Merge pull request #158 from ComputerScienceHouse/willnilges/remove-ssh

Remove SSH functionality from Proxstar
2025-02-12 13:01:51 +00:00 · 2022-08-18 20:02:44 -04:00 · 2022-08-18 20:02:44 -04:00 · b3d43f8d21
commit b3d43f8d21
parent 2c17d6988f 125d7fae51
9 changed files with 34 additions and 68 deletions
--- a/2
+++ b/2
@ -7,5 +7,5 @@ COPY start_worker.sh start_scheduler.sh .
 COPY .git ./.git
 COPY *.py .
 COPY proxstar ./proxstar
-RUN touch proxmox_ssh_key targets && chmod a+w proxmox_ssh_key targets # This is some OKD shit.
+RUN touch targets && chmod a+w targets # This is some OKD shit.
 ENTRYPOINT ddtrace-run gunicorn proxstar:app --bind=0.0.0.0:8080
--- a/HACKING/.env.template
+++ b/HACKING/.env.template
@ -26,9 +26,6 @@ PROXSTAR_PROXMOX_USER=api@pve
 PROXSTAR_PROXMOX_PASS= # Password for proxstar user
 PROXSTAR_PROXMOX_ISO_STORAGE=nfs-iso
 PROXSTAR_PROXMOX_VM_STORAGE=ceph
-PROXSTAR_PROXMOX_SSH_USER=root
-PROXSTAR_PROXMOX_SSH_KEY="" # Ask an RTP. This is gonna look like a certificate.
-PROXSTAR_PROXMOX_SSH_KEY_PASS= # Password for above certificate

 # STARRS
 PROXSTAR_STARRS_DB_HOST=proxstar-postgres
--- a/HACKING/build_env.sh
+++ b/HACKING/build_env.sh
@ -0,0 +1,2 @@
+#!/bin/bash
+podman build . --tag=proxstar 
--- a/config.py
+++ b/config.py
@ -37,10 +37,6 @@ PROXMOX_USER = environ.get('PROXSTAR_PROXMOX_USER', '')
 PROXMOX_PASS = environ.get('PROXSTAR_PROXMOX_PASS', '')
 PROXMOX_ISO_STORAGE = environ.get('PROXSTAR_PROXMOX_ISO_STORAGE', 'nfs-iso')
 PROXMOX_VM_STORAGE = environ.get('PROXSTAR_PROXMOX_VM_STORAGE', 'ceph')
-PROXMOX_SSH_USER = environ.get('PROXSTAR_PROXMOX_SSH_USER', '')
-PROXMOX_SSH_KEY = environ.get('PROXSTAR_PROXMOX_SSH_KEY', '')
-PROXMOX_SSH_KEY_PASS = environ.get('PROXSTAR_PROXMOX_SSH_KEY_PASS', '')
-
 # STARRS
 STARRS_DB_HOST = environ.get('PROXSTAR_STARRS_DB_HOST', '')
 STARRS_DB_NAME = environ.get('PROXSTAR_DB_NAME', 'starrs')
--- a/proxstar/init.py
+++ b/proxstar/init.py
@ -77,12 +77,6 @@ sentry_sdk.init(
    environment=app.config['SENTRY_ENV'],
 )

-if not os.path.exists('proxmox_ssh_key'):
-    with open('proxmox_ssh_key', 'w') as ssh_key_file:
-        ssh_key_file.write(app.config['PROXMOX_SSH_KEY'])
-
-ssh_tunnels = []
-
 auth = get_auth(app)

 redis_conn = Redis(app.config['REDIS_HOST'], app.config['REDIS_PORT'])
@ -258,6 +252,9 @@ def vm_power(vmid, action):
    connect_proxmox()
    if user.rtp or int(vmid) in user.allowed_vms:
        vm = VM(vmid)
+        vnc_token_key = f'vnc_token|{vmid}'
+        # For deleting the token from redis later
+        vnc_token = redis_conn.get(vnc_token_key).decode('utf-8')
        if action == 'start':
            vmconfig = vm.config
            usage_check = user.check_usage(vmconfig['cores'], vmconfig['memory'], 0)
@ -266,16 +263,18 @@ def vm_power(vmid, action):
            vm.start()
        elif action == 'stop':
            vm.stop()
-            # TODO (willnilges): Replace with remove target function or something
-            # send_stop_ssh_tunnel(vmid)
+            delete_vnc_target(token=vnc_token)
+            redis_conn.delete(vnc_token_key)
        elif action == 'shutdown':
            vm.shutdown()
-            # send_stop_ssh_tunnel(vmid)
+            delete_vnc_target(token=vnc_token)
+            redis_conn.delete(vnc_token_key)
        elif action == 'reset':
            vm.reset()
        elif action == 'suspend':
            vm.suspend()
-            # send_stop_ssh_tunnel(vmid)
+            delete_vnc_target(token=vnc_token)
+            redis_conn.delete(vnc_token_key)
        elif action == 'resume':
            vm.resume()
        return '', 200
@ -296,6 +295,7 @@ def vm_console(vmid):
        )
        node = f'{vm.node}.csh.rit.edu'
        token = add_vnc_target(node, vnc_port)
+        redis_conn.set(f'vnc_token|{vmid}', str(token))  # Store the VNC token in Redis.
        return {
            'host': app.config['VNC_HOST'],
            'port': app.config['VNC_PORT'],
@ -630,11 +630,6 @@ def health():

 def exit_handler():
    stop_websockify()
-    for tunnel in ssh_tunnels:
-        try:
-            tunnel.stop()
-        except:
-            pass


 atexit.register(exit_handler)
--- a/proxstar/proxmox.py
+++ b/proxstar/proxmox.py
@ -23,24 +23,6 @@ def connect_proxmox():
                raise


-def connect_proxmox_ssh():
-    for host in app.config['PROXMOX_HOSTS']:
-        try:
-            proxmox = ProxmoxAPI(
-                host,
-                user=app.config['PROXMOX_SSH_USER'],
-                private_key_file='proxmox_ssh_key',
-                password=app.config['PROXMOX_SSH_KEY_PASS'],
-                backend='ssh_paramiko',
-            )
-            proxmox.version.get()
-            return proxmox
-        except:
-            if app.config['PROXMOX_HOSTS'].index(host) == (len(app.config['PROXMOX_HOSTS']) - 1):
-                logging.error('unable to connect to any of the given Proxmox servers')
-                raise
-
-
 def get_node_least_mem(proxmox):
    nodes = proxmox.nodes.get()
    sorted_nodes = sorted(nodes, key=lambda x: ('mem' not in x, x.get('mem', None)))
--- a/proxstar/tasks.py
+++ b/proxstar/tasks.py
@ -6,6 +6,7 @@ import psycopg2
 import requests
 from flask import Flask
 from rq import get_current_job
+from redis import Redis
 from sqlalchemy import create_engine
 from sqlalchemy.orm import sessionmaker

@ -22,6 +23,7 @@ from proxstar.proxmox import connect_proxmox, get_pools
 from proxstar.starrs import get_next_ip, register_starrs, delete_starrs
 from proxstar.user import User, get_vms_for_rtp
 from proxstar.vm import VM, clone_vm, create_vm
+from proxstar.vnc import delete_vnc_target

 logging.basicConfig(format='%(asctime)s %(levelname)s %(message)s', level=logging.INFO)

@ -150,7 +152,16 @@ def process_expiring_vms_task():
                            vm.name, vm.id
                        )
                    )
-                    # send_stop_ssh_tunnel(vm.id) # TODO (willnilges): Remove target from targets file
+                    try:
+                        redis_conn = Redis(app.config['REDIS_HOST'], app.config['REDIS_PORT'])
+                        vmid = vm['vmid']
+                        vnc_token_key = f'vnc_token|{vmid}'
+                        vnc_token = redis_conn.get(vnc_token_key).decode('utf-8')
+                        delete_vnc_target(token=vnc_token)
+                        redis_conn.delete(vnc_token_key)
+                    except Exception as e:  # pylint: disable=W0703
+                        print(f'ERROR: Could not delete target from targets file: {e}')
+
                    delete_vm_task(vm.id)
            if expiring_vms:
                send_vm_expire_email(pool, expiring_vms)
--- a/proxstar/vnc.py
+++ b/proxstar/vnc.py
@ -3,10 +3,8 @@ import subprocess
 import time
 import urllib.parse

-from deprecated import deprecated
 import requests
 from flask import current_app as app
-from sshtunnel import SSHTunnelForwarder

 from proxstar import logging
 from proxstar.util import gen_password
@ -45,7 +43,6 @@ def get_vnc_targets():

 def add_vnc_target(node, port):
    # TODO (willnilges): This doesn't throw an error if the target file is wrong.
-    # TODO (willnilges): This will duplicate targets
    targets = get_vnc_targets()
    target = next((target for target in targets if target['host'] == f'{node}:{port}'), None)
    if target:
@ -59,15 +56,22 @@ def add_vnc_target(node, port):
        return token


-def delete_vnc_target(node, port):
+def delete_vnc_target(node=None, port=None, token=None):
    targets = get_vnc_targets()
-    target = next((target for target in targets if target['host'] == f'{node}:{port}'), None)
+    if node is not None and port is not None:
+        target = next((target for target in targets if target['host'] == f'{node}:{port}'), None)
+    elif token is not None:
+        target = next((target for target in targets if target['token'] == f'{token}'), None)
+    else:
+        raise ValueError('Need either a node and port, or a token.')
    if target:
        targets.remove(target)
        target_file = open(app.config['WEBSOCKIFY_TARGET_FILE'], 'w')
        for target in targets:
            target_file.write(f"{target['token']}: {target['host']}\n")
        target_file.close()
+    else:
+        raise LookupError('Target does not exist')


 def open_vnc_session(vmid, node, proxmox_user, proxmox_pass):
@ -103,22 +107,3 @@ def open_vnc_session(vmid, node, proxmox_user, proxmox_pass):
    ).json()['data']

    return urllib.parse.quote_plus(vncproxy_response_data['ticket']), vncproxy_response_data['port']
-
-
-@deprecated('No longer in use')
-def start_ssh_tunnel(node, port):
-    """Forwards a port on a node
-    to the proxstar container
-    """
-    port = int(port)
-
-    server = SSHTunnelForwarder(
-        node,
-        ssh_username=app.config['PROXMOX_SSH_USER'],
-        ssh_pkey='proxmox_ssh_key',
-        ssh_private_key_password=app.config['PROXMOX_SSH_KEY_PASS'],
-        remote_bind_address=('127.0.0.1', port),
-        local_bind_address=('127.0.0.1', port),
-    )
-    server.start()
-    return server
--- a/requirements.txt
+++ b/requirements.txt
@ -2,7 +2,6 @@ black~=21.9b0
 csh-ldap==2.4.0
 click~=7.1.2
 ddtrace~=1.2.1
-deprecated==1.2.13
 flask==1.1.4
 jinja2==2.11.3
 flask-pyoidc==1.3.0
@ -19,7 +18,6 @@ rq==1.10.1
 rq-dashboard==0.6.1
 rq-scheduler==0.10.0
 sqlalchemy==1.3.22
-sshtunnel==0.2.2
 tenacity==5.0.2
 websockify==0.9.0
 pylint==2.13.9