openstack/nova
Code Issues Proposed changes
22470ebea0
nova/doc/source/runnova/vncconsole.rst
Anthony Young 8d010cacb5 Implements blueprint vnc-console-cleanup 
* Creates a unified way to access vnc consoles for xenserver and libvirt
 * Now supports both java and websocket clients
 * Removes nova-vncproxy - a replacement version of this (nova-novncproxy) can be found as described in vncconsole.rst
 * Adds nova-xvpvncproxy, which supports a java vnc client
 * Adds api extension to access java and novnc access_urls
 * Fixes proxy server to close/shutdown sockets more cleanly
 * Address style feedback
 * Use new-style extension format
 * Fix setup.py
 * utils.gen_uuid must be wrapped like str(utils.gen_uuid()) or it can't be serialized

Change-Id: I5e42e2f160e8e3476269bd64b0e8aa77e66c918c
2012-01-17 14:18:31 -08:00

132 lines
5.2 KiB
ReStructuredText
Raw Blame History

..
Copyright 2010-2011 United States Government as represented by the
Administrator of the National Aeronautics and Space Administration.
All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations
under the License.
Overview
========
The VNC Proxy is an OpenStack component that allows users of Nova to access
their instances through vnc clients. In essex and beyond, there is support
for for both libvirt and XenServer using both java and websocket cleints.
In general, a VNC console Connection works like so:
* User connects to api and gets an access_url like http://ip:port/?token=xyz
* User pastes url in browser or as client parameter
* Browser/Client connects to proxy
* Proxy authorizes users token, maps the token to a host and port of an
instance's VNC server
* Proxy initiates connection to VNC server, and continues proxying until
the session ends
Note that in general, the vnc proxy performs multiple functions:
* Bridges between public network (where clients live) and private network
(where vncservers live)
* Mediates token authentication
* Transparently deals with hypervisor-specific connection details to provide
a uniform client experience.
About nova-consoleauth
----------------------
Both client proxies leverage a shared service to manage token auth called
nova-consoleauth. This service must be running in order for for either proxy
to work. Many proxies of either type can be run against a single
nova-consoleauth service in a cluster configuration.
Getting an Access Url
---------------------
Nova provides the ability to create access_urls through the os-consoles extension.
Support for accessing this url is provided by novaclient:
# FIXME (sleepsonthefloor) update this branch name once client code merges
git clone https://github.com/cloudbuilders/python-novaclient
git checkout vnc_redux
. openrc # or whatever you use to load standard nova creds
nova get-vnc-console [server_id] [xvpvnc|novnc]
Accessing VNC Consoles with a Java client
-----------------------------------------
To enable support for the OpenStack java vnc client in nova, nova provides the
nova-xvpvncproxy service, which you should run to enable this feature.
* :option:`--xvpvncproxy_baseurl=[base url for client connections]` -
this is the public base url to which clients will connect. "?token=abc"
will be added to this url for the purposes of auth.
* :option:`--xvpvncproxy_port=[port]` - port to bind (defaults to 6081)
* :option:`--xvpvncproxy_host=[host]` - host to bind (defaults to 0.0.0.0)
As a client, you will need a special Java client, which is
a version of TightVNC slightly modified to support our token auth::
git clone https://github.com/cloudbuilders/nova-xvpvncviewer
cd nova-xvpvncviewer
make
Then, to create a session, first request an access url using python-novaclient
and then run the client like so::
# Retrieve access url
nova get-vnc-console [server_id] xvpvnc
# Run client
java -jar VncViewer.jar [access_url]
nova-vncproxy replaced with nova-novncproxy
-------------------------------------------
The previous vnc proxy, nova-vncproxy, has been removed from the nova source
tree and replaced with an improved server that can be found externally at
http://github.com/cloudbuilders/noVNC.git (in a branch called vnc_redux while
this patch is in review).
To use this nova-novncproxy:
git clone http://github.com/cloudbuilders/noVNC.git
git checkout vnc_redux
utils/nova-novncproxy --flagfile=[path to flagfile]
The --flagfile param should point to your nova config that includes the rabbit
server address and credentials.
By default, nova-novncproxy binds 0.0.0.0:6080. This can be configured with:
* :option:`--novncproxy_baseurl=[base url for client connections]` -
this is the public base url to which clients will connect. "?token=abc"
will be added to this url for the purposes of auth.
* :option:`--novncproxy_port=[port]`
* :option:`--novncproxy_host=[host]`
Accessing a vnc console through a web browser
---------------------------------------------
Retrieving an access_url for a web browser is similar to the flow for
the java client:
# Retrieve access url
nova get-vnc-console [server_id] novnc
# Then, paste the url into your web browser
Support for a streamlined flow via dashboard will land in essex.
Important Options
-----------------
* :option:`--vnc_enabled=[True|False]` - defaults to True. If this flag is
not set your instances will launch without vnc support.
* :option:`--vncserver_host=[instance vncserver host]` - defaults to 127.0.0.1
This is the address that vncservers will bind, and should be overridden in
production deployments as a private address. Applies to libvirt only.
View Git Blame Copy Permalink