bin/spiceproxy

   1 #!/usr/bin/perl -T
   2
   3 # Note: In theory, all this can be done by 'pveproxy' daemon. But some
   4 # API call still have blocking code, so we use a separate daemon to avoid
   5 # that the console gets blocked.
   6
   7 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
   8
   9 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
  10
  11 use strict;
  12 use warnings;
  13
  14 use PVE::SafeSyslog;
  15 use PVE::Daemon;
  16 use PVE::API2Tools;
  17 use PVE::API2;
  18 use PVE::HTTPServer;
  19
  20 use base qw(PVE::Daemon);
  21
  22 $SIG{'__WARN__'} = sub {
  23     my $err = $@;
  24     my $t = $_[0];
  25     chomp $t;
  26     print STDERR "$t\n";
  27     syslog('warning', "%s", $t);
  28     $@ = $err;
  29 };
  30
  31 my $cmdline = [$0, @ARGV];
  32
  33 my %daemon_options = (
  34     max_workers => 1, # todo: do we need more?
  35     restart_on_error => 5,
  36     stop_wait_time => 15,
  37     leave_children_open_on_reload => 1,
  38     setuid => 'www-data',
  39     setgid => 'www-data',
  40     pidfile => '/var/run/pveproxy/spiceproxy.pid',
  41 );
  42
  43 my $daemon = __PACKAGE__->new('spiceproxy', $cmdline, %daemon_options);
  44
  45 sub init {
  46     my ($self) = @_;
  47
  48     # we use same ALLOW/DENY/POLICY as pveproxy
  49     my $proxyconf = PVE::API2Tools::read_proxy_config();
  50
  51     my $accept_lock_fn = "/var/lock/spiceproxy.lck";
  52
  53     my $lockfh = IO::File->new(">>${accept_lock_fn}") ||
  54         die "unable to open lock file '${accept_lock_fn}' - $!\n";
  55
  56     my $socket = $self->create_reusable_socket(3128);
  57
  58     $self->{server_config} = {
  59         base_handler_class => 'PVE::API2',
  60         keep_alive => 0,
  61         max_conn => 500,
  62         lockfile => $accept_lock_fn,
  63         socket => $socket,
  64         lockfh => $lockfh,
  65         debug => $self->{debug},
  66         spiceproxy => 1,
  67         trusted_env => 0,
  68         logfile => '/var/log/pveproxy/access.log',
  69         allow_from => $proxyconf->{ALLOW_FROM},
  70         deny_from => $proxyconf->{DENY_FROM},
  71         policy => $proxyconf->{POLICY},
  72     };
  73 }
  74
  75 sub run {
  76     my ($self) = @_;
  77
  78     my $server = PVE::HTTPServer->new(%{$self->{server_config}});
  79     $server->run();
  80 }
  81
  82 $daemon->register_start_command();
  83 $daemon->register_restart_command(1);
  84 $daemon->register_stop_command();
  85 $daemon->register_status_command();
  86
  87 my $cmddef = {
  88     start => [ __PACKAGE__, 'start', []],
  89     restart => [ __PACKAGE__, 'restart', []],
  90     stop => [ __PACKAGE__, 'stop', []],
  91     status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
  92 };
  93
  94 my $cmd = shift;
  95
  96 PVE::CLIHandler::handle_cmd($cmddef, $0, $cmd, \@ARGV, undef, $0);
  97
  98 exit (0);
  99
 100 __END__
 101
 102 =head1 NAME
 103
 104 spiceproxy - SPICE proxy server for Proxmox VE
 105
 106 =head1 SYNOPSIS
 107
 108 =include synopsis
 109
 110 =head1 DESCRIPTION
 111
 112 SPICE proxy server for Proxmox VE. Listens on port 3128.
 113
 114 =head1 Host based access control
 115
 116 It is possible to configure apache2 like access control lists. Values are read
 117 from file /etc/default/pveproxy (see 'pveproxy' for details).
 118
 119 =head1 FILES
 120
 121  /etc/default/pveproxy
 122
 123 =include pve_copyright