external/proxstar
1
0
Fork 0
mirror of https://github.com/ComputerScienceHouse/proxstar.git synced 2025-03-09 15:40:09 +00:00
Code Issues Releases Wiki Activity

Update VNC functionality for Proxmox 7 (#148)

Browse source 
Chown `targets`, Add run and kill scripts

Lol Joe figured it out

* Dude it works holy shit

We need to fix some logistical bugs, probably, and also like remove dead
code lol

* Open VNC session on the node that the VM belongs

Figured out why I couldn't open a session on anything but 01. It was
because I was making the API call on proxmox01-nrh. So that's where the
session opened. I hope that by doing this, it will balance the load
(what little there is) from VNC sessions.

* Update websockify-related tasks

* Remove SSH key from build

* Add option to specify VNC port.

Should be 443 for OKD, probably 8081 for development.

This hosts a smattering of fixes, acutally uses gunicorn properly(?),
launches websockify correctly, and introduces MORE DEAD CODE!

TODO: Fix the scheduling system

* Make things not crash as much :)

* Remove obviously dead code

There's still some code in here that may require more careful
extraction, testing, and review, so I'm saving that for another PR.

* Fix Joe's complaints

* Replace hardcoded URL
This commit is contained in:
Willard Nilges 2022-07-29 20:56:00 -04:00 committed by GitHub
parent 3bad0f003c
commit 2c17d6988f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 213 additions and 144 deletions
Download patch file Download diff file Expand all files Collapse all files

108
proxstar/__init__.py
View file

@ -6,13 +6,25 @@ import logging
import subprocess
import psutil
import psycopg2
# from gunicorn_conf import start_websockify
import rq_dashboard
from rq import Queue
from redis import Redis
from rq_scheduler import Scheduler
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from flask import Flask, render_template, request, redirect, session, abort, url_for, jsonify
from flask import (
Flask,
render_template,
request,
redirect,
session,
abort,
url_for,
jsonify,
Response,
)
import sentry_sdk
from sentry_sdk.integrations.flask import FlaskIntegration
from sentry_sdk.integrations.rq import RqIntegration
@ -34,13 +46,11 @@ from proxstar.db import (
set_template_info,
)
from proxstar.vnc import (
send_stop_ssh_tunnel,
stop_ssh_tunnel,
add_vnc_target,
start_ssh_tunnel,
get_vnc_targets,
delete_vnc_target,
stop_websockify,
open_vnc_session,
)
from proxstar.auth import get_auth
from proxstar.util import gen_password
@ -67,8 +77,9 @@ sentry_sdk.init(
environment=app.config['SENTRY_ENV'],
)
with open('proxmox_ssh_key', 'w') as ssh_key_file:
ssh_key_file.write(app.config['PROXMOX_SSH_KEY'])
if not os.path.exists('proxmox_ssh_key'):
with open('proxmox_ssh_key', 'w') as ssh_key_file:
ssh_key_file.write(app.config['PROXMOX_SSH_KEY'])
ssh_tunnels = []
@ -142,14 +153,22 @@ app.register_blueprint(rq_dashboard_blueprint, url_prefix='/rq')
@app.errorhandler(404)
def not_found(e):
user = User(session['userinfo']['preferred_username'])
return render_template('404.html', user=user, e=e), 404
try:
user = User(session['userinfo']['preferred_username'])
return render_template('404.html', user=user, e=e), 404
except KeyError as exception:
print(exception)
return render_template('404.html', user='chom', e=e), 404
@app.errorhandler(403)
def forbidden(e):
user = User(session['userinfo']['preferred_username'])
return render_template('403.html', user=user, e=e), 403
try:
user = User(session['userinfo']['preferred_username'])
return render_template('403.html', user=user, e=e), 403
except KeyError as exception:
print(exception)
return render_template('403.html', user='chom', e=e), 403
@app.route('/')
@ -247,15 +266,16 @@ def vm_power(vmid, action):
vm.start()
elif action == 'stop':
vm.stop()
send_stop_ssh_tunnel(vmid)
# TODO (willnilges): Replace with remove target function or something
# send_stop_ssh_tunnel(vmid)
elif action == 'shutdown':
vm.shutdown()
send_stop_ssh_tunnel(vmid)
# send_stop_ssh_tunnel(vmid)
elif action == 'reset':
vm.reset()
elif action == 'suspend':
vm.suspend()
send_stop_ssh_tunnel(vmid)
# send_stop_ssh_tunnel(vmid)
elif action == 'resume':
vm.resume()
return '', 200
@ -263,31 +283,26 @@ def vm_power(vmid, action):
return '', 403
@app.route('/console/vm/<string:vmid>/stop', methods=['POST'])
def vm_console_stop(vmid):
if request.form['token'] == app.config['VNC_CLEANUP_TOKEN']:
stop_ssh_tunnel(vmid, ssh_tunnels)
return '', 200
else:
return '', 403
@app.route('/console/vm/<string:vmid>', methods=['POST'])
@auth.oidc_auth
def vm_console(vmid):
user = User(session['userinfo']['preferred_username'])
connect_proxmox()
if user.rtp or int(vmid) in user.allowed_vms:
# import pdb; pdb.set_trace()
vm = VM(vmid)
stop_ssh_tunnel(vm.id, ssh_tunnels)
port = str(5900 + int(vmid))
token = add_vnc_target(port)
node = '{}.csh.rit.edu'.format(vm.node)
logging.info('creating SSH tunnel to %s for VM %s', node, vm.id)
tunnel = start_ssh_tunnel(node, port)
ssh_tunnels.append(tunnel)
vm.start_vnc(port)
return token, 200
vnc_ticket, vnc_port = open_vnc_session(
vmid, vm.node, app.config['PROXMOX_USER'], app.config['PROXMOX_PASS']
)
node = f'{vm.node}.csh.rit.edu'
token = add_vnc_target(node, vnc_port)
return {
'host': app.config['VNC_HOST'],
'port': app.config['VNC_PORT'],
'token': token,
'password': vnc_ticket,
}, 200
else:
return '', 403
@ -399,7 +414,7 @@ def delete(vmid):
user = User(session['userinfo']['preferred_username'])
connect_proxmox()
if user.rtp or int(vmid) in user.allowed_vms:
send_stop_ssh_tunnel(vmid)
# send_stop_ssh_tunnel(vmid)
# Submit the delete VM task to RQ
q.enqueue(delete_vm_task, vmid)
return '', 200
@ -571,29 +586,12 @@ def allowed_users(user):
@app.route('/console/cleanup', methods=['POST'])
def cleanup_vnc():
if request.form['token'] == app.config['VNC_CLEANUP_TOKEN']:
for target in get_vnc_targets():
tunnel = next(
(tunnel for tunnel in ssh_tunnels if tunnel.local_bind_port == int(target['port'])),
None,
)
if tunnel:
if not next(
(
conn
for conn in psutil.net_connections()
if conn.laddr[1] == int(target['port']) and conn.status == 'ESTABLISHED'
),
None,
):
try:
tunnel.stop()
except:
pass
ssh_tunnels.remove(tunnel)
delete_vnc_target(target['port'])
return '', 200
else:
return '', 403
print('Cleaning up targets file...')
with open(app.config['WEBSOCKIFY_TARGET_FILE'], 'w') as targets:
targets.truncate()
return '', 200
print('Got bad cleanup request')
return '', 403
@app.route('/template/<string:template_id>/disk')

8
proxstar/static/js/script.js
View file

@ -650,9 +650,11 @@ $("#console-vm").click(function(){
credentials: 'same-origin',
method: 'post'
}).then((response) => {
return response.text()
}).then((token) => {
window.open(`/static/noVNC/vnc.html?autoconnect=true&encrypt=true&host=proxstar-vnc.csh.rit.edu&port=443&path=path?token=${token}`, '_blank');
return response.json()
}).then((vnc_params) => {
// TODO (willnilges): encrypt=true
// TODO (willnilges): set host and port to an env variable
window.open(`/static/noVNC/vnc.html?autoconnect=true&password=${vnc_params.password}&host=${vnc_params.host}&port=${vnc_params.port}&path=path?token=${vnc_params.token}`, '_blank');
}).catch(err => {
if (err) {
swal("Uh oh...", `Unable to start console for ${vmname}. Please try again later.`, "error");

28
proxstar/tasks.py
View file

@ -22,7 +22,6 @@ from proxstar.proxmox import connect_proxmox, get_pools
from proxstar.starrs import get_next_ip, register_starrs, delete_starrs
from proxstar.user import User, get_vms_for_rtp
from proxstar.vm import VM, clone_vm, create_vm
from proxstar.vnc import send_stop_ssh_tunnel
logging.basicConfig(format='%(asctime)s %(levelname)s %(message)s', level=logging.INFO)
@ -151,7 +150,7 @@ def process_expiring_vms_task():
vm.name, vm.id
)
)
send_stop_ssh_tunnel(vm.id)
# send_stop_ssh_tunnel(vm.id) # TODO (willnilges): Remove target from targets file
delete_vm_task(vm.id)
if expiring_vms:
send_vm_expire_email(pool, expiring_vms)
@ -227,8 +226,23 @@ def setup_template_task(template_id, name, user, ssh_key, cores, memory):
def cleanup_vnc_task():
requests.post(
'https://{}/console/cleanup'.format(app.config['SERVER_NAME']),
data={'token': app.config['VNC_CLEANUP_TOKEN']},
verify=False,
)
"""Removes all open VNC sessions. This runs in the RQ worker, and so
needs to be routed properly via the Proxstar API
TODO (willnilges): Use API, track the task IDs, and kill only the finished
ones every couple of minutes
https://github.com/ComputerScienceHouse/proxstar/issues/153
"""
print('Clearing vnc targets')
with open(app.config['WEBSOCKIFY_TARGET_FILE'], 'w') as targets:
targets.truncate()
# FIXME (willnilges): This... might be working...?
try:
requests.post(
'https://{}/console/cleanup'.format(app.config['SERVER_NAME']),
data={'token': app.config['VNC_CLEANUP_TOKEN']},
verify=False,
)
except Exception as e: # pylint: disable=W0703
print(e)

7
proxstar/vm.py
View file

@ -262,13 +262,6 @@ class VM:
iso = 'None'
return iso
def start_vnc(self, port):
proxmox = connect_proxmox()
port = str(int(port) - 5900)
proxmox.nodes(self.node).qemu(self.id).monitor.post(
command='change vnc 127.0.0.1:{}'.format(port)
)
@retry(wait=wait_fixed(2), stop=stop_after_attempt(5))
def eject_iso(self):
proxmox = connect_proxmox()

99
proxstar/vnc.py
View file

@ -1,7 +1,9 @@
import os
import subprocess
import time
import urllib.parse
from deprecated import deprecated
import requests
from flask import current_app as app
from sshtunnel import SSHTunnelForwarder
@ -13,14 +15,18 @@ from proxstar.util import gen_password
def stop_websockify():
result = subprocess.run(['pgrep', 'websockify'], stdout=subprocess.PIPE, check=False)
if result.stdout:
pid = result.stdout.strip()
subprocess.run(['kill', pid], stdout=subprocess.PIPE, check=False)
time.sleep(3)
if subprocess.run(['pgrep', 'websockify'], stdout=subprocess.PIPE, check=False).stdout:
time.sleep(10)
pids = result.stdout.splitlines()
for pid in pids:
subprocess.run(['kill', pid], stdout=subprocess.PIPE, check=False)
# FIXME (willnilges): Willard is lazy.
time.sleep(1)
if subprocess.run(['pgrep', 'websockify'], stdout=subprocess.PIPE, check=False).stdout:
logging.info("websockify didn't stop, killing forcefully")
subprocess.run(['kill', '-9', pid], stdout=subprocess.PIPE, check=False)
time.sleep(5)
if subprocess.run(
['pgrep', 'websockify'], stdout=subprocess.PIPE, check=False
).stdout:
logging.info("websockify didn't stop, killing forcefully")
subprocess.run(['kill', '-9', pid], stdout=subprocess.PIPE, check=False)
def get_vnc_targets():
@ -31,38 +37,81 @@ def get_vnc_targets():
target_dict = {}
values = line.strip().split(':')
target_dict['token'] = values[0]
target_dict['port'] = values[2]
target_dict['host'] = f'{values[1].strip()}:{values[2]}'
targets.append(target_dict)
target_file.close()
return targets
def add_vnc_target(port):
def add_vnc_target(node, port):
# TODO (willnilges): This doesn't throw an error if the target file is wrong.
# TODO (willnilges): This will duplicate targets
targets = get_vnc_targets()
target = next((target for target in targets if target['port'] == port), None)
target = next((target for target in targets if target['host'] == f'{node}:{port}'), None)
if target:
print('Host is already in the targets file')
return target['token']
else:
target_file = open(app.config['WEBSOCKIFY_TARGET_FILE'], 'a')
token = gen_password(32, 'abcdefghijklmnopqrstuvwxyz0123456789')
target_file.write('{}: 127.0.0.1:{}\n'.format(token, str(port)))
target_file.write(f'{token}: {node}:{port}\n')
target_file.close()
return token
def delete_vnc_target(port):
def delete_vnc_target(node, port):
targets = get_vnc_targets()
target = next((target for target in targets if target['port'] == str(port)), None)
target = next((target for target in targets if target['host'] == f'{node}:{port}'), None)
if target:
targets.remove(target)
target_file = open(app.config['WEBSOCKIFY_TARGET_FILE'], 'w')
for target in targets:
target_file.write('{}: 127.0.0.1:{}\n'.format(target['token'], target['port']))
target_file.write(f"{target['token']}: {target['host']}\n")
target_file.close()
def open_vnc_session(vmid, node, proxmox_user, proxmox_pass):
"""Pings the Proxmox API to request a VNC Proxy connection. Authenticates
against the API using a Uname/Pass, gets a few tokens back, then uses those
tokens to open the VNC Proxy. Use these to connect to the VM's host with
websockify proxy.
Returns: Ticket to use as the noVNC password, and a port.
"""
# Get Proxmox API ticket and CSRF_Prevention_Token
# TODO (willnilges): Use Proxmoxer to get this information
# TODO (willnilges): Report errors
data = {'username': proxmox_user, 'password': proxmox_pass}
response_data = requests.post(
f'https://{node}.csh.rit.edu:8006/api2/json/access/ticket',
verify=False,
data=data,
).json()['data']
if response_data is None:
raise requests.AuthenticationError(
'Could not authenticate against `ticket` endpoint! Check uname/password'
)
csrf_prevention_token = response_data['CSRFPreventionToken']
ticket = response_data['ticket']
proxy_params = {'node': node, 'vmid': str(vmid), 'websocket': '1', 'generate-password': '0'}
vncproxy_response_data = requests.post(
f'https://{node}.csh.rit.edu:8006/api2/json/nodes/{node}/qemu/{vmid}/vncproxy',
verify=False,
timeout=5,
params=proxy_params,
headers={'CSRFPreventionToken': csrf_prevention_token},
cookies={'PVEAuthCookie': ticket},
).json()['data']
return urllib.parse.quote_plus(vncproxy_response_data['ticket']), vncproxy_response_data['port']
@deprecated('No longer in use')
def start_ssh_tunnel(node, port):
"""Forwards a port on a node
to the proxstar container
"""
port = int(port)
server = SSHTunnelForwarder(
node,
ssh_username=app.config['PROXMOX_SSH_USER'],
@ -73,25 +122,3 @@ def start_ssh_tunnel(node, port):
)
server.start()
return server
def stop_ssh_tunnel(vmid, ssh_tunnels):
# Tear down the SSH tunnel and VNC target entry for a given VM
port = 5900 + int(vmid)
tunnel = next((tunnel for tunnel in ssh_tunnels if tunnel.local_bind_port == port), None)
if tunnel:
logging.info('tearing down SSH tunnel for VM %s', vmid)
try:
tunnel.stop()
except:
pass
ssh_tunnels.remove(tunnel)
delete_vnc_target(port)
def send_stop_ssh_tunnel(vmid):
requests.post(
'https://{}/console/vm/{}/stop'.format(app.config['SERVER_NAME'], vmid),
data={'token': app.config['VNC_CLEANUP_TOKEN']},
verify=False,
)