From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id AA2C01FF16E
	for <inbox@lore.proxmox.com>; Mon,  3 Feb 2025 11:02:20 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 076922C0D9;
	Mon,  3 Feb 2025 11:02:19 +0100 (CET)
Message-ID: <57fddd54-432c-46b7-8012-701be6265304@proxmox.com>
Date: Mon, 3 Feb 2025 11:01:44 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Aaron Lauterer <a.lauterer@proxmox.com>
References: <20241125100427.86341-1-a.lauterer@proxmox.com>
Content-Language: en-US
From: Fiona Ebner <f.ebner@proxmox.com>
In-Reply-To: <20241125100427.86341-1-a.lauterer@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.049 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH manager v2] proxy: ui: vm console:
 autodetect novnc or xtermjs
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Am 25.11.24 um 11:04 schrieb Aaron Lauterer:
> Some users configure their VMs to use serial as their display. The big
> benefit is that in combination with the xtermjs remote console, copy &
> paste works a lot better than via novnc.
> 
> Unfortunately, the main console panel defaulted to novnc, not matter
> what the guest had configured. One always had to open the console of the
> VM in a separate window to make use of xtermjs.
> 
> This patch changes the behavior and lets it autodetect the guest
> configuration to either use xtermjs or novnc.
> 
> If we previously selected the console submenu in one VM and then
> switched to another VM, the console submenu is the preselect item for
> the VM we switched to. But at this point, the default would be used
> (novnc), making it an unpleasant experience. If we would use the same
> mechanism as for the top right console button - `me.mon()` - it would
> work, but only if we (re)select the console submenu after the first API
> call to `nodes/{nola}/qemu/{vmid}/status` finished. On the initial
> load, if the console is the active submenu, it would still default to
> novnc.
> 
> While we probably could have implemented in just in the UI, for example
> by waiting until the first call to `status` is done, this would
> potentially introduce "laggyness" when opening the console.

Wondering why you would need vmstatus() for this? Isn't all the
information already present in the VM configuration?

> 
> Another option is to handle it in the backend. The backend can then
> check the VM config and override the novnc/xtermjs setting. The result
> is, that even when switching VMs in the web UI with the console submenu
> selected, it will load xtermjs for the VMs that use it.
> 
> We only do it if the HTTP call has the new 'autodetect' parameter
> enabled. Additionally we introduce a permission check for 'VM.Console'
> at this level and only adjust the used console if the user does have the
> correct permissions. Otherwise we leak the existence of the VM to
> unauthorized users if it has 'serial' configured due to the change in
> the returned console (noVNC/xtermjs).
> 
> The actual check if the user is allowed to access the console is
> happening once the loaded console implementation establishes a
> connection to the console API endpoint of the guest. But at this point,
> either the noVNC or xtermjs console is already sent to the user's
> browser.
> 
> Potential further improvements could be to also check the console
> settings in datacenter.cfg and consider it. As that isn't checked in the
> inline console panel for CTs and VMs at all, with out without this
> patch.
> The setting does have an impact on the buttons that open the console in
> a new window.
> 
> Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
> ---
> Another thing that I noticed is that the property we use to decide if we
> enable xtermjs for VMs in the top right console button, and for now also
> in this patch, only checks if the VM has a serial device configured.
> PVE::QemuServer::vmstatus() calls `conf_has_serial()`.
> 
> A better approach would be to have a vmstatus property that actually
> tells us if the VM has serial set as display option. As the display
> could be set to something else, even if a serial device exists. There
> are other use-cases for a serial device in the VM, like passing through
> an actual serial port.
> 
> But I didn't want to open that can of worms just yet ;)
> 

Again, can't this be done just via the configuration?

> diff --git a/PVE/Service/pveproxy.pm b/PVE/Service/pveproxy.pm
> index ac108545..4cd281c7 100755
> --- a/PVE/Service/pveproxy.pm
> +++ b/PVE/Service/pveproxy.pm
> @@ -228,6 +228,22 @@ sub get_index {
>      my $novnc = defined($args->{console}) && $args->{novnc};
>      my $xtermjs = defined($args->{console}) && $args->{xtermjs};
>  
> +    my $rpcenv = PVE::RPCEnvironment::get();
> +    if (
> +	defined($args->{console})
> +	&& $args->{console} eq 'kvm'
> +	&& $args->{autodetect}

The name 'autodetect' is too generic, maybe 'console-autodetect'?

To me, it really feels like the caller should just directly pass in
either novnc or xtermjs as the argument depending on what it actually
wants. pveproxy calling into vmstatus() feels weird.

> +	&& $username
> +	&& $rpcenv->check_full($username, "/vms/$args->{vmid}", ["VM.Console"], 1, 1)
> +    ) {
> +	my $vmid = $args->{vmid};
> +	my $vmstatus = PVE::QemuServer::vmstatus($vmid);

Missing "use" statement for PVE::QemuServer.

> +	if (defined($vmstatus->{$vmid}) && $vmstatus->{$vmid}->{serial}) {
> +		$novnc = 0;
> +		$xtermjs = 1;
> +	}
> +    }
> +
>      my $langfile = -f "$basedirs->{i18n}/pve-lang-$lang.js" ? 1 : 0;
>  
>      my $version = PVE::pvecfg::version();


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel