Packaging of noVNC and Websockets

Adam Young ayoung at redhat.com
Wed Apr 25 20:08:41 UTC 2012 

It looks like a couple of projects are interested in using the noVNC 
viewer as a way of talking to machines from a web browser.  I've made a 
first stab at packageing them, and, in doing so,  learned a little bit.

The noVNC code is designed around a proxy that, under the Debian deploy, 
lives in /usr/share/noVNC/utils/.  This directory contains shell 
scripts, a shared object complete with Makefile, and lots of python 
code.  Needless to say, it does not match Fedora packaging standards.

It uses the Websocket protocol,  which is not quite HTTP.  Apache HTTPD 
does not support Websocket natively,  although  there is apparently a 
path to do so via http://code.google.com/p/pywebsocket/.  However,  the 
noVNC approach is to bundle a simple web server and websocket 
implementation.  In addition, a python script called websockify handles 
SSL.

When deployed,  the web proxy does not lock down browsing of sub dirs.  
When run from an init script that did not set cwd,  it exposes the 
entire directory tree underneath.  The normal usage is better:  devstack 
runs $ cd /opt/stack/noVNC && ./utils/nova-novncproxy --config-file 
/etc/nova/nova.conf --web .  Run this way, it only exposes the 
/usr/share/noVNC directory as read only,  but really should not allow 
directory indexing.  However, our current init script runs:

  daemon --user nova --pidfile $pidfile "$exec --flagfile $config 
--logfile $logfile &>/dev/null & echo \$! > $pidfile"

where $exec is
     /usr/bin/nova-vncproxy.

In my spec file, in order to match this,  I moved the executables from 
/opt/stack/noVNC/utils  to /usr/bin,  but that does not seem like a good 
long term solution:  they are generically named and should have novnc as 
part of their name as well.

I've also and renamed   /opt/stack/noVNC/utils/nova-novncproxy to 
/usr/bin/nova-vncproxy  which seems like it should not be necessary.

Currently, the Openstack specific code is in the upstream git repo for 
noVNC,  but it really should be moved to the Nova  git repository.  I'll 
talk to the original author to find out his rationale,  and to see if we 
can get it moved over.

I've posted my current work here
http://admiyo.fedorapeople.org/noVNC/

But would not suggest that people use it yet.  I am certainly willing to 
take feed back on the spec file:

http://admiyo.fedorapeople.org/noVNC/novnc.spec

Dan B suggested a few things that I'd like to record here:

1. Is there a need to create a novnc user with an empty home dir to run in?
2. The python code should be made into a site-package.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/cloud/attachments/20120425/1c3b96b3/attachment.html>

More information about the cloud mailing list