Backlog #2655

Support for novnc token through xmlrpc api (i.e. one.vm.token/one.vm.novnctoken)

Added by Stefan Kooman over 7 years ago. Updated over 6 years ago.

Status:PendingStart date:01/17/2014
Priority:HighDue date:
Assignee:-% Done:


Category:Core & System
Target version:-


We would like to have the possibiltiy to request a novnc token through a xmlrpc call. With this token we can setup a novnc session (through novnc proxy) from our own web application where customers can manage their VM's (customer portal, i.e. outside sunstone). Currently we are mimicking a sunstone "user session" through a bunch of CURL requests to get get a novnc token. It's working but a bit of a hack / workaround.


#1 Updated by Ruben S. Montero over 7 years ago

  • Tracker changed from Feature to Request
  • Category changed from Client API & Library to Sunstone
  • Target version deleted (Release 4.6)

#2 Updated by Daniel Molina over 7 years ago

Hi Stefan,

The code that generates the tokens is really simple

        # Proxy data
        host     = vm_resource['/VM/HISTORY_RECORDS/HISTORY[last()]/HOSTNAME']
        vnc_port = vm_resource['TEMPLATE/GRAPHICS/PORT']
        vnc_pw = vm_resource['TEMPLATE/GRAPHICS/PASSWD']

        # Generate token random_str: host:port
        random_str = rand(36**20).to_s(36) #random string a-z0-9 length 20
        token = "#{random_str}: #{host}:#{vnc_port}" 
        token_file = 'one-'+vm_resource['ID']

        # Create token file
            f =, token_file), 'w')
        rescue Exception => e
            @logger.error e.message
            return error(500, "Cannot create VNC proxy token")

Maybe you can configure a hook when a new VM is created, generate this token file and update the VM info with the token information. Therefore you don't need a new API call to retrieve this info.

Hope this helps

#3 Updated by Stefan Kooman over 7 years ago

We need a valid token everytime a user requests a vnc session. Tokens can only be used once. A hook when a new vm gets created won't help here, since the next time a vnc session request comes in the token is not valid anymore. If we can query the API for a new token it's possible to offer VNC functionality outside of sunstone (another portal for example, like we have). Maybe I just don't understand your solution or I have false assumptions on how novnc tokens work.

#4 Updated by Daniel Molina over 7 years ago

Tokens can be used more than once for each VM. They are only destroyed when novnc is stopped

#5 Updated by Stefan Kooman over 7 years ago

Well, every time a vnc session is started a new token gets generated and the token_file overwritten. So a token is actually only usable once. This might be changed in the code (check if token exists, if not create new one, otherwise leave old token_file) but it doesn't solve the problem when novnc gets restarted. There is no way (as far as I can see) to update the token in the vm automatically after a restart from novnc. Besides scripting this in novnc init scripts, but this becomes rather ugly. Having this novnc token in the database instead of on a filesystem might help solve this problem. It would also solve the problem when more than one novnc proxy is used (i.e. multiple sunstone instances are running, like we have), no need for a shared filesystem anymore.

#6 Updated by Ruben S. Montero almost 7 years ago

  • Tracker changed from Request to Backlog
  • Category changed from Sunstone to Core & System
  • Priority changed from Normal to High

#7 Updated by EOLE Team over 6 years ago

+1 for this feature.

We don't know how to retrieve the token from Sunstone REST API.


Also available in: Atom PDF