← Back to team overview

openstack team mailing list archive

noVNC and EPEL

 

I have a working noVNC RPM for both F17 and EPEL.

Well...I think it is working...everything is set as best as I can tell to what it should be. However, I have not been able to get a VNC console on a VM from the Web UI. I have been able to do so using noVNC, so we have a partial solution. I've been advised that misconfiguration of the compute nodes is often at fault for noVNC not working:

<sleepsonthefloor> ayoung: it is very common for people to misconfigure flags on the compute hosts <sleepsonthefloor> FLAGS.vncserver_proxyclient_address and FLAGS.novncproxy_base_url

My packages are at:
http://admiyo.fedorapeople.org/noVNC/

Paidrig "pixelbeat" Brady has tweaked them and gotten them blessed into the Fedora and EPEL system.

With the RPM installed, the steps to get novnc_server (not the Nova proxy) working are:

1.  Generate a key. I put this in /etc/nova:
 openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem

2. Figure out the port for the vnc server you want. This will depend on the VM. In general, the first VM you spin up will have 9000, the next 9001. You can brute force the search using

qemu-syst 21809 qemu 13u IPv4 178192 0t0 TCP localhost:vnc-server (LISTEN) qemu-syst 26373 qemu 11u IPv4 3446722 0t0 TCP localhost:5901 (LISTEN)

Note that the first line lists the port by service name (vnc-server) out of /etc/services (technically the NSSwitch services database, but we all probably have that set to files.)

I ensured I could connect to the server using the tiger-vnc package and vncviewer.


3. Run the novnc server. In the upstream, this is launch.sh. For Fedora we've given it the slightly more descriptive name novnc_server.

cd /usr/share/novnc
novnc_server --cert /etc/nova/self.pem --vnc localhost:5901


4. Get the self signed cert into your browser by pointing at the server using https://hostname:6080. This will kick you into the "invalid certificate" dialog. Accept the Cert and it will forward you to noVNC. No password is required: click connect and you should be viewing the appropriate VM.



I have not been able to get the Horizon Dashboard to noVNC integration working. I suspect that the correct command line should be something like:

nova-novncproxy --flagfile=/etc/nova/nova.conf --web=/usr/share/novnc/ --cert=/etc/nova/self.pem --log-file=/var/log/nova/novnc.log

But no connections go through. Nothing shows up in the log (and I have confirmed that is not due to permissions). Nothing shows up on the command line, either except the startup information:

[root@ayoung-stack2 novnc]# nova-novncproxy --flagfile=/etc/nova/nova.conf --web=/usr/share/novnc/ --cert=/etc/nova/self.pem --log-file=/var/log/nova/novnc.log
WebSocket server settings:
  - Listen on 0.0.0.0:6080
  - Flash security policy server
  - Web server. Web root: /usr/share/novnc
  - SSL/TLS support
  - proxying from 0.0.0.0:6080 to ignore:ignore


For Fedora, we cannot ship the binary Flash blob. I've been working under the assumtion that the Nova noVNC proxy uses the browsers websocket support....