guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joachim Lindenberg" <joac...@lindenberg.one>
Subject AW: Authentication mechanism.. Was: New user questions...
Date Sun, 04 Mar 2018 08:18:58 GMT
Hi Nick,

you remember correct. It is an attempt to conserve resources (CPU and memory) on the Hyper-V
host. I am suspending/saving VMs regularly if there are no terminal sessions (I am monitoring
port 2179 of the host), and obviously this is based on assumptions how the VMs are used (mainly
interactively).

Actually my authentication mechanism already returns the state of a VM and I could save it.
If only there was a defined API call when a user selects a connection in which I can check
state and trigger a change (just another service call). Based on observations, guacamole only
obtains properties if a user selected a connection, but that is not an observation I would
like to rely on long term. My proposal would be to have another method in the authentication
interface or simpleauthentication super class (as I am only implementing that, but in fact
it could be another interface implemented in the same extension) that gets called with the
selected configuration and the credentials used.

Thanks & Best Regards,

Joachim

 

 

Von: Nick Couchman [mailto:vnick@apache.org] 
Gesendet: Sonntag, 4. März 2018 03:48
An: user@guacamole.apache.org
Betreff: Re: Authentication mechanism.. Was: New user questions...

 

On Sat, Mar 3, 2018 at 6:46 PM, Mike Jumper <mike.jumper@guac-dev.org <mailto:mike.jumper@guac-dev.org>
> wrote:

On Sat, Mar 3, 2018 at 1:51 PM, Joachim Lindenberg <joachim@lindenberg.one <mailto:joachim@lindenberg.one>
> wrote:

(3)    It is still unclear to me what configuration changes I can/should support, and how
to best trigger restore of VMs. One approach I am experimenting with is to subclass GuacamoleConfiguration
and “monitor” whether parameters are accessed and then as a side effect trigger restore.
However the unpleasant aspect is that I´d also have to cache credentials of the user then.
Any better approach?

 

Can you clarify what you mean here? What do you mean by "restore" in the context of VMs, and
why are you trying to trigger this as a side effect? Can you describe what you're trying to
achieve at a high level - based on the overall goal, rather than the specifics of your current
implementation?

 

- Mike

 

IIRC from earlier conversations, "restore" in this context means to bring them out of a suspended/sleep
mode.  So, Joachim is trying to implement an extension that will resume a VM from a suspended
state when the user tries to (or is about to) connect.  This was discussed recently in the
Wake-on-LAN conversation, where you mentioned the challenge of somehow delaying the connection
until the machine is in an operational state.

 

In my mind, this would involve code to do the following things:

- Determining when the VM needs to be resumed (when a user logs in, when a connection is initiated).

- Storing/retrieving some information about each connection that determines how/where to resume
the VM, if that isn't readily obvious.  This can be done with the newly-added code for allowing
extensions to store arbitrary code.

- Code to actually trigger the VM resume/restore.  This could involving calling a REST API
for the hypervisor manager, executing a string of command line commands, or connecting to
a TCP socket, etc.

- Somehow checking the state of the VM to see if it is up and running before actually connecting.

 

-Nick


Mime
View raw message