Comment 31 for bug 1227575

Hi,

One possible solution to limit the console sessions for both vnc and spice consoles is that we can query to compute node to know how many tcp connections are established for a given console graphics port of the vm using netstat command. If the number of established tcp connections exceeds that of configured value, then it is possible to restrict users from connecting to the console.

sudo netstat -pnt | awk '{print $4}' | egrep '^127.0.0.1:5900$’
127.0.0.1 : vncserver_listen parameter from nova.conf
5900: graphics port either for spice or vnc.

For this to work, we need to know whether the tcp connections per spice console is governed by libvirt or there are any other external factors involved that could vary the count of the tcp connections. Once we know count of tcp connections are bound to libvirt then we can write the logic in the libvirt driver to return tcp connections count accordingly per console type (spice or vnc).

Also need to check how this would work for other hypervisors.

Advantage:
1. No need to persist connection data per vm per session saving disk space

Disadvantage:
1. One additional rpc call to the compute node per console

Please let me know your suggestions on the same.