[one-users] OpenNebula 3.0 RC1 NoVNC problems

Héctor Sanjuán hsanjuan at opennebula.org
Wed Oct 19 09:03:00 PDT 2011 

Can you add the "-v" option to the wsproxy.py command, run it manually
and see if it offers some more info when you connect to it?

Héctor Sanjuán
OpenNebula Developer

El 19/10/11 16:00, Alberto Picón Couselo escribió:
> Hello again, Hector.
> 
> We migrated to 3.0.0 final release and applied the changes you suggest
> to a NATed config of sunstone.
> 
> Public IP:443 -> NAT -> LAN Sunstone IP:443
> 
> We have tested wsproxy.rb execution in command line at it seems it
> works correctly:
> 
> #~ python /usr/share/one/noVNC/utils/wsproxy.py
> --cert=/etc/one/server.pem 36001 kvm-hv:6125
> WebSocket server settings:
>   - Listen on :36001
>   - Flash security policy server
>   - SSL/TLS support
>   - proxying from :36001 to kvm-hv:6125
> 
> #~ netstat -punta| grep 36001
> tcp        0      0 0.0.0.0:36001           0.0.0.0:*
> LISTEN    16508/python
> 
> However when we connect to sunstone, VNC icon reports "noVNC ready:
> WebSockets emulation, createImageData rendering" and then "Connect
> timeout" message.
> 
> Any suggestions?
> 
> Best Regards,
> Alberto Picón
> 
> ----------------------
> 
> Hi,
> 
> sorry for the late answer, i missed this one.
> 
> So I think that the problem is that Sunstone is not using secure
> websockets by default[1]. Therefore websocket connection is trying to
> travel through port 80. Since you are tunneling only port 443, it is
> impossible for noVNC to contact the proxy on the sunstone server host.
> 
> I'd say that either you tunnel port 80 connections as you do with 443,
> or that you set up the websockify proxy and sunstone to work with secure
> websockets. This could be primarily done this way:
> 
> 1 - Modify line 232 of SunstoneServer.rb (lib/one/sunstone/models)
> 
> novnc_exec = "#{novnc_cmd} #{proxy_port} #{host}:#{vnc_port}"
> 
> to
> 
> novnc_exec = "#{novnc_cmd} --cert=CERT --key=KEY #{proxy_port}
> #{host}:#{vnc_port}"
> 
> (include --key only if the key is separate from the cert)
> 
> * It's not very clear in the websockify docs but you may need to install
> and symlink the ssl python module [1]
> 
> 2 - Enable wss:// in client side of noVNC. Change line 1022 of vm-tab.js
> (lib/one/sunstone/public/js/plugins)
> 
> 'encrypt':      false,
> 
> to
> 
> 'encrypt':      true,
> 
> I haven't had time to test this scenario though. I think it would be a
> good thing to add better support for it. Ill try to set it up myself in
> a few days and see if it works.
> 
> Héctor Sanjuán
> OpenNebula Developer
> 
> [1] Here it says that it is needed for Python > 2.5
> https://github.com/kanaka/websockify/blob/master/README.md
> While here it says that only for Python < 2.5
> https://github.com/kanaka/noVNC/wiki/Advanced-usage
> 
> El 27/09/11 22:24, Alberto Picón Couselo escribió:
>>> Hi, Hector.
>>>
>>> Without changes, noVNC has began to work now for KVM VM instances. :O...
>>>
>>> However, it seems to work only if we browse with Firefox/Chrome using
>>> internal IP address of Sunstone Server. If we use NAT forwarding of SSL
>>> port from the public IP to the SSL port of Lighttpd which connects
>>> locally to sunstone web server, we are able to manage OpenNebula site
>>> but noVNC client does not work.
>>>
>>> Of course, we miss something, but can you please give me some clues to
>>> use noVNC from external/public side over SSL without using OpenVPN or
>>> similar?. Is this scenario supported?
>>>
>>> Best Regards and thank you for your time,
>>> Alberto
>>>
>>> El 27/09/2011 19:27, Héctor Sanjuán escribió:
>>>>> Hi,
>>>>>
>>>>> your noVNC install and your sunstone-server.conf settings seem fine. I
>>>>> cannot see any related problems arise in current one-3.0 branch either
>>>>> in my tests.
>>>>>
>>>>> (Btw, the link you provided in your first message doesnt point to a
>>>>> related thread)
>>>>>
>>>>> If you didn't yet, perhaps it helps to manually delete noVNC and
>>>>> reinstall it (via install_novnc.sh). The folders you have to delete are:
>>>>>
>>>>> /usr/share/one/noVNC
>>>>>
>>>>> and
>>>>>
>>>>> /usr/lib/one/sunstone/public/vendor/noVNC
>>>>>
>>>>> Also, there are some common basic problems gathered here[1], have a look
>>>>> just in case. Running the proxy manually and then trying to connect via
>>>>> sunstone will cause some console output from it which maybe offers more
>>>>> info.
>>>>>
>>>>> Hector
>>>>>
>>>>> [1]
>>>>> http://wiki.opennebula.org/faq#vnc_console_access_in_sunstone_does_not_work_whats_the_problem
>>>>>
>>>>>
>>>>> El 26/09/11 12:13, Alberto Picón Couselo escribió:
>>>>>>> Hi, Hector:
>>>>>>>
>>>>>>> Our sunstone-server.conf is as follows:
>>>>>>>
>>>>>>>   OpenNebula sever contact information
>>>>>>> :one_xmlrpc: http://localhost:2633/RPC2
>>>>>>>
>>>>>>> # Server Configuration
>>>>>>> :host: 127.0.0.1
>>>>>>> :port: 9869
>>>>>>>
>>>>>>> :auth: basic
>>>>>>>
>>>>>>> # VNC Configuration
>>>>>>> :vnc_proxy_base_port: 29876
>>>>>>> :novnc_path: /usr/share/one/noVNC
>>>>>>>
>>>>>>> We have installed noVNC using /usr/share/one/install_novnc.sh installer.
>>>>>>>
>>>>>>> The contents of /usr/share/one/noVNC are as follows:
>>>>>>>
>>>>>>> drwxrwxr-x 2 root root 4096 2011-09-24 20:51 debian
>>>>>>> drwxrwxr-x 2 root root 4096 2011-09-24 20:51 docs
>>>>>>> lrwxrwxrwx 1 root root   18 2011-09-24 20:51 favicon.ico ->
>>>>>>> images/favicon.ico
>>>>>>> -rw-rw-r-- 1 root root   50 2011-09-24 20:51 .gitignore
>>>>>>> drwxrwxr-x 2 root root 4096 2011-09-24 20:51 images
>>>>>>> drwxrwxr-x 8 root root 4096 2011-09-24 20:54 kanaka-noVNC-832c744
>>>>>>> -rw-rw-r-- 1 root root 1212 2011-09-24 20:51 LICENSE.txt
>>>>>>> -rw-rw-r-- 1 root root 3994 2011-09-24 20:51 README.md
>>>>>>> drwxrwxr-x 2 root root 4096 2011-09-24 20:51 tests
>>>>>>> drwxrwxr-x 2 root root 4096 2011-09-25 20:31 utils
>>>>>>> -rw-rw-r-- 1 root root 4298 2011-09-24 20:51 vnc_auto.html
>>>>>>> -rw-rw-r-- 1 root root  859 2011-09-24 20:51 vnc.html
>>>>>>>
>>>>>>> And /usr/share/one/noVNC/utils contains wsproxy.py link to websockify:
>>>>>>>
>>>>>>> -rwxrwxr-x 1 root root   914 2011-09-24 20:51 img2js.py
>>>>>>> -rwxrwxr-x 1 root root  6678 2011-09-24 20:51 json2graph.py
>>>>>>> -rwxrwxr-x 1 root root  2820 2011-09-24 20:51 launch.sh
>>>>>>> -rw-rw-r-- 1 root root   153 2011-09-24 20:51 Makefile
>>>>>>> -rw-rw-r-- 1 root root   489 2011-09-24 20:51 README.md
>>>>>>> -rwxrwxr-x 1 root root   424 2011-09-24 20:51 rebind
>>>>>>> -rw-rw-r-- 1 root root  2878 2011-09-24 20:51 rebind.c
>>>>>>> -rwxrwxr-x 1 root root   911 2011-09-24 20:51 u2x11
>>>>>>> -rwxrwxr-x 1 root root  1496 2011-09-24 20:51 web.py
>>>>>>> -rw-rw-r-- 1 root root 29985 2011-09-24 20:51 websocket.py
>>>>>>> -rw-r--r-- 1 root root 25357 2011-09-24 20:58 websocket.pyc
>>>>>>> -rwxrwxr-x 1 root root  9591 2011-09-24 20:51 websockify
>>>>>>> lrwxrwxrwx 1 root root    10 2011-09-24 20:51 wsproxy.py ->  websockify
>>>>>>>
>>>>>>> Thank you very much for your help,
>>>>>>> Best Regards,
>>>>>>> Alberto
>>>>>>>
>>>>>>> 2011/9/26 Héctor Sanjuán<hsanjuan at opennebula.org>:
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> This may be linked to this bug[1]. Can you check that
>>>>>>>>> /etc/one/sunstone-server.conf contains the right path to the novnc
>>>>>>>>> installation?
>>>>>>>>>
>>>>>>>>> Hector
>>>>>>>>>
>>>>>>>>> El 25/09/11 20:45, Alberto Picón Couselo escribió:
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> We have the same problems with noVNC as this thread with Opennebula
>>>>>>>>>>> 3.0 RC1:
>>>>>>>>>>>
>>>>>>>>>>> https://github.com/kanaka/websockify/blob/master/README.md
>>>>>>>>>>>
>>>>>>>>>>> We used noVNC yesterday without problems directly clicking noVNC
>>>>>>>>>>> icon in
>>>>>>>>>>> Sunstone.
>>>>>>>>>>>
>>>>>>>>>>> We receive "Connection time out" messages for all our connection
>>>>>>>>>>> attempts from Sunstone. However we can open VNC if we connect directly
>>>>>>>>>>> to the VM running on the hipervisor. We have checked that there are no
>>>>>>>>>>> wsproxy's running in the system...
>>>>>>>>>>>
>>>>>>>>>>> Any ideas?
>>>>>>>>>>>
>>>>>>>>>>> Thank you very much for you help,
>>>>>>>>>>>
>>>>>>>>>>> Best Regards.
>>>>>>>>>>> Alberto Picón
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Users mailing list
>>>>>>>>>>> Users at lists.opennebula.org
>>>>>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Héctor Sanjuán
>>>>>>>>> OpenNebula Sunstone Developer
>>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>
> 
> __________ Información de ESET NOD32 Antivirus, versión de la base de
> firmas de virus 6556 (20111019) __________
> 
> ESET NOD32 Antivirus ha comprobado este mensaje.
> 
> http://www.eset.com
>

More information about the Users mailing list