After playing with this for a while, I’ve finally decided to share with the community a service that provide tokens for the websocketproxy used by Sunstone to serve the VM console via noVNC.
In the current OpenNebula implementation the VNC console is tightly linked to the Sunstone interface and it is the only way to access it due to the fact that only Sunstone generates the access tokens for the websocketproxy.
The proposed addon, written as a Ruby’s Sinatra application provide a single XML-RPC method that can generate websocketproxy tokens and provide them in the method response. There are hints in the README file how to configure Nginx to proxy both OpenNebula’s API and this addon API via a single SSL protected port. A complete example nginx configuration file is included in the repository too.
This way any external billing/management system could have access to all needed details to build a VNC session for a given VM without the need to create a user in OpenNebula/Sunstone.
Please note that this service works in parallel with Sunstone so only the last generated token will be valid. A running Sunstone service is needed anyway because it is managing the novnc service that provide the websocketproxy.
As I am not native Ruby programmer any feedback is welcome.
The repository is here: https://github.com/storpool/addon-vnctoken