[Kimchi-devel] [PATCH 3/6] Make use of the mini Web server in the websockify

Aline Manera alinefm at linux.vnet.ibm.com
Fri May 2 00:49:22 UTC 2014


From: Aline Manera <alinefm at br.ibm.com>

Some browsers doesn't support well for the usage self-signed certs in the ssl
websocket connection. For details, please see:
https://github.com/kanaka/websockify/wiki/Encrypted-Connections

For chrome browser, the encrypted console connection should work after
you login with ssl connection. But for firefox, it does not show a
confirmation page for the user the accept the self-signed cert when
the HTTPs connection is started from a websocket.

So this patch makes use of the Web server in the websockify. The mini
Web server in the websockify can serve static contents like html, css
and js.
This patch add a simple HTMl file (vnc_auto.html) to pages/novnc and have
websockify serve this file.

When the user clicks the VNC icon, Kimchi brings the user to
https://host:64667/vnc_auto.html, which is served by websockify. Then
firefox would prompt a confirmation page for the self-signed cert. After
the user accept the cert, the user will be redirected to noVNC page
provided by Kimchi server.

It is important to have Kimchi providing the noVNC page to be able to
add authentication to console pages (vnc_auto.html and spice.html)

Signed-off-by: Aline Manera <alinefm at br.ibm.com>
Signed-off-by: Mark Wu <wudxw at linux.vnet.ibm.com>
Signed-off-by: Zhou Zheng Sheng <zhshzhou at linux.vnet.ibm.com>
---
 configure.ac                  |    1 +
 contrib/kimchi.spec.fedora.in |    1 +
 contrib/kimchi.spec.suse.in   |    1 +
 src/kimchi/vnc.py             |    3 ++-
 ui/js/src/kimchi.api.js       |    8 ++------
 ui/pages/Makefile.am          |    2 +-
 ui/pages/novnc/Makefile.am    |   20 ++++++++++++++++++++
 ui/pages/novnc/vnc_auto.html  |   22 ++++++++++++++++++++++
 8 files changed, 50 insertions(+), 8 deletions(-)
 create mode 100644 ui/pages/novnc/Makefile.am
 create mode 100644 ui/pages/novnc/vnc_auto.html

diff --git a/configure.ac b/configure.ac
index 7d76f97..a16bca5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -84,6 +84,7 @@ AC_CONFIG_FILES([
     ui/pages/help/en_US/Makefile
     ui/pages/help/pt_BR/Makefile
     ui/pages/help/zh_CN/Makefile
+    ui/pages/novnc/Makefile
     ui/pages/tabs/Makefile
     contrib/Makefile
     contrib/DEBIAN/Makefile
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
index 104c114..56314a2 100644
--- a/contrib/kimchi.spec.fedora.in
+++ b/contrib/kimchi.spec.fedora.in
@@ -179,6 +179,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/kimchi/ui/libs/themes/base/jquery-ui.min.css
 %{_datadir}/kimchi/ui/pages/*.html.tmpl
 %{_datadir}/kimchi/ui/pages/help/*/*.html
+%{_datadir}/kimchi/ui/pages/novnc/*.html.tmpl
 %{_datadir}/kimchi/ui/pages/tabs/*.html.tmpl
 %{_sysconfdir}/kimchi/kimchi.conf
 %{_sysconfdir}/kimchi/nginx.conf.in
diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
index 7704822..6e269d9 100644
--- a/contrib/kimchi.spec.suse.in
+++ b/contrib/kimchi.spec.suse.in
@@ -101,6 +101,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/kimchi/ui/libs/themes/base/jquery-ui.min.css
 %{_datadir}/kimchi/ui/pages/*.html.tmpl
 %{_datadir}/kimchi/ui/pages/help/*/*.html
+%{_datadir}/kimchi/ui/pages/novnc/*.html.tmpl
 %{_datadir}/kimchi/ui/pages/tabs/*.html.tmpl
 %{_sysconfdir}/kimchi/kimchi.conf
 %{_sysconfdir}/kimchi/nginx.conf.in
diff --git a/src/kimchi/vnc.py b/src/kimchi/vnc.py
index 3251f06..3f483f6 100644
--- a/src/kimchi/vnc.py
+++ b/src/kimchi/vnc.py
@@ -44,7 +44,8 @@ def new_ws_proxy():
 
     cmd = os.path.join(os.path.dirname(__file__), 'websockify.py')
     args = ['python', cmd, config.get('display', 'display_proxy_port'),
-            '--target-config', WS_TOKENS_DIR, '--cert', cert, '--key', key]
+            '--target-config', WS_TOKENS_DIR, '--cert', cert, '--key', key,
+            '--web', os.path.join(paths.ui_dir, 'pages/novnc')]
     p = subprocess.Popen(args, close_fds=True)
     return p
 
diff --git a/ui/js/src/kimchi.api.js b/ui/js/src/kimchi.api.js
index 6fcac6d..dcf9bd1 100644
--- a/ui/js/src/kimchi.api.js
+++ b/ui/js/src/kimchi.api.js
@@ -318,20 +318,16 @@ var kimchi = {
             type : 'GET',
             dataType : 'json'
         }).done(function(data, textStatus, xhr) {
-            http_port = data['http_port'];
             proxy_port = data['display_proxy_port'];
             kimchi.requestJSON({
                 url : "/vms/" + encodeURIComponent(vm) + "/connect",
                 type : "POST",
                 dataType : "json"
             }).done(function() {
-                /**
-                 * Due to problems with web sockets and self-signed
-                 * certificates, for now we will always redirect to http
-                 */
-                url = 'http://' + location.hostname + ':' + http_port;
+                url = 'https://' + location.hostname + ':' + proxy_port;
                 url += "/vnc_auto.html?port=" + proxy_port;
                 url += "&path=?token=" + encodeURIComponent(vm);
+                url += "&kimchi=" + location.port;
                 url += '&encrypt=1'
                 window.open(url);
             });
diff --git a/ui/pages/Makefile.am b/ui/pages/Makefile.am
index 0c04a72..c3e61db 100644
--- a/ui/pages/Makefile.am
+++ b/ui/pages/Makefile.am
@@ -15,7 +15,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-SUBDIRS = help tabs
+SUBDIRS = help tabs novnc
 
 htmldir = $(datadir)/kimchi/ui/pages
 
diff --git a/ui/pages/novnc/Makefile.am b/ui/pages/novnc/Makefile.am
new file mode 100644
index 0000000..f93f0c8
--- /dev/null
+++ b/ui/pages/novnc/Makefile.am
@@ -0,0 +1,20 @@
+#
+# Kimchi
+#
+# Copyright IBM, Corp. 2014
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+novnchtmldir = $(datadir)/kimchi/ui/pages/novnc
+
+dist_novnchtml_DATA = $(wildcard *.html.tmpl) $(NULL)
diff --git a/ui/pages/novnc/vnc_auto.html b/ui/pages/novnc/vnc_auto.html
new file mode 100644
index 0000000..f702dc9
--- /dev/null
+++ b/ui/pages/novnc/vnc_auto.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script type="text/javascript">
+      redirectToKimchi = function() {
+        var query = window.location.search;
+        var match = /.*kimchi=(.*?)(&|$)/g.exec(query);
+        if (match != null) {
+            query = query.replace("kimchi=" + match[1] + "&", "")
+            query = query.replace("kimchi=" + match[1], "")
+
+            url = "https://" + location.hostname + ":" + match[1];
+            url += location.pathname + query
+
+            window.location.replace(url)
+        }
+      }
+    </script>
+  </head>
+
+  <body onload="redirectToKimchi()"/>
+</html>
-- 
1.7.10.4




More information about the Kimchi-devel mailing list