于 2014年05月20日 23:27, shaohef(a)linux.vnet.ibm.com 写道:
From: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
Only the user who get the ticket can access the VM console.
the ticket will be invalid when its expire.
We just manange the VM create by kimchi.
We do not set the ticket for other VMs that created by other managerment tool.
Signed-off-by: ShaoHe Feng <shaohef(a)linux.vnet.ibm.com>
Signed-off-by: Zhou Zheng Sheng <zhshzhou(a)linux.vnet.ibm.com>
---
src/kimchi/control/vms.py | 1 +
src/kimchi/model/vms.py | 28 ++++++++++++++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/src/kimchi/control/vms.py b/src/kimchi/control/vms.py
index 508f478..e3c72d1 100644
--- a/src/kimchi/control/vms.py
+++ b/src/kimchi/control/vms.py
@@ -37,6 +37,7 @@ class VM(Resource):
self.uri_fmt = '/vms/%s'
for ident, node in sub_nodes.items():
setattr(self, ident, node(model, self.ident))
+ self.setticket = self.generate_action_handler('setticket')
self.start = self.generate_action_handler('start')
self.poweroff = self.generate_action_handler('poweroff')
self.shutdown = self.generate_action_handler('shutdown')
diff --git a/src/kimchi/model/vms.py b/src/kimchi/model/vms.py
index 17bda04..0daaea0 100644
--- a/src/kimchi/model/vms.py
+++ b/src/kimchi/model/vms.py
@@ -19,7 +19,10 @@
from lxml.builder import E
import lxml.etree as ET
+from lxml import etree, objectify
import os
+import random
+import string
import time
import uuid
from xml.etree import ElementTree
@@ -353,9 +356,14 @@ class VMModel(object):
graphics = self._vm_get_graphics(name)
graphics_type, graphics_listen, graphics_port = graphics
graphics_port = graphics_port if state == 'running' else None
+ passwd = None
try:
if state == 'running' and self._has_video(dom):
screenshot = self.vmscreenshot.lookup(name)
+ xml = dom.XMLDesc(libvirt.VIR_DOMAIN_XML_SECURE)
+ root = objectify.fromstring(xml)
+ graphic = root.devices.find("graphics")
+ passwd = graphic.attrib.get('passwd')
elif state == 'shutoff':
# reset vm stats when it is powered off to avoid sending
# incorrect (old) data
@@ -394,6 +402,7 @@ class VMModel(object):
'graphics': {"type": graphics_type,
"listen": graphics_listen,
"port": graphics_port},
+ 'ticket': passwd,
'users': users,
'groups': groups
}
@@ -513,6 +522,25 @@ class VMModel(object):
else:
raise OperationFailed("KCHVM0010E", {'name': name})
+ def setticket(self, name, password=None, expire=10):
+ dom = self.get_vm(name, self.conn)
+ version, distro = self.vm_get_os_metadata(dom)
+ if distro is None:
+ # this VM is not created by kimchi
+ return
+
+ xml = dom.XMLDesc(libvirt.VIR_DOMAIN_XML_SECURE)
+ root = objectify.fromstring(xml)
+ graphic = root.devices.find("graphics")
It seems the code for getting password can be extracted into a new
function then we can reuse it.
+ password = password if password is not None else
"".join(
+ random.sample(string.ascii_letters + string.digits, 8))
+ graphic.attrib['passwd'] = password
+ valid_to = time.strftime('%Y-%m-%dT%H:%M:%S',
+ time.gmtime(time.time() + float(expire)))
+ graphic.attrib['passwdValidTo'] = valid_to
+ graphic_xml = etree.tostring(graphic)
+ dom.updateDeviceFlags(graphic_xml, 0)
+
def _vmscreenshot_delete(self, vm_uuid):
screenshot = VMScreenshotModel.get_screenshot(vm_uuid, self.objstore,
self.conn)
--
Zhou Zheng Sheng / 周征晟
E-mail: zhshzhou(a)linux.vnet.ibm.com
Telephone: 86-10-82454397