libvirt: Generic Framework for Securing VNC and SPICE Proxy-To-Compute-Node Connections
Currently, while the noVNC and HTML5 SPICE clients can use TLS-encrypted
WebSockets to communicate with Websockify (and authenticate with Nova console
tokens), the encryption and authentication ends there. There are neither
encryption nor authentication between Websockify and the hypervisors'
VNC and SPICE servers.
This blueprint would propose introducing a generic framework for supporting
MITM security for Websockify to use between itself and the compute nodes.
Blueprint information
- Status:
- Complete
- Approver:
- John Garbutt
- Priority:
- Medium
- Drafter:
- Solly Ross
- Direction:
- Approved
- Assignee:
- Stephen Finucane
- Definition:
- Approved
- Series goal:
- Accepted for queens
- Implementation:
- Implemented
- Milestone target:
- queens-3
- Started by
- Matt Riedemann
- Completed by
- Matt Riedemann
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Blueprint to use VeNCrypt between proxy and node
Gerrit topic: https:/
Addressed by: https:/
Blueprint for Websockify security proxy framework
Not enough positive reviews on this code for it to make kilo-1, moving to kilo-2 --johnthetubaguy 17th December 2014
Sorry, we have now hit the non-priority feature freeze for kilo. Please resubmit your spec for the L release. -- ttx on behalf of johnthetubaguy 5th Feb 2015
Addressed by: https:/
Blueprint for Websockify security proxy framework
Pending Patches
=============
Gerrit topic: https:/
Addressed by: https:/
Introduce VNC Security Proxy Framework
Addressed by: https:/
Add VeNCrypt (TLS/x509) Security Proxy Driver
Sorry, we have now hit the Non-Priority Feature Freeze for Mitaka. For more details please see: http://
--johnthetubaguy 2016.01.31
Gerrit topic: https:/
Addressed by: https:/
Websockify security proxy framework
Doesn't look like anything was pushed up for code for this so I'm deferring for Newton. -- mriedem 20160629
Sorry, I didn't realize the series was being updated under https:/
There are still pending changes for this and we're not at non-priority blueprint feature freeze for Newton. -- mriedem 20160701
Addressed by: https:/
console: introduce basic framework for security proxying
Addressed by: https:/
console: introduce framework for RFB authentication
Addressed by: https:/
console: introduce the VeNCrypt RFB authentication scheme
Addressed by: https:/
console: provide an RFB security proxy implementation
Addressed by: https:/
Websockify security proxy framework
Re-approved for Ocata. -- mriedem 20161031
We're now past the feature freeze for Ocata so I've deferred this to Pike. -- mriedem 20170128
Addressed by: https:/
Websockify security proxy framework
Re-approved for Pike. -- mriedem 20170310
Addressed by: https:/
DNM: Try to figure out what the tenant is returning
We're past feature freeze for Pike so I'm deferring this to Queens. Please re-propose the spec for re-approval in Queens and make any adjustments to the spec as necessary if the design has changed. -- mriedem 20170728
Addressed by: https:/
Websockify security proxy framework
Addressed by: https:/
doc: Document TLS security setup for noVNC proxy
Re-approved for Queens. -- mriedem 20171003
Addressed by: https:/
fixup! console: introduce the VeNCrypt RFB authentication scheme
Addressed by: https:/
console: Send bytes to sockets
Addressed by: https:/
Fix accumulated nits
Addressed by: https:/
doc: Remove duplicate 'vnc' config opt descriptions
We still need to work on enabling this in our 'nova-next' CI job for test coverage, but the code and documentation itself is merged in nova for Queens so I'm marking the blueprint complete. -- mriedem 20180122