Part of the other grand plan of it, would allow the removal of the DNS/SSL Wildcard configuration required to use a console, or at least make the SSL portion a bit more flexible.
> On Jan 25, 2015, at 11:26 PM, Marcus <[email protected]> wrote: > > I've had some experience with this, in particular with KVM. For > administrators we distributed a simple script that would call virt-viewer, > which is more or less a VNC client that is distributed along with tools > like virsh. It knows how to connect to a VM console by the name defined in > libvirt, and can do so over ssh using your admin credentials for the > hypervisor. The script could use api access to know which hypervisor and VM > name to pass to virt-viewer, but what we did was use a custom URL handler > in our browsers and the tweaked the console button to fire that off instead > of open a console proxy window. We also had an applescript that would > launch "chicken of the VNC" in a similar manner by creating an ssh tunnel > and connecting CotVNC locally. Sounds tricky but was relatively easy for > the admins to script up without developer help. > > For customers, we did much along the lines of what you're talking about, > since it distributes the VNC work to individual browsers and scales. > There's a websocket proxy often used with novnc. We had to first make some > modifications to CloudStack in the form of an api call that would return > hypervisor IP and VNC port given a VM id. Then we could feed that to novnc, > and we additionally had to modify the proxy for authentication. I honestly > don't remember exactly how it was all put together, I just remember the api > call and some minor changes to tthe proxy and novnc itself. The new api > call would be unnecessary if the proxy were integrated. > > I think it would be great if the console proxy were to get revamped to host > novnc+websocket proxy. It would be faster and more featureful. Even just a > websocket proxy would be nice, as people would be free to integrate their > own web VNC with it. > On Jan 25, 2015 7:27 PM, "David Bierce" <[email protected]> wrote: > >> Ello -- >> >> I’ve been looking into different ways to use the console proxy and kind of >> wanted to get other people input before diving in. Talking with other >> cloudstack users, they scrap cloudstack logs and VNC directly to the >> hypervisor. >> >> The major change I was looking at would be to add to the console, or at >> least somewhere console cloud link to, a web client like NoVNC or >> guacamole. Then modify the console proxy to, instead of display the VNC >> console, create a∂ Websocket for the console client to use. >> >> The approach would be similar to how OpenStack does console access. Their >> novnc-proxy demon could even be a mostly drop in enchantment with some >> advanced serial console features, but the agent could also be extended to >> handle the authentication and proxy/websockifying. >> >> Is this a horrible, awful idea? >> >> David Bierce
