Packaging of noVNC and Websockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It looks like a couple of projects are interested in using the noVNC viewer as a way of talking to machines from a web browser.  I've made a first stab at packageing them, and, in doing so,  learned a little bit.

The noVNC code is designed around a proxy that, under the Debian deploy, lives in /usr/share/noVNC/utils/.  This directory contains shell scripts, a shared object complete with Makefile, and lots of python code.  Needless to say, it does not match Fedora packaging standards.

It uses the Websocket protocol,  which is not quite HTTP.  Apache HTTPD does not support Websocket natively,  although  there is apparently a path to do so via  http://code.google.com/p/pywebsocket/.  However,  the noVNC approach is to bundle a simple web server and websocket implementation.  In addition, a python script called websockify handles SSL.

When deployed,  the web proxy does not lock down browsing of sub dirs.  When run from an init script that did not set cwd,  it exposes the entire directory tree underneath.  The normal usage is better:  devstack runs $ cd /opt/stack/noVNC && ./utils/nova-novncproxy --config-file /etc/nova/nova.conf --web .  Run this way, it only exposes the /usr/share/noVNC directory as read only,  but really should not allow directory indexing.  However, our current init script runs:

 daemon --user nova --pidfile $pidfile "$exec --flagfile $config --logfile $logfile &>/dev/null & echo \$! > $pidfile"

where $exec is
    /usr/bin/nova-vncproxy.

In my spec file, in order to match this,  I moved the executables from /opt/stack/noVNC/utils  to /usr/bin,  but that does not seem like a good long term solution:  they are generically named and should have novnc as part of their name as well.

I've also and renamed   /opt/stack/noVNC/utils/nova-novncproxy to /usr/bin/nova-vncproxy  which seems like it should not be necessary.

Currently, the Openstack specific code is in the upstream git repo for noVNC,  but it really should be moved to the Nova  git repository.  I'll talk to the original author to find out his rationale,  and to see if we can get it moved over.

I've posted my current work here
http://admiyo.fedorapeople.org/noVNC/

But would not suggest that people use it yet.  I am certainly willing to take feed back on the spec file:

http://admiyo.fedorapeople.org/noVNC/novnc.spec

Dan B suggested a few things that I'd like to record here:

1. Is there a need to create a novnc user with an empty home dir to run in?
2. The python code should be made into a site-package. 


_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux