openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #13131
noVNC and EPEL
-
To:
openstack <openstack@xxxxxxxxxxxxxxxxxxx>
-
From:
Adam Young <ayoung@xxxxxxxxxx>
-
Date:
Tue, 12 Jun 2012 14:56:35 -0400
-
In-reply-to:
<4FD699C9.7010008@redhat.com>
-
User-agent:
Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120605 Thunderbird/13.0
I have a working noVNC RPM for both F17 and EPEL.
Well...I think it is working...everything is set as best as I can tell
to what it should be. However, I have not been able to get a VNC
console on a VM from the Web UI. I have been able to do so using
noVNC, so we have a partial solution. I've been advised that
misconfiguration of the compute nodes is often at fault for noVNC not
working:
<sleepsonthefloor> ayoung: it is very common for people to misconfigure
flags on the compute hosts
<sleepsonthefloor> FLAGS.vncserver_proxyclient_address and
FLAGS.novncproxy_base_url
My packages are at:
http://admiyo.fedorapeople.org/noVNC/
Paidrig "pixelbeat" Brady has tweaked them and gotten them blessed into
the Fedora and EPEL system.
With the RPM installed, the steps to get novnc_server (not the Nova
proxy) working are:
1. Generate a key. I put this in /etc/nova:
openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem
2. Figure out the port for the vnc server you want. This will depend
on the VM. In general, the first VM you spin up will have 9000, the
next 9001. You can brute force the search using
qemu-syst 21809 qemu 13u IPv4 178192 0t0
TCP localhost:vnc-server (LISTEN)
qemu-syst 26373 qemu 11u IPv4 3446722 0t0
TCP localhost:5901 (LISTEN)
Note that the first line lists the port by service name (vnc-server) out
of /etc/services (technically the NSSwitch services database, but we
all probably have that set to files.)
I ensured I could connect to the server using the tiger-vnc package and
vncviewer.
3. Run the novnc server. In the upstream, this is launch.sh. For
Fedora we've given it the slightly more descriptive name novnc_server.
cd /usr/share/novnc
novnc_server --cert /etc/nova/self.pem --vnc localhost:5901
4. Get the self signed cert into your browser by pointing at the server
using https://hostname:6080. This will kick you into the "invalid
certificate" dialog. Accept the Cert and it will forward you to
noVNC. No password is required: click connect and you should be
viewing the appropriate VM.
I have not been able to get the Horizon Dashboard to noVNC integration
working. I suspect that the correct command line should be something like:
nova-novncproxy --flagfile=/etc/nova/nova.conf
--web=/usr/share/novnc/ --cert=/etc/nova/self.pem
--log-file=/var/log/nova/novnc.log
But no connections go through. Nothing shows up in the log (and I have
confirmed that is not due to permissions). Nothing shows up on the
command line, either except the startup information:
[root@ayoung-stack2 novnc]# nova-novncproxy
--flagfile=/etc/nova/nova.conf --web=/usr/share/novnc/
--cert=/etc/nova/self.pem --log-file=/var/log/nova/novnc.log
WebSocket server settings:
- Listen on 0.0.0.0:6080
- Flash security policy server
- Web server. Web root: /usr/share/novnc
- SSL/TLS support
- proxying from 0.0.0.0:6080 to ignore:ignore
For Fedora, we cannot ship the binary Flash blob. I've been working
under the assumtion that the Nova noVNC proxy uses the browsers
websocket support....
