DennisKonrad commented on issue #3296: [master] noVNC Console Integration URL: https://github.com/apache/cloudstack/pull/3296#issuecomment-588308185 @rhtyd I think novnc should be added as option and not as a complete replacement for the current console. The only change for that would be to not set novnc as the default in the global settings. <details><summary>If you have a complete replacement of the current console in mind that should be done by additional PRs and not by moving this PR into the far future. I responded to the complete list but to see it you have to click-open.</summary> <p> > * Test and support XenServer, VMware in addition to KVM I'll test KVM extensively. Also I think the community will pick up this PR for the other hypervisors. Never the less I know a lot of features that are merged for usage with single hypervisor with remark to the possibilty to expand them later (just take a look at vm ingestion merged by you and boris). > * Support TLS/secured vnc connection when libvirtd is secured by CA-framework for KVM This one I would like you to explain in more detail. If one uses CA framework you want it automatically to activate TLS for novnc? How would this work for a more complex setup like load balancing where TLS gets terminated at the load balancer? > * Validate the token exchange and security concerns (I've a bunch of test cases, plan in mind) That's great. We also have in mind to check this now that we figured out why the console was not working in our test env. > * Add support for active session management (allow only one view per VM), the active sessions reported by CPVM agent is used by the management server to add/remove more CPVMs in a zone In my opinion that is a feature to add later. Having multiple views per VM seems to be desirable. > * I personally prefer a java-based websockets proxy http/https server which can work with ^^ and give us more control over connection validation and security (esp with the CA framework), we probably want to reduce additional packages/dependencies. I'm also not sure if/how could python/websockify provide a way to track active sessions and manage connection security. It more or less sounds like you do want to reimplement this PR in java so it works with the CA framework? I understand the concers for security but let's do not mix that with the integration in the CA framework. > * Support for multiple keyboards (like the current console proxy, for example jp, uk, us, fr etc) That would indeed be great but in the "legacy" console this isn't working right now as well. > * While Hyper-V largely does not working out of the box, but legacy console proxy proxies RDP (I think) on Hyper-V and therefore we also need to find suitable replacement for rdp-vnc cross-over, or if newer HyperV can support native VNC (needs checking @PaulAngus) This PR implements novnc as option and I think it has to be off as default as well. It's cool that you want to implement HyperV support but I don't get why the milestone of this PR moves because of that? > * Provide an upgrade path for users and discuss whether in the next release we want to deprecate and remove the current console proxy or simply remove in the next (unless all existing requirements of legacy console proxy are replaced and novnc is tested in various environments, it's not best to simply remove the legacy console proxy) Like written above this PR is not replacing the "legacy" console. Why do you suggest deprecating the "legacy" console? </p> </details>
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
