move most console proxy setting to zone level

Pearl1594 · Pearl1594 · commit 317696fb88a0 · 2025-08-07T15:06:49.000-04:00
diff --git a/server/src/main/java/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java b/server/src/main/java/com/cloud/consoleproxy/AgentBasedConsoleProxyManager.java
@@ -191,7 +191,7 @@ public boolean destroyProxy(long proxyVmId) {
     }
 
     @Override
-    public int getVncPort() {
+    public int getVncPort(Long dataCenterId) {
         return _consoleProxyPort;
     }
 
diff --git a/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyManager.java b/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyManager.java
@@ -56,11 +56,11 @@ public interface ConsoleProxyManager extends Manager, ConsoleProxyService {
     ConfigKey<Boolean> NoVncConsoleSourceIpCheckEnabled = new ConfigKey<>(ConfigKey.CATEGORY_ADVANCED, Boolean.class, "novnc.console.sourceip.check.enabled", "false",
         "If true, The source IP to access novnc console must be same as the IP in request to management server for console URL. Needs to reconnect CPVM to management server when this changes (via restart CPVM, or management server, or cloud service in CPVM)", false);
 
-    ConfigKey<String> ConsoleProxyCapacityStandby = new ConfigKey<>(String.class, "consoleproxy.capacity.standby", "Console Proxy", "10",
+    ConfigKey<String> ConsoleProxyCapacityStandby = new ConfigKey<>(String.class, "consoleproxy.capacity.standby", "Console Proxy", String.valueOf(DEFAULT_STANDBY_CAPACITY),
             "The minimal number of console proxy viewer sessions that system is able to serve immediately(standby capacity)", false, ConfigKey.Scope.Zone, null);
 
     ConfigKey<String> ConsoleProxyCapacityScanInterval = new ConfigKey<>(String.class, "consoleproxy.capacityscan.interval", "Console Proxy", "30000",
-            "The time interval(in millisecond) to scan whether or not system needs more console proxy to ensure minimal standby capacity", false, ConfigKey.Scope.Zone, null);
+            "The time interval(in millisecond) to scan whether or not system needs more console proxy to ensure minimal standby capacity", false, null);
 
     ConfigKey<Integer> ConsoleProxyCmdPort = new ConfigKey<>(Integer.class, "consoleproxy.cmd.port", "Console Proxy", String.valueOf(DEFAULT_PROXY_CMD_PORT),
             "Console proxy command port that is used to communicate with management server", false, ConfigKey.Scope.Zone, null);
@@ -74,7 +74,7 @@ public interface ConsoleProxyManager extends Manager, ConsoleProxyService {
     ConfigKey<Integer> ConsoleProxySessionMax = new ConfigKey<>(Integer.class, "consoleproxy.session.max", "Console Proxy", String.valueOf(DEFAULT_PROXY_CAPACITY),
             "The max number of viewer sessions console proxy is configured to serve for", false, ConfigKey.Scope.Zone, null);
 
-    ConfigKey<Integer> ConsoleProxySessionTimeout = new ConfigKey<>(Integer.class, "consoleproxy.session.timeout", "Console Proxy", "300000",
+    ConfigKey<Integer> ConsoleProxySessionTimeout = new ConfigKey<>(Integer.class, "consoleproxy.session.timeout", "Console Proxy", String.valueOf(DEFAULT_PROXY_SESSION_TIMEOUT),
             "Timeout(in milliseconds) that console proxy tries to maintain a viewer session before it times out the session for no activity", false, ConfigKey.Scope.Zone, null);
 
     ConfigKey<Boolean> ConsoleProxyDisableRpFilter = new ConfigKey<>(Boolean.class, "consoleproxy.disable.rpfilter", "Console Proxy", "true",
@@ -108,6 +108,6 @@ void startProxyForHA(VirtualMachine vm, Map<VirtualMachineProfile.Param, Object>
 
     boolean destroyProxy(long proxyVmId);
 
-    int getVncPort();
+    int getVncPort(Long dataCenterId);
 
 }
diff --git a/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java
@@ -233,17 +233,10 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
     private ServiceOfferingVO serviceOfferingVO;
 
     private long capacityScanInterval = DEFAULT_CAPACITY_SCAN_INTERVAL_IN_MILLISECONDS;
-    private int capacityPerProxy = ConsoleProxyManager.DEFAULT_PROXY_CAPACITY;
-    private int standbyCapacity = ConsoleProxyManager.DEFAULT_STANDBY_CAPACITY;
 
     private boolean useStorageVm;
-    private boolean disableRpFilter = false;
     private String instance;
 
-    private int proxySessionTimeoutValue = DEFAULT_PROXY_SESSION_TIMEOUT;
-    private boolean sslEnabled = false;
-    private String consoleProxyUrlDomain;
-
     private SystemVmLoadScanner<Long> loadScanner;
     private Map<Long, ZoneHostInfo> zoneHostInfoMap;
     private Map<Long, ConsoleProxyLoadInfo> zoneProxyCountMap;
@@ -342,7 +335,7 @@ public ConsoleProxyInfo assignProxy(final long dataCenterId, final VMInstanceVO
             logger.warn(String.format("SSL is enabled for console proxy [%s] but no server certificate found in database.", proxy.toString()));
         }
 
-        consoleProxyUrlDomain = ConsoleProxyUrlDomain.valueIn(dataCenterId);
+        String consoleProxyUrlDomain = ConsoleProxyUrlDomain.valueIn(dataCenterId);
         ConsoleProxyInfo info;
         if (staticPublicIp == null) {
             info = new ConsoleProxyInfo(proxy.isSslEnabled(), proxy.getPublicIpAddress(), consoleProxyPort, proxy.getPort(), consoleProxyUrlDomain);
@@ -375,6 +368,7 @@ public ConsoleProxyVO doAssignProxy(long dataCenterId, VMInstanceVO vm) {
                             }
                             proxy = null;
                         } else {
+                            long capacityPerProxy = ConsoleProxySessionMax.valueIn(dataCenterId);
                             if (consoleProxyDao.getProxyActiveLoad(proxy.getId()) < capacityPerProxy || hasPreviousSession(proxy, vm)) {
                                 if (logger.isDebugEnabled()) {
                                     logger.debug("Assign previous allocated console proxy for user vm: {}", vm);
@@ -409,7 +403,7 @@ public ConsoleProxyVO doAssignProxy(long dataCenterId, VMInstanceVO vm) {
         if (vm.getProxyId() == null || vm.getProxyId() != proxy.getId()) {
             vmInstanceDao.updateProxyId(vm.getId(), proxy.getId(), DateUtil.currentGMTTime());
         }
-
+        boolean sslEnabled = isSslEnabled(dataCenterId);
         proxy.setSslEnabled(sslEnabled);
         if (sslEnabled) {
             proxy.setPort(443);
@@ -452,6 +446,7 @@ private boolean hasPreviousSession(ConsoleProxyVO proxy, VMInstanceVO vm) {
                 }
             }
 
+            Integer proxySessionTimeoutValue = ConsoleProxySessionTimeout.valueIn(proxy.getDataCenterId());
             return DateUtil.currentGMTTime().getTime() - vm.getProxyAssignTime().getTime() < proxySessionTimeoutValue;
         } else {
             logger.warn(String.format("Unable to retrieve load info from proxy [%s] on an overloaded proxy.", proxy.toString()));
@@ -501,6 +496,8 @@ public ConsoleProxyVO assignProxyFromRunningPool(long dataCenterId) {
             logger.debug("Assign console proxy from running pool for request from data center: {}", zone);
         }
 
+        long capacityPerProxy = ConsoleProxySessionMax.valueIn(dataCenterId);
+
         ConsoleProxyAllocator allocator = getCurrentAllocator();
         assert (allocator != null);
         List<ConsoleProxyVO> runningList = consoleProxyDao.getProxyListInStates(dataCenterId, State.Running);
@@ -820,8 +817,9 @@ private boolean allowToLaunchNew(long dcId) {
         return l.size() < launchLimit;
     }
 
-    private boolean checkCapacity(ConsoleProxyLoadInfo proxyCountInfo, ConsoleProxyLoadInfo vmCountInfo) {
-        return proxyCountInfo.getCount() * capacityPerProxy - vmCountInfo.getCount() > standbyCapacity;
+    private boolean checkCapacity(ConsoleProxyLoadInfo proxyCountInfo, ConsoleProxyLoadInfo vmCountInfo, long dataCenterId) {
+        long capacityPerProxy = ConsoleProxySessionMax.valueIn(dataCenterId);
+        return proxyCountInfo.getCount() * capacityPerProxy - vmCountInfo.getCount() > getStandbyCapacity(dataCenterId);
     }
 
     private void allocCapacity(long dataCenterId) {
@@ -1118,8 +1116,8 @@ public boolean destroyProxy(long vmId) {
     }
 
     @Override
-    public int getVncPort() {
-        return sslEnabled && _ksDao.findByName(ConsoleProxyManager.CERTIFICATE_NAME) != null ? 8443 : 8080;
+    public int getVncPort(Long dataCenterId) {
+        return isSslEnabled(dataCenterId) && _ksDao.findByName(ConsoleProxyManager.CERTIFICATE_NAME) != null ? 8443 : 8080;
     }
 
     private String getAllocProxyLockName() {
@@ -1136,44 +1134,20 @@ public boolean configure(String name, Map<String, Object> params) throws Configu
         for (Map.Entry<String, String> entry : configs.entrySet()) {
             logger.info("PEARL - Configure console proxy manager : " + entry.getKey() + " = " + entry.getValue());
         }
-        String value = configs.get(ConsoleProxySslEnabled.key());
-        if (value != null && value.equalsIgnoreCase("true")) {
-            sslEnabled = true;
-        }
 
-        consoleProxyUrlDomain = ConsoleProxyUrlDomain.value();
-        if( sslEnabled && (consoleProxyUrlDomain == null || consoleProxyUrlDomain.isEmpty())) {
-            logger.warn("Empty console proxy domain, explicitly disabling SSL");
-            sslEnabled = false;
-        }
-
-        value = ConsoleProxyCapacityScanInterval.value();
+        String value = ConsoleProxyCapacityScanInterval.value();
         capacityScanInterval = NumbersUtil.parseLong(value, DEFAULT_CAPACITY_SCAN_INTERVAL_IN_MILLISECONDS);
 
-        capacityPerProxy = NumbersUtil.parseInt(configs.get("consoleproxy.session.max"), DEFAULT_PROXY_CAPACITY);
-        standbyCapacity = NumbersUtil.parseInt(ConsoleProxyCapacityStandby.value(), DEFAULT_STANDBY_CAPACITY);
-        proxySessionTimeoutValue = NumbersUtil.parseInt(configs.get("consoleproxy.session.timeout"), DEFAULT_PROXY_SESSION_TIMEOUT);
-
         value = configs.get("consoleproxy.port");
         if (value != null) {
             consoleProxyPort = NumbersUtil.parseInt(value, ConsoleProxyManager.DEFAULT_PROXY_VNC_PORT);
         }
 
-        Boolean rpFilterDisabled = ConsoleProxyDisableRpFilter.value();
-        if (Boolean.TRUE.equals(rpFilterDisabled)) {
-            disableRpFilter = true;
-        }
-
         value = configs.get("secondary.storage.vm");
         if (value != null && value.equalsIgnoreCase("true")) {
             useStorageVm = true;
         }
 
-        if (logger.isInfoEnabled()) {
-            logger.info("Console proxy max session soft limit : " + capacityPerProxy);
-            logger.info("Console proxy standby capacity : " + standbyCapacity);
-        }
-
         instance = configs.get("instance.name");
         if (instance == null) {
             instance = "DEFAULT";
@@ -1255,16 +1229,16 @@ public boolean finalizeVirtualMachineProfile(VirtualMachineProfile profile, Depl
         buf.append(" host=").append(StringUtils.toCSVList(indirectAgentLB.getManagementServerList(dest.getHost().getId(), dest.getDataCenter().getId(), null)));
         buf.append(" port=").append(managementPort);
         buf.append(" name=").append(profile.getVirtualMachine().getHostName());
-        if (sslEnabled) {
+        if (isSslEnabled(dest.getDataCenter().getId())) {
             buf.append(" premium=true");
         }
         Long datacenterId = dest.getDataCenter().getId();
         buf.append(" zone=").append(datacenterId);
         buf.append(" pod=").append(dest.getPod().getId());
         buf.append(" guid=Proxy.").append(profile.getId());
         buf.append(" proxy_vm=").append(profile.getId());
-        disableRpFilter = ConsoleProxyDisableRpFilter.valueIn(datacenterId);
-        if (disableRpFilter) {
+        Boolean disableRpFilter = ConsoleProxyDisableRpFilter.valueIn(datacenterId);
+        if (Boolean.TRUE.equals(disableRpFilter)) {
             buf.append(" disable_rp_filter=true");
         }
 
@@ -1324,7 +1298,7 @@ public boolean finalizeVirtualMachineProfile(VirtualMachineProfile profile, Depl
             buf.append(" dns2=").append(dc.getDns2());
         }
         if (VirtualMachine.Type.ConsoleProxy == profile.getVirtualMachine().getType()) {
-            buf.append(" vncport=").append(getVncPort());
+            buf.append(" vncport=").append(getVncPort(datacenterId));
         }
         buf.append(" keystore_password=").append(VirtualMachineGuru.getEncodedString(PasswordGenerator.generateRandomPassword(16)));
         String bootArgs = buf.toString();
@@ -1557,7 +1531,7 @@ public Pair<AfterScanAction, Object> scanPool(Long dataCenterId) {
             vmInfo = new ConsoleProxyLoadInfo();
         }
 
-        if (!checkCapacity(proxyInfo, vmInfo)) {
+        if (!checkCapacity(proxyInfo, vmInfo, dataCenterId)) {
             if (logger.isDebugEnabled()) {
                 logger.debug("Expand console proxy standby capacity for zone " + proxyInfo.getName());
             }
@@ -1632,7 +1606,9 @@ public String getConfigComponentName() {
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] { ConsoleProxySslEnabled, NoVncConsoleDefault, NoVncConsoleSourceIpCheckEnabled };
+        return new ConfigKey<?>[] { ConsoleProxySslEnabled, NoVncConsoleDefault, NoVncConsoleSourceIpCheckEnabled,
+                ConsoleProxyCapacityStandby, ConsoleProxyCapacityScanInterval, ConsoleProxyCmdPort, ConsoleProxyRestart, ConsoleProxyUrlDomain, ConsoleProxySessionMax, ConsoleProxySessionTimeout, ConsoleProxyDisableRpFilter, ConsoleProxyLaunchMax,
+                ConsoleProxyManagementLastState, ConsoleProxyServiceManagementState };
     }
 
     protected ConsoleProxyStatus parseJsonToConsoleProxyStatus(String json) throws JsonParseException {
@@ -1666,4 +1642,18 @@ protected void updateConsoleProxyStatus(String statusInfo, Long proxyVmId) {
 
         consoleProxyDao.update(proxyVmId, count, DateUtil.currentGMTTime(), details);
     }
+
+    private boolean isSslEnabled(Long dataCenterId) {
+        boolean sslEnabled = ConsoleProxySslEnabled.valueIn(dataCenterId);
+        String consoleProxyUrlDomain = ConsoleProxyUrlDomain.valueIn(dataCenterId);
+        if( sslEnabled && (consoleProxyUrlDomain == null || consoleProxyUrlDomain.isEmpty())) {
+            logger.warn("Empty console proxy domain, explicitly disabling SSL");
+            sslEnabled = false;
+        }
+        return sslEnabled;
+    }
+
+    private Integer getStandbyCapacity(Long datacenterId) {
+        return Integer.parseInt(ConsoleProxyCapacityStandby.valueIn(datacenterId));
+    }
 }
diff --git a/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java b/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
@@ -476,7 +476,7 @@ private ConsoleEndpoint composeConsoleAccessEndpoint(String rootUrl, VirtualMach
         ConsoleProxyClientParam param = generateConsoleProxyClientParam(parsedHostInfo, port, sid, tag, ticket,
                 sessionUuid, addr, extraSecurityToken, vm, hostVo, details, portInfo, host, displayName);
         String token = encryptor.encryptObject(ConsoleProxyClientParam.class, param);
-        int vncPort = consoleProxyManager.getVncPort();
+        int vncPort = consoleProxyManager.getVncPort(vm.getDataCenterId());
 
         String url = generateConsoleAccessUrl(rootUrl, param, token, vncPort, vm, hostVo, details);
 

Original file line number	Diff line number	Diff line change
`@@ -191,7 +191,7 @@ public boolean destroyProxy(long proxyVmId) {`
`191`	`191`	`}`
`192`	`192`
`193`	`193`	`@Override`
`194`		`- public int getVncPort() {`
	`194`	`+ public int getVncPort(Long dataCenterId) {`
`195`	`195`	`return _consoleProxyPort;`
`196`	`196`	`}`
`197`	`197`