| Jeremy Kerr | f403c42 | 2018-07-26 12:14:56 +0800 | [diff] [blame] | 1 | nbd-proxy |
| 2 | ========= |
| 3 | |
| 4 | Prototype javascript+websocket NBD server; this code demonstrates a javascript |
| 5 | NBD implementation connected to the kernel nbd device over a websocket. |
| 6 | |
| 7 | There are two components here: |
| 8 | |
| 9 | nbd-proxy: a little binary to initialise a nbd client, connected to a |
| 10 | unix domain socket, then proxy data between that socket and |
| 11 | stdio. This can be used with a websocket proxy to expose |
| 12 | that stdio as a websocket. |
| 13 | |
| 14 | nbd.js: a javascript implementation of a NBD server. |
| 15 | |
| 16 | Running |
| 17 | ------- |
| 18 | |
| 19 | You'll need a websocket proxy This connects the nbd-proxy |
| 20 | component to a websocket endpoint. |
| 21 | |
| 22 | For experimentation, I use the `websocketd` infrastrcture to expose the |
| 23 | websocket endpoint, plus serve the static HTML+js client: |
| 24 | |
| 25 | git clone https://github.com/joewalnes/websocketd |
| 26 | (cd websocketd && make) |
| 27 | |
| Jeremy Kerr | 1952735 | 2018-08-03 15:04:38 +0800 | [diff] [blame] | 28 | sudo websocketd/websocketd --port=8000 --staticdir=web --binary ./nbd-proxy <config> |
| 29 | |
| 30 | - where <config> is a name of a configuration in the config.json file. |
| Jeremy Kerr | f403c42 | 2018-07-26 12:14:56 +0800 | [diff] [blame] | 31 | |
| 32 | Note that this type of invocation is very insecure, and intended just for |
| 33 | experimentation. See the Security section below. |
| 34 | |
| 35 | For real deployments, you want your websocket-enabled service to run |
| 36 | nbd-proxy, and connect its stdio to a websocket, running in binary mode. Your |
| 37 | web interface will interact with this using an instance of the NBDServer object |
| 38 | (defined in web/js/nbd.js): |
| 39 | |
| 40 | var server = NBDServer(endpoint, file); |
| 41 | server.start(); |
| 42 | |
| 43 | - where endpoint is the websocket URL (ws://...) and file is a File object. See |
| 44 | web/index.html for an example. |
| 45 | |
| 46 | Security |
| 47 | -------- |
| 48 | |
| 49 | This code allows potentially-untrusted clients to export arbitrary block |
| 50 | device data to your kernel. Therefore, you should ensure that only trusted |
| 51 | clients can connect as NBD servers. |
| 52 | |
| 53 | There is no authentication or authorisation implemented in the nbd proxy. Your |
| 54 | websocket proxy should implement proper authentication before nbd-proxy is |
| 55 | connected to the websocket endpoint. |
| Jeremy Kerr | c6134c1 | 2018-08-09 13:03:33 +0800 | [diff] [blame] | 56 | |
| Jeremy Kerr | a87af84 | 2018-08-13 11:48:23 +0800 | [diff] [blame] | 57 | State hook |
| 58 | ---------- |
| Jeremy Kerr | c6134c1 | 2018-08-09 13:03:33 +0800 | [diff] [blame] | 59 | |
| Jeremy Kerr | a87af84 | 2018-08-13 11:48:23 +0800 | [diff] [blame] | 60 | The nbd-proxy has a facility to run an program on state change. When a nbd |
| 61 | session is established or shut down, the proxy will run the executable at |
| 62 | /etc/nbd-proxy/state. |
| Jeremy Kerr | c6134c1 | 2018-08-09 13:03:33 +0800 | [diff] [blame] | 63 | |
| Jeremy Kerr | a87af84 | 2018-08-13 11:48:23 +0800 | [diff] [blame] | 64 | This executable is called with two arguments: the action ("start" or "stop"), |
| Jeremy Kerr | c6134c1 | 2018-08-09 13:03:33 +0800 | [diff] [blame] | 65 | and the name of the configuration (as specified in the config.json file). |