)]}'
{"specs/juno/serial-ports.rst":[{"author":{"_account_id":3217,"name":"Ian Wells","username":"ijw-ubuntu"},"change_message_id":"065271c87f608fc34739449ef0f79e11226cf59a","unresolved":false,"context_lines":[{"line_number":16,"context_line":"logs that are hard to maintain, grow indefinitely, don\u0027t have clear design on"},{"line_number":17,"context_line":"instance migrations and the users cannot interact with them. The point is not"},{"line_number":18,"context_line":"to eliminate the serial console logs, but to give the users another option"},{"line_number":19,"context_line":"besides logging to a file and to expose an interactive serial console."},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"Problem description"},{"line_number":22,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2F2BI%3D","line":19,"updated":"2014-04-10 01:06:31.000000000","message":"Personally, I wrote this without consideration for logs whatsoever, so I think it\u0027s clear that we have two use cases.  (I simply wanted to simulate network devices with serial ports access.)","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":3217,"name":"Ian Wells","username":"ijw-ubuntu"},"change_message_id":"065271c87f608fc34739449ef0f79e11226cf59a","unresolved":false,"context_lines":[{"line_number":51,"context_line":"  * Drop the first user and give the access to the new one."},{"line_number":52,"context_line":"  * Reject the new request and keep the serial console to the first user that"},{"line_number":53,"context_line":"    obtained access to it."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* Add a config param to assign the max number of serial ports and open all of"},{"line_number":56,"context_line":"  them when the instance is booted."},{"line_number":57,"context_line":"* Specify the nuber of serial ports in the image metadata and open all of the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2F2Ag%3D","line":54,"updated":"2014-04-10 01:06:31.000000000","message":"Actually, there\u0027s a third and preferable solution - have a \u0027clear this line\u0027 command separate from the \u0027connect\u0027 command (or a flag to integrate that with the original \u0027connect\u0027 call).  This is a well studied problem when working with serial port concentrators.\n\nAlso, there\u0027s nothing about the patch currently on the table which says that the number of serial ports is limited to one - but it is static.  You maybe want to be clearer about what you\u0027re trying to express, here.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"c29af96f062dc486b4b36d63e8578dad71acfa9e","unresolved":false,"context_lines":[{"line_number":51,"context_line":"  * Drop the first user and give the access to the new one."},{"line_number":52,"context_line":"  * Reject the new request and keep the serial console to the first user that"},{"line_number":53,"context_line":"    obtained access to it."},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* Add a config param to assign the max number of serial ports and open all of"},{"line_number":56,"context_line":"  them when the instance is booted."},{"line_number":57,"context_line":"* Specify the nuber of serial ports in the image metadata and open all of the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2FrLk%3D","line":54,"in_reply_to":"AAAAW3%2F%2F2Ag%3D","updated":"2014-04-11 08:30:56.000000000","message":"This would be have to be implemented in the hypervisors if I\u0027m not mistaking, right? It\u0027s not relevant to nova if e.g. QEMU doesn\u0027t have a \u0027clear this line\u0027 command.\n\nThere\u0027s nothing in the patch, but it may, or may not not be a good way to get the number of consoles through the image metadata. I wanted to hear what other people have to say on this so I layed out everything I could think of.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":3217,"name":"Ian Wells","username":"ijw-ubuntu"},"change_message_id":"065271c87f608fc34739449ef0f79e11226cf59a","unresolved":false,"context_lines":[{"line_number":55,"context_line":"* Add a config param to assign the max number of serial ports and open all of"},{"line_number":56,"context_line":"  them when the instance is booted."},{"line_number":57,"context_line":"* Specify the nuber of serial ports in the image metadata and open all of the"},{"line_number":58,"context_line":"  ports on boot."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"This would affect the way we retrieve the serial consoles in the compute manager"},{"line_number":61,"context_line":"and the request parameters in the API. If there are multiple consoles we\u0027d need"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2F2AQ%3D","line":58,"updated":"2014-04-10 01:06:31.000000000","message":"In what sense are we \u0027open\u0027ing a port here?  Serial ports always accept data on the guest side, and can be opened at any time on the non-guest side - but they can\u0027t be opened on startup unless you specify, at startup, some client to do the opening.  I\u0027m not quite sure if we\u0027re talking at cross purposes here.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":1779,"name":"Daniel Berrange","email":"berrange@redhat.com","username":"berrange"},"change_message_id":"63d631c079d53ed15c17bb97ed9b86e193ddf427","unresolved":false,"context_lines":[{"line_number":55,"context_line":"* Add a config param to assign the max number of serial ports and open all of"},{"line_number":56,"context_line":"  them when the instance is booted."},{"line_number":57,"context_line":"* Specify the nuber of serial ports in the image metadata and open all of the"},{"line_number":58,"context_line":"  ports on boot."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"This would affect the way we retrieve the serial consoles in the compute manager"},{"line_number":61,"context_line":"and the request parameters in the API. If there are multiple consoles we\u0027d need"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2Fz24%3D","line":58,"updated":"2014-04-10 09:06:57.000000000","message":"With KVM at least you can have arbitrarily many virtio-console devices in the guest (limited only by the available PCI slots).  I\u0027d say we should support multiple interactive console devices  per guest.\n\nIf a user is already connected, then reject the attempt of a second user to access the console, but have an API to forceably disconnect an existing session. The latter would be particularly important to cope with hung sessions where the client network went away before they cleanly closed. the console.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"c29af96f062dc486b4b36d63e8578dad71acfa9e","unresolved":false,"context_lines":[{"line_number":55,"context_line":"* Add a config param to assign the max number of serial ports and open all of"},{"line_number":56,"context_line":"  them when the instance is booted."},{"line_number":57,"context_line":"* Specify the nuber of serial ports in the image metadata and open all of the"},{"line_number":58,"context_line":"  ports on boot."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"This would affect the way we retrieve the serial consoles in the compute manager"},{"line_number":61,"context_line":"and the request parameters in the API. If there are multiple consoles we\u0027d need"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2Fzns%3D","line":58,"in_reply_to":"AAAAW3%2F%2F2AQ%3D","updated":"2014-04-11 08:30:56.000000000","message":"By \u0027open\u0027ing I mean creating a pty / adding a channel in libvirt, but you\u0027re right, it needs to be clear.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":1779,"name":"Daniel Berrange","email":"berrange@redhat.com","username":"berrange"},"change_message_id":"ef22fdf436e27127bf6cafc38cf9db1250a4d114","unresolved":false,"context_lines":[{"line_number":55,"context_line":"* Add a config param to assign the max number of serial ports and open all of"},{"line_number":56,"context_line":"  them when the instance is booted."},{"line_number":57,"context_line":"* Specify the nuber of serial ports in the image metadata and open all of the"},{"line_number":58,"context_line":"  ports on boot."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"This would affect the way we retrieve the serial consoles in the compute manager"},{"line_number":61,"context_line":"and the request parameters in the API. If there are multiple consoles we\u0027d need"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2FrCs%3D","line":58,"in_reply_to":"AAAAW3%2F%2FrNQ%3D","updated":"2014-04-11 08:52:42.000000000","message":"Just an image property to indicate how many consoles we want.\n\nAt a later time you could get clever and do hotplug so the user can request new consoles to be added on the fly, but that\u0027s out of scope for this initial work.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"c29af96f062dc486b4b36d63e8578dad71acfa9e","unresolved":false,"context_lines":[{"line_number":55,"context_line":"* Add a config param to assign the max number of serial ports and open all of"},{"line_number":56,"context_line":"  them when the instance is booted."},{"line_number":57,"context_line":"* Specify the nuber of serial ports in the image metadata and open all of the"},{"line_number":58,"context_line":"  ports on boot."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"This would affect the way we retrieve the serial consoles in the compute manager"},{"line_number":61,"context_line":"and the request parameters in the API. If there are multiple consoles we\u0027d need"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2FrNQ%3D","line":58,"in_reply_to":"AAAAW3%2F%2Fz24%3D","updated":"2014-04-11 08:30:56.000000000","message":"If we support multiple serial consoles, then how do we pass to nova how many serial consoles an instance would have? Config or image metadata?","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":3217,"name":"Ian Wells","username":"ijw-ubuntu"},"change_message_id":"065271c87f608fc34739449ef0f79e11226cf59a","unresolved":false,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"This would be the perfect solution taking that openstack has almost everything"},{"line_number":73,"context_line":"we need for SPICE, but sadly it works only with QEMU and can\u0027t be used as the"},{"line_number":74,"context_line":"default option."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"SPICE opens only one serial port for the console and doesn\u0027t allow multiple"},{"line_number":77,"context_line":"users to connect to the stream. The default behaviour is dropping the first"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2F2AA%3D","line":74,"updated":"2014-04-10 01:06:31.000000000","message":"Or Xen. Or physical boxes.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"c29af96f062dc486b4b36d63e8578dad71acfa9e","unresolved":false,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"This would be the perfect solution taking that openstack has almost everything"},{"line_number":73,"context_line":"we need for SPICE, but sadly it works only with QEMU and can\u0027t be used as the"},{"line_number":74,"context_line":"default option."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"SPICE opens only one serial port for the console and doesn\u0027t allow multiple"},{"line_number":77,"context_line":"users to connect to the stream. The default behaviour is dropping the first"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2Fzps%3D","line":74,"in_reply_to":"AAAAW3%2F%2F2AA%3D","updated":"2014-04-11 08:30:56.000000000","message":"I\u0027ll add Xen in the next review, but physical boxes are of no interest here afaik, or am I wrong?","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":1779,"name":"Daniel Berrange","email":"berrange@redhat.com","username":"berrange"},"change_message_id":"ef22fdf436e27127bf6cafc38cf9db1250a4d114","unresolved":false,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"This would be the perfect solution taking that openstack has almost everything"},{"line_number":73,"context_line":"we need for SPICE, but sadly it works only with QEMU and can\u0027t be used as the"},{"line_number":74,"context_line":"default option."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"SPICE opens only one serial port for the console and doesn\u0027t allow multiple"},{"line_number":77,"context_line":"users to connect to the stream. The default behaviour is dropping the first"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2FrCY%3D","line":74,"in_reply_to":"AAAAW3%2F%2Fzps%3D","updated":"2014-04-11 08:52:42.000000000","message":"Likewise LXC.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":3217,"name":"Ian Wells","username":"ijw-ubuntu"},"change_message_id":"065271c87f608fc34739449ef0f79e11226cf59a","unresolved":false,"context_lines":[{"line_number":74,"context_line":"default option."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"SPICE opens only one serial port for the console and doesn\u0027t allow multiple"},{"line_number":77,"context_line":"users to connect to the stream. The default behaviour is dropping the first"},{"line_number":78,"context_line":"user and giving the stream to the newly connected user."},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"Data model impact"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2F1%2FY%3D","line":77,"updated":"2014-04-10 01:06:31.000000000","message":"How easy is it to programmatically interact with SPICE?  Websockets were chosen as a conveniently programmable method.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":1779,"name":"Daniel Berrange","email":"berrange@redhat.com","username":"berrange"},"change_message_id":"ef22fdf436e27127bf6cafc38cf9db1250a4d114","unresolved":false,"context_lines":[{"line_number":74,"context_line":"default option."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"SPICE opens only one serial port for the console and doesn\u0027t allow multiple"},{"line_number":77,"context_line":"users to connect to the stream. The default behaviour is dropping the first"},{"line_number":78,"context_line":"user and giving the stream to the newly connected user."},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"Data model impact"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2FrBk%3D","line":77,"in_reply_to":"AAAAW3%2F%2F1%2FY%3D","updated":"2014-04-11 08:52:42.000000000","message":"There already exists a SPICE HTML5 client written with websockets so I think that answers the question :-)\n\nSeriously though, I think SPICE is primarily of interest for the case where people want a fat-desktop client for interacting with their Nova guest, since that\u0027s where the SPICE protocol really excels over things like VNC.\n\nSo I think the plain websockets console impl as the default makes sense, with SPICE integration as an optional extra.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":7,"name":"Jay Pipes","email":"jaypipes@gmail.com","username":"jaypipes"},"change_message_id":"d850e8282cb572a69621b8c6e517e7f3dd08f62c","unresolved":false,"context_lines":[{"line_number":98,"context_line":""},{"line_number":99,"context_line":"* tenant_id: The ID for the tenant or account in a multi-tenancy cloud."},{"line_number":100,"context_line":"* server_id: The UUID for the server to get the serial console for."},{"line_number":101,"context_line":"* serial_port: The number of the serial port (pty) to connect to."},{"line_number":102,"context_line":"* console_type: websocket or spice-html5"},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"JSON request"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAXH%2F%2FvXw%3D","line":101,"updated":"2014-04-17 19:37:07.000000000","message":"How would the user know this value? Put another way, why would the user necessarily care about the port number?","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":3217,"name":"Ian Wells","username":"ijw-ubuntu"},"change_message_id":"065271c87f608fc34739449ef0f79e11226cf59a","unresolved":false,"context_lines":[{"line_number":161,"context_line":""},{"line_number":162,"context_line":"The opening of TCP ports in the hypervisor node can enable anyone to gain access"},{"line_number":163,"context_line":"to any of the serial consoles by scanning for open ports if the ports specified"},{"line_number":164,"context_line":"in serial_console_port_range are visible to the public."},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"Notifications impact"},{"line_number":167,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2F1%2Fo%3D","line":164,"updated":"2014-04-10 01:06:31.000000000","message":"Worth noting that the open hypervisor ports are not usually externally exposed - this is no better or worse than VNC.","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"c29af96f062dc486b4b36d63e8578dad71acfa9e","unresolved":false,"context_lines":[{"line_number":161,"context_line":""},{"line_number":162,"context_line":"The opening of TCP ports in the hypervisor node can enable anyone to gain access"},{"line_number":163,"context_line":"to any of the serial consoles by scanning for open ports if the ports specified"},{"line_number":164,"context_line":"in serial_console_port_range are visible to the public."},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"Notifications impact"},{"line_number":167,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"AAAAW3%2F%2FrJk%3D","line":164,"in_reply_to":"AAAAW3%2F%2F1%2Fo%3D","updated":"2014-04-11 08:30:56.000000000","message":"Will add the note in the next review","commit_id":"878704dbaddda6c0c2caa1b327b3b035cabc30f4"},{"author":{"_account_id":1779,"name":"Daniel Berrange","email":"berrange@redhat.com","username":"berrange"},"change_message_id":"c9c7a337b079a307cb9355f0d7bdadf5e9fdd3dd","unresolved":false,"context_lines":[{"line_number":152,"context_line":"access to any of the serial consoles by scanning for open ports if the ports"},{"line_number":153,"context_line":"specified in serial_console_port_range are visible to the public."},{"line_number":154,"context_line":"Usually the hypervisor ports aren\u0027t externally exposed, so this wouldn\u0027t be any"},{"line_number":155,"context_line":"better or worse than VNC."},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"Notifications impact"},{"line_number":158,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"1ae5cdf2_9ffe77ad","line":155,"updated":"2014-06-16 15:35:45.000000000","message":"This insecurity of VNC is being tackled by a blueprint  that will add strong auth to VNC on the internal network. That\u0027s not a reason to block this serial console feature though. We can work with QEMU community at a later date to get SSL support for their character device sockets it exposes.","commit_id":"b3e79946706000fd1c7ee0c89eaef4e3e4016729"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"2468762e8515b8ea28cb3ff32a10ccdf88cc3a63","unresolved":false,"context_lines":[{"line_number":152,"context_line":"access to any of the serial consoles by scanning for open ports if the ports"},{"line_number":153,"context_line":"specified in serial_console_port_range are visible to the public."},{"line_number":154,"context_line":"Usually the hypervisor ports aren\u0027t externally exposed, so this wouldn\u0027t be any"},{"line_number":155,"context_line":"better or worse than VNC."},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"Notifications impact"},{"line_number":158,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"1ae5cdf2_c280284c","line":155,"in_reply_to":"1ae5cdf2_9ffe77ad","updated":"2014-06-16 15:55:47.000000000","message":"Thanks, I\u0027ve put this in the next revision.","commit_id":"b3e79946706000fd1c7ee0c89eaef4e3e4016729"},{"author":{"_account_id":1779,"name":"Daniel Berrange","email":"berrange@redhat.com","username":"berrange"},"change_message_id":"c9c7a337b079a307cb9355f0d7bdadf5e9fdd3dd","unresolved":false,"context_lines":[{"line_number":195,"context_line":"   - default\u003d\u0027127.0.0.1\u0027"},{"line_number":196,"context_line":" * serial_console_port_range"},{"line_number":197,"context_line":"   - type\u003dStrOpt"},{"line_number":198,"context_line":"   - default\u003d\u002710000:20000\u0027"},{"line_number":199,"context_line":""},{"line_number":200,"context_line":"The default value of the serial_console_enabled is False so there\u0027s no need"},{"line_number":201,"context_line":"to take something into account after this change gets merged."}],"source_content_type":"text/x-rst","patch_set":3,"id":"1ae5cdf2_ff569bcd","line":198,"updated":"2014-06-16 15:35:45.000000000","message":"VNC \u0026 SPICE options are in their own group, so it makes sense for the seria console options to have their own group too.","commit_id":"b3e79946706000fd1c7ee0c89eaef4e3e4016729"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"2468762e8515b8ea28cb3ff32a10ccdf88cc3a63","unresolved":false,"context_lines":[{"line_number":195,"context_line":"   - default\u003d\u0027127.0.0.1\u0027"},{"line_number":196,"context_line":" * serial_console_port_range"},{"line_number":197,"context_line":"   - type\u003dStrOpt"},{"line_number":198,"context_line":"   - default\u003d\u002710000:20000\u0027"},{"line_number":199,"context_line":""},{"line_number":200,"context_line":"The default value of the serial_console_enabled is False so there\u0027s no need"},{"line_number":201,"context_line":"to take something into account after this change gets merged."}],"source_content_type":"text/x-rst","patch_set":3,"id":"1ae5cdf2_025770cb","line":198,"in_reply_to":"1ae5cdf2_ff569bcd","updated":"2014-06-16 15:55:47.000000000","message":"Done","commit_id":"b3e79946706000fd1c7ee0c89eaef4e3e4016729"},{"author":{"_account_id":1779,"name":"Daniel Berrange","email":"berrange@redhat.com","username":"berrange"},"change_message_id":"c9c7a337b079a307cb9355f0d7bdadf5e9fdd3dd","unresolved":false,"context_lines":[{"line_number":253,"context_line":"  if serial_console_enabled is set to True."},{"line_number":254,"context_line":"  http://libvirt.org/formatdomain.html#elementsCharSpiceport"},{"line_number":255,"context_line":"* add a terminal emulator in the web interface that can communicate with"},{"line_number":256,"context_line":"  SPICE\u0027s channel"},{"line_number":257,"context_line":""},{"line_number":258,"context_line":"Dependencies"},{"line_number":259,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":3,"id":"1ae5cdf2_7f18cb1e","line":256,"updated":"2014-06-16 15:35:45.000000000","message":"Seems the SPICE stuff is out of scope for this blueprint and can be droppped, since we\u0027re going with the simpler generic approach to start with.","commit_id":"b3e79946706000fd1c7ee0c89eaef4e3e4016729"},{"author":{"_account_id":1779,"name":"Daniel Berrange","email":"berrange@redhat.com","username":"berrange"},"change_message_id":"c9c7a337b079a307cb9355f0d7bdadf5e9fdd3dd","unresolved":false,"context_lines":[{"line_number":258,"context_line":"Dependencies"},{"line_number":259,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":260,"context_line":""},{"line_number":261,"context_line":"Opening a SPICE text channel is only possible with libvirt \u003e\u003d 1.2.2"},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"Related to https://review.openstack.org/#/c/80865/ depending on the type of"},{"line_number":264,"context_line":"socket it will use (UNIX or TCP)."}],"source_content_type":"text/x-rst","patch_set":3,"id":"1ae5cdf2_dfd63f27","line":261,"updated":"2014-06-16 15:35:45.000000000","message":"Again, SPICE bits could be dropped/postponed for later blueprint","commit_id":"b3e79946706000fd1c7ee0c89eaef4e3e4016729"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"2468762e8515b8ea28cb3ff32a10ccdf88cc3a63","unresolved":false,"context_lines":[{"line_number":258,"context_line":"Dependencies"},{"line_number":259,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":260,"context_line":""},{"line_number":261,"context_line":"Opening a SPICE text channel is only possible with libvirt \u003e\u003d 1.2.2"},{"line_number":262,"context_line":""},{"line_number":263,"context_line":"Related to https://review.openstack.org/#/c/80865/ depending on the type of"},{"line_number":264,"context_line":"socket it will use (UNIX or TCP)."}],"source_content_type":"text/x-rst","patch_set":3,"id":"1ae5cdf2_c25ca8f3","line":261,"in_reply_to":"1ae5cdf2_dfd63f27","updated":"2014-06-16 15:55:47.000000000","message":"Cool, I\u0027ll write up the SPICE blueprint as well.","commit_id":"b3e79946706000fd1c7ee0c89eaef4e3e4016729"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"79f95df570708c6067e073ecab1923bcd8949551","unresolved":false,"context_lines":[{"line_number":35,"context_line":"consoles. The websocket proxy can be deployed on a machine other from the"},{"line_number":36,"context_line":"hypervisor, so unix domain sockets wouldn\u0027t do the trick. The best way to"},{"line_number":37,"context_line":"expose them would be by opening a TCP socket for every serial console."},{"line_number":38,"context_line":"http://libvirt.org/formatdomain.html#elementsCharTCP"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"One serial port can be accessed only by one user at a time, i.e. it can\u0027t"},{"line_number":41,"context_line":"be muxed since none of the hypervisors have a \u0027clear this line\u0027 command"}],"source_content_type":"text/x-rst","patch_set":4,"id":"baada198_aa4db474","line":38,"updated":"2014-07-01 14:26:32.000000000","message":"I would love a discussion of how this scales compared to the VNC proxy we already have? I am guessing it would scale in much the same way?","commit_id":"48e7f285d374e8038821b8461050322e53893b65"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"029e86bbe224aaf4a895eee16cce79d1336e0a61","unresolved":false,"context_lines":[{"line_number":35,"context_line":"consoles. The websocket proxy can be deployed on a machine other from the"},{"line_number":36,"context_line":"hypervisor, so unix domain sockets wouldn\u0027t do the trick. The best way to"},{"line_number":37,"context_line":"expose them would be by opening a TCP socket for every serial console."},{"line_number":38,"context_line":"http://libvirt.org/formatdomain.html#elementsCharTCP"},{"line_number":39,"context_line":""},{"line_number":40,"context_line":"One serial port can be accessed only by one user at a time, i.e. it can\u0027t"},{"line_number":41,"context_line":"be muxed since none of the hypervisors have a \u0027clear this line\u0027 command"}],"source_content_type":"text/x-rst","patch_set":4,"id":"baada198_1d984fbf","line":38,"in_reply_to":"baada198_aa4db474","updated":"2014-07-03 15:13:27.000000000","message":"Yes, it would be no different from the VNC proxy. I\u0027ll add a line to cover this.","commit_id":"48e7f285d374e8038821b8461050322e53893b65"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"79f95df570708c6067e073ecab1923bcd8949551","unresolved":false,"context_lines":[{"line_number":183,"context_line":"to take something into account after this change gets merged."},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"A new service - serialproxy is introduced which will need to be deployed"},{"line_number":186,"context_line":"separately in order for this feature to work with websockets."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Developer impact"},{"line_number":189,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"baada198_2a68c4b9","line":186,"updated":"2014-07-01 14:26:32.000000000","message":"What is the nova cli for this service?\n\nI think we need a few more details to make sure we can write the documentation from this spec.","commit_id":"48e7f285d374e8038821b8461050322e53893b65"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"029e86bbe224aaf4a895eee16cce79d1336e0a61","unresolved":false,"context_lines":[{"line_number":183,"context_line":"to take something into account after this change gets merged."},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"A new service - serialproxy is introduced which will need to be deployed"},{"line_number":186,"context_line":"separately in order for this feature to work with websockets."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Developer impact"},{"line_number":189,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"baada198_632449c5","line":186,"in_reply_to":"baada198_2a68c4b9","updated":"2014-07-03 15:13:27.000000000","message":"I don\u0027t think I understand. There would be no nova cli for this AFAIK, the service should be packaged and deployed with nova.\nThere are also static files that would require packaging but that\u0027s a different subject.\n\nCould you please explain me what exactly were you referring to.","commit_id":"48e7f285d374e8038821b8461050322e53893b65"},{"author":{"_account_id":8910,"name":"Vladan Popovic","email":"vpopovic@redhat.com","username":"vladan"},"change_message_id":"f0a6bad25809abb4eda140e40f11e01b1d078c2a","unresolved":false,"context_lines":[{"line_number":183,"context_line":"to take something into account after this change gets merged."},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"A new service - serialproxy is introduced which will need to be deployed"},{"line_number":186,"context_line":"separately in order for this feature to work with websockets."},{"line_number":187,"context_line":""},{"line_number":188,"context_line":"Developer impact"},{"line_number":189,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"baada198_d364b1ba","line":186,"in_reply_to":"baada198_632449c5","updated":"2014-07-07 14:46:47.000000000","message":"Aha ok :) got it probably, you mean the cli that starts the service? If so, it wouldn\u0027t be any different (again) from any other proxy - certs, listen address/port etc.\n\nI\u0027ll add that as well, thanks for noting.","commit_id":"48e7f285d374e8038821b8461050322e53893b65"},{"author":{"_account_id":3217,"name":"Ian Wells","username":"ijw-ubuntu"},"change_message_id":"8e1e3f5a0f4293b36f22c898a28b1df0db26cbbf","unresolved":false,"context_lines":[{"line_number":58,"context_line":"module that tests for free TCP ports and allocates them so that the libvirt"},{"line_number":59,"context_line":"driver can use them when creating the serial ports. This should be persistent,"},{"line_number":60,"context_line":"so that the ports that are already tested won\u0027t be tested again for a new"},{"line_number":61,"context_line":"serial port."},{"line_number":62,"context_line":""},{"line_number":63,"context_line":"Alternatives"},{"line_number":64,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":7,"id":"baada198_c4efd1af","line":61,"updated":"2014-07-11 18:15:16.000000000","message":"Ports are eventually freed.  We should just avoid repeat testing of ports that were recently in use.  (Assuming you\u0027re just tidying up the old patch it does this already.)","commit_id":"02c1905dc8111eb328caf592f2c7c3f61a229847"},{"author":{"_account_id":3217,"name":"Ian Wells","username":"ijw-ubuntu"},"change_message_id":"8e1e3f5a0f4293b36f22c898a28b1df0db26cbbf","unresolved":false,"context_lines":[{"line_number":93,"context_line":"    {"},{"line_number":94,"context_line":"        \"serial_console\":"},{"line_number":95,"context_line":"        {"},{"line_number":96,"context_line":"            \"url\": \"http://example.com:6083/serial.html?token\u003db40ac1c3-b640-4a6a-ae34-bf347ef089d6\""},{"line_number":97,"context_line":"        }"},{"line_number":98,"context_line":"    }"},{"line_number":99,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"baada198_e429359c","line":96,"updated":"2014-07-11 18:15:16.000000000","message":"I know this spec is approved, and I know the current code doesn\u0027t do this but if we could think of any way to return both the URL of the nice pretty terminal and *also* the URL of the websocket, that would be helpful.  Sometimes we use our own websocket client, and I think for log offloading you will want to do the same.  (And I wish the VNC one did that too.)","commit_id":"02c1905dc8111eb328caf592f2c7c3f61a229847"},{"author":{"_account_id":3217,"name":"Ian Wells","username":"ijw-ubuntu"},"change_message_id":"8e1e3f5a0f4293b36f22c898a28b1df0db26cbbf","unresolved":false,"context_lines":[{"line_number":127,"context_line":""},{"line_number":128,"context_line":"The opening of TCP ports in the hypervisor node can enable anyone to gain"},{"line_number":129,"context_line":"access to any of the serial consoles by scanning for open ports if the ports"},{"line_number":130,"context_line":"specified in port_range config param are visible to the public."},{"line_number":131,"context_line":"Usually the hypervisor ports aren\u0027t externally exposed, so this wouldn\u0027t be any"},{"line_number":132,"context_line":"better or worse than VNC."},{"line_number":133,"context_line":"The insecurity of VNC is being tackled by a blueprint that will add strong auth"}],"source_content_type":"text/x-rst","patch_set":7,"id":"baada198_3707dd19","line":130,"updated":"2014-07-11 18:15:16.000000000","message":"... which they shouldn\u0027t be, which means that encrypting the internal proxy-to-host comms is somewhat of a second order security issue, but agreed.  Also, we should be capable of serving the websocket on https.","commit_id":"02c1905dc8111eb328caf592f2c7c3f61a229847"}]}