CONF.xvp.console_xvp_conf, 'w') as cfile:
cfile.write(config)
except IOError:
with excutils.save_and_reraise_exception():
LOG.exception("Failed to write configuration file")
def _xvp_stop(self):
LOG.debug('Stopping xvp')
pid = self._xvp_pid()
if not pid:
return
try:
os.kill(pid, signal.SIGTERM)
except OSError:
# if it's already not running, no problem.
pass
def _xvp_start(self):
if self._xvp_check_running():
return
LOG.debug('Starting xvp')
try:
processutils.execute('xvp',
'-p', CONF.xvp.console_xvp_pid,
'-c', CONF.xvp.console_xvp_conf,
'-l', CONF.xvp.console_xvp_log)
except processutils.ProcessExecutionError as err:
LOG.error('Error starting xvp: %s', err)
def _xvp_restart(self):
LOG.debug('Restarting xvp')
if not self._xvp_check_running():
LOG.debug('xvp not running...')
self._xvp_start()
else:
pid = self._xvp_pid()
os.kill(pid, signal.SIGUSR1)
def _xvp_pid(self):
try:
with open(CONF.xvp.console_xvp_pid, 'r') as pidfile:
pid = int(pidfile.read())
except IOError:
return None
except ValueError:
return None
return pid
def _xvp_check_running(self):
pid = self._xvp_pid()
if not pid:
return False
try:
os.kill(pid, 0)
except OSError:
return False
return True
def _xvp_encrypt(self, password, is_pool_password=False):
"""Call xvp to obfuscate passwords for config file.
Args:
- password: the password to encode, max 8 char for vm passwords,
and 16 chars for pool passwords. passwords will
be trimmed to max len before encoding.
- is_pool_password: True if this is the XenServer api password
False if it's a VM console password
(xvp uses different keys and max lengths for pool passwords)
Note that xvp's obfuscation should not be considered 'real' encryption.
It simply DES encrypts the passwords with static keys plainly viewable
in the xvp source code.
"""
maxlen = 8
flag = '-e'
if is_pool_password:
maxlen = 16
flag = '-x'
# xvp will blow up on passwords that are too long (mdragon)
password = password[:maxlen]
out, err = processutils.execute('xvp', flag, process_input=password)
if err:
raise processutils.ProcessExecutionError(_("Failed to run xvp."))
return out.strip()

10
nova/db/api.py
View File

@ -1398,16 +1398,6 @@ def project_get_networks(context, project_id, associate=True):
##################
def console_pool_get_all_by_host_type(context, host, console_type):
"""Fetch all pools for given proxy host and type."""
return IMPL.console_pool_get_all_by_host_type(context,
host,
console_type)
##################
def pci_device_get_by_addr(context, node_id, dev_addr):
"""Get PCI device by address."""
return IMPL.pci_device_get_by_addr(context, node_id, dev_addr)

12
nova/db/sqlalchemy/api.py
View File

@ -4461,18 +4461,6 @@ def migration_migrate_to_uuid(context, count):
return done, done
##################
@pick_context_manager_reader
def console_pool_get_all_by_host_type(context, host, console_type):
return model_query(context, models.ConsolePool, read_deleted="no").\
filter_by(host=host).\
filter_by(console_type=console_type).\
options(joinedload('consoles')).\
all()
########################
# User-provided metadata

1
nova/db/sqlalchemy/models.py
View File

@ -985,6 +985,7 @@ class DNSDomain(BASE, NovaBase, models.SoftDeleteMixin):
project_id = Column(String(255))
# TODO(stephenfin): Remove in V or later
class ConsolePool(BASE, NovaBase, models.SoftDeleteMixin):
"""Represents pool of consoles on the same physical node."""
__tablename__ = 'console_pools'

14
nova/tests/unit/compute/test_compute.py
View File

@ -3882,20 +3882,6 @@ class ComputeTestCase(BaseTestCase,
context=self.context, instance=instance, port="wrongport",
console_type="spice-html5"))
def test_xvpvnc_vnc_console(self):
# Make sure we can a vnc console for an instance.
self.flags(enabled=True, group='vnc')
self.flags(enabled=False, group='spice')
instance = self._create_fake_instance_obj()
self.compute.build_and_run_instance(self.context,
instance, {}, {}, {}, block_device_mapping=[])
console = self.compute.get_vnc_console(self.context, 'xvpvnc',
instance=instance)
self.assertTrue(console)
self.compute.terminate_instance(self.context, instance, [])
def test_invalid_vnc_console_type(self):
# Raise useful error if console type is an unrecognised string.
self.flags(enabled=True, group='vnc')

3
nova/tests/unit/db/test_db_api.py
View File

@ -8192,9 +8192,6 @@ class ArchiveTestCase(test.TestCase, ModelsObjectComparatorMixin):
self.dns_domains = models.DNSDomain.__table__
self.shadow_dns_domains = sqlalchemyutils.get_table(
self.engine, "shadow_dns_domains")
self.console_pools = models.ConsolePool.__table__
self.shadow_console_pools = sqlalchemyutils.get_table(
self.engine, "shadow_console_pools")
self.instances = models.Instance.__table__
self.shadow_instances = sqlalchemyutils.get_table(
self.engine, "shadow_instances")

52
nova/tests/unit/fake_xvp_console_proxy.py
View File

@ -1,52 +0,0 @@
# Copyright (c) 2010 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Fake ConsoleProxy driver for tests."""
class FakeConsoleProxy(object):
"""Fake ConsoleProxy driver."""
@property
def console_type(self):
return 'fake'
def setup_console(self, context, console):
"""Sets up actual proxies."""
pass
def teardown_console(self, context, console):
"""Tears down actual proxies."""
pass
def init_host(self):
"""Start up any config'ed consoles on start."""
pass
def generate_password(self, length=8):
"""Returns random console password."""
return 'fakepass'
def get_port(self, context):
"""Get available port for consoles that need one."""
return 5999
def fix_pool_password(self, password):
"""Trim password to length, and any other messaging."""
return password
def fix_console_password(self, password):
"""Trim password to length, and any other messaging."""
return password

0
nova/vnc/__init__.py
View File

175
nova/vnc/xvp_proxy.py
View File

@ -1,175 +0,0 @@
#!/usr/bin/env python
# Copyright (c) 2012 OpenStack Foundation
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Eventlet WSGI Services to proxy VNC for XCP protocol."""
import socket
import eventlet
import eventlet.green
import eventlet.greenio
import eventlet.wsgi
from oslo_log import log as logging
import webob
import nova.conf
from nova import context
from nova import exception
from nova import objects
from nova import utils
from nova import version
from nova import wsgi
LOG = logging.getLogger(__name__)
CONF = nova.conf.CONF
class XCPVNCProxy(object):
"""Class to use the xvp auth protocol to proxy instance vnc consoles."""
def one_way_proxy(self, source, dest):
"""Proxy tcp connection from source to dest."""
while True:
try:
d = source.recv(32384)
except Exception:
d = None
# If recv fails, send a write shutdown the other direction
if d is None or len(d) == 0:
dest.shutdown(socket.SHUT_WR)
break
# If send fails, terminate proxy in both directions
try:
# sendall raises an exception on write error, unlike send
dest.sendall(d)
except Exception:
source.close()
dest.close()
break
def handshake(self, req, connect_info, sockets):
"""Execute hypervisor-specific vnc auth handshaking (if needed)."""
host = connect_info.host
port = connect_info.port
server = eventlet.connect((host, port))
# Handshake as necessary
if 'internal_access_path' in connect_info:
path = connect_info.internal_access_path
server.sendall('CONNECT %s HTTP/1.1\r\n\r\n' % path)
data = ""
while True:
b = server.recv(1)
if b:
data += b
if data.find("\r\n\r\n") != -1:
if not data.split("\r\n")[0].find("200"):
LOG.info("Error in handshake format: %s", data)
return
break
if not b or len(data) > 4096:
LOG.info("Error in handshake: %s", data)
return
client = req.environ['eventlet.input'].get_socket()
client.sendall("HTTP/1.1 200 OK\r\n\r\n")
sockets['client'] = client
sockets['server'] = server
def proxy_connection(self, req, connect_info, start_response):
"""Spawn bi-directional vnc proxy."""
sockets = {}
t0 = utils.spawn(self.handshake, req, connect_info, sockets)
t0.wait()
if not sockets.get('client') or not sockets.get('server'):
LOG.info("Invalid request: %s", req)
start_response('400 Invalid Request',
[('content-type', 'text/html')])
return "Invalid Request"
client = sockets['client']
server = sockets['server']
t1 = utils.spawn(self.one_way_proxy, client, server)
t2 = utils.spawn(self.one_way_proxy, server, client)
t1.wait()
t2.wait()
# Make sure our sockets are closed
server.close()
client.close()
def __call__(self, environ, start_response):
try:
req = webob.Request(environ)
LOG.info("Request: %s", req)
token = req.params.get('token')
if not token:
LOG.info("Request made with missing token: %s", req)
start_response('400 Invalid Request',
[('content-type', 'text/html')])
return "Invalid Request"
ctxt = context.get_admin_context()
try:
connect_info = objects.ConsoleAuthToken.validate(ctxt, token)
except exception.InvalidToken:
LOG.info("Request made with invalid token: %s", req)
start_response('401 Not Authorized',
[('content-type', 'text/html')])
return "Not Authorized"
return self.proxy_connection(req, connect_info, start_response)
except Exception as e:
LOG.info("Unexpected error: %s", e)
class SafeHttpProtocol(eventlet.wsgi.HttpProtocol):
"""HttpProtocol wrapper to suppress IOErrors.
The proxy code above always shuts down client connections, so we catch
the IOError that raises when the SocketServer tries to flush the
connection.
"""
def finish(self):
try:
eventlet.green.BaseHTTPServer.BaseHTTPRequestHandler.finish(self)
except IOError:
pass
eventlet.greenio.shutdown_safe(self.connection)
self.connection.close()
def get_wsgi_server():
LOG.info("Starting nova-xvpvncproxy node (version %s)",
version.version_string_with_package())
LOG.warning('The nova-xvpvncproxy service is deprecated as it is Xen '
'specific and has effectively been replaced by noVNC '
'and the nova-novncproxy service.')
return wsgi.Server("XCP VNC Proxy",
XCPVNCProxy(),
protocol=SafeHttpProtocol,
host=CONF.vnc.xvpvncproxy_host,
port=CONF.vnc.xvpvncproxy_port)

15
releasenotes/notes/remove-nova-xvpvncproxy-1c189cdff4b133e8.yaml Normal file
View File

@ -0,0 +1,15 @@
---
upgrade:
- |
The ``nova-xvpvncproxy`` service has been deprecated since the 19.0.0 Stein
release and has now been removed. The following configuration options have
also been removed:
* ``[vnc] xvpvncproxy_base_url``
* ``[vnc] xvpvncproxy_host``
* ``[vnc] xvpvncproxy_port``
* ``[xvp] console_xvp_conf_template``
* ``[xvp] console_xvp_conf``
* ``[xvp] console_xvp_log``
* ``[xvp] console_xvp_multiplex_port``
* ``[xvp] console_xvp_pid``

1
setup.cfg
View File

@ -76,7 +76,6 @@ console_scripts =
nova-serialproxy = nova.cmd.serialproxy:main
nova-spicehtml5proxy = nova.cmd.spicehtml5proxy:main
nova-status = nova.cmd.status:main
nova-xvpvncproxy = nova.cmd.xvpvncproxy:main
wsgi_scripts =
nova-api-wsgi = nova.api.openstack.compute.wsgi:init_application