on 2014/05/02 08:49, Aline Manera wrote:
From: Aline Manera <alinefm(a)br.ibm.com>
Some browsers doesn't support well for the usage self-signed certs in the ssl
websocket connection. For details, please see:
https://github.com/kanaka/websockify/wiki/Encrypted-Connections
For chrome browser, the encrypted console connection should work after
you login with ssl connection. But for firefox, it does not show a
confirmation page for the user the accept the self-signed cert when
the HTTPs connection is started from a websocket.
So this patch makes use of the Web server in the websockify. The mini
Web server in the websockify can serve static contents like html, css
and js.
This patch add a simple HTMl file (vnc_auto.html) to pages/novnc and have
websockify serve this file.
When the user clicks the VNC icon, Kimchi brings the user to
https://host:64667/vnc_auto.html, which is served by websockify. Then
firefox would prompt a confirmation page for the self-signed cert. After
the user accept the cert, the user will be redirected to noVNC page
provided by Kimchi server.
It is important to have Kimchi providing the noVNC page to be able to
add authentication to console pages (vnc_auto.html and spice.html)
Signed-off-by: Aline Manera <alinefm(a)br.ibm.com>
Signed-off-by: Mark Wu <wudxw(a)linux.vnet.ibm.com>
Signed-off-by: Zhou Zheng Sheng <zhshzhou(a)linux.vnet.ibm.com>
---
configure.ac | 1 +
contrib/kimchi.spec.fedora.in | 1 +
contrib/kimchi.spec.suse.in | 1 +
src/kimchi/vnc.py | 3 ++-
ui/js/src/kimchi.api.js | 8 ++------
ui/pages/Makefile.am | 2 +-
ui/pages/novnc/Makefile.am | 20 ++++++++++++++++++++
ui/pages/novnc/vnc_auto.html | 22 ++++++++++++++++++++++
8 files changed, 50 insertions(+), 8 deletions(-)
create mode 100644 ui/pages/novnc/Makefile.am
create mode 100644 ui/pages/novnc/vnc_auto.html
diff --git a/configure.ac b/configure.ac
index 7d76f97..a16bca5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -84,6 +84,7 @@ AC_CONFIG_FILES([
ui/pages/help/en_US/Makefile
ui/pages/help/pt_BR/Makefile
ui/pages/help/zh_CN/Makefile
+ ui/pages/novnc/Makefile
ui/pages/tabs/Makefile
contrib/Makefile
contrib/DEBIAN/Makefile
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
index 104c114..56314a2 100644
--- a/contrib/kimchi.spec.fedora.in
+++ b/contrib/kimchi.spec.fedora.in
@@ -179,6 +179,7 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/kimchi/ui/libs/themes/base/jquery-ui.min.css
%{_datadir}/kimchi/ui/pages/*.html.tmpl
%{_datadir}/kimchi/ui/pages/help/*/*.html
+%{_datadir}/kimchi/ui/pages/novnc/*.html.tmpl
I think it should be *.html not *.html.tmpl
%{_datadir}/kimchi/ui/pages/tabs/*.html.tmpl
%{_sysconfdir}/kimchi/kimchi.conf
%{_sysconfdir}/kimchi/nginx.conf.in
diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
index 7704822..6e269d9 100644
--- a/contrib/kimchi.spec.suse.in
+++ b/contrib/kimchi.spec.suse.in
@@ -101,6 +101,7 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/kimchi/ui/libs/themes/base/jquery-ui.min.css
%{_datadir}/kimchi/ui/pages/*.html.tmpl
%{_datadir}/kimchi/ui/pages/help/*/*.html
+%{_datadir}/kimchi/ui/pages/novnc/*.html.tmpl
Same as above.
%{_datadir}/kimchi/ui/pages/tabs/*.html.tmpl
%{_sysconfdir}/kimchi/kimchi.conf
%{_sysconfdir}/kimchi/nginx.conf.in
diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
index 3251f06..3f483f6 100644
--- a/src/kimchi/vnc.py
+++ b/src/kimchi/vnc.py
@@ -44,7 +44,8 @@ def new_ws_proxy():
cmd = os.path.join(os.path.dirname(__file__), 'websockify.py')
args = ['python', cmd, config.get('display',
'display_proxy_port'),
- '--target-config', WS_TOKENS_DIR, '--cert', cert,
'--key', key]
+ '--target-config', WS_TOKENS_DIR, '--cert', cert,
'--key', key,
+ '--web', os.path.join(paths.ui_dir, 'pages/novnc')]
p = subprocess.Popen(args, close_fds=True)
return p
diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
index 6fcac6d..dcf9bd1 100644
--- a/ui/js/src/kimchi.api.js
+++ b/ui/js/src/kimchi.api.js
@@ -318,20 +318,16 @@ var kimchi = {
type : 'GET',
dataType : 'json'
}).done(function(data, textStatus, xhr) {
- http_port = data['http_port'];
proxy_port = data['display_proxy_port'];
kimchi.requestJSON({
url : "/vms/" + encodeURIComponent(vm) +
"/connect",
type : "POST",
dataType : "json"
}).done(function() {
- /**
- * Due to problems with web sockets and self-signed
- * certificates, for now we will always redirect to http
- */
- url = 'http://' + location.hostname + ':' + http_port;
+ url = 'https://' + location.hostname + ':' +
proxy_port;
url += "/vnc_auto.html?port=" + proxy_port;
url += "&path=?token=" + encodeURIComponent(vm);
+ url += "&kimchi=" + location.port;
url += '&encrypt=1'
window.open(url);
});
diff --git a/ui/pages/Makefile.am b/ui/pages/Makefile.am
index 0c04a72..c3e61db 100644
--- a/ui/pages/Makefile.am
+++ b/ui/pages/Makefile.am
@@ -15,7 +15,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-SUBDIRS = help tabs
+SUBDIRS = help tabs novnc
htmldir = $(datadir)/kimchi/ui/pages
diff --git a/ui/pages/novnc/Makefile.am b/ui/pages/novnc/Makefile.am
new file mode 100644
index 0000000..f93f0c8
--- /dev/null
+++ b/ui/pages/novnc/Makefile.am
@@ -0,0 +1,20 @@
+#
+# Kimchi
+#
+# Copyright IBM, Corp. 2014
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#
http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+novnchtmldir = $(datadir)/kimchi/ui/pages/novnc
+
+dist_novnchtml_DATA = $(wildcard *.html.tmpl) $(NULL)
I think it should be just "vnc_auto.html", since there is no
".html.tmpl" file in this directory.
diff --git a/ui/pages/novnc/vnc_auto.html
b/ui/pages/novnc/vnc_auto.html
new file mode 100644
index 0000000..f702dc9
--- /dev/null
+++ b/ui/pages/novnc/vnc_auto.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <script type="text/javascript">
+ redirectToKimchi = function() {
+ var query = window.location.search;
+ var match = /.*kimchi=(.*?)(&|$)/g.exec(query);
+ if (match != null) {
+ query = query.replace("kimchi=" + match[1] + "&",
"")
+ query = query.replace("kimchi=" + match[1], "")
+
+ url = "https://" + location.hostname + ":" + match[1];
+ url += location.pathname + query
+
+ window.location.replace(url)
+ }
+ }
+ </script>
+ </head>
+
+ <body onload="redirectToKimchi()"/>
+</html>
--
Zhou Zheng Sheng / 周征晟
E-mail: zhshzhou(a)linux.vnet.ibm.com
Telephone: 86-10-82454397