----- Original Message ----- > From: "Dan Kenigsberg" <dan...@redhat.com> > To: "Xu He Jie" <x...@linux.vnet.ibm.com> > Cc: "VDSM Project Development" <vdsm-devel@lists.fedorahosted.org> > Sent: Tuesday, 4 September, 2012 1:52:49 PM > Subject: Re: [vdsm] [RFC]about the implement of text-based console > > On Tue, Sep 04, 2012 at 03:05:37PM +0800, Xu He Jie wrote: > > On 09/03/2012 10:33 PM, Dan Kenigsberg wrote: > > >On Thu, Aug 30, 2012 at 04:26:31PM -0500, Adam Litke wrote: > > >>On Thu, Aug 30, 2012 at 11:32:02AM +0800, Xu He Jie wrote: > > >>>Hi, > > >>> > > >>> I submited a patch for text-based console > > >>>http://gerrit.ovirt.org/#/c/7165/ > > >>> > > >>>the issue I want to discussing as below: > > >>>1. fix port VS dynamic port > > >>> > > >>>Use fix port for all VM's console. connect console with 'ssh > > >>>vmUUID@ip -p port'. > > >>>Distinguishing VM by vmUUID. > > >>> > > >>> > > >>> The current implement was vdsm will allocated port for > > >>> console > > >>>dynamically and spawn sub-process when VM creating. > > >>>In sub-process the main thread responsible for accept new > > >>>connection > > >>>and dispatch output of console to each connection. > > >>>When new connection is coming, main processing create new thread > > >>>for > > >>>each new connection. Dynamic port will allocated > > >>>port for each VM and use range port. It isn't good for firewall > > >>>rules. > > >>> > > >>> > > >>> so I got a suggestion that use fix port. and connect console > > >>> with > > >>>'ssh vmuuid@hostip -p fixport'. this is simple for user. > > >>>We need one process for accept new connection from fix port and > > >>>when > > >>>new connection is coming, spawn sub-process for each vm. > > >>>But because the console only can open by one process, main > > >>>process > > >>>need responsible for dispatching console's output of all vms and > > >>>all > > >>>connection. > > >>>So the code will be a little complex then dynamic port. > > >>> > > >>> So this is dynamic port VS fix port and simple code VS > > >>> complex code. > > >>>From a usability point of view, I think the fixed port > > >>>suggestion is nicer. > > >>This means that a system administrator needs only to open one > > >>port to enable > > >>remote console access. If your initial implementation limits > > >>console access to > > >>one connection per VM would that simplify the code? > > >Yes, using a fixed port for all consoles of all VMs seems like a > > >cooler > > >idea. Besides the firewall issue, there's user experience: instead > > >of > > >calling getVmStats to tell the vm port, and then use ssh, only one > > >ssh > > >call is needed. (Taking this one step further - it would make > > >sense to > > >add another layer on top, directing console clients to the > > >specific host > > >currently running the Vm.) > > > > > >I did not take a close look at your implementation, and did not > > >research > > >this myself, but have you considered using sshd for this? I > > >suppose you > > >can configure sshd to collect the list of known "users" from > > >`getAllVmStats`, and force it to run a command that redirects VM's > > >console to the ssh client. It has a potential of being a more > > >robust > > >implementation. > > I have considered using sshd and ssh tunnel. They > > can't implement fixed port and share console. > > Would you elaborate on that? Usually sshd listens to a fixed port 22, > and allows multiple users to have independet shells. What do you mean > by > "share console"? > > > Current implement > > we can do anything that what we want. > > Yes, it is completely under our control, but there are down sides, > too: > we have to maintain another process, and another entry point, instead > of > configuring a universally-used, well maintained and debugged > application.
Not to mention - known to be secure > > Dan. > _______________________________________________ > vdsm-devel mailing list > vdsm-devel@lists.fedorahosted.org > https://lists.fedorahosted.org/mailman/listinfo/vdsm-devel > -- Regards, Dan Yasny Red Hat Israel +972 9769 2280 _______________________________________________ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/vdsm-devel