[one-users] OpenNebula 3.0 RC1 NoVNC problems

Alberto Picón Couselo alpicon1 at gmail.com
Wed Oct 19 07:00:07 PDT 2011


Hello again, Hector.

We migrated to 3.0.0 final release and applied the changes you suggest
to a NATed config of sunstone.

Public IP:443 -> NAT -> LAN Sunstone IP:443

We have tested wsproxy.rb execution in command line at it seems it
works correctly:

#~ python /usr/share/one/noVNC/utils/wsproxy.py
--cert=/etc/one/server.pem 36001 kvm-hv:6125
WebSocket server settings:
  - Listen on :36001
  - Flash security policy server
  - SSL/TLS support
  - proxying from :36001 to kvm-hv:6125

#~ netstat -punta| grep 36001
tcp        0      0 0.0.0.0:36001           0.0.0.0:*
LISTEN    16508/python

However when we connect to sunstone, VNC icon reports "noVNC ready:
WebSockets emulation, createImageData rendering" and then "Connect
timeout" message.

Any suggestions?

Best Regards,
Alberto Picón

----------------------

Hi,

sorry for the late answer, i missed this one.

So I think that the problem is that Sunstone is not using secure
websockets by default[1]. Therefore websocket connection is trying to
travel through port 80. Since you are tunneling only port 443, it is
impossible for noVNC to contact the proxy on the sunstone server host.

I'd say that either you tunnel port 80 connections as you do with 443,
or that you set up the websockify proxy and sunstone to work with secure
websockets. This could be primarily done this way:

1 - Modify line 232 of SunstoneServer.rb (lib/one/sunstone/models)

novnc_exec = "#{novnc_cmd} #{proxy_port} #{host}:#{vnc_port}"

to

novnc_exec = "#{novnc_cmd} --cert=CERT --key=KEY #{proxy_port}
#{host}:#{vnc_port}"

(include --key only if the key is separate from the cert)

* It's not very clear in the websockify docs but you may need to install
and symlink the ssl python module [1]

2 - Enable wss:// in client side of noVNC. Change line 1022 of vm-tab.js
(lib/one/sunstone/public/js/plugins)

'encrypt':      false,

to

'encrypt':      true,

I haven't had time to test this scenario though. I think it would be a
good thing to add better support for it. Ill try to set it up myself in
a few days and see if it works.

Héctor Sanjuán
OpenNebula Developer

[1] Here it says that it is needed for Python > 2.5
https://github.com/kanaka/websockify/blob/master/README.md
While here it says that only for Python < 2.5
https://github.com/kanaka/noVNC/wiki/Advanced-usage

El 27/09/11 22:24, Alberto Picón Couselo escribió:
> > Hi, Hector.
> >
> > Without changes, noVNC has began to work now for KVM VM instances. :O...
> >
> > However, it seems to work only if we browse with Firefox/Chrome using
> > internal IP address of Sunstone Server. If we use NAT forwarding of SSL
> > port from the public IP to the SSL port of Lighttpd which connects
> > locally to sunstone web server, we are able to manage OpenNebula site
> > but noVNC client does not work.
> >
> > Of course, we miss something, but can you please give me some clues to
> > use noVNC from external/public side over SSL without using OpenVPN or
> > similar?. Is this scenario supported?
> >
> > Best Regards and thank you for your time,
> > Alberto
> >
> > El 27/09/2011 19:27, Héctor Sanjuán escribió:
>> >> Hi,
>> >>
>> >> your noVNC install and your sunstone-server.conf settings seem fine. I
>> >> cannot see any related problems arise in current one-3.0 branch either
>> >> in my tests.
>> >>
>> >> (Btw, the link you provided in your first message doesnt point to a
>> >> related thread)
>> >>
>> >> If you didn't yet, perhaps it helps to manually delete noVNC and
>> >> reinstall it (via install_novnc.sh). The folders you have to delete are:
>> >>
>> >> /usr/share/one/noVNC
>> >>
>> >> and
>> >>
>> >> /usr/lib/one/sunstone/public/vendor/noVNC
>> >>
>> >> Also, there are some common basic problems gathered here[1], have a look
>> >> just in case. Running the proxy manually and then trying to connect via
>> >> sunstone will cause some console output from it which maybe offers more
>> >> info.
>> >>
>> >> Hector
>> >>
>> >> [1]
>> >> http://wiki.opennebula.org/faq#vnc_console_access_in_sunstone_does_not_work_whats_the_problem
>> >>
>> >>
>> >> El 26/09/11 12:13, Alberto Picón Couselo escribió:
>>> >>> Hi, Hector:
>>> >>>
>>> >>> Our sunstone-server.conf is as follows:
>>> >>>
>>> >>>   OpenNebula sever contact information
>>> >>> :one_xmlrpc: http://localhost:2633/RPC2
>>> >>>
>>> >>> # Server Configuration
>>> >>> :host: 127.0.0.1
>>> >>> :port: 9869
>>> >>>
>>> >>> :auth: basic
>>> >>>
>>> >>> # VNC Configuration
>>> >>> :vnc_proxy_base_port: 29876
>>> >>> :novnc_path: /usr/share/one/noVNC
>>> >>>
>>> >>> We have installed noVNC using /usr/share/one/install_novnc.sh installer.
>>> >>>
>>> >>> The contents of /usr/share/one/noVNC are as follows:
>>> >>>
>>> >>> drwxrwxr-x 2 root root 4096 2011-09-24 20:51 debian
>>> >>> drwxrwxr-x 2 root root 4096 2011-09-24 20:51 docs
>>> >>> lrwxrwxrwx 1 root root   18 2011-09-24 20:51 favicon.ico ->
>>> >>> images/favicon.ico
>>> >>> -rw-rw-r-- 1 root root   50 2011-09-24 20:51 .gitignore
>>> >>> drwxrwxr-x 2 root root 4096 2011-09-24 20:51 images
>>> >>> drwxrwxr-x 8 root root 4096 2011-09-24 20:54 kanaka-noVNC-832c744
>>> >>> -rw-rw-r-- 1 root root 1212 2011-09-24 20:51 LICENSE.txt
>>> >>> -rw-rw-r-- 1 root root 3994 2011-09-24 20:51 README.md
>>> >>> drwxrwxr-x 2 root root 4096 2011-09-24 20:51 tests
>>> >>> drwxrwxr-x 2 root root 4096 2011-09-25 20:31 utils
>>> >>> -rw-rw-r-- 1 root root 4298 2011-09-24 20:51 vnc_auto.html
>>> >>> -rw-rw-r-- 1 root root  859 2011-09-24 20:51 vnc.html
>>> >>>
>>> >>> And /usr/share/one/noVNC/utils contains wsproxy.py link to websockify:
>>> >>>
>>> >>> -rwxrwxr-x 1 root root   914 2011-09-24 20:51 img2js.py
>>> >>> -rwxrwxr-x 1 root root  6678 2011-09-24 20:51 json2graph.py
>>> >>> -rwxrwxr-x 1 root root  2820 2011-09-24 20:51 launch.sh
>>> >>> -rw-rw-r-- 1 root root   153 2011-09-24 20:51 Makefile
>>> >>> -rw-rw-r-- 1 root root   489 2011-09-24 20:51 README.md
>>> >>> -rwxrwxr-x 1 root root   424 2011-09-24 20:51 rebind
>>> >>> -rw-rw-r-- 1 root root  2878 2011-09-24 20:51 rebind.c
>>> >>> -rwxrwxr-x 1 root root   911 2011-09-24 20:51 u2x11
>>> >>> -rwxrwxr-x 1 root root  1496 2011-09-24 20:51 web.py
>>> >>> -rw-rw-r-- 1 root root 29985 2011-09-24 20:51 websocket.py
>>> >>> -rw-r--r-- 1 root root 25357 2011-09-24 20:58 websocket.pyc
>>> >>> -rwxrwxr-x 1 root root  9591 2011-09-24 20:51 websockify
>>> >>> lrwxrwxrwx 1 root root    10 2011-09-24 20:51 wsproxy.py ->  websockify
>>> >>>
>>> >>> Thank you very much for your help,
>>> >>> Best Regards,
>>> >>> Alberto
>>> >>>
>>> >>> 2011/9/26 Héctor Sanjuán<hsanjuan at opennebula.org>:
>>>> >>>> Hi,
>>>> >>>>
>>>> >>>> This may be linked to this bug[1]. Can you check that
>>>> >>>> /etc/one/sunstone-server.conf contains the right path to the novnc
>>>> >>>> installation?
>>>> >>>>
>>>> >>>> Hector
>>>> >>>>
>>>> >>>> El 25/09/11 20:45, Alberto Picón Couselo escribió:
>>>>> >>>>> Hello,
>>>>> >>>>>
>>>>> >>>>> We have the same problems with noVNC as this thread with Opennebula
>>>>> >>>>> 3.0 RC1:
>>>>> >>>>>
>>>>> >>>>> https://github.com/kanaka/websockify/blob/master/README.md
>>>>> >>>>>
>>>>> >>>>> We used noVNC yesterday without problems directly clicking noVNC
>>>>> >>>>> icon in
>>>>> >>>>> Sunstone.
>>>>> >>>>>
>>>>> >>>>> We receive "Connection time out" messages for all our connection
>>>>> >>>>> attempts from Sunstone. However we can open VNC if we connect directly
>>>>> >>>>> to the VM running on the hipervisor. We have checked that there are no
>>>>> >>>>> wsproxy's running in the system...
>>>>> >>>>>
>>>>> >>>>> Any ideas?
>>>>> >>>>>
>>>>> >>>>> Thank you very much for you help,
>>>>> >>>>>
>>>>> >>>>> Best Regards.
>>>>> >>>>> Alberto Picón
>>>>> >>>>>
>>>>> >>>>>
>>>>> >>>>>
>>>>> >>>>> _______________________________________________
>>>>> >>>>> Users mailing list
>>>>> >>>>> Users at lists.opennebula.org
>>>>> >>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>> >>>>
>>>> >>>> --
>>>> >>>> Héctor Sanjuán
>>>> >>>> OpenNebula Sunstone Developer
>>>> >>>>
>>> >>>
>>> >>>
>> >>
> >

__________ Información de ESET NOD32 Antivirus, versión de la base de
firmas de virus 6556 (20111019) __________

ESET NOD32 Antivirus ha comprobado este mensaje.

http://www.eset.com



More information about the Users mailing list