)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"6c8f488d690e0be2c425b562bf9b5957fd7d700e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"9b0a09bb_747ee2f5","updated":"2025-01-08 22:30:19.000000000","message":"At a high level, I think it makes sense. A slight concern, it is a boil the ocean effort, and it is going to take time. That being said, I *do* think it makes a lot of sense to detail out the variation and challenges.","commit_id":"24e19a6a80207e5e2dbfc87b6fd64395eea7fba9"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"722a97bfbd3fabbbf008ae1527855ceac3a9a83e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"db673f46_6482f76c","updated":"2025-01-10 19:24:38.000000000","message":"Thank you very much for doing this research.","commit_id":"24e19a6a80207e5e2dbfc87b6fd64395eea7fba9"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"e281f4ed7fba6a23a9989c849b4669bcfe8a663e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"1ea2785f_75eb86d1","updated":"2025-02-03 15:24:50.000000000","message":"Rebasing so new CI lint checks will run.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"f855cd81b7cef9c26e563f122a9f91a387d70f24","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"36959e3e_2a1a789f","updated":"2025-02-05 16:53:21.000000000","message":"Overall, This sounds good to me. I like the level of detail it is at, not too deep, but at a high level to help paint the picture. Thanks!","commit_id":"670a8b2c027e44cc8346446a9b140469ef969b29"}],"specs/approved/graphical-console.rst":[{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"f44c6b8612e92200fcbc64e10d0c5e99db8c9af5","unresolved":true,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Since it is possible to manage the bare metal VNC secret via Redfish, Ironic can"},{"line_number":100,"context_line":"fully manage the password, including periodic rotations, storing it in"},{"line_number":101,"context_line":"``driver_internal_info``."},{"line_number":102,"context_line":""},{"line_number":103,"context_line":"Drivers for non-VNC protocols"},{"line_number":104,"context_line":"-----------------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"0c0c7d5a_fa5e6d65","line":101,"updated":"2025-01-07 23:15:08.000000000","message":"I think a \u0027passthrough\u0027 driver should be written too. It can take a VNC url and a secret from driver_info. This would be useful for development and integration testing. And possibly for some scenarios where the infrastructure operator manages VNC connections separate from Ironic. Maybe not enabled by default until we understand the security implications.","commit_id":"081b68897b985778bc45a5955267bd9683c38a96"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3bf1d3ecfd360a0400c2a3a68629b7ca23ffb188","unresolved":true,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Since it is possible to manage the bare metal VNC secret via Redfish, Ironic can"},{"line_number":100,"context_line":"fully manage the password, including periodic rotations, storing it in"},{"line_number":101,"context_line":"``driver_internal_info``."},{"line_number":102,"context_line":""},{"line_number":103,"context_line":"Drivers for non-VNC protocols"},{"line_number":104,"context_line":"-----------------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ce89121f_5217cf93","line":101,"in_reply_to":"0c0c7d5a_fa5e6d65","updated":"2025-02-03 22:39:58.000000000","message":"I think that is super reasonable and sort of makes it easy to support with test VMs","commit_id":"081b68897b985778bc45a5955267bd9683c38a96"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":true,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"Since it is possible to manage the bare metal VNC secret via Redfish, Ironic can"},{"line_number":100,"context_line":"fully manage the password, including periodic rotations, storing it in"},{"line_number":101,"context_line":"``driver_internal_info``."},{"line_number":102,"context_line":""},{"line_number":103,"context_line":"Drivers for non-VNC protocols"},{"line_number":104,"context_line":"-----------------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"803dc6e3_69169993","line":101,"in_reply_to":"0c0c7d5a_fa5e6d65","updated":"2025-02-04 04:12:34.000000000","message":"This could be considered a security risk. We can do it later for now I would propose a fake driver which requires a vnc container that shows some animation","commit_id":"081b68897b985778bc45a5955267bd9683c38a96"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"722a97bfbd3fabbbf008ae1527855ceac3a9a83e","unresolved":true,"context_lines":[{"line_number":114,"context_line":"console which provides enough information for an external tool to start and"},{"line_number":115,"context_line":"stop containers as appropriate."},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"HP iLO driver"},{"line_number":118,"context_line":"~~~~~~~~~~~~~"},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"It is assumed that the java, .net, and windows clients have licenses which"}],"source_content_type":"text/x-rst","patch_set":2,"id":"9f744356_f65949cf","line":117,"updated":"2025-01-10 19:24:38.000000000","message":"This is extremely unfortunate. This is not a feature that will be useful to me unless we can figure out how to make it work on iLO. \n\nSeems like it\u0027d be incredibly difficult to implement a reasonable way to do this that would also pass muster in a well-secured environment.","commit_id":"24e19a6a80207e5e2dbfc87b6fd64395eea7fba9"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"48686383b5340a3fc9ad45eea66a00715ab55880","unresolved":true,"context_lines":[{"line_number":114,"context_line":"console which provides enough information for an external tool to start and"},{"line_number":115,"context_line":"stop containers as appropriate."},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"HP iLO driver"},{"line_number":118,"context_line":"~~~~~~~~~~~~~"},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"It is assumed that the java, .net, and windows clients have licenses which"}],"source_content_type":"text/x-rst","patch_set":2,"id":"10e78fa5_c646e0e8","line":117,"in_reply_to":"7a29cc24_e14b0716","updated":"2025-01-13 14:44:45.000000000","message":"FWIW, I think that is fair to have as a requirement at that level. Ultimately, there is not an easy button and defining a fairly firm contract, even if the ironic project itself only authors the ironic side of it, makes a lot of sense to me.","commit_id":"24e19a6a80207e5e2dbfc87b6fd64395eea7fba9"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"2efeb55b17e5ab48780bce6a5846af450e1e7671","unresolved":true,"context_lines":[{"line_number":114,"context_line":"console which provides enough information for an external tool to start and"},{"line_number":115,"context_line":"stop containers as appropriate."},{"line_number":116,"context_line":""},{"line_number":117,"context_line":"HP iLO driver"},{"line_number":118,"context_line":"~~~~~~~~~~~~~"},{"line_number":119,"context_line":""},{"line_number":120,"context_line":"It is assumed that the java, .net, and windows clients have licenses which"}],"source_content_type":"text/x-rst","patch_set":2,"id":"7a29cc24_e14b0716","line":117,"in_reply_to":"9f744356_f65949cf","updated":"2025-01-12 21:33:22.000000000","message":"iLO is a high priority for us too, but iDRAC will be first because it is relatively easy. I\u0027m going to refresh this spec with a more specific approach to non-VNC KVMIP. It will be something like:\n\n- novnc-proxy initiates the intermediate VNC by writing out a file from a template and waiting for another file which contains the VNC IP:PORT.\n- another service(*) watches for files and creates a container for each one which includes a running XVnc and a browser in kiosk mode\n- a greasemonkey script logs into the BMC web console and loads the html5 based console\n\nIt should be possible to lock down these XVnc+firefox containers enough to minimise new attack vectors\n\n(*) for devstack this can be a simple bespoke container orchestration script which runs podman commands. But kubernetes hosted ironic will need something like an operator to manage the XVnc pods","commit_id":"24e19a6a80207e5e2dbfc87b6fd64395eea7fba9"},{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"68787cb5aa0b6651c49239beeb91d757585248f9","unresolved":true,"context_lines":[{"line_number":22,"context_line":"Nova has for a long time provided VNC graphical console support via a NoVNC"},{"line_number":23,"context_line":"proxy for virtual machines. Ironic end users would like to access bare metal"},{"line_number":24,"context_line":"graphical consoles in the same way. There is currently no Redfish standardised"},{"line_number":25,"context_line":"method for managing baremetal consoles and each vendor exposes different"},{"line_number":26,"context_line":"methods and capabilities:"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"* Dell iDRAC: VNC fully manageable via oem Attributes supported by"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7a444798_a2b86bde","line":25,"range":{"start_line":25,"start_character":20,"end_line":25,"end_character":29},"updated":"2025-01-31 11:34:16.000000000","message":"nit: bare metal","commit_id":"db9114e050244b975a61789096775683dd4b49ca"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":false,"context_lines":[{"line_number":22,"context_line":"Nova has for a long time provided VNC graphical console support via a NoVNC"},{"line_number":23,"context_line":"proxy for virtual machines. Ironic end users would like to access bare metal"},{"line_number":24,"context_line":"graphical consoles in the same way. There is currently no Redfish standardised"},{"line_number":25,"context_line":"method for managing baremetal consoles and each vendor exposes different"},{"line_number":26,"context_line":"methods and capabilities:"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"* Dell iDRAC: VNC fully manageable via oem Attributes supported by"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9c1cf66d_94214a92","line":25,"range":{"start_line":25,"start_character":20,"end_line":25,"end_character":29},"in_reply_to":"7a444798_a2b86bde","updated":"2025-02-04 04:12:34.000000000","message":"Done","commit_id":"db9114e050244b975a61789096775683dd4b49ca"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":false,"context_lines":[{"line_number":22,"context_line":"Nova has for a long time provided VNC graphical console support via a NoVNC"},{"line_number":23,"context_line":"proxy for virtual machines. Ironic end users would like to access bare metal"},{"line_number":24,"context_line":"graphical consoles in the same way. There is currently no Redfish standardised"},{"line_number":25,"context_line":"method for managing baremetal consoles and each vendor exposes different"},{"line_number":26,"context_line":"methods and capabilities:"},{"line_number":27,"context_line":""},{"line_number":28,"context_line":"* Dell iDRAC: VNC fully manageable via oem Attributes supported by"}],"source_content_type":"text/x-rst","patch_set":3,"id":"d78e5006_ebe3d66b","line":25,"range":{"start_line":25,"start_character":20,"end_line":25,"end_character":29},"in_reply_to":"7a444798_a2b86bde","updated":"2025-02-04 04:12:34.000000000","message":"Done","commit_id":"db9114e050244b975a61789096775683dd4b49ca"},{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"68787cb5aa0b6651c49239beeb91d757585248f9","unresolved":true,"context_lines":[{"line_number":28,"context_line":"* Dell iDRAC: VNC fully manageable via oem Attributes supported by"},{"line_number":29,"context_line":"  sushy-oem-idrac, including changing password"},{"line_number":30,"context_line":"* HPE iLO 5: Requires html5/java/.net/windows client, not VNC related."},{"line_number":31,"context_line":"  No password management"},{"line_number":32,"context_line":"* Supermicro: Invocable via IPMI, VNC base but with a custom colorspace and"},{"line_number":33,"context_line":"  other additional opcodes so incompatible with standard VNC clients. Requires"},{"line_number":34,"context_line":"  html5/java or a fork of NoVNC[1]. KVMIP port 5900 is listed in"}],"source_content_type":"text/x-rst","patch_set":3,"id":"5a2076a5_e806bd96","line":31,"updated":"2025-01-31 11:34:16.000000000","message":"I would research and mention iLO 6 too as it\u0027s out there since a while","commit_id":"db9114e050244b975a61789096775683dd4b49ca"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3bf1d3ecfd360a0400c2a3a68629b7ca23ffb188","unresolved":true,"context_lines":[{"line_number":28,"context_line":"* Dell iDRAC: VNC fully manageable via oem Attributes supported by"},{"line_number":29,"context_line":"  sushy-oem-idrac, including changing password"},{"line_number":30,"context_line":"* HPE iLO 5: Requires html5/java/.net/windows client, not VNC related."},{"line_number":31,"context_line":"  No password management"},{"line_number":32,"context_line":"* Supermicro: Invocable via IPMI, VNC base but with a custom colorspace and"},{"line_number":33,"context_line":"  other additional opcodes so incompatible with standard VNC clients. Requires"},{"line_number":34,"context_line":"  html5/java or a fork of NoVNC[1]. KVMIP port 5900 is listed in"}],"source_content_type":"text/x-rst","patch_set":3,"id":"487d63c8_ffe53e43","line":31,"in_reply_to":"5a2076a5_e806bd96","updated":"2025-02-03 22:39:58.000000000","message":"I would drop the reference to iLO 5 specifically, just frame it as \"iLO\"","commit_id":"db9114e050244b975a61789096775683dd4b49ca"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":true,"context_lines":[{"line_number":28,"context_line":"* Dell iDRAC: VNC fully manageable via oem Attributes supported by"},{"line_number":29,"context_line":"  sushy-oem-idrac, including changing password"},{"line_number":30,"context_line":"* HPE iLO 5: Requires html5/java/.net/windows client, not VNC related."},{"line_number":31,"context_line":"  No password management"},{"line_number":32,"context_line":"* Supermicro: Invocable via IPMI, VNC base but with a custom colorspace and"},{"line_number":33,"context_line":"  other additional opcodes so incompatible with standard VNC clients. Requires"},{"line_number":34,"context_line":"  html5/java or a fork of NoVNC[1]. KVMIP port 5900 is listed in"}],"source_content_type":"text/x-rst","patch_set":3,"id":"47f84fd7_934a9643","line":31,"in_reply_to":"5a2076a5_e806bd96","updated":"2025-02-04 04:12:34.000000000","message":"I\u0027ll need to ask around to see if anyone can give me access to an iLO 6 host","commit_id":"db9114e050244b975a61789096775683dd4b49ca"},{"author":{"_account_id":23851,"name":"Riccardo Pittau","email":"elfosardo@gmail.com","username":"elfosardo"},"change_message_id":"68787cb5aa0b6651c49239beeb91d757585248f9","unresolved":true,"context_lines":[{"line_number":55,"context_line":"* adapting the process launch to use ``ironic.common.service``. This increases"},{"line_number":56,"context_line":"  the likelihood that the novnc-proxy service can be integrated into the"},{"line_number":57,"context_line":"  all-in-one ``singleprocess`` launcher."},{"line_number":58,"context_line":"* consolodating the ``nova.conf`` options from three groups to a single"},{"line_number":59,"context_line":"  ``ironic.conf`` ``[vnc]`` group."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"For some drivers, novnc-proxy will be connecting directly to a VNC server"}],"source_content_type":"text/x-rst","patch_set":3,"id":"4cf77742_5ceeee1f","line":58,"range":{"start_line":58,"start_character":2,"end_line":58,"end_character":15},"updated":"2025-01-31 11:34:16.000000000","message":"nit: consolidating","commit_id":"db9114e050244b975a61789096775683dd4b49ca"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":false,"context_lines":[{"line_number":55,"context_line":"* adapting the process launch to use ``ironic.common.service``. This increases"},{"line_number":56,"context_line":"  the likelihood that the novnc-proxy service can be integrated into the"},{"line_number":57,"context_line":"  all-in-one ``singleprocess`` launcher."},{"line_number":58,"context_line":"* consolodating the ``nova.conf`` options from three groups to a single"},{"line_number":59,"context_line":"  ``ironic.conf`` ``[vnc]`` group."},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"For some drivers, novnc-proxy will be connecting directly to a VNC server"}],"source_content_type":"text/x-rst","patch_set":3,"id":"09fb0377_477c1517","line":58,"range":{"start_line":58,"start_character":2,"end_line":58,"end_character":15},"in_reply_to":"4cf77742_5ceeee1f","updated":"2025-02-04 04:12:34.000000000","message":"Done","commit_id":"db9114e050244b975a61789096775683dd4b49ca"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"17e004a22361d90b984accdf7ccdd6cf693263ca","unresolved":true,"context_lines":[{"line_number":252,"context_line":""},{"line_number":253,"context_line":"Minimal except when each active session requires a headless VNC server"},{"line_number":254,"context_line":"container running. There may need to be a qouta implemented to avoid"},{"line_number":255,"context_line":"conductor node resource issues."},{"line_number":256,"context_line":""},{"line_number":257,"context_line":"Performance Impact"},{"line_number":258,"context_line":"------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"c511192d_a38705fe","line":255,"updated":"2025-01-30 19:45:18.000000000","message":"Local WIP is showing a container running xvfb+x11vnc+chromium showing an html5 based iLO driver takes 272MB of memory","commit_id":"db9114e050244b975a61789096775683dd4b49ca"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3bf1d3ecfd360a0400c2a3a68629b7ca23ffb188","unresolved":true,"context_lines":[{"line_number":104,"context_line":"Since it is possible to manage the bare metal VNC secret via Redfish, Ironic"},{"line_number":105,"context_line":"can fully manage the password, including periodic rotations, storing it in"},{"line_number":106,"context_line":"``driver_internal_info``."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"Drivers for non-VNC protocols"},{"line_number":109,"context_line":"-----------------------------"},{"line_number":110,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"9de1c210_abf6dcdf","line":107,"updated":"2025-02-03 22:39:58.000000000","message":"How does this relate to https://developer.dell.com/apis/2978/versions/7.xx/openapi.yaml/paths/~1redfish~1v1~1Managers~1%7BManagerId%7D~1Oem~1Dell~1DelliDRACCardService~1Actions~1DelliDRACCardService.GetKVMSession/post ?","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":true,"context_lines":[{"line_number":104,"context_line":"Since it is possible to manage the bare metal VNC secret via Redfish, Ironic"},{"line_number":105,"context_line":"can fully manage the password, including periodic rotations, storing it in"},{"line_number":106,"context_line":"``driver_internal_info``."},{"line_number":107,"context_line":""},{"line_number":108,"context_line":"Drivers for non-VNC protocols"},{"line_number":109,"context_line":"-----------------------------"},{"line_number":110,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"b65efaaf_06c76040","line":107,"in_reply_to":"9de1c210_abf6dcdf","updated":"2025-02-04 04:12:34.000000000","message":"I don\u0027t know, I need to poke at it. I\u0027ve been interacting with the /redfish/v1/Managers/{Manager}/Oem/Dell/DellAttributes/{Manager}/Settings to set and read the VNCServer.1.* settings","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3bf1d3ecfd360a0400c2a3a68629b7ca23ffb188","unresolved":true,"context_lines":[{"line_number":113,"context_line":"bare metal KVMIP. There are examples of headless VNC servers[3] which could"},{"line_number":114,"context_line":"become the basis of the container image build."},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"A template driven approach can be taken where a file is written out for each active"},{"line_number":117,"context_line":"console which provides enough information for an external tool to start and"},{"line_number":118,"context_line":"stop containers as appropriate. novnc-proxy can be responsible for writing out"},{"line_number":119,"context_line":"files based on these templates and waiting for another file to be written"}],"source_content_type":"text/x-rst","patch_set":4,"id":"285b17b7_973447ff","line":116,"updated":"2025-02-03 22:39:58.000000000","message":"We need to wrap to 80 chars, this is presently causing doc8 to fail.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":false,"context_lines":[{"line_number":113,"context_line":"bare metal KVMIP. There are examples of headless VNC servers[3] which could"},{"line_number":114,"context_line":"become the basis of the container image build."},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"A template driven approach can be taken where a file is written out for each active"},{"line_number":117,"context_line":"console which provides enough information for an external tool to start and"},{"line_number":118,"context_line":"stop containers as appropriate. novnc-proxy can be responsible for writing out"},{"line_number":119,"context_line":"files based on these templates and waiting for another file to be written"}],"source_content_type":"text/x-rst","patch_set":4,"id":"0b7fb2b3_ba0643c7","line":116,"in_reply_to":"285b17b7_973447ff","updated":"2025-02-04 04:12:34.000000000","message":"gqap","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3bf1d3ecfd360a0400c2a3a68629b7ca23ffb188","unresolved":true,"context_lines":[{"line_number":124,"context_line":"will manage the lifecycle of these VNC containers via podman. This service may"},{"line_number":125,"context_line":"be appropriate for some deployment architectures but not all. For example,"},{"line_number":126,"context_line":"Ironic managed by kubernetes would need something like an operator to monitor"},{"line_number":127,"context_line":"for changes to these files and manage the VNC pods. This file based interface will"},{"line_number":128,"context_line":"be documented with the intention of supporting other container management"},{"line_number":129,"context_line":"implementations."},{"line_number":130,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"edc4385c_c1627502","line":127,"updated":"2025-02-03 22:39:58.000000000","message":"We need to wrap to 80 chars, this is presently causing doc8 to fail.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":false,"context_lines":[{"line_number":124,"context_line":"will manage the lifecycle of these VNC containers via podman. This service may"},{"line_number":125,"context_line":"be appropriate for some deployment architectures but not all. For example,"},{"line_number":126,"context_line":"Ironic managed by kubernetes would need something like an operator to monitor"},{"line_number":127,"context_line":"for changes to these files and manage the VNC pods. This file based interface will"},{"line_number":128,"context_line":"be documented with the intention of supporting other container management"},{"line_number":129,"context_line":"implementations."},{"line_number":130,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"dbf0660e_3137c2d4","line":127,"in_reply_to":"edc4385c_c1627502","updated":"2025-02-04 04:12:34.000000000","message":"gqap","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3bf1d3ecfd360a0400c2a3a68629b7ca23ffb188","unresolved":true,"context_lines":[{"line_number":135,"context_line":"make redistribution impractical. End users could always be given instructions"},{"line_number":136,"context_line":"for how to build their own container image with the supported client."},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"Instead, a locked-down firefox running in kiosk mode can run a greasemonkey script which:"},{"line_number":139,"context_line":"- performs a Redfish authentication request"},{"line_number":140,"context_line":"- sets the browser session cookie"},{"line_number":141,"context_line":"- loads the html5 based graphical console"}],"source_content_type":"text/x-rst","patch_set":4,"id":"d77bcf42_f8e4846a","line":138,"updated":"2025-02-03 22:39:58.000000000","message":"We should wrap to 80 chars, this is presently causing doc8 to fail.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":false,"context_lines":[{"line_number":135,"context_line":"make redistribution impractical. End users could always be given instructions"},{"line_number":136,"context_line":"for how to build their own container image with the supported client."},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"Instead, a locked-down firefox running in kiosk mode can run a greasemonkey script which:"},{"line_number":139,"context_line":"- performs a Redfish authentication request"},{"line_number":140,"context_line":"- sets the browser session cookie"},{"line_number":141,"context_line":"- loads the html5 based graphical console"}],"source_content_type":"text/x-rst","patch_set":4,"id":"98dd7b26_f5e0f6bb","line":138,"in_reply_to":"d77bcf42_f8e4846a","updated":"2025-02-04 04:12:34.000000000","message":"gqap","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3bf1d3ecfd360a0400c2a3a68629b7ca23ffb188","unresolved":true,"context_lines":[{"line_number":138,"context_line":"Instead, a locked-down firefox running in kiosk mode can run a greasemonkey script which:"},{"line_number":139,"context_line":"- performs a Redfish authentication request"},{"line_number":140,"context_line":"- sets the browser session cookie"},{"line_number":141,"context_line":"- loads the html5 based graphical console"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"Supermicro driver"},{"line_number":144,"context_line":"~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":4,"id":"2b0f52ec_d96f3ecd","line":141,"updated":"2025-02-03 22:39:58.000000000","message":"I wonder if we can lock down the runtime so you can\u0027t navigate anywhere else...","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":true,"context_lines":[{"line_number":138,"context_line":"Instead, a locked-down firefox running in kiosk mode can run a greasemonkey script which:"},{"line_number":139,"context_line":"- performs a Redfish authentication request"},{"line_number":140,"context_line":"- sets the browser session cookie"},{"line_number":141,"context_line":"- loads the html5 based graphical console"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"Supermicro driver"},{"line_number":144,"context_line":"~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":4,"id":"5645322b_81de2912","line":141,"in_reply_to":"2b0f52ec_d96f3ecd","updated":"2025-02-04 04:12:34.000000000","message":"Chromium in app mode will limit browsing to one domain.\n\nWith selenium we can inject arbitrary javascript so that is one avenue to disabling/hiding other management elements.\n\nWe could try weird things like custom X11 apps which are solid rectangles to prevent clicks. But for a start I think we should default to read-only and defer this risk to customers who can turn it on based on their requirements.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"d7a9d54661eb24ab1b87c599910579106940f433","unresolved":true,"context_lines":[{"line_number":138,"context_line":"Instead, a locked-down firefox running in kiosk mode can run a greasemonkey script which:"},{"line_number":139,"context_line":"- performs a Redfish authentication request"},{"line_number":140,"context_line":"- sets the browser session cookie"},{"line_number":141,"context_line":"- loads the html5 based graphical console"},{"line_number":142,"context_line":""},{"line_number":143,"context_line":"Supermicro driver"},{"line_number":144,"context_line":"~~~~~~~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":4,"id":"bce32e10_87523bae","line":141,"in_reply_to":"5645322b_81de2912","updated":"2025-02-05 16:51:15.000000000","message":"I think this is reasonable.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3bf1d3ecfd360a0400c2a3a68629b7ca23ffb188","unresolved":true,"context_lines":[{"line_number":148,"context_line":"upstream NoVNC for Supermicro extensions[4] could be rebased and supported"},{"line_number":149,"context_line":"until it is merged, then a driver which sets up a connection directly to the"},{"line_number":150,"context_line":"BMC VNC can be developed."},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"Investigation is still required whether the bare metal VNC secret can be set"},{"line_number":153,"context_line":"via IPMI. If not, the end user will need to manage it manually and set it in"},{"line_number":154,"context_line":"``driver_info``."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"Alternatives"},{"line_number":157,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"b04fb7c6_9fd27d24","line":154,"range":{"start_line":151,"start_character":0,"end_line":154,"end_character":16},"updated":"2025-02-03 22:39:58.000000000","message":"I *suspect*, we mightneed to possibly take an ilo-similar path:\n\nhttps://www.supermicro.com/manuals/other/redfish-user-guide-4-0/Content/general-content/bmc-configuration-examples.htm#ikvm\n\nI have an ?x11? machine I could upgrade and see if that is available. It does support the kvm on the webui today.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"d7a9d54661eb24ab1b87c599910579106940f433","unresolved":true,"context_lines":[{"line_number":148,"context_line":"upstream NoVNC for Supermicro extensions[4] could be rebased and supported"},{"line_number":149,"context_line":"until it is merged, then a driver which sets up a connection directly to the"},{"line_number":150,"context_line":"BMC VNC can be developed."},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"Investigation is still required whether the bare metal VNC secret can be set"},{"line_number":153,"context_line":"via IPMI. If not, the end user will need to manage it manually and set it in"},{"line_number":154,"context_line":"``driver_info``."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"Alternatives"},{"line_number":157,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"2275f0ac_b52fc9e6","line":154,"range":{"start_line":151,"start_character":0,"end_line":154,"end_character":16},"in_reply_to":"a3323975_3fae220b","updated":"2025-02-05 16:51:15.000000000","message":"Cool, reasonable.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":true,"context_lines":[{"line_number":148,"context_line":"upstream NoVNC for Supermicro extensions[4] could be rebased and supported"},{"line_number":149,"context_line":"until it is merged, then a driver which sets up a connection directly to the"},{"line_number":150,"context_line":"BMC VNC can be developed."},{"line_number":151,"context_line":""},{"line_number":152,"context_line":"Investigation is still required whether the bare metal VNC secret can be set"},{"line_number":153,"context_line":"via IPMI. If not, the end user will need to manage it manually and set it in"},{"line_number":154,"context_line":"``driver_info``."},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"Alternatives"},{"line_number":157,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"a3323975_3fae220b","line":154,"range":{"start_line":151,"start_character":0,"end_line":154,"end_character":16},"in_reply_to":"b04fb7c6_9fd27d24","updated":"2025-02-04 04:12:34.000000000","message":"I do have a working selenium script to show a supermicro console but it is more hacky than the iLO one, so replacing some of that with redfish calls would be nice. I\u0027ll look into this. Supermicro isn\u0027t much of a priority for anyone we know of though so I wouldn\u0027t spend too much time for now.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"3bf1d3ecfd360a0400c2a3a68629b7ca23ffb188","unresolved":true,"context_lines":[{"line_number":169,"context_line":""},{"line_number":170,"context_line":"An alternative approach for the read-only support would be to force all"},{"line_number":171,"context_line":"drivers through the headless VNC server approach and optionally run the server"},{"line_number":172,"context_line":"in read-only mode. Forcing all drivers into this layered model could also"},{"line_number":173,"context_line":"provide more networking flexibility for some deployment scenarios. The"},{"line_number":174,"context_line":"disadvantage would be the overhead of nested VNC for those drivers where it is"},{"line_number":175,"context_line":"not strictly necessary."},{"line_number":176,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"61b9640f_9b913174","line":173,"range":{"start_line":172,"start_character":19,"end_line":173,"end_character":67},"updated":"2025-02-03 22:39:58.000000000","message":"I\u0027m just going to note, this *really* resonates with me in terms of trying to lean *hard* towards solving browser driven interactions.  It sort of solves the abstraction layer, for the most part.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"cee1a336fde84241c0ac959ed03dee90389278f9","unresolved":true,"context_lines":[{"line_number":169,"context_line":""},{"line_number":170,"context_line":"An alternative approach for the read-only support would be to force all"},{"line_number":171,"context_line":"drivers through the headless VNC server approach and optionally run the server"},{"line_number":172,"context_line":"in read-only mode. Forcing all drivers into this layered model could also"},{"line_number":173,"context_line":"provide more networking flexibility for some deployment scenarios. The"},{"line_number":174,"context_line":"disadvantage would be the overhead of nested VNC for those drivers where it is"},{"line_number":175,"context_line":"not strictly necessary."},{"line_number":176,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"81137782_eb0cd50a","line":173,"range":{"start_line":172,"start_character":19,"end_line":173,"end_character":67},"in_reply_to":"61b9640f_9b913174","updated":"2025-02-04 04:12:34.000000000","message":"The current iDRAC driver also poses a problem for the nova ironic driver. Nova requires drivers to supply a vnc host/port, but we can\u0027t expect the bmc host/port to be accessible from nova-novncproxy. If all vnc endpoints are actually running in containers in proximity to ironic services then we *can* supply nova with a working host/port in all cases.\n\nThe iDRAC driver was an easy win, but since I have made so much progress on the browser/vnc/container approach for iLO I would now be fine with re-jigging this spec to insist all drivers follow this model.","commit_id":"e8fb4c88ad8f0366f7754378cf51426b2d7c7afc"},{"author":{"_account_id":10342,"name":"Jay Faulkner","display_name":"JayF","email":"jay@jvf.cc","username":"JayF","status":"youtube.com/@oss-gr / podcast.gr-oss.io"},"change_message_id":"555bb157af7ead100a968a7c7ae9478fd53d63cf","unresolved":true,"context_lines":[{"line_number":224,"context_line":"other nova driver. This requires that the Ironic driver provide an actual VNC"},{"line_number":225,"context_line":"host and port rather than a NoVNC URL. The Ironic driver can read the"},{"line_number":226,"context_line":"``driver_internal_info`` directly to fetch ``vnc_host`` and ``vnc_port``"},{"line_number":227,"context_line":"values. These will become part of an internal API contract."},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"Ramdisk impact"},{"line_number":230,"context_line":"--------------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"11395097_97ee0f93","line":227,"updated":"2025-02-05 17:02:53.000000000","message":"What impact does this have on access requirements? This means, I presume, that you have to allow nova computes access to the containers being spun up, which have access to the BMC network? This is going to be architecturally tough for some people, even if unavoidable.","commit_id":"670a8b2c027e44cc8346446a9b140469ef969b29"},{"author":{"_account_id":11655,"name":"Julia Kreger","email":"juliaashleykreger@gmail.com","username":"jkreger","status":"Flying to the moon with a Jetpack!"},"change_message_id":"f8c25882f918d262094eacfcb05dfb284062a651","unresolved":true,"context_lines":[{"line_number":224,"context_line":"other nova driver. This requires that the Ironic driver provide an actual VNC"},{"line_number":225,"context_line":"host and port rather than a NoVNC URL. The Ironic driver can read the"},{"line_number":226,"context_line":"``driver_internal_info`` directly to fetch ``vnc_host`` and ``vnc_port``"},{"line_number":227,"context_line":"values. These will become part of an internal API contract."},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"Ramdisk impact"},{"line_number":230,"context_line":"--------------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"74f3c1a0_125ea70e","line":227,"in_reply_to":"11395097_97ee0f93","updated":"2025-02-07 21:17:25.000000000","message":"I happened to discuss this with Steve. The idea would be nova services connect to a new ironic service which handles proxying access to the console. That way we don\u0027t have nova services talking directly to bmcs.","commit_id":"670a8b2c027e44cc8346446a9b140469ef969b29"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"039c4edbb4d4ecaa326b018a889c09750e36fcf7","unresolved":true,"context_lines":[{"line_number":224,"context_line":"other nova driver. This requires that the Ironic driver provide an actual VNC"},{"line_number":225,"context_line":"host and port rather than a NoVNC URL. The Ironic driver can read the"},{"line_number":226,"context_line":"``driver_internal_info`` directly to fetch ``vnc_host`` and ``vnc_port``"},{"line_number":227,"context_line":"values. These will become part of an internal API contract."},{"line_number":228,"context_line":""},{"line_number":229,"context_line":"Ramdisk impact"},{"line_number":230,"context_line":"--------------"}],"source_content_type":"text/x-rst","patch_set":5,"id":"5ba363e6_0798884c","line":227,"in_reply_to":"74f3c1a0_125ea70e","updated":"2025-02-09 21:30:25.000000000","message":"The browser containers will need both access to BMCs and will also expose a VNC port that needs to be accessible to the nova-novncproxy service (and ironic-novncproxy). So nova-novncproxy doesn\u0027t require direct access to BMCs but yes accessing the VNC container may be a challenge in some architectures.","commit_id":"670a8b2c027e44cc8346446a9b140469ef969b29"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"d1809d796dc3bc7b29a1b2c3a105b409b0dbd3b9","unresolved":true,"context_lines":[{"line_number":253,"context_line":""},{"line_number":254,"context_line":"None"},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"Security impact"},{"line_number":257,"context_line":"---------------"},{"line_number":258,"context_line":""},{"line_number":259,"context_line":"This opens a new way to get privileged access to the running bare metal,"}],"source_content_type":"text/x-rst","patch_set":7,"id":"2b30d012_fb5a2f00","line":256,"range":{"start_line":256,"start_character":0,"end_line":256,"end_character":15},"updated":"2025-02-19 20:13:46.000000000","message":"It would be nice to call out here how the internals of the openstack control plane should be protected from any actions that the browser may be coerced into making, maybe as a result of a bug or exploit in the browser, or some bug or injection attack against the BMC which in turn causes the browser to behave maliciously.\n\nThis spec calls for the containerisation of the browser/xvnc components, but it remains that those components are networked to the host they run on, which in turn necessarily has access to some or all of the internal management network for the vnc proxy API, and the bmc network at a minimum.","commit_id":"32d52398b71c30509a5da9ed6c7464150010bbd4"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"a734ac219765b2dc59d4bf63920e5fdca724c069","unresolved":true,"context_lines":[{"line_number":253,"context_line":""},{"line_number":254,"context_line":"None"},{"line_number":255,"context_line":""},{"line_number":256,"context_line":"Security impact"},{"line_number":257,"context_line":"---------------"},{"line_number":258,"context_line":""},{"line_number":259,"context_line":"This opens a new way to get privileged access to the running bare metal,"}],"source_content_type":"text/x-rst","patch_set":7,"id":"a44298a9_67a383c2","line":256,"range":{"start_line":256,"start_character":0,"end_line":256,"end_character":15},"in_reply_to":"2b30d012_fb5a2f00","updated":"2025-02-19 20:35:25.000000000","message":"A valid comment. This can be covered in the high-level documentation","commit_id":"32d52398b71c30509a5da9ed6c7464150010bbd4"},{"author":{"_account_id":25023,"name":"Jonathan Rosser","email":"jonathan.rosser@rd.bbc.co.uk","username":"jrosser"},"change_message_id":"d1809d796dc3bc7b29a1b2c3a105b409b0dbd3b9","unresolved":true,"context_lines":[{"line_number":342,"context_line":"Upgrades and Backwards Compatibility"},{"line_number":343,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"No backward compatibility issues. Upgrade tooling will need to manage the"},{"line_number":346,"context_line":"new novnc-proxy service and whatever tool is used to manage headless VNC"},{"line_number":347,"context_line":"containers."},{"line_number":348,"context_line":""},{"line_number":349,"context_line":"Documentation Impact"},{"line_number":350,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":7,"id":"abb5a89c_96c285f8","line":347,"range":{"start_line":345,"start_character":0,"end_line":347,"end_character":11},"updated":"2025-02-19 20:13:46.000000000","message":"Upgrade here seems to describe moving from the situation without the novnc-proxy, to ending up having the novnc-proxy deployed.\n\nUpgrade between releases once the novnc-proxy is deployed whilst maintaining a good end-user experience is a different matter, typically taking advantage of any high-availability capability of the services being upgraded. I don\u0027t see any mention of failover or high-availability in the spec to allow reasonable service upgrades or tolerance of a host failure running the novnc-proxy service.","commit_id":"32d52398b71c30509a5da9ed6c7464150010bbd4"},{"author":{"_account_id":4571,"name":"Steve Baker","email":"sbaker@redhat.com","username":"steve-stevebaker"},"change_message_id":"a734ac219765b2dc59d4bf63920e5fdca724c069","unresolved":true,"context_lines":[{"line_number":342,"context_line":"Upgrades and Backwards Compatibility"},{"line_number":343,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":344,"context_line":""},{"line_number":345,"context_line":"No backward compatibility issues. Upgrade tooling will need to manage the"},{"line_number":346,"context_line":"new novnc-proxy service and whatever tool is used to manage headless VNC"},{"line_number":347,"context_line":"containers."},{"line_number":348,"context_line":""},{"line_number":349,"context_line":"Documentation Impact"},{"line_number":350,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":7,"id":"a532cdb7_66e053c8","line":347,"range":{"start_line":345,"start_character":0,"end_line":347,"end_character":11},"in_reply_to":"abb5a89c_96c285f8","updated":"2025-02-19 20:35:25.000000000","message":"When a conductor process stops, any active console session will terminate for nodes that conductor manages. When a conductor starts, existing active console sessions will be made available again. If a node changes conductor in this process then the novnc url will most likely change. Hopefully this can be mitigated in the nova driver such that a console session will resume just by refreshing the Horizon browser page.\n\nBut I do think we need to clarify the purpose of this feature. It is for briefly enabling a console to do something needful. We will have to set the expectations of the console running over conductor restarts.","commit_id":"32d52398b71c30509a5da9ed6c7464150010bbd4"}]}