noVNC console via PHP API
- Thread starter x86
- Start date
You can access the noVNC console via it's address:
change the vmid and the node GET parameters to your needs. But you need to respect the authentification security measures Proxmox VE has.
I actually changed a little bit of the PHP API from https://github.com/CpuID/pve2-api-php-client ( i hope you use this ^^)
I added the following function in pve2-api-php-client/pve2_api.class.php . You'll need it because the noVNC frontend checks if you have the valid permissions through the "PVEAuthCookie", and to set it outside of the API would be a bigger hassle as the login_ticket is protected in the API.
And here is some example code of including the noVNC console, attetion you need to create a user which has the VM.Console permission for the vms you would like to show., e.g the role "PVEVMUser" has it. And the user, AFAIK, must be logged in through the pam realm, which means it must be an real user on your proxmox system. I created a "vnc" dummy user on my proxmox server (use the command line tool "adduser"), then gave him the PVEVMUser role through the PVE Web Interface (naturally, you could do it also with the api).
But look at the code yourself, it's really simple. Only the setup from the user and so on is a bit complicated.
It's a bit messy, so when you have further questions, feel free to ask. Or when you came up with a cleaner way, please let me know it.
Code:
[URL="https://your.proxmoxve.server:8006/?console=kvm&novnc=1&vmid=100&node=somenode"]
https://your.proxmoxve.server:8006/?console=kvm&novnc=1&vmid=100&node=somenode[/URL]I actually changed a little bit of the PHP API from https://github.com/CpuID/pve2-api-php-client ( i hope you use this ^^)
I added the following function in pve2-api-php-client/pve2_api.class.php . You'll need it because the noVNC frontend checks if you have the valid permissions through the "PVEAuthCookie", and to set it outside of the API would be a bigger hassle as the login_ticket is protected in the API.
Code:
public function setCookie()
{
setcookie("PVEAuthCookie",$this->login_ticket['ticket']);
}And here is some example code of including the noVNC console, attetion you need to create a user which has the VM.Console permission for the vms you would like to show., e.g the role "PVEVMUser" has it. And the user, AFAIK, must be logged in through the pam realm, which means it must be an real user on your proxmox system. I created a "vnc" dummy user on my proxmox server (use the command line tool "adduser"), then gave him the PVEVMUser role through the PVE Web Interface (naturally, you could do it also with the api).
But look at the code yourself, it's really simple. Only the setup from the user and so on is a bit complicated.
Code:
<?php
require("pve2-api-php-client/pve2_api.class.php");
# use pam here, my test user is vnc with, naturally, a strong password ;)
$pve2 = new PVE2_API("pve", "vnc", "pam", "12345");
?>
<html>
<head>
<title>noVNC extern test</title>
</head>
<body>
<?php
if ($pve2->login())
{
$pve2->setCookie(); # this is the function I added to the php API client
?>
<iframe src="https://192.168.122.6:8006/?console=kvm&novnc=1&vmid=100&node=pve" frameborder="0" scrolling="no" width="1024px" height="100%"></iframe>
<?php
# print("logged in");
}
else
{
print("Login to Proxmox Host failed.\n");
exit;
}
?>
</body>
</html>It's a bit messy, so when you have further questions, feel free to ask. Or when you came up with a cleaner way, please let me know it.
Last edited by a moderator:
I did contribute some code to the API. I thought there was a better way to use noVNC instead of this 'hacky way'.
But thanks anyway!
Haha, yeah i created a pull request on GitHub for the cookie function and saw your name...
The problem is that the noVNC from PVE need to check if the request is a valid one and the necessary permissions are guaranteed. And it isn't directly accessible through the REST API, AFAIK. But I have to admit that I didn't looke really deep into it now, it's a bit late here..^^
FYI the code which serves the Console is in the pve-manager repo, pve-manager/PVE/NoVncIndex.pm and in pve-manager/bin/pveproxy lies the proxy which serves the files for the interface. Repos are here: https://git.proxmox.com/
Maybe you find something for your need there and maybe you can contribute it back to the project. Look at http://pve.proxmox.com/wiki/Developer_Documentation
The problem is that the noVNC from PVE need to check if the request is a valid one and the necessary permissions are guaranteed. And it isn't directly accessible through the REST API, AFAIK. But I have to admit that I didn't looke really deep into it now, it's a bit late here..^^
FYI the code which serves the Console is in the pve-manager repo, pve-manager/PVE/NoVncIndex.pm and in pve-manager/bin/pveproxy lies the proxy which serves the files for the interface. Repos are here: https://git.proxmox.com/
Maybe you find something for your need there and maybe you can contribute it back to the project. Look at http://pve.proxmox.com/wiki/Developer_Documentation
No worked this method at proxmox 3.4Error "No Ticket 401" (screenshot http://joxi.ru/BLmGDx8tBZgQ2l.jpg) in frame. At proxmox webgui started console task. If after this return to your script at this browser, all ok.
Yes, when you read my whole post you see the problem.
Proxmox noVNC uses a Cookie which includes the ticket (Authorization) of your session, generated by the webUI.
So if you want to let an user connect to noVNC without forcing him to long in into the WebUi you have to set this cookie manually and everything works fine.
If you use the PHP API you have to add only a little bit, again look at my post everything to get it to work is described there.
Download the API from https://github.com/GamerSource/pve2-api-php-client/tree/testing and your good to go.
I made a pull request to the original API but the doesn't seem very active at the moment...
Proxmox noVNC uses a Cookie which includes the ticket (Authorization) of your session, generated by the webUI.
So if you want to let an user connect to noVNC without forcing him to long in into the WebUi you have to set this cookie manually and everything works fine.
If you use the PHP API you have to add only a little bit, again look at my post everything to get it to work is described there.
Download the API from https://github.com/GamerSource/pve2-api-php-client/tree/testing and your good to go.
I made a pull request to the original API but the doesn't seem very active at the moment...
Last edited by a moderator:
Thanks for reply! I use class at your link, added into fucntion "setCookie" from your post and call this function after use login(), /vncproxy & /vncwebsocket API.
Have error at my screenshot, 401 - no ticket..
I have ticket with API reply, in array. Maybe, i need use it?
Now i trying this:
as your iframe style i trying too, error 401 - no ticket. Full your variant:
<html><head>
<title>noVNC extern test</title>
</head>
<body>
<?php
require("pve2_api.class.php");
require('../include/config.inc.php');
# use pam here, my test user is vnc with, naturally, a strong password
$pve_node = 'node0';
$pve_vmid = 1005;
$pve2 = new PVE2_API($pve_nodes[$pve_node]['ip'], $pve_nodes[$pve_node]['user'], $pve_nodes[$pve_node]['auth_type'], $pve_nodes[$pve_node]['password']);
if ($pve2->login()){
$pve2->setCookie();
?>
<iframe src="https://<?php print $pve_nodes[$pve_node]['ip'];?>:8006/?console=kvm&novnc=1&vmid=<?php print $pve_vmid;?>&node=<?php print $pve_nodes[$pve_node]['name'];?>" frameborder="0" scrolling="no" width="1024px" height="100%"></iframe>
<?php
} else {
?>
Login to Proxmox Host failed.
<?php
}
?>
</body>
</html>
error - 401 no ticket... (screenshot http://joxi.ru/WKAx9OVhVwper8.jpg)
Last edited:
The user which wants to see the noVNC console need to have the VM.Console permission. The predefined role "PVEVMUser" has it for example.
Are your sure the user you use has these permissions?
Are your sure the user you use has these permissions?
i trying 'root', PAM user 'api' defined PVEVMAdmin or PVEVMUser permissions..
Now i have problem - Failed to connect to server (code: 1006)
From ProxMox GUI too..
Need restart proxmox?
You can't connect to the web gui anymore? Which version of Proxmox do you have? (run "pveversion --verbose" in a shell to get detailed infos)
#EDIT: saw your post to late, so not needed anymore, but which Proxmox VE version are you running?
Last time I tested everything and it worked without problems... So it's a bit strange.
#EDIT: saw your post to late, so not needed anymore, but which Proxmox VE version are you running?
Last time I tested everything and it worked without problems... So it's a bit strange.
now its ok, i trying change hostname, return to "nodename" back. Now gui worked normaly.
vnc.php page (with iframe) work only if login this user to proxmox gui at this browser..
Ok some additional changes to the setCookie function where needed to guarantee that it works in most situations:
I tested it successfully with login out from the WebGui and the loading the iframe example i posted above.
Please try that and report back.
Attention: after you visit the page with the noVNC iframe the cookie is set and so your automatically logged into the webgui (even if you where logged out previously), so don't use root because else the user access the webgui as root, after visiting the vnc.php page!
Code:
public function setCookie() {
if (!$this->check_login_ticket()) {
throw new PVE2_Exception("Not logged into Proxmox host. No Login access ticket found or ticket expired.", 3);
}
setrawcookie("PVEAuthCookie", $this->login_ticket['ticket'], 0, "/");
}I tested it successfully with login out from the WebGui and the loading the iframe example i posted above.
Please try that and report back.
Attention: after you visit the page with the noVNC iframe the cookie is set and so your automatically logged into the webgui (even if you where logged out previously), so don't use root because else the user access the webgui as root, after visiting the vnc.php page!
Last edited by a moderator:
http://joxi.ru/752aY48il0qG20.jpg - right?
vnc.php page:
Code:
<?php
session_start();
?>
<html>
<head>
<title>noVNC extern test</title>
</head>
<body>
<?php
require("pve2_api.class.php");
$pve_nodes = array(
"node0" => array(
"ip" => "myexternalip",
"name" => "mynodename",
"auth_type" => "pam",
"user" => "root",
"password" => "myrightpassword",
),
);
# use pam here, my test user is vnc with, naturally, a strong password ;)
$pve_node = 'node0';
$pve_vmid = 1005; //really existing qemu kvm
$pve2 = new PVE2_API($pve_nodes[$pve_node]['ip'], $pve_nodes[$pve_node]['user'], $pve_nodes[$pve_node]['auth_type'], $pve_nodes[$pve_node]['password']);
if ($pve2->login()){
//$vncproxy = $pve2->post("/nodes/{$pve_nodes[$pve_node]['name']}/qemu/{$pve_vmid}/vncproxy");
//$vncwebsocket = $pve2->get("/nodes/{$pve_nodes[$pve_node]['name']}/qemu/{$pve_vmid}/vncwebsocket", array('port' => $vncproxy['port'], 'vncticket' => $vncproxy['ticket']));
$pve2->setCookie();
?>
<iframe src="https://<?php print $pve_nodes[$pve_node]['ip'];?>:8006/?console=kvm&novnc=1&vmid=<?php print $pve_vmid;?>&node=<?php print $pve_nodes[$pve_node]['name'];?>" frameborder="0" scrolling="no" width="1024px" height="100%"></iframe>
<?php
} else {
?>
Login to Proxmox Host failed.
<?php
}
?>
</body>
</html>result: http://joxi.ru/48AnVvGUNKkyAO.jpg
Looks good to me. I'm using 4.0beta but as far as I know there weren't any changes regarding the Authentication or noVNC.
Can you please test it once with the root user? So we can see if it's a permission problem or something else.
Can you please test it once with the root user? So we can see if it's a permission problem or something else.
i trying root user, has no effect..
Permissions "api" user: http://joxi.ru/8ZrJyDNTQko7Aj.jpg
if i change username or password to invalid, i see "Login to Proxmox Host failed.". Its worked.
Last edited:
So I tried your code and it works for me, tried it with root and with a testvnc user which only had the PVEVMUser permission.
Hmm, strange...
Sorry if I'm asking again, but you use exactly this API-client code:
https://raw.githubusercontent.com/GamerSource/pve2-api-php-client/testing/pve2_api.class.php
Hmm, strange...
Sorry if I'm asking again, but you use exactly this API-client code:
https://raw.githubusercontent.com/GamerSource/pve2-api-php-client/testing/pve2_api.class.php
now i replace body of "pve2_api.class.php" at your link body, no effect
strange, very strage..
normally. i trying another path: use standart noVNC package, and prox api.
JS open new window at this url:
but have error "Server disconnected (code: 1006)"