[pve-manager.git] / bin / spiceproxy

#!/usr/bin/perl -T

# Note: In theory, all this can be done by 'pveproxy' daemon. But som API call
# still have blocking code, so we use a separate daemon to avoid that the console
# get blocked.

$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';

delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};  

use strict;
use warnings;
use English;

use PVE::SafeSyslog;
use PVE::Daemon;
use PVE::APIDaemon;
use PVE::API2;

use base qw(PVE::Daemon);

my $cmdline = [$0, @ARGV];

my %daemon_options = (restart_on_error => 5, stop_wait_time => 15, run_dir => '/var/run/pveproxy');

my $daemon = __PACKAGE__->new('spiceproxy', $cmdline, %daemon_options);

my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n";
POSIX::setgid($gid) || die "setgid $gid failed - $!\n";
$EGID = "$gid $gid"; # this calls setgroups
my $uid = getpwnam('www-data') || die "getpwnam failed - $!\n";
POSIX::setuid($uid) || die "setuid $uid failed - $!\n";

# just to be sure
die "detected strange uid/gid\n" if !($UID == $uid && $EUID == $uid && $GID eq "$gid $gid" && $EGID eq "$gid $gid");

sub init {
    my ($self) = @_;

    # we use same ALLOW/DENY/POLICY as pveproxy
    my $proxyconf = PVE::APIDaemon::read_proxy_config();

    $self->{api_daemon} = PVE::APIDaemon->new(
	base_handler_class => 'PVE::API2',
	port => 3128, 
	keep_alive => 0,
	max_workers => 1, # do we need more?
	max_conn => 500,
	lockfile => "/var/lock/spiceproxy.lck",
	debug => $self->{debug},
	spiceproxy => 1,
	logfile => '/var/log/pveproxy/access.log',
	allow_from => $proxyconf->{ALLOW_FROM},
	deny_from => $proxyconf->{DENY_FROM},
	policy => $proxyconf->{POLICY},
    );
}

sub shutdown {
    my ($self) = @_;

    $self->exit_daemon(0);
}

sub run {
    my ($self) = @_;
  
    $self->{api_daemon}->start_server();
}

$daemon->register_start_command(__PACKAGE__);
$daemon->register_restart_command(__PACKAGE__, 0);
$daemon->register_reload_command(__PACKAGE__);
$daemon->register_stop_command(__PACKAGE__);
$daemon->register_status_command(__PACKAGE__);

my $cmddef = {
    start => [ __PACKAGE__, 'start', []],
    restart => [ __PACKAGE__, 'restart', []],
    reload => [ __PACKAGE__, 'reload', []],
    stop => [ __PACKAGE__, 'stop', []],
    status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
};

my $cmd = shift;

PVE::CLIHandler::handle_cmd($cmddef, $0, $cmd, \@ARGV, undef, $0);

exit (0);

__END__

=head1 NAME
                                          
spiceproxy - SPICE proxy server for Proxmox VE

=head1 SYNOPSIS

=include synopsis

=head1 DESCRIPTION

SPICE proxy server for Proxmox VE. Listens on port 3128.

=head1 Host based access control

It is possible to configure apache2 like access control lists. Values are read 
from file /etc/default/pveproxy (see 'pveproxy' for details).

=head1 FILES

 /etc/default/pveproxy

=include pve_copyright
Commit	Line	Data
01b089e4	1	#!/usr/bin/perl -T
33afb29b	2
8d5310c1 DM	3	# Note: In theory, all this can be done by 'pveproxy' daemon. But som API call
	4	# still have blocking code, so we use a separate daemon to avoid that the console
	5	# get blocked.
	6
33afb29b DM	7	$ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
	8
	9	delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
	10
33afb29b	11	use strict;
01b089e4	12	use warnings;
33afb29b	13	use English;
393716a3	14
33afb29b	15	use PVE::SafeSyslog;
393716a3	16	use PVE::Daemon;
33afb29b	17	use PVE::APIDaemon;
d804d82f	18	use PVE::API2;
33afb29b	19
393716a3	20	use base qw(PVE::Daemon);
33afb29b	21
393716a3	22	my $cmdline = [$0, @ARGV];
33afb29b	23
393716a3	24	my %daemon_options = (restart_on_error => 5, stop_wait_time => 15, run_dir => '/var/run/pveproxy');
33afb29b	25
393716a3	26	my $daemon = __PACKAGE__->new('spiceproxy', $cmdline, %daemon_options);
33afb29b DM	27
	28	my $gid = getgrnam('www-data') \|\| die "getgrnam failed - $!\n";
	29	POSIX::setgid($gid) \|\| die "setgid $gid failed - $!\n";
	30	$EGID = "$gid $gid"; # this calls setgroups
	31	my $uid = getpwnam('www-data') \|\| die "getpwnam failed - $!\n";
	32	POSIX::setuid($uid) \|\| die "setuid $uid failed - $!\n";
	33
	34	# just to be sure
	35	die "detected strange uid/gid\n" if !($UID == $uid && $EUID == $uid && $GID eq "$gid $gid" && $EGID eq "$gid $gid");
	36
393716a3 DM	37	sub init {
	38	my ($self) = @_;
	39
	40	# we use same ALLOW/DENY/POLICY as pveproxy
	41	my $proxyconf = PVE::APIDaemon::read_proxy_config();
17d27a37	42
393716a3	43	$self->{api_daemon} = PVE::APIDaemon->new(
d804d82f	44	base_handler_class => 'PVE::API2',
33afb29b DM	45	port => 3128,
	46	keep_alive => 0,
	47	max_workers => 1, # do we need more?
	48	max_conn => 500,
393716a3 DM	49	lockfile => "/var/lock/spiceproxy.lck",
393716a3 DM	50	debug => $self->{debug},
33afb29b	51	spiceproxy => 1,
8d5310c1	52	logfile => '/var/log/pveproxy/access.log',
17d27a37 DM	53	allow_from => $proxyconf->{ALLOW_FROM},
	54	deny_from => $proxyconf->{DENY_FROM},
	55	policy => $proxyconf->{POLICY},
33afb29b	56	);
33afb29b DM	57	}
33afb29b DM	58
393716a3 DM	59	sub shutdown {
393716a3 DM	60	my ($self) = @_;
33afb29b	61
393716a3 DM	62	$self->exit_daemon(0);
393716a3 DM	63	}
33afb29b	64
393716a3 DM	65	sub run {
	66	my ($self) = @_;
	67
	68	$self->{api_daemon}->start_server();
	69	}
33afb29b	70
393716a3 DM	71	$daemon->register_start_command(__PACKAGE__);
	72	$daemon->register_restart_command(__PACKAGE__, 0);
	73	$daemon->register_reload_command(__PACKAGE__);
	74	$daemon->register_stop_command(__PACKAGE__);
	75	$daemon->register_status_command(__PACKAGE__);
	76
	77	my $cmddef = {
	78	start => [ __PACKAGE__, 'start', []],
	79	restart => [ __PACKAGE__, 'restart', []],
	80	reload => [ __PACKAGE__, 'reload', []],
	81	stop => [ __PACKAGE__, 'stop', []],
	82	status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
	83	};
33afb29b	84
393716a3	85	my $cmd = shift;
33afb29b	86
393716a3	87	PVE::CLIHandler::handle_cmd($cmddef, $0, $cmd, \@ARGV, undef, $0);
33afb29b DM	88
	89	exit (0);
	90
	91	__END__
	92
	93	=head1 NAME
	94
	95	spiceproxy - SPICE proxy server for Proxmox VE
	96
	97	=head1 SYNOPSIS
	98
393716a3	99	=include synopsis
33afb29b DM	100
	101	=head1 DESCRIPTION
	102
	103	SPICE proxy server for Proxmox VE. Listens on port 3128.
	104
17d27a37 DM	105	=head1 Host based access control
	106
	107	It is possible to configure apache2 like access control lists. Values are read
	108	from file /etc/default/pveproxy (see 'pveproxy' for details).
	109
	110	=head1 FILES
	111
	112	/etc/default/pveproxy
	113
393716a3	114	=include pve_copyright