[Kimchi-devel] [PATCH 2/4] ticket in backend: add a set ticket action for VM resource
Zhou Zheng Sheng
zhshzhou at linux.vnet.ibm.com
Sun May 25 15:48:42 UTC 2014
于 2014年05月20日 23:27, shaohef at linux.vnet.ibm.com 写道:
> From: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
>
> Only the user who get the ticket can access the VM console.
>
> the ticket will be invalid when its expire.
>
> We just manange the VM create by kimchi.
> We do not set the ticket for other VMs that created by other managerment tool.
>
> Signed-off-by: ShaoHe Feng <shaohef at linux.vnet.ibm.com>
> Signed-off-by: Zhou Zheng Sheng <zhshzhou at linux.vnet.ibm.com>
> ---
> src/kimchi/control/vms.py | 1 +
> src/kimchi/model/vms.py | 28 ++++++++++++++++++++++++++++
> 2 files changed, 29 insertions(+)
>
> diff --git a/src/kimchi/control/vms.py b/src/kimchi/control/vms.py
> index 508f478..e3c72d1 100644
> --- a/src/kimchi/control/vms.py
> +++ b/src/kimchi/control/vms.py
> @@ -37,6 +37,7 @@ class VM(Resource):
> self.uri_fmt = '/vms/%s'
> for ident, node in sub_nodes.items():
> setattr(self, ident, node(model, self.ident))
> + self.setticket = self.generate_action_handler('setticket')
> self.start = self.generate_action_handler('start')
> self.poweroff = self.generate_action_handler('poweroff')
> self.shutdown = self.generate_action_handler('shutdown')
> diff --git a/src/kimchi/model/vms.py b/src/kimchi/model/vms.py
> index 17bda04..0daaea0 100644
> --- a/src/kimchi/model/vms.py
> +++ b/src/kimchi/model/vms.py
> @@ -19,7 +19,10 @@
>
> from lxml.builder import E
> import lxml.etree as ET
> +from lxml import etree, objectify
> import os
> +import random
> +import string
> import time
> import uuid
> from xml.etree import ElementTree
> @@ -353,9 +356,14 @@ class VMModel(object):
> graphics = self._vm_get_graphics(name)
> graphics_type, graphics_listen, graphics_port = graphics
> graphics_port = graphics_port if state == 'running' else None
> + passwd = None
> try:
> if state == 'running' and self._has_video(dom):
> screenshot = self.vmscreenshot.lookup(name)
> + xml = dom.XMLDesc(libvirt.VIR_DOMAIN_XML_SECURE)
> + root = objectify.fromstring(xml)
> + graphic = root.devices.find("graphics")
> + passwd = graphic.attrib.get('passwd')
> elif state == 'shutoff':
> # reset vm stats when it is powered off to avoid sending
> # incorrect (old) data
> @@ -394,6 +402,7 @@ class VMModel(object):
> 'graphics': {"type": graphics_type,
> "listen": graphics_listen,
> "port": graphics_port},
> + 'ticket': passwd,
> 'users': users,
> 'groups': groups
> }
> @@ -513,6 +522,25 @@ class VMModel(object):
> else:
> raise OperationFailed("KCHVM0010E", {'name': name})
>
> + def setticket(self, name, password=None, expire=10):
> + dom = self.get_vm(name, self.conn)
> + version, distro = self.vm_get_os_metadata(dom)
> + if distro is None:
> + # this VM is not created by kimchi
> + return
> +
> + xml = dom.XMLDesc(libvirt.VIR_DOMAIN_XML_SECURE)
> + root = objectify.fromstring(xml)
> + graphic = root.devices.find("graphics")
It seems the code for getting password can be extracted into a new
function then we can reuse it.
> + password = password if password is not None else "".join(
> + random.sample(string.ascii_letters + string.digits, 8))
> + graphic.attrib['passwd'] = password
> + valid_to = time.strftime('%Y-%m-%dT%H:%M:%S',
> + time.gmtime(time.time() + float(expire)))
> + graphic.attrib['passwdValidTo'] = valid_to
> + graphic_xml = etree.tostring(graphic)
> + dom.updateDeviceFlags(graphic_xml, 0)
> +
> def _vmscreenshot_delete(self, vm_uuid):
> screenshot = VMScreenshotModel.get_screenshot(vm_uuid, self.objstore,
> self.conn)
>
--
Zhou Zheng Sheng / 周征晟
E-mail: zhshzhou at linux.vnet.ibm.com
Telephone: 86-10-82454397
More information about the Kimchi-devel
mailing list