Add VNC video display including password

afbjorklund · afbjorklund · commit f495817a4b85 · 2023-02-11T16:58:01.000+01:00
The other display options open a window always, while the
vnc is more "on demand" by using a separate vnc viewer.

Add localhost and password support for some minimal security.
The password is generated, and is stored as an instance file.

Signed-off-by: Anders F Björklund &lt;anders.f.bjorklund@gmail.com&gt;
diff --git a/docs/internal.md b/docs/internal.md
@@ -56,6 +56,10 @@ SSH:
 - `ssh.sock`: SSH control master socket
 - `ssh.config`: SSH config file for `ssh -F`. Not consumed by Lima itself.
 
+VNC:
+- `vncdisplay`: VNC display host/port
+- `vncpassword`: VNC display password
+
 Guest agent:
 - `ga.sock`: Forwarded to `/run/lima-guestagent.sock` in the guest, via SSH
 
diff --git a/examples/default.yaml b/examples/default.yaml
@@ -245,13 +245,21 @@ firmware:
   legacyBIOS: null
 
 video:
-  # QEMU display, e.g., "none", "cocoa", "sdl", "gtk", "default".
+  # QEMU display, e.g., "none", "cocoa", "sdl", "gtk", "vnc", "default".
   # Choosing "none" will hide the video output, and not show any window.
+  # Choosing "vnc" will use a network server, and not show any window.
   # Choosing "default" will pick the first available of: gtk, sdl, cocoa.
-  # As of QEMU v6.2, enabling this is known to have negative impact
+  # As of QEMU v6.2, enabling anything but none or vnc is known to have negative impact
   # on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334
   # 🟢 Builtin default: "none"
   display: null
+  # VNC (Virtual Network Computing) is a platform-independent graphical
+  # desktop-sharing system that uses the Remote Frame Buffer protocol (RFB)
+  vnc:
+    # VNC display, e.g.,"to=L", "host:d", "unix:path", "none"
+    # By convention the TCP port is 5900+d, connections from any host.
+    # 🟢 Builtin default: "127.0.0.1:0,to=9"
+    display: null
 
 # The instance can get routable IP addresses from the vmnet framework using
 # https://github.com/lima-vm/socket_vmnet.
diff --git a/pkg/driver/driver.go b/pkg/driver/driver.go
@@ -15,6 +15,10 @@ type Driver interface {
 	Start(_ context.Context) (chan error, error)
 
 	Stop(_ context.Context) error
+
+	ChangeDisplayPassword(_ context.Context, password string) error
+
+	GetDisplayConnection(_ context.Context) (string, error)
 }
 
 type BaseDriver struct {
@@ -39,3 +43,11 @@ func (d *BaseDriver) Start(_ context.Context) (chan error, error) {
 func (d *BaseDriver) Stop(_ context.Context) error {
 	return nil
 }
+
+func (d *BaseDriver) ChangeDisplayPassword(_ context.Context, password string) error {
+	return nil
+}
+
+func (d *BaseDriver) GetDisplayConnection(_ context.Context) (string, error) {
+	return "", nil
+}
diff --git a/pkg/hostagent/hostagent.go b/pkg/hostagent/hostagent.go
@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math/rand"
 	"net"
 	"os"
 	"os/exec"
@@ -251,6 +252,15 @@ func (a *HostAgent) emitEvent(_ context.Context, ev events.Event) {
 	}
 }
 
+func generatePassword(length int) (string, error) {
+	passwd := ""
+	rand.Seed(time.Now().UnixNano())
+	for i := 0; i < length; i++ {
+		passwd += strconv.Itoa(rand.Intn(10))
+	}
+	return passwd, nil
+}
+
 func (a *HostAgent) Run(ctx context.Context) error {
 	defer func() {
 		exitingEv := events.Event{
@@ -285,6 +295,50 @@ func (a *HostAgent) Run(ctx context.Context) error {
 		return err
 	}
 
+	if *a.y.Video.Display == "vnc" {
+		vncdisplay, vncoptions, _ := strings.Cut(*a.y.Video.VNC.Display, ",")
+		vnchost, vncnum, err := net.SplitHostPort(vncdisplay)
+		if err != nil {
+			return err
+		}
+		n, err := strconv.Atoi(vncnum)
+		if err != nil {
+			return err
+		}
+		vncport := strconv.Itoa(5900 + n)
+		vncpwdfile := filepath.Join(a.instDir, filenames.VNCPasswordFile)
+		vncpasswd, err := generatePassword(8)
+		if err != nil {
+			return err
+		}
+		if err := a.driver.ChangeDisplayPassword(ctx, vncpasswd); err != nil {
+			return err
+		}
+		if err := os.WriteFile(vncpwdfile, []byte(vncpasswd), 0600); err != nil {
+			return err
+		}
+		if strings.Contains(vncoptions, "to=") {
+			vncport, err = a.driver.GetDisplayConnection(ctx)
+			if err != nil {
+				return err
+			}
+			p, err := strconv.Atoi(vncport)
+			if err != nil {
+				return err
+			}
+			vncnum = strconv.Itoa(p - 5900)
+			vncdisplay = net.JoinHostPort(vnchost, vncnum)
+		}
+		vncfile := filepath.Join(a.instDir, filenames.VNCDisplayFile)
+		if err := os.WriteFile(vncfile, []byte(vncdisplay), 0600); err != nil {
+			return err
+		}
+		vncurl := "vnc://:" + vncpasswd + "@" + net.JoinHostPort(vnchost, vncport)
+		logrus.Infof("VNC server running at <%s>", vncurl)
+		logrus.Infof("VNC Display: \"%s\" `%s`", vncdisplay, vncfile)
+		logrus.Infof("VNC Password: \"%s\" `%s`", vncpasswd, vncpwdfile)
+	}
+
 	stBase := events.Status{
 		SSHLocalPort: a.sshLocalPort,
 	}
diff --git a/pkg/limayaml/defaults.go b/pkg/limayaml/defaults.go
@@ -186,6 +186,16 @@ func FillDefault(y, d, o *LimaYAML, filePath string) {
 		y.Video.Display = pointer.String("none")
 	}
 
+	if y.Video.VNC.Display == nil {
+		y.Video.VNC.Display = d.Video.VNC.Display
+	}
+	if o.Video.VNC.Display != nil {
+		y.Video.VNC.Display = o.Video.VNC.Display
+	}
+	if y.Video.VNC.Display == nil || *y.Video.VNC.Display == "" {
+		y.Video.VNC.Display = pointer.String("127.0.0.1:0,to=9")
+	}
+
 	if y.Firmware.LegacyBIOS == nil {
 		y.Firmware.LegacyBIOS = d.Firmware.LegacyBIOS
 	}
diff --git a/pkg/limayaml/defaults_test.go b/pkg/limayaml/defaults_test.go
@@ -72,6 +72,9 @@ func TestFillDefault(t *testing.T) {
 		},
 		Video: Video{
 			Display: pointer.String("none"),
+			VNC: VNCOptions{
+				Display: pointer.String("127.0.0.1:0,to=9"),
+			},
 		},
 		HostResolver: HostResolver{
 			Enabled: pointer.Bool(true),
@@ -262,6 +265,9 @@ func TestFillDefault(t *testing.T) {
 		},
 		Video: Video{
 			Display: pointer.String("cocoa"),
+			VNC: VNCOptions{
+				Display: pointer.String("none"),
+			},
 		},
 		HostResolver: HostResolver{
 			Enabled: pointer.Bool(false),
@@ -418,6 +424,9 @@ func TestFillDefault(t *testing.T) {
 		},
 		Video: Video{
 			Display: pointer.String("cocoa"),
+			VNC: VNCOptions{
+				Display: pointer.String("none"),
+			},
 		},
 		HostResolver: HostResolver{
 			Enabled: pointer.Bool(false),
diff --git a/pkg/limayaml/limayaml.go b/pkg/limayaml/limayaml.go
@@ -122,9 +122,14 @@ type Firmware struct {
 	LegacyBIOS *bool `yaml:"legacyBIOS,omitempty" json:"legacyBIOS,omitempty"`
 }
 
+type VNCOptions struct {
+	Display *string `yaml:"display,omitempty" json:"display,omitempty"`
+}
+
 type Video struct {
 	// Display is a QEMU display string
-	Display *string `yaml:"display,omitempty" json:"display,omitempty"`
+	Display *string    `yaml:"display,omitempty" json:"display,omitempty"`
+	VNC     VNCOptions `yaml:"vnc" json:"vnc"`
 }
 
 type ProvisionMode = string
diff --git a/pkg/qemu/qemu.go b/pkg/qemu/qemu.go
@@ -549,7 +549,12 @@ func Cmdline(cfg Config) (string, []string, error) {
 
 	// Graphics
 	if *y.Video.Display != "" {
-		args = appendArgsIfNoConflict(args, "-display", *y.Video.Display)
+		display := *y.Video.Display
+		if display == "vnc" {
+			display += "=" + *y.Video.VNC.Display
+			display += ",password=on"
+		}
+		args = appendArgsIfNoConflict(args, "-display", display)
 	}
 	switch *y.Arch {
 	case limayaml.X8664, limayaml.RISCV64:
diff --git a/pkg/qemu/qemu_driver.go b/pkg/qemu/qemu_driver.go
@@ -4,6 +4,7 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -106,6 +107,86 @@ func (l *LimaQemuDriver) Stop(ctx context.Context) error {
 	return l.shutdownQEMU(ctx, 3*time.Minute, l.qCmd, l.qWaitCh)
 }
 
+func (l *LimaQemuDriver) ChangeDisplayPassword(ctx context.Context, password string) error {
+	return l.changeVNCPassword(ctx, password)
+}
+
+func (l *LimaQemuDriver) GetDisplayConnection(ctx context.Context) (string, error) {
+	return l.getVNCDisplayPort(ctx)
+}
+
+func waitFileExists(path string, timeout time.Duration) error {
+	startWaiting := time.Now()
+	for {
+		_, err := os.Stat(path)
+		if err == nil {
+			break
+		}
+		if !errors.Is(err, os.ErrNotExist) {
+			return err
+		}
+		if time.Since(startWaiting) > timeout {
+			return fmt.Errorf("timeout waiting for %s", path)
+		}
+		time.Sleep(500 * time.Millisecond)
+	}
+	return nil
+}
+
+func (l *LimaQemuDriver) changeVNCPassword(ctx context.Context, password string) error {
+	qmpSockPath := filepath.Join(l.Instance.Dir, filenames.QMPSock)
+	err := waitFileExists(qmpSockPath, 30*time.Second)
+	if err != nil {
+		return err
+	}
+	qmpClient, err := qmp.NewSocketMonitor("unix", qmpSockPath, 5*time.Second)
+	if err != nil {
+		return err
+	}
+	if err := qmpClient.Connect(); err != nil {
+		return err
+	}
+	defer func() { _ = qmpClient.Disconnect() }()
+	rawClient := raw.NewMonitor(qmpClient)
+	err = rawClient.ChangeVNCPassword(password)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (l *LimaQemuDriver) getVNCDisplayPort(ctx context.Context) (string, error) {
+	qmpSockPath := filepath.Join(l.Instance.Dir, filenames.QMPSock)
+	qmpClient, err := qmp.NewSocketMonitor("unix", qmpSockPath, 5*time.Second)
+	if err != nil {
+		return "", err
+	}
+	if err := qmpClient.Connect(); err != nil {
+		return "", err
+	}
+	defer func() { _ = qmpClient.Disconnect() }()
+	rawClient := raw.NewMonitor(qmpClient)
+	info, err := rawClient.QueryVNC()
+	if err != nil {
+		return "", err
+	}
+	return *info.Service, nil
+}
+
+func (l *LimaQemuDriver) removeVNCFiles() error {
+	vncfile := filepath.Join(l.Instance.Dir, filenames.VNCDisplayFile)
+	err := os.RemoveAll(vncfile)
+	if err != nil {
+		return err
+	}
+	vncpwdfile := filepath.Join(l.Instance.Dir, filenames.VNCPasswordFile)
+	err = os.RemoveAll(vncpwdfile)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func (l *LimaQemuDriver) shutdownQEMU(ctx context.Context, timeout time.Duration, qCmd *exec.Cmd, qWaitCh <-chan error) error {
 	logrus.Info("Shutting down QEMU with ACPI")
 	qmpSockPath := filepath.Join(l.Instance.Dir, filenames.QMPSock)
@@ -129,6 +210,7 @@ func (l *LimaQemuDriver) shutdownQEMU(ctx context.Context, timeout time.Duration
 	select {
 	case qWaitErr := <-qWaitCh:
 		logrus.WithError(qWaitErr).Info("QEMU has exited")
+		l.removeVNCFiles()
 		return qWaitErr
 	case <-deadline:
 	}
@@ -144,6 +226,7 @@ func (l *LimaQemuDriver) killQEMU(_ context.Context, _ time.Duration, qCmd *exec
 	logrus.WithError(qWaitErr).Info("QEMU has exited, after killing forcibly")
 	qemuPIDPath := filepath.Join(l.Instance.Dir, filenames.PIDFile(*l.Yaml.VMType))
 	_ = os.RemoveAll(qemuPIDPath)
+	l.removeVNCFiles()
 	return qWaitErr
 }
 
diff --git a/pkg/store/filenames/filenames.go b/pkg/store/filenames/filenames.go
@@ -38,6 +38,8 @@ const (
 	SerialSock         = "serial.sock"
 	SSHSock            = "ssh.sock"
 	SSHConfig          = "ssh.config"
+	VNCDisplayFile     = "vncdisplay"
+	VNCPasswordFile    = "vncpassword"
 	GuestAgentSock     = "ga.sock"
 	HostAgentPID       = "ha.pid"
 	HostAgentSock      = "ha.sock"

Original file line number	Diff line number	Diff line change
`@@ -122,9 +122,14 @@ type Firmware struct {`
`122`	`122`	LegacyBIOS *bool `yaml:"legacyBIOS,omitempty" json:"legacyBIOS,omitempty"`
`123`	`123`	`}`
`124`	`124`
	`125`	`+type VNCOptions struct {`
	`126`	+ Display *string `yaml:"display,omitempty" json:"display,omitempty"`
	`127`	`+}`
	`128`	`+`
`125`	`129`	`type Video struct {`
`126`	`130`	`// Display is a QEMU display string`
`127`		- Display *string `yaml:"display,omitempty" json:"display,omitempty"`
	`131`	+ Display *string `yaml:"display,omitempty" json:"display,omitempty"`
	`132`	+ VNC VNCOptions `yaml:"vnc" json:"vnc"`
`128`	`133`	`}`
`129`	`134`
`130`	`135`	`type ProvisionMode = string`