* [pve-devel] [PATCH pve-http-server 1/1] anyevent: add rewrite_uri
2023-05-31 11:19 [pve-devel] [PATCH-SERIES pve-http-server/pve-manager] fix#4689: rewrite_uri: autofind nodename for qemu/lxc Alexandre Derumier
@ 2023-05-31 11:19 ` Alexandre Derumier
2023-05-31 11:19 ` [pve-devel] [PATCH pve-manager 1/1] httpserver: add rewrite uri for /nodes/(qemu/lxc)/<vmid> Alexandre Derumier
` (2 subsequent siblings)
3 siblings, 0 replies; 7+ messages in thread
From: Alexandre Derumier @ 2023-05-31 11:19 UTC (permalink / raw)
To: pve-devel
allow to rewrite some uri, do nothing by default
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
src/PVE/APIServer/AnyEvent.pm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/PVE/APIServer/AnyEvent.pm b/src/PVE/APIServer/AnyEvent.pm
index b2ae99b..0be9b1f 100644
--- a/src/PVE/APIServer/AnyEvent.pm
+++ b/src/PVE/APIServer/AnyEvent.pm
@@ -1618,6 +1618,7 @@ sub push_request_header {
if ($line =~ /(\S+)\040(\S+)\040HTTP\/(\d+)\.(\d+)/o) {
my ($method, $url, $maj, $min) = ($1, $2, $3, $4);
+ $url = $self->rewrite_uri($url);
if ($maj != 1) {
$self->error($reqstate, 506, "http protocol version $maj.$min not supported");
@@ -2072,6 +2073,12 @@ sub verify_spice_connect_url {
#return ($vmid, $node, $port);
}
+sub rewrite_uri {
+ my ($self, $uri) = @_;
+
+ return ($uri); #do nothing by default
+}
+
# formatters can call this when the generate a new page
sub generate_csrf_prevention_token {
my ($username) = @_;
--
2.30.2
^ permalink raw reply [flat|nested] 7+ messages in thread* [pve-devel] [PATCH pve-manager 1/1] httpserver: add rewrite uri for /nodes/(qemu/lxc)/<vmid>
2023-05-31 11:19 [pve-devel] [PATCH-SERIES pve-http-server/pve-manager] fix#4689: rewrite_uri: autofind nodename for qemu/lxc Alexandre Derumier
2023-05-31 11:19 ` [pve-devel] [PATCH pve-http-server 1/1] anyevent: add rewrite_uri Alexandre Derumier
@ 2023-05-31 11:19 ` Alexandre Derumier
2023-05-31 11:49 ` [pve-devel] [PATCH-SERIES pve-http-server/pve-manager] fix#4689: rewrite_uri: autofind nodename for qemu/lxc Wolfgang Bumiller
2023-05-31 13:19 ` Dominik Csapak
3 siblings, 0 replies; 7+ messages in thread
From: Alexandre Derumier @ 2023-05-31 11:19 UTC (permalink / raw)
To: pve-devel
If nodename is not defined, we search the nodename
and rewrite uri to /nodes/<nodename>/(qemu|lxc)/<vmid
Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
PVE/HTTPServer.pm | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/PVE/HTTPServer.pm b/PVE/HTTPServer.pm
index dabdf7f3..b43611e1 100755
--- a/PVE/HTTPServer.pm
+++ b/PVE/HTTPServer.pm
@@ -46,6 +46,21 @@ sub verify_spice_connect_url {
return ($vmid, $node, $port);
}
+sub rewrite_uri {
+ my ($self, $uri) = @_;
+
+ my $base_uri = $self->{base_uri};
+ if($uri =~ m/^(\Q$base_uri\E\/+([a-z][a-z0-9]+)\/nodes\/)((qemu|lxc)\/(\d+)(.*))/) {
+ PVE::Cluster::cfs_update();
+ my $vmid = $5;
+ my $vmlist = PVE::Cluster::get_vmlist();
+ my $nodename = $vmlist->{ids}->{$vmid}->{node};
+ return $uri if !$nodename;
+ $uri = "$1$nodename/$3";
+ }
+ return $uri;
+}
+
sub generate_csrf_prevention_token {
my ($username) = @_;
return PVE::AccessControl::assemble_csrf_prevention_token($username);
--
2.30.2
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [pve-devel] [PATCH-SERIES pve-http-server/pve-manager] fix#4689: rewrite_uri: autofind nodename for qemu/lxc
2023-05-31 11:19 [pve-devel] [PATCH-SERIES pve-http-server/pve-manager] fix#4689: rewrite_uri: autofind nodename for qemu/lxc Alexandre Derumier
2023-05-31 11:19 ` [pve-devel] [PATCH pve-http-server 1/1] anyevent: add rewrite_uri Alexandre Derumier
2023-05-31 11:19 ` [pve-devel] [PATCH pve-manager 1/1] httpserver: add rewrite uri for /nodes/(qemu/lxc)/<vmid> Alexandre Derumier
@ 2023-05-31 11:49 ` Wolfgang Bumiller
2023-05-31 14:12 ` DERUMIER, Alexandre
2023-05-31 13:19 ` Dominik Csapak
3 siblings, 1 reply; 7+ messages in thread
From: Wolfgang Bumiller @ 2023-05-31 11:49 UTC (permalink / raw)
To: Alexandre Derumier; +Cc: pve-devel
On Wed, May 31, 2023 at 01:19:50PM +0200, Alexandre Derumier wrote:
> Hi,
>
> Currently, to manage qemu && lxc vms, we always need to specify nodename in uri.
>
> This is a problem with automation tools like terraform, where is node is registered
> in the state of terraform.
> (That mean, than if we move the vm on another node, terraform don't known it, and try to create the vm
> again or can't delete the vm,...)
> https://github.com/Telmate/terraform-provider-proxmox/issues/168
>
> This can also be a potential problem with race, if we need to query /cluster/ressources to find the node, then another
> query on the vm.
>
> I have some discussion with fabian about it:
> https://bugzilla.proxmox.com/show_bug.cgi?id=4689
>
>
> This patch series, simply find the nodename if not specified and rewrite url.
>
> /nodes/(qemu|lxc)/<vmid> ---> /nodes/<nodename>/<qemu|lxc>/<vmid>
But then `qemu`/`lxc` look like a node name, which is weird.
If we do this, maybe we should use a different start entry altogether to
not mix too many "aliases" into the "real" api tree, like
`/virtual/qemu/*` or `/guests/qemu/*`?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [pve-devel] [PATCH-SERIES pve-http-server/pve-manager] fix#4689: rewrite_uri: autofind nodename for qemu/lxc
2023-05-31 11:19 [pve-devel] [PATCH-SERIES pve-http-server/pve-manager] fix#4689: rewrite_uri: autofind nodename for qemu/lxc Alexandre Derumier
` (2 preceding siblings ...)
2023-05-31 11:49 ` [pve-devel] [PATCH-SERIES pve-http-server/pve-manager] fix#4689: rewrite_uri: autofind nodename for qemu/lxc Wolfgang Bumiller
@ 2023-05-31 13:19 ` Dominik Csapak
2023-05-31 14:05 ` DERUMIER, Alexandre
3 siblings, 1 reply; 7+ messages in thread
From: Dominik Csapak @ 2023-05-31 13:19 UTC (permalink / raw)
To: Proxmox VE development discussion, Alexandre Derumier
On 5/31/23 13:19, Alexandre Derumier wrote:
> Hi,
>
> Currently, to manage qemu && lxc vms, we always need to specify nodename in uri.
>
> This is a problem with automation tools like terraform, where is node is registered
> in the state of terraform.
> (That mean, than if we move the vm on another node, terraform don't known it, and try to create the vm
> again or can't delete the vm,...)
> https://github.com/Telmate/terraform-provider-proxmox/issues/168
>
> This can also be a potential problem with race, if we need to query /cluster/ressources to find the node, then another
> query on the vm.
>
> I have some discussion with fabian about it:
> https://bugzilla.proxmox.com/show_bug.cgi?id=4689
>
>
> This patch series, simply find the nodename if not specified and rewrite url.
>
> /nodes/(qemu|lxc)/<vmid> ---> /nodes/<nodename>/<qemu|lxc>/<vmid>
>
>
>
> Alexandre Derumier (1):
> anyevent: add rewrite_uri
>
> src/PVE/APIServer/AnyEvent.pm | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> Alexandre Derumier (1):
> httpserver: add rewrite uri for /nodes/(qemu/lxc)/<vmid>
>
> PVE/HTTPServer.pm | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
hi, while this can work, it introduces a very specific rewriting into the
http server, which might not be obvious and AFAICT won't show up in the
auto-generated api docs?
wouldn't it be better to have some api calls defined for real
(the ones used most often for example) that make use of the
proxyto_callback method instead?
that way they would at least show up in the api documentation,
even though it's probably a bit of code duplication
(altough we could maybe just insert the api at a different place
and do some perl magic refactoring to have it once
with node parameter and once without?)
or does that seem like a bad idea?
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [pve-devel] [PATCH-SERIES pve-http-server/pve-manager] fix#4689: rewrite_uri: autofind nodename for qemu/lxc
2023-05-31 13:19 ` Dominik Csapak
@ 2023-05-31 14:05 ` DERUMIER, Alexandre
0 siblings, 0 replies; 7+ messages in thread
From: DERUMIER, Alexandre @ 2023-05-31 14:05 UTC (permalink / raw)
To: pve-devel, d.csapak, aderumier
>
>
> hi, while this can work, it introduces a very specific rewriting into
> the
> http server, which might not be obvious and AFAICT won't show up in
> the
> auto-generated api docs?
>
yes, indeed, it doesnt show up in the doc.
> wouldn't it be better to have some api calls defined for real
> (the ones used most often for example) that make use of the
> proxyto_callback method instead?
>
I'm quoting Fabian from bugzilla:
"
Fabian Grünbichler 2023-04-24 13:48:07 CEST
yeah, some parts of the machinery are already in place, e.g., it's
possible to define a "proxyto_callback" that gets called instead of
resolving proxyto straight via the parameter. AFAICT that is not used
anywhere though ;)
probably it would mean caching the vmlist in each http server worker to
avoid expensive queries, plus implementing filtering of the vmid list
for the requesting user/token since we'd not want to leak existence or
location of guests that the user doesn't have access to.
"
So, it seem that Fabian have same opinion than you.
I was doing a simply rewrite to keep it simple, but
I'll have a look at proxyto_callback.
(BTW, vmlist don't seem to be so slow, i'm around 10 extra ms. I don't
think it need to be cached. (it's still faster than doing 1
cluster/ressource api call to find the node + the final call).
> that way they would at least show up in the api documentation,
> even though it's probably a bit of code duplication
> (altough we could maybe just insert the api at a different place
> and do some perl magic refactoring to have it once
> with node parameter and once without?)
>
> or does that seem like a bad idea?
>
^ permalink raw reply [flat|nested] 7+ messages in thread