Add VNC video display including password

The other display options open a window always, while the
vnc is more "on demand" by using a separate vnc viewer.

Add localhost and password support for some minimal security.
The password is generated, and is stored as an instance file.

Signed-off-by: Anders F Björklund <[email protected]>

Author: afbjorklund

examples/default.yaml

@@ -215,6 +215,12 @@ video:
   # on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334
   # 🟢 Builtin default: "none"
   display: null
+  # VNC (Virtual Network Computing) is a platform-independent graphical
+  # desktop-sharing system that uses the Remote Frame Buffer protocol (RFB)
+  vnc:
+    # VNC display, e.g., "127.0.0.1:0", "host:d", "unix:path", "none"
+    # By convention the TCP port is 5900+d, connections from any host.
+    display: null
 
 # The instance can get routable IP addresses from the vmnet framework using
 # https://github.com/lima-vm/socket_vmnet.

pkg/hostagent/hostagent.go

@@ -8,6 +8,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math/rand"
 	"net"
 	"os"
 	"os/exec"
@@ -243,6 +244,15 @@ func logPipeRoutine(r io.Reader, header string) {
 	}
 }
 
+func randomPassword(length int) string {
+	passwd := ""
+	rand.Seed(time.Now().UnixNano())
+	for i := 0; i < length; i++ {
+		passwd += strconv.Itoa(rand.Intn(10))
+	}
+	return passwd
+}
+
 type qArgTemplateApplier struct {
 	files []*os.File
 }
@@ -357,6 +367,30 @@ func (a *HostAgent) Run(ctx context.Context) error {
 		qWaitCh <- qCmd.Wait()
 	}()
 
+	if a.y.Video.VNC.Display != nil {
+		vncdisplay := *a.y.Video.VNC.Display
+		vnchost, vncnum, err := net.SplitHostPort(vncdisplay)
+		if err != nil {
+			return err
+		}
+		n, err := strconv.Atoi(vncnum)
+		if err != nil {
+			return err
+		}
+		vncport := strconv.Itoa(5900 + n)
+		vncurl := "vnc://" + net.JoinHostPort(vnchost, vncport)
+		vncpwdfile := filepath.Join(a.instDir, filenames.VNCPasswordFile)
+		vncpasswd := randomPassword(8)
+		if err := a.changeVNCPassword(ctx, vncpasswd); err != nil {
+			return err
+		}
+		if err := os.WriteFile(vncpwdfile, []byte(vncpasswd), 0600); err != nil {
+			return err
+		}
+		logrus.Infof("VNC Password for %s <%s> is:", vncdisplay, vncurl)
+		logrus.Infof("    \"%s\" | `%s`", vncpasswd, vncpwdfile)
+	}
+
 	stBase := events.Status{
 		SSHLocalPort: a.sshLocalPort,
 	}
@@ -398,6 +432,46 @@ func (a *HostAgent) Info(ctx context.Context) (*hostagentapi.Info, error) {
 	return info, nil
 }
 
+func waitFileExists(path string, timeout time.Duration) error {
+	startWaiting := time.Now()
+	for {
+		_, err := os.Stat(path)
+		if err == nil {
+			break
+		}
+		if !errors.Is(err, os.ErrNotExist) {
+			return err
+		}
+		if time.Since(startWaiting) > timeout {
+			return fmt.Errorf("timeout waiting for %s", path)
+		}
+		time.Sleep(500 * time.Millisecond)
+	}
+	return nil
+}
+
+func (a *HostAgent) changeVNCPassword(ctx context.Context, password string) error {
+	qmpSockPath := filepath.Join(a.instDir, filenames.QMPSock)
+	err := waitFileExists(qmpSockPath, 30*time.Second)
+	if err != nil {
+		return err
+	}
+	qmpClient, err := qmp.NewSocketMonitor("unix", qmpSockPath, 5*time.Second)
+	if err != nil {
+		return err
+	}
+	if err := qmpClient.Connect(); err != nil {
+		return err
+	}
+	defer func() { _ = qmpClient.Disconnect() }()
+	rawClient := raw.NewMonitor(qmpClient)
+	err = rawClient.ChangeVNCPassword(password)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func (a *HostAgent) shutdownQEMU(ctx context.Context, timeout time.Duration, qCmd *exec.Cmd, qWaitCh <-chan error) error {
 	logrus.Info("Shutting down QEMU with ACPI")
 	qmpSockPath := filepath.Join(a.instDir, filenames.QMPSock)

pkg/limayaml/defaults.go

@@ -170,6 +170,13 @@ func FillDefault(y, d, o *LimaYAML, filePath string) {
 		y.Video.Display = pointer.String("none")
 	}
 
+	if y.Video.VNC.Display == nil {
+		y.Video.VNC.Display = d.Video.VNC.Display
+	}
+	if o.Video.VNC.Display != nil {
+		y.Video.VNC.Display = o.Video.VNC.Display
+	}
+
 	if y.Firmware.LegacyBIOS == nil {
 		y.Firmware.LegacyBIOS = d.Firmware.LegacyBIOS
 	}

pkg/limayaml/limayaml.go

@@ -106,9 +106,14 @@ type Firmware struct {
 	LegacyBIOS *bool `yaml:"legacyBIOS,omitempty" json:"legacyBIOS,omitempty"`
 }
 
+type VNCOptions struct {
+	Display *string `yaml:"display,omitempty" json:"display,omitempty"`
+}
+
 type Video struct {
 	// Display is a QEMU display string
-	Display *string `yaml:"display,omitempty" json:"display,omitempty"`
+	Display *string    `yaml:"display,omitempty" json:"display,omitempty"`
+	VNC     VNCOptions `yaml:"vnc" json:"vnc"`
 }
 
 type ProvisionMode = string

pkg/limayaml/validate.go

@@ -88,6 +88,12 @@ func Validate(y LimaYAML, warn bool) error {
 		}
 	}
 
+	if y.Video.VNC.Display != nil {
+		if *y.Video.Display != "none" && *y.Video.Display != "vnc" {
+			return fmt.Errorf("field `video.display` has conflicting type: %q", *y.Video.Display)
+		}
+	}
+
 	if *y.CPUs == 0 {
 		return errors.New("field `cpus` must be set")
 	}

pkg/qemu/qemu.go

@@ -536,8 +536,13 @@ func Cmdline(cfg Config) (string, []string, error) {
 	args = append(args, "-device", "virtio-rng-pci")
 
 	// Graphics
-	if *y.Video.Display != "" {
-		args = appendArgsIfNoConflict(args, "-display", *y.Video.Display)
+	if *y.Video.Display != "" || y.Video.VNC.Display != nil {
+		display := *y.Video.Display
+		if y.Video.VNC.Display != nil {
+			display = "vnc=" + *y.Video.VNC.Display
+			display += ",password=on"
+		}
+		args = appendArgsIfNoConflict(args, "-display", display)
 	}
 	switch *y.Arch {
 	case limayaml.X8664:

pkg/store/filenames/filenames.go

@@ -37,6 +37,7 @@ const (
 	SerialLog          = "serial.log"
 	SerialSock         = "serial.sock"
 	SSHSock            = "ssh.sock"
+	VNCPasswordFile    = "vncpassword"
 	GuestAgentSock     = "ga.sock"
 	HostAgentPID       = "ha.pid"
 	HostAgentSock      = "ha.sock"