openstack team mailing list archive

Thread
Date
Re: noVNC and EPEL

To: Pádraig Brady <P@xxxxxxxxxxxxxx>, Adam Young <ayoung@xxxxxxxxxx>
From: Jose Castro Leon <jose.castro.leon@xxxxxxx>
Date: Fri, 15 Jun 2012 09:27:08 +0000
Accept-language: en-GB, en-US
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <4FDAFC55.9010202@draigBrady.com>
Keywords: CERN SpamKiller Note: -50
Thread-index: AQHNStblFgWKguSJrUCnnTakSX4E95b7GRhQ
Thread-topic: [Openstack] noVNC and EPEL
Hi,
The nova-novncproxy reads some parameters in /etc/nova/nova.conf file.  First you need to configure your cloud controller to enable vnc

novncproxy_host = 0.0.0.0
novncproxy_port = 6080

and in the nova compute nodes you need something like this

novncproxy_base_url=http://NOVNCPROXY_FQDN:6080/vnc_auto.html
vnc_enabled=true
vncserver_listen=COMPUTE_FQDN

After restarting nova services on both nodes the newly created machines will run the qemu-kvm with a parameter -vnc compute_fqdn:display_number.
We had previously launched machines that have localhost:DISPLAYNUMBER and when you try to connect from another machine to dashboard it will fail while trying to open localhost:590x on your local machine.

Then after starting the novncproxy and connecting to the dashboard it will discover the host and point to the novncproxy with the appropriate values and connect to the vm.
Make sure than the iptables entries for VNC ports (5900+DISPLAYNUMBER) are allowed.

We have this setup working here at CERN since Adam Young provided the first source rpms :)

If you have any other question, feel free to ask me,

Kind regards,

Jose Castro Leon
CERN IT-OIS-IN             	tel: +41.22.76.74272
                                      	fax: +41.22.76.67955
Office: 31-R-021         	CH-1211 Geneve 23
email: jose.castro.leon@xxxxxxx

-----Original Message-----
From: Pádraig Brady [mailto:P@xxxxxxxxxxxxxx] 
Sent: 15 June 2012 11:12
To: Jose Castro Leon
Cc: Adam Young
Subject: Re: [Openstack] noVNC and EPEL

Hi Joel,

FYI, here are Adam's notes on using these packages.
If you had anything different of significance it would be cool if you could reply with details (preferably to the orig message below) and CC openstack@xxxxxxxxxxxxxxxxxxx

Otherwise just treat this as a FYI.

cheers,
Pádraig.

On 06/12/2012 07:56 PM, Adam Young wrote:
> I have a working noVNC RPM for both F17 and EPEL.
> 
> Well...I think it is working...everything is set as best as I can tell to what it should be.  However, I have not been able to get a VNC console on a VM from the Web UI.  I have been able to do so using noVNC,  so we have a partial solution.  I've been advised that misconfiguration of the compute nodes is often at fault for noVNC not working:
> 
> <sleepsonthefloor> ayoung: it is very common for people to 
> misconfigure flags on the compute hosts <sleepsonthefloor> 
> FLAGS.vncserver_proxyclient_address and FLAGS.novncproxy_base_url
> 
> My packages are at:
> http://admiyo.fedorapeople.org/noVNC/
> 
> Paidrig "pixelbeat" Brady has tweaked them and gotten them blessed into the Fedora and EPEL system.
> 
> With the RPM installed, the steps to get novnc_server (not the Nova proxy) working are:
> 
> 1.  Generate a key. I put this in /etc/nova:
>  openssl req -new -x509 -days 365 -nodes -out self.pem -keyout 
> self.pem
> 
> 2.  Figure out the port for the vnc server you want.  This will depend 
> on the VM.  In general, the first VM you spin up will have 9000,  the 
> next 9001.  You can  brute force the search using
> 
> qemu-syst 21809      qemu   13u     IPv4             178192 0t0        TCP localhost:vnc-server (LISTEN)
> qemu-syst 26373      qemu   11u     IPv4            3446722 0t0        TCP localhost:5901 (LISTEN)
> 
> Note that the first line lists the port by service name (vnc-server) 
> out of /etc/services  (technically the NSSwitch services database, but 
> we all probably have that set to files.)
> 
> I ensured I could connect to the server using the  tiger-vnc package and vncviewer.
> 
> 
> 3.  Run the novnc server.  In the upstream, this is launch.sh.  For Fedora we've given it the slightly more descriptive name novnc_server.
> 
> cd /usr/share/novnc
> novnc_server --cert /etc/nova/self.pem --vnc localhost:5901
> 
> 
> 4.  Get the self signed cert into your browser by pointing at the server using https://hostname:6080.  This will kick you into the "invalid certificate"  dialog.  Accept the Cert and it will forward you to noVNC.  No password is required:  click connect and you should be viewing the appropriate VM.
> 
> 
> 
> I have not been able to get the Horizon Dashboard to noVNC integration working.  I suspect that the correct command line should be something like:
> 
>  nova-novncproxy  --flagfile=/etc/nova/nova.conf 
> --web=/usr/share/novnc/ --cert=/etc/nova/self.pem 
> --log-file=/var/log/nova/novnc.log
> 
> But no connections go through.  Nothing shows up in the log (and I have confirmed that is not due to permissions).  Nothing shows up on the command line, either except the startup information:
> 
> [root@ayoung-stack2 novnc]# nova-novncproxy --flagfile=/etc/nova/nova.conf   --web=/usr/share/novnc/ --cert=/etc/nova/self.pem --log-file=/var/log/nova/novnc.log
> WebSocket server settings:
>   - Listen on 0.0.0.0:6080
>   - Flash security policy server
>   - Web server. Web root: /usr/share/novnc
>   - SSL/TLS support
>   - proxying from 0.0.0.0:6080 to ignore:ignore
> 
> 
> For Fedora,  we cannot ship the binary Flash blob.  I've been working under the assumtion that the Nova noVNC proxy uses the browsers websocket support....
> 
> 
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
References

noVNC and EPEL
From: Adam Young, 2012-06-12