Commit 3acef8f8 authored by Stratos Psomadakis's avatar Stratos Psomadakis
Browse files

Add support for snf-vncauthproxy >= 1.5

parent 2109d960
......@@ -5,6 +5,13 @@ Unified NEWS file for Synnefo versions >= 0.13
Since v0.13 all Synnefo components have been merged into a single repository.
v0.14next
=======
Released: UNRELEASED
* Support for snf-vncauthproxy-1.5 (drop support for older versions)
.. _NEWS-0.14.10:
v0.14.10
......
......@@ -160,6 +160,51 @@ setting will have the value of
For Pithos service we have to change the ``20-snf-pithos-app-settings.conf``
file in the same way as above.
2.4 Upgrade vncauthproxy and configure snf-cyclades-app
-------------------------------------------------------
Synnefo v0.15 adds support for snf-vncauthproxy >= 1.5 and drops support for
older versions. You will have to upgrade snf-vncauthproxy to v1.5 and configure
the authentication (users) file (``/var/lib/vncauthproxy/users``).
In case you're upgrading from an older snf-vncauthproxy version or it's the
first time you're installing snf-vncauthproxy, you will prompted to configure
a vncauthproxy user (see below for more information on user management).
To manage the authentication file, you can use the vncauthproxy-passwd tool,
to easily add, update and delete users
To add a user:
.. code-block:: console
# vncauthproxy-passwd /var/lib/vncauthproxy/users synnefo
You will be prompted for a password.
You should also configure the new ``CYCLADES_VNCAUTHPROXY_OPTS`` setting in
``snf-cyclades-app``, to provide the user and password configured for
``Synnefo`` in the vncauthproxy authentication file and enable SSL support if
snf-vncauthproxy is configured to run with SSL enabled for the control socket.
.. warning:: The vncauthproxy daemon requires a restart for the changes in the
authentication file to take effect.
.. warning:: If you fail to provide snf-vncauthproxy with a valid
authentication file, or in case the configuration of vncauthproxy and the
vncauthproxy snf-cyclades-app settings don't match (ie not having SSL enabled
on both), VNC console access will not be functional.
Finally, snf-vncauthproxy-1.5 adds a dedicated user and group to be used by the
vncauthproxy daemon. The Debian default file has changed accordingly (``CHUID``
option in ``/etc/default/vncauthproxy``). The Debian default file now also
includes a ``DAEMON_OPTS`` variable which is used to pass any necessary / extra
options to the vncauthproxy daemon. In case you're ugprading from an older
version of vncauthproxy, you should make sure to 'merge' the new default file
with the older one.
Check the `documentation
<http://www.synnefo.org/docs/snf-vncauthproxy/latest/index.html>`_ of
snf-vncauthproxy for more information on upgrading to version 1.5.
2.5 Stats configuration
-----------------------
......
......@@ -153,3 +153,23 @@
## ("gate.example.synnefo.org", 61000 + server_id),
##}
#CYCLADES_PORT_FORWARDING = {}
## Extra configuration options required for snf-vncauthproxy (>=1.5)
#CYCLADES_VNCAUTHPROXY_OPTS = {
# # These values are required for VNC console support. They should match a
# # user / password configured in the snf-vncauthproxy authentication / users
# # file (/var/lib/vncauthproxy/users).
# 'auth_user': 'synnefo',
# 'auth_password': 'secret_password',
# # server_address and server_port should reflect the --listen-address and
# # --listen-port options passed to the vncauthproxy daemon
# 'server_address': '127.0.0.1',
# 'server_port': 24999,
# # Set to True to enable SSL support on the control socket.
# 'enable_ssl': False,
# # If you enabled SSL support for snf-vncauthproxy you can optionally
# # provide a path to a CA file and enable strict checkfing for the server
# # certficiate.
# 'ca_cert': None,
# 'strict': False,
#}
......@@ -68,7 +68,7 @@ INSTALL_REQUIRES = [
'puka',
'python-daemon>=1.5.5, <1.6',
'snf-common',
'vncauthproxy>=1.2',
'vncauthproxy>=1.5',
'snf-pithos-backend',
'lockfile>=0.8, <0.9',
'ipaddr',
......
......@@ -150,3 +150,23 @@ CYCLADES_SERVERS_FQDN = 'snf-%(id)s.vm.example.synnefo.org'
# ("gate.example.synnefo.org", 61000 + server_id),
#}
CYCLADES_PORT_FORWARDING = {}
# Extra configuration options required for snf-vncauthproxy (>=1.5)
CYCLADES_VNCAUTHPROXY_OPTS = {
# These values are required for VNC console support. They should match a
# user / password configured in the snf-vncauthproxy authentication / users
# file (/var/lib/vncauthproxy/users).
'auth_user': 'synnefo',
'auth_password': 'secret_password',
# server_address and server_port should reflect the --listen-address and
# --listen-port options passed to the vncauthproxy daemon
'server_address': '127.0.0.1',
'server_port': 24999,
# Set to True to enable SSL support on the control socket.
'enable_ssl': False,
# If you enabled SSL support for snf-vncauthproxy you can optionally
# provide a path to a CA file and enable strict checkfing for the server
# certficiate.
'ca_cert': None,
'strict': False,
}
......@@ -392,7 +392,9 @@ def console(vm, console_type):
if settings.TEST:
fwd = {'source_port': 1234, 'status': 'OK'}
else:
fwd = request_vnc_forwarding(sport, daddr, dport, password)
vnc_extra_opts = settings.CYCLADES_VNCAUTHPROXY_OPTS
fwd = request_vnc_forwarding(sport, daddr, dport, password,
**vnc_extra_opts)
if fwd['status'] != "OK":
raise faults.ServiceUnavailable('vncauthproxy returned error status')
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment