<div dir="ltr"><div>After Referencing:<br><a href="http://www.ovirt.org/Features/noVNC_console">http://www.ovirt.org/Features/noVNC_console</a><br><a href="http://www.ovirt.org/Features/SpiceHTML5">http://www.ovirt.org/Features/SpiceHTML5</a><br>
<br></div><div>and looking at some of the related engine code.<br><br></div><div>I am still attempting to get the spice/novnc browser based consoles to work.<br><br></div><div>I am working from a build from master yesterday I used to upgrade over a previous 3.3 master build from about a month back.<br>
<br></div><div>VDSM version on host is 4.12.0 built minutes ago.<br></div><div><br></div><div>I have installed and configured the websocket proxy like so:<br><br>Set WebSocketProxy to engine ENGINEIP port 6100<br>engine-config -s WebSocketProxy=ENGINEIP:6100<br>
<br>/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=websocket-proxy --password=install --subject="/C=US/O=DHC/CN=ENGINEFQDN"<br><br>This generates:<br>/etc/pki/ovirt-engine/keys/websocket-proxy.p12<br>/etc/pki/ovirt-engine/certs/websocket-proxy.cer<br>
/etc/pki/ovirt-engine/requests/websocket-proxy.req<br><br>However it does not generate the key that websockify wants so we do:<br>openssl pkcs12 -in websocket-proxy.p12 -nocerts -nodes -out /etc/pki/ovirt-engine/keys/websocket-proxy.key<br>
<br>The configuration of ovirt-websocket-proxy:<br>PROXY_HOST=*<br>PROXY_PORT=6100<br>SOURCE_IS_IPV6=False<br>SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer<br>SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key<br>
FORCE_DATA_VERIFICATION=False<br>CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer<br>SSL_ONLY=True<br>TRACE_ENABLE=False<br>TRACE_FILE=<br>ENGINE_USR="/usr/share/ovirt-engine"<br><br>Install spice-html5<br>
git clone <a href="http://anongit.freedesktop.org/git/spice/spice-html5.git">http://anongit.freedesktop.org/git/spice/spice-html5.git</a><br>mv spice-html5 /usr/share<br><br></div><div>Test spice: <br>In Webadmin UI we set create a VM, set display as spice, start it and set it's console to spice-html5.<br>
</div><div>Result spice-html client opens in a new tab but does not connect.<br><br></div><div>From engine.log:<br>2013-08-01 12:49:52,352 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-9) Running command: SetVmTicketCommand internal: false. Entities affected : ID: fec3260c-871a-4fbe-a006-9eee4fbfbbcc Type: VM<br>
2013-08-01 12:49:52,371 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-9) START, SetVmTicketVDSCommand(HostName = ovirtnodefoo, HostId = 5713e5c8-6252-4bce-a3f6-bbd8e1e6eb57, vmId=fec3260c-871a-4fbe-a006-9eee4fbfbbcc, ticket=TKfzUQJLLrUI, validTime=120,m userName=admin@internal, userId=fdfc627c-d875-11e0-90f0-83df133b58cc), log id: 5d258049<br>
2013-08-01 12:49:52,445 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-9) FINISH, SetVmTicketVDSCommand, log id: 5d258049<br><br><div>Test novnc: <br>In Webadmin UI we set create a VM, set display as VNC, start it and set it's console to novnc.<br>
</div><div>Result novnc client opens in a new tab but does not connect, but does display error: "Server disconnected (code: 1006)<br><br></div>From engine.log:<br>2013-08-01 12:50:44,800 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-9) Running command: SetVmTicketCommand internal: false. Entities affected : ID: fec3260c-871a-4fbe-a006-9eee4fbfbbcc Type: VM<br>
2013-08-01 12:50:44,833 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-9) START, SetVmTicketVDSCommand(HostName = ovirtnodefoo, HostId = 5713e5c8-6252-4bce-a3f6-bbd8e1e6eb57, vmId=fec3260c-871a-4fbe-a006-9eee4fbfbbcc, ticket=IPWOWh6U9erd, validTime=120,m userName=admin@internal, userId=fdfc627c-d875-11e0-90f0-83df133b58cc), log id: bff6161<br>
2013-08-01 12:50:44,917 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-9) FINISH, SetVmTicketVDSCommand, log id: bff6161<br></div><div><br></div><div>I verified connection of both the spice/vnc console directly at the host level with a quick connect via virt-viewer. <br>
<br></div><div>A quick scan with nmap of engine and host to verify sockets are open:<br><br>Nmap scan report for engine<br>Host is up (0.0042s latency).<br>Not shown: 995 closed ports<br>PORT STATE SERVICE<br>22/tcp open ssh<br>
80/tcp open http<br>111/tcp open rpcbind<br>443/tcp open https<br>6100/tcp open synchronet-db<br><br>Nmap scan report for host<br>Host is up (0.0045s latency).<br>Not shown: 997 closed ports<br>PORT STATE SERVICE<br>
22/tcp open ssh<br>111/tcp open rpcbind<br>5900/tcp open vnc<br><br></div><div>For grins I stopped the websocket proxy and manually started a websockify like so:<br>websockify <a href="http://3.57.111.11:6100">3.57.111.11:6100</a> <a href="http://3.57.111.12:5900">3.57.111.12:5900</a> --cert=/etc/pki/ovirt-engine/certs/websocket-proxy.cer --key=/etc/pki/ovirt-engine/keys/websocket-proxy.key<br>
<br>WARNING: no 'numpy' module, HyBi protocol is slower or disabled<br>WebSocket server settings:<br> - Listen on ENGINEIP:6100<br> - Flash security policy server<br> - SSL/TLS support<br> - proxying from ENGINEIP:6100 to HOSTIP:5900<br>
<br>Attempting another connection via <a href="https://ENGINEFQDN//ovirt-engine-novnc-main.html?host=ENGINEIP&port=6100">https://ENGINEFQDN//ovirt-engine-novnc-main.html?host=ENGINEIP&port=6100</a> results in: <br>
<br> 1: handler exception: [Errno 1] _ssl.c:1359: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca<br><br></div><div><br></div><div>I should also note in case it matters that the SSLEnabled=false, and EnableSpiceRootCertificateValidation are both set as false are set in my engine options.<br>
<br></div><div>Am I doing something wrong here, I don't see any reason this should not work?<br></div><div><br></div><div>- DHC<br></div></div>