openstack/nova
Code Issues Proposed changes
Files
d9f72b243218cbb49af53aa71705156f17078d01
nova/releasenotes/notes/spice-direct-consoles-4bee40633633c971.yaml
Michael Still cbc263f6bc libvirt: allow direct SPICE connections to qemu 
This patch adds a new console type, "spice-direct", which provides
the connection information required to talk the native SPICE protocol
directly to qemu on the hypervisor. This is intended to be fronted
by a proxy which will handle authentication separately.

A new microversion is introduced which adds the type "spice-direct"
to the existing "spice" protocol.

An example request:

POST /servers/<uuid>/remote-consoles
{
  "remote_console": {
    "protocol": "spice",
    "type": "spice-direct"
  }
}

An example response:

{
  "remote_console": {
    "protocol": "spice",
    "type": "spice-direct",
    "url": "http://localhost:13200/nova?token=XXX";
  }
}

This token can then be used to lookup connection details for the
console using a request like this:

GET /os-console-auth-tokens/<consoletoken>

Which returns something like this:

{
  "console": {
    "instance_uuid": <uuid>,
    "host": <hypervisor>,
    "port": <a TCP port number>,
    "tls_port": <another TCP port number>,
    "internal_access_path": null
  }
}

APIImpact

Change-Id: I1e701cbabc0e2c435685e31465159eec09e3b1a0
2025-02-22 08:25:38 +11:00

21 lines
1.0 KiB
YAML
Raw Blame History

---
features:
- |
This release adds a new config option require_secure to the spice
configuration group. Defaulting to false to match the previous
behavior, if set to true the SPICE consoles will require TLS
protected connections. Unencrypted connections will be gracefully
redirected to the TLS port via the SPICE protocol.
- |
This release adds a new console type, ``spice-direct`` which provides
the connection information required to talk the native SPICE
protocol directly to qemu on the hypervisor. This is intended to
be fronted by a proxy which will handle authentication separately.
This new console type is exposed in the Compute API v2.99
microversion. To facilitate this proxying, a new config option
``spice_direct_proxy_base_url`` is added to the spice configuration group.
This option is used to construct a URL containing an access token for
the console, and that access token can be turned into hypervisor
connection information using the pre-existing
os-console-auth-tokens API.
View Git Blame Copy Permalink