[Engine-devel] Adding VNC support

Itamar Heim iheim at redhat.com
Wed Aug 1 04:42:06 UTC 2012


On 07/31/2012 11:44 PM, snmishra at linux.vnet.ibm.com wrote:
>
> Quoting Ewoud Kohl van Wijngaarden <ewoud+ovirt at kohlvanwijngaarden.nl>:
>
>> On Tue, Jul 31, 2012 at 09:44:10AM -0400, Alon Bar-Lev wrote:
>>> Ewoud Kohl van Wijngaarden wrote:
>>> > On Tue, Jul 31, 2012 at 10:09:26AM +0100, Daniel P. Berrange wrote:
>>> > > On Tue, Jul 31, 2012 at 09:18:50AM +0300, Itamar Heim wrote:
>>> > > > On 07/26/2012 05:36 PM, snmishra at linux.vnet.ibm.com wrote:
>>> > > > 5.2 novnc websocket server - i see three options
>>> > > >
>>> > > > 5.2.1 extend qemu to do this, so novnc can connect to it directly
>>> > > > like we do today for vnc/spice
>>> > >
>>> > > I don't think this is a desirable approach. One of the nice
>>> > > benefits
>>> > > you gain from using a websocket proxy is that you only need to have
>>> > > one single TCP port exposed to the internet now. If you put
>>> > > websockets
>>> > > in QEMU itself, you'd be stuck with having to open your firewall to
>>> > > allow 100's of ports. With a separate web proxy, you can even make
>>> > > each QEMU server now use a local UNIX socket for their VNC server,
>>> > > since only the proxy needs to be able to connect. This means that
>>> > > the VNC server would no longer be exposed to random local user
>>> > > access too.
>>> >
>>> > Another benefit of a proxy is that you can run it in a DMZ and not
>>> > have
>>> > to expose all your virtualization hosts to the internet.
>>>
>>> But this way you do expose them :)
>>
>> Since I've worked with VNCAuthProxy I'll explain how that works.
>>
>> First of all it listens on a control port. This can be inside the
>> firewall and has a simple JSON-based protocol. On this control port you
>> can ask it to open a connection on port X to virt-host.example.org:Y.
>> virt-host.example.org can also be behind the firewall and now only port
>> X is exposed to the internet.
>
> I am coming from the libvirt/libvirt-cim world and I don't completely
> follow this discussion. In libvrt-cim (higher level layer using libvirt
> to create and manage VMs), we took the input from user on what VNC IP,
> port, vncpassword etc. the user wants to use to access the VM and
> created a libvirt XML using these user provided values. This XML was
> then passed to libvirt which created the new VM and magically set vnc
> up. The user then opened any VNC viewer of their choice to access the
> VM. If ovirt is using libvirt, why can't we use the same magic?

that's already implemented today - you can click the UI to get a dialog 
with the vnc details and open the session yourself.
the thread discussed something which will launch vnc from the browser 
for you.
launching from browser has 3 ways:
- browser wrapper - activex, xpi, etc.
- mime based
- html based - like the novnc client
(well, also java applet based but less used today)

>
> Pardon my ignorance here.
> -Sharad Mishra
>
>> _______________________________________________
>> Engine-devel mailing list
>> Engine-devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/engine-devel
>
>
>
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel





More information about the Devel mailing list