* console-proxy: fix stream buffer sizes to improve console performance
This bumps the input and output stream buffers to 64KiB and uses them
consistent across TLS and non-TLS based VNC connections.
This fixes#10650
Co-authored-by: Vishesh Jindal <vishesh.jindal@shapeblue.com>
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
* Make buffer size configurable & other improvements for CPU & memory utilisation
* Setup batching of data for TLS connections to the VNC server
* Apply suggestions from code review
* Fix buffer size for xenserver
---------
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Co-authored-by: Vishesh Jindal <vishesh.jindal@shapeblue.com>
Co-authored-by: vishesh92 <vishesh92@gmail.com>
* increment cpvm connection logs
* remove sourceIp variable
* increment cpvm connection logs
* extract duplicate error messages to variables
* change logs level from trace to debug in authenticateToVNCServer
* add logs in trace level inside of connection loop
* remove redundant trace log
* add logs to ConsoleProxyNoVNCHandler class
* retrieve client source IP
* add periods to log messages
* change log levels from warn to error inside of catch blocks
* add client IP to successful authentication log
* replace concatenation with String.format()
* remove String.format() and use log4j2 new features instead
* remove String.format() and use log4j2 new features instead
* apply Daan's suggestion
Co-authored-by: dahn <daan.hoogland@gmail.com>
* resolve conflicts
* fix logs with three parameters
* get correct client IP
* use log4j dependencies directly
* apply winterhazel's suggestion
Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>
* remove log proxy
* address winterhazel's suggestions on ConsoleProxyNoVncClient class
* address winterhazel's suggestions on ConsoleProxyNoVNCHandler class
* address winterhazel's suggestions on ConsoleProxyNoVNCHandler class
Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>
---------
Co-authored-by: dahn <daan.hoogland@gmail.com>
Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>
* Normalize logs
All classes that could have their loggers inherited from their fathers had their own loggers deleted;
Most loggers didn't have to be static, so most of them were normalized so that they wouldn't be;
All loggers are protected now;
Static logger's name are now 'LOGGER';
Non-static logger's name are now 'logger';
New class DbUpgradeAbstractImpl created so that all Upgraders extend it and inherit its logger
* Upgrade log4j
* fix errors caused by the merge
* Refactor cglibThrowableRenderer functionality to log4j2 and upgrade the last configuration files
* fix sonarcloud bug
* Fix errors caused by merge, remove some unused loggers, and rename a variable that was mistakenly renamed on the normalization commit
* Readd snmpTrapAppender, remove TestAppender
* Regenerate changes
* regenerate changes
* refactor last custom appender
* fix systemvm configuration xml
* Regenerate changes
* Regenerate changes
* regenerate changes
* Regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* Fix utils pom
* fix some tests
* regenerate changes
* Fix jar being printed on exception
* fix logging in system VMs, fix commands not having log4j2 classpath.
* regenerate changes
* Fix some unwanted renomeations
* fix end of file
* regenerate changes
* regenerate changes
* fix merge error
* regenerate changes
* fix tests
* regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* readd reload4j to tungsten as juniper depends on it
* Regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* re-add reload4j dependency to network-contrail, as juniper depends on it
* regenerate changes
* regenerate changes
* regenerate changes
* fix typo
* regenerate changes
* regenerate changes
* Fix end of files
* regenerate changes
* add logj42 to cloud-utils-SHADED.jar
* regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* regenerate changes
* Regenerate changes
* Regenerate changes
* Regenerate changes
* regenerate changes
* Regenerate changes
* regenerate changes
* Regenerate changes
* Regenerate changes
* Regenerate changes
* regenerate changes
* Regenerate changes
* Regenerate changes
* fix some tests
* Regenerate changes
* Regenerate changes
* fix test
* Regenerate changes
* Regenerate changes
This PR allows securing the console access through CloudStack to the virtual machines running on KVM. The secure access is achieved through the generated certificates for the CA Framework in CloudStack, that provides mutual TLS connections between agents. These certificates are used to also secure the connection between the console proxies and the VNC ports for VM console access.
This feature is only supported on the KVM hypervisor
Design Document: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Secure+KVM+VNC+connection+using+the+CA+framework
This PR creates a new API createConsoleAccess to create VM console URL allowing it to connect using other UI implementations. To avoid reply attacks, the console access is enhanced to use a one time token per session
New configuration added:
consoleproxy.extra.security.validation.enabled: Enable/disable extra security validation for console proxy using a token
Documentation PR: apache/cloudstack-documentation#284
