Hi Wei,
Great to hear from you on this. Yes, it been a long time on the previous noVNC integration attempt by our GSoC student. The 4.11 branch is LTS and cannot accept new features, please use master (4.13) for the PR you'll submit. I can help with reviewing and testing. The noVNC project has moved to 1.0.0 stable (https://github.com/novnc/noVNC/releases/tag/v1.0.0), do you think it would be difficult to adapt the stable 1.0.0 version and not use the old 0.6.2 release? Does your implementation also support secured websocket (using a tls certificate)? To keep things turn-key, does it make sense to use C-based websockify or write our own Java based implementation that is in-built in the console proxy agent? I would prefer to reuse the java agent otherwise session/IP based authentication without checking with cloudstack may lead to some security issue. Licensing: We can ask for experts on the list and on asf-legal for advice but in my opinion we only need to ensure that the new licenses of the packages wrt the feature are compatible with Apache 2.0, largely allows redistributing (via systemvm.iso or a via new systemvmtemplate) with modifications: 1.0.0 license:https://github.com/novnc/noVNC/blob/v1.0.0/LICENSE.txt (MPL, BSD and MIT) 0.6.2 license: https://github.com/novnc/noVNC/blob/v0.6.2/LICENSE.txt (MPL, BSD, LGPL 3.0, Apache 2.0, MIT) The main license is MPL and I think it allows for that: https://tldrlegal.com/license/mozilla-public-license-2.0-(mpl-2) Other references: https://tldrlegal.com/license/bsd-3-clause-license-(revised) https://tldrlegal.com/license/gnu-lesser-general-public-license-v3-(lgpl-3) https://tldrlegal.com/license/apache-license-2.0-(apache-2.0) https://tldrlegal.com/license/mit-license Regards, Rohit Yadav Software Architect, ShapeBlue https://www.shapeblue.com ________________________________ From: Wei ZHOU <ustcweiz...@gmail.com> Sent: Thursday, April 4, 2019 1:34:24 PM To: d...@cloudstack.apache.org; users@cloudstack.apache.org; w.z...@global.leaseweb.com Subject: CloudStack NoVNC solution in Leaseweb Hello CloudStack developers and users, We (as leaseweb) would like to share our NoVNC solution on our cloudstack platforms with the CloudStack community . The feature was implemented in 2012 and we have made some changes since that. We have used it for more than 7 years and it is very stable. Unlike the pull request submitted by sachinnitw1317 ( https://github.com/apache/cloudstack/pull/2204 ) ,which is based on the novnc as the front end (different from the cloudstack) and the java websocket proxy (same as cloudstack) in console proxy vm (cpvm), we use modified novnc and websockify to launch a websockify proxy in cpvm . Here are some technical details: (1) We use two open source projects: noVNC (https://github.com/novnc/noVNC , 0.6.2) and websockify (https://github.com/novnc/websockify ,latest) (2) We modified websockify so we can launch it without the target server/port and token. (3) We reuse the 'path' in novnc and websockify to pass some necessary vm informations from cloudstack to novnc and websockify. path is encrypted in cpvm / java, which contains target server,target port, vnc password, client ip and timestamp. When a new client comes, websockify will decrypt 'path' to get the vm informations above, and check if the client ip matches and the timestamp has not expired. (4) We moved the server/client initialization from novnc(js) to websockify(python). When a new client comes, websockify will create a websocket connection to the target server and port ,then check the protocol version and authentication scheme, use the password in step (3) in vnc authentication . (5) Add a global setting in cloudstack for encryption in java and decryption in websockify. Compared to the cloudstack native console (ajax/java websocket proxy) and the novnc console purposed in PR 2204 (novnc /java websocket proxy) , we believe that the novnc console based on websockifty (written in python) is more efficient than the consoles based on java websocket proxy. If you have any questions or concerns, please feel free to ask. If nobody objects, we will port our changes to cloudstack 4.11.2 LTS and submit a pull request on cloudstack github, so everyone who is interested can merge and build it in his/her fork and test it . Considering that novnc and websockify are both open source projects, and we also use some open source code (such as in pyDes.py VNC password authentication) , it would be appreciated if anyone can help us on software licensing issues. Kind regards, Wei Zhou Principal Cloud Engineer LEASEWEB rohit.ya...@shapeblue.comĀ www.shapeblue.com Amadeus House, Floral Street, London WC2E 9DPUK @shapeblue
