blob: 0d3030e8eb2cb2ab4bcaadba9dabe9c5b246ef02 [file] [log] [blame]
Jeremy Kerrf403c422018-07-26 12:14:56 +08001nbd-proxy
2=========
3
4Prototype javascript+websocket NBD server; this code demonstrates a javascript
5NBD implementation connected to the kernel nbd device over a websocket.
6
7There are two components here:
8
9 nbd-proxy: a little binary to initialise a nbd client, connected to a
10 unix domain socket, then proxy data between that socket and
11 stdio. This can be used with a websocket proxy to expose
12 that stdio as a websocket.
13
14 nbd.js: a javascript implementation of a NBD server.
15
16Running
17-------
18
19You'll need a websocket proxy This connects the nbd-proxy
20component to a websocket endpoint.
21
22For experimentation, I use the `websocketd` infrastrcture to expose the
23websocket endpoint, plus serve the static HTML+js client:
24
25 git clone https://github.com/joewalnes/websocketd
26 (cd websocketd && make)
27
Jeremy Kerr19527352018-08-03 15:04:38 +080028 sudo websocketd/websocketd --port=8000 --staticdir=web --binary ./nbd-proxy <config>
29
30- where <config> is a name of a configuration in the config.json file.
Jeremy Kerrf403c422018-07-26 12:14:56 +080031
32Note that this type of invocation is very insecure, and intended just for
33experimentation. See the Security section below.
34
35For real deployments, you want your websocket-enabled service to run
36nbd-proxy, and connect its stdio to a websocket, running in binary mode. Your
37web interface will interact with this using an instance of the NBDServer object
38(defined in web/js/nbd.js):
39
40 var server = NBDServer(endpoint, file);
41 server.start();
42
43- where endpoint is the websocket URL (ws://...) and file is a File object. See
44web/index.html for an example.
45
46Security
47--------
48
49This code allows potentially-untrusted clients to export arbitrary block
50device data to your kernel. Therefore, you should ensure that only trusted
51clients can connect as NBD servers.
52
53There is no authentication or authorisation implemented in the nbd proxy. Your
54websocket proxy should implement proper authentication before nbd-proxy is
55connected to the websocket endpoint.
Jeremy Kerrc6134c12018-08-09 13:03:33 +080056
57State hooks
58-----------
59
60The nbd-proxy has a facility to run hooks on state change. When a
61nbd session is established or shut down, the proxy will run any executables
62found under the hook path (by default, /etc/nbd-proxy/state.d/).
63
64These hooks are called with two arguments: the action ("start" or "stop"),
65and the name of the configuration (as specified in the config.json file).