Coverage for nova/conf/vnc.py: 85%

4# Licensed under the Apache License, Version 2.0 (the "License"); you may

5# not use this file except in compliance with the License. You may obtain

6# a copy of the License at

8# http://www.apache.org/licenses/LICENSE-2.0

10# Unless required by applicable law or agreed to in writing, software

11# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

12# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the

13# License for the specific language governing permissions and limitations

14# under the License.

16from oslo_config import cfg

17from oslo_config import types

19vnc_group = cfg.OptGroup(

20 'vnc',

21 title='VNC options',

22 help="""

23Virtual Network Computer (VNC) can be used to provide remote desktop

24console access to instances for tenants and/or administrators.""")

26ALL_OPTS = [

27 cfg.BoolOpt(

28 'enabled',

29 default=True,

30 deprecated_group='DEFAULT',

31 deprecated_name='vnc_enabled',

32 help="""

33Enable VNC related features.

35Guests will get created with graphical devices to support this. Clients

36(for example Horizon) can then establish a VNC connection to the guest.

37"""),

39 cfg.HostAddressOpt(

40 'server_listen',

41 default='127.0.0.1',

42 help="""

43The IP address or hostname on which an instance should listen to for

44incoming VNC connection requests on this node.

45"""),

47 cfg.HostAddressOpt(

48 'server_proxyclient_address',

49 default='127.0.0.1',

50 help="""

51Private, internal IP address or hostname of VNC console proxy.

53The VNC proxy is an OpenStack component that enables compute service

54users to access their instances through VNC clients.

56This option sets the private address to which proxy clients, such as

57``nova-novncproxy``, should connect to.

58"""),

60 cfg.URIOpt(

61 'novncproxy_base_url',

62 default='http://127.0.0.1:6080/vnc_auto.html',

63 deprecated_group='DEFAULT',

64 help="""

65Public address of noVNC VNC console proxy.

67The VNC proxy is an OpenStack component that enables compute service

68users to access their instances through VNC clients. noVNC provides

69VNC support through a websocket-based client.

71This option sets the public base URL to which client systems will

72connect. noVNC clients can use this address to connect to the noVNC

73instance and, by extension, the VNC sessions.

75If using noVNC >= 1.0.0, you should use ``vnc_lite.html`` instead of

76``vnc_auto.html``.

78You can also supply extra request arguments which will be passed to

79the backend. This might be useful to move console URL to subpath, for example:

80``http://127.0.0.1/novnc/vnc_auto.html?path=novnc``

82Related options:

84* novncproxy_host

85* novncproxy_port

86"""),

88]

90CLI_OPTS = [

91 cfg.StrOpt(

92 'novncproxy_host',

93 default='0.0.0.0',

94 deprecated_group='DEFAULT',

95 help="""

96IP address that the noVNC console proxy should bind to.

98The VNC proxy is an OpenStack component that enables compute service

99users to access their instances through VNC clients. noVNC provides

100VNC support through a websocket-based client.

101

102This option sets the private address to which the noVNC console proxy

103service should bind to.

104

105Related options:

106

107* novncproxy_port

108* novncproxy_base_url

109"""),

110

111 cfg.PortOpt(

112 'novncproxy_port',

113 default=6080,

114 deprecated_group='DEFAULT',

115 help="""

116Port that the noVNC console proxy should bind to.

117

118The VNC proxy is an OpenStack component that enables compute service

119users to access their instances through VNC clients. noVNC provides

120VNC support through a websocket-based client.

121

122This option sets the private port to which the noVNC console proxy

123service should bind to.

124

125Related options:

126

127* novncproxy_host

128* novncproxy_base_url

129"""),

130 cfg.ListOpt(

131 'auth_schemes',

132 item_type=types.String(choices=(

133 ('none', 'Allow connection without authentication'),

134 ('vencrypt', 'Use VeNCrypt authentication scheme'),

135 )),

136 default=['none'],

137 help="""

138The authentication schemes to use with the compute node.

139

140Control what RFB authentication schemes are permitted for connections between

141the proxy and the compute host. If multiple schemes are enabled, the first

142matching scheme will be used, thus the strongest schemes should be listed

143first.

144

145Related options:

146

147* ``[vnc]vencrypt_client_key``, ``[vnc]vencrypt_client_cert``: must also be set

148"""),

149 cfg.StrOpt(

150 'vencrypt_client_key',

151 help="""The path to the client certificate PEM file (for x509)

152

153The fully qualified path to a PEM file containing the private key which the VNC

154proxy server presents to the compute node during VNC authentication.

155

156Related options:

157

158* ``vnc.auth_schemes``: must include ``vencrypt``

159* ``vnc.vencrypt_client_cert``: must also be set

160"""),

161 cfg.StrOpt(

162 'vencrypt_client_cert',

163 help="""The path to the client key file (for x509)

164

165The fully qualified path to a PEM file containing the x509 certificate which

166the VNC proxy server presents to the compute node during VNC authentication.

167

168Related options:

169

170* ``vnc.auth_schemes``: must include ``vencrypt``

171* ``vnc.vencrypt_client_key``: must also be set

172"""),

173 cfg.StrOpt(

174 'vencrypt_ca_certs',

175 help="""The path to the CA certificate PEM file

176

177The fully qualified path to a PEM file containing one or more x509 certificates

178for the certificate authorities used by the compute node VNC server.

179

180Related options:

181

182* ``vnc.auth_schemes``: must include ``vencrypt``

183"""),

184]

185

186ALL_OPTS.extend(CLI_OPTS)

187

188

189def register_opts(conf):

190 conf.register_group(vnc_group)

191 conf.register_opts(ALL_OPTS, group=vnc_group)

192

193

194def register_cli_opts(conf):

195 conf.register_cli_opts(CLI_OPTS, group=vnc_group)

196

197

198def list_opts():

199 return {vnc_group: ALL_OPTS}