please test and give karma to novnc on epel6
Hi, a new package restoring novnc on epel6 has been pushed: https://admin.fedoraproject.org/updates/novnc-0.4-9.el6 Please help testing and giving karma. Thanks, -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
On Mon, Feb 2, 2015 at 1:26 PM, Sandro Bonazzola <sbonazzo@redhat.com> wrote:
Hi, a new package restoring novnc on epel6 has been pushed: https://admin.fedoraproject.org/updates/novnc-0.4-9.el6
Please help testing and giving karma. Thanks, -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
hello, I'm currently on 3.5.1.1 with myengine and both engine and another system configured as host are 6.6 + updates (host has 3.5.1 packages too) I have an ubuntu vm configured with vnc console.
From user portal I select novnc and open console and I get Server disconnected (code: 1006)
(that seems the error when websocket proxy is not configured as in https://access.redhat.com/solutions/718653 ) Is this the problem we are trying to address? Or is anything wrong at first step in configuring? I have not updated novnc package yet. My current setup for test: On engine [root@ovirtmgr ~]# engine-config -g WebSocketProxy WebSocketProxy: ovirtmgr.localdomain.local:6100 version: general [root@ovirtmgr ~]# service ovirt-websocket-proxy status ovirt-websocket-proxy (pid 10848) is running... [root@ovirtmgr ~]# lsof -Pp 10848|grep TCP ovirt-web 10848 ovirt 5u IPv4 51868 0t0 TCP *:6100 (LISTEN) [root@ovirtmgr ~]# iptables -L -n | egrep "Chain|6100" Chain INPUT (policy ACCEPT) ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6100 Chain FORWARD (policy ACCEPT) Chain OUTPUT (policy ACCEPT) The client is windows 7 with firefox 35.0.1 and I correctly imported the certificate of ovirtmgr. So let me know if I'm in the point to apply the novnc patch and test it or if it is supposed I fix my 1006 error before. Also, the novnc package I think I have to install it on hypervisor, correct? Gianluca
Il 03/02/2015 12:09, Gianluca Cecchi ha scritto:
On Mon, Feb 2, 2015 at 1:26 PM, Sandro Bonazzola <sbonazzo@redhat.com <mailto:sbonazzo@redhat.com>> wrote:
Hi, a new package restoring novnc on epel6 has been pushed: https://admin.fedoraproject.org/updates/novnc-0.4-9.el6
Please help testing and giving karma. Thanks, -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com <http://redhat.com> _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
hello, I'm currently on 3.5.1.1 with myengine and both engine and another system configured as host are 6.6 + updates (host has 3.5.1 packages too) I have an ubuntu vm configured with vnc console. From user portal I select novnc and open console and I get Server disconnected (code: 1006)
Have you imported the CA in your browser? You can download the certificate authority by navigating 'https://<your engine address>/ca.crt'.
(that seems the error when websocket proxy is not configured as in https://access.redhat.com/solutions/718653 )
Is this the problem we are trying to address? Or is anything wrong at first step in configuring? I have not updated novnc package yet.
No, the issue here is that novnc was orphaned in epel6 and we built a custom novnc within ovirt for having it back. Now someone took maintainership of novnc within epel6 and in order to get it back the package must have enough karma. That's why test is requested.
My current setup for test:
On engine [root@ovirtmgr ~]# engine-config -g WebSocketProxy WebSocketProxy: ovirtmgr.localdomain.local:6100 version: general
[root@ovirtmgr ~]# service ovirt-websocket-proxy status ovirt-websocket-proxy (pid 10848) is running...
[root@ovirtmgr ~]# lsof -Pp 10848|grep TCP ovirt-web 10848 ovirt 5u IPv4 51868 0t0 TCP *:6100 (LISTEN)
[root@ovirtmgr ~]# iptables -L -n | egrep "Chain|6100" Chain INPUT (policy ACCEPT) ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> state NEW tcp dpt:6100 Chain FORWARD (policy ACCEPT) Chain OUTPUT (policy ACCEPT)
The client is windows 7 with firefox 35.0.1 and I correctly imported the certificate of ovirtmgr.
So let me know if I'm in the point to apply the novnc patch and test it or if it is supposed I fix my 1006 error before. Also, the novnc package I think I have to install it on hypervisor, correct? Gianluca
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
On Tue, Feb 3, 2015 at 1:04 PM, Sandro Bonazzola <sbonazzo@redhat.com> wrote:
Have you imported the CA in your browser? You can download the certificate authority by navigating 'https://<your engine address>/ca.crt'.
Yes I already imported it, see this screenshot: https://drive.google.com/file/d/0BwoPbcrMv8mvblp5amdoQmFaX1E/view?usp=sharin... In fact if I try to go to ca.crt page again from firefox I receive the message (translated from italian): This certificate results already installed as a certificate of a certification authority Any particular log to check? When I click console button in user portal I get this on engine.log 2015-02-03 14:20:10,125 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-5) [65265ef3] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 168470b1-b7eb-4dab-8fa4-6b744e2ad738 Type: VMAction group CONNECT_TO_VM with role type USER 2015-02-03 14:20:10,130 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-5) [65265ef3] START, SetVmTicketVDSCommand(HostName = ovnode04, HostId = 36fec87b-c21f-4157-ab2f-434b67c05cb9, vmId=168470b1-b7eb-4dab-8fa4-6b744e2ad738, ticket=foy2cb1NuPds, validTime=120,m userName=ovadmin, userId=92fa8316-45ac-47bb-9bbd-be80709bf888), log id: 6da35818 2015-02-03 14:20:10,189 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-5) [65265ef3] FINISH, SetVmTicketVDSCommand, log id: 6da35818 2015-02-03 14:20:10,233 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-5) [65265ef3] Correlation ID: 65265ef3, Call Stack: null, Custom Event ID: -1, Message: user ovadmin@ldap1 initiated console session for VM ubuntutrusty and in ssl_access _log of engine: 192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 3389 192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 315 192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 4060 192.168.1.128 - - [03/Feb/2015:14:20:14 +0100] "GET /ovirt-engine/services/novnc-main.html?host=ovirtmgr.localdomain.local&port=6100 HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/vnc.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/base.css HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/util.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/webutil.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/base64.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/des.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/websock.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/input.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/display.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/rfb.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/jsunzip.js HTTP/1.1" 304 - and in ssl_request_log: [03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA piGWTService HTTP/1.1" 3389 [03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA piGWTService HTTP/1.1" 315 [03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA piGWTService HTTP/1.1" 4060 [03/Feb/2015:14:20:14 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/novnc-main. html?host=ovirtmgr.localdomain.local&port=6100 HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc /include/vnc.js HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc /include/base.css HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc /include/util.js HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc /include/webutil.js HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc/include/base64.js HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc/include/des.js HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc/include/websock.js HTTP/1.1" - perhaps anything related with iptables rules on host?
No, the issue here is that novnc was orphaned in epel6 and we built a custom novnc within ovirt for having it back. Now someone took maintainership of novnc within epel6 and in order to get it back the package must have enough karma. That's why test is requested.
Ah ok, I didn't remember this . As soon as I will solve the 1006 error I can go ahead Gianluca
Il 03/02/2015 14:27, Gianluca Cecchi ha scritto:
On Tue, Feb 3, 2015 at 1:04 PM, Sandro Bonazzola <sbonazzo@redhat.com <mailto:sbonazzo@redhat.com>> wrote:
Have you imported the CA in your browser? You can download the certificate authority by navigating 'https://<your engine address>/ca.crt'.
Yes I already imported it, see this screenshot: https://drive.google.com/file/d/0BwoPbcrMv8mvblp5amdoQmFaX1E/view?usp=sharin...
In fact if I try to go to ca.crt page again from firefox I receive the message (translated from italian): This certificate results already installed as a certificate of a certification authority
Any particular log to check? When I click console button in user portal I get this on engine.log
Adding some people that may know the answer.
2015-02-03 14:20:10,125 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-5) [65265ef3] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 168470b1-b7eb-4dab-8fa4-6b744e2ad738 Type: VMAction group CONNECT_TO_VM with role type USER 2015-02-03 14:20:10,130 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-5) [65265ef3] START, SetVmTicketVDSCommand(HostName = ovnode04, HostId = 36fec87b-c21f-4157-ab2f-434b67c05cb9, vmId=168470b1-b7eb-4dab-8fa4-6b744e2ad738, ticket=foy2cb1NuPds, validTime=120,m userName=ovadmin, userId=92fa8316-45ac-47bb-9bbd-be80709bf888), log id: 6da35818 2015-02-03 14:20:10,189 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-5) [65265ef3] FINISH, SetVmTicketVDSCommand, log id: 6da35818 2015-02-03 14:20:10,233 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (ajp--127.0.0.1-8702-5) [65265ef3] Correlation ID: 65265ef3, Call Stack: null, Custom Event ID: -1, Message: user ovadmin@ldap1 initiated console session for VM ubuntutrusty
and in ssl_access _log of engine:
192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 3389 192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 315 192.168.1.128 - - [03/Feb/2015:14:20:10 +0100] "POST /ovirt-engine/userportal/GenericApiGWTService HTTP/1.1" 200 4060 192.168.1.128 - - [03/Feb/2015:14:20:14 +0100] "GET /ovirt-engine/services/novnc-main.html?host=ovirtmgr.localdomain.local&port=6100 HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/vnc.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/base.css HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/util.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/webutil.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/base64.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/des.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/websock.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/input.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/display.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/rfb.js HTTP/1.1" 304 - 192.168.1.128 - - [03/Feb/2015:14:20:15 +0100] "GET /ovirt-engine/services/files/novnc/include/jsunzip.js HTTP/1.1" 304 -
and in ssl_request_log: [03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA piGWTService HTTP/1.1" 3389 [03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA piGWTService HTTP/1.1" 315 [03/Feb/2015:14:20:10 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "POST /ovirt-engine/userportal/GenericA piGWTService HTTP/1.1" 4060 [03/Feb/2015:14:20:14 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/novnc-main. html?host=ovirtmgr.localdomain.local&port=6100 HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc /include/vnc.js HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc /include/base.css HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc /include/util.js HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc /include/webutil.js HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc/include/base64.js HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc/include/des.js HTTP/1.1" - [03/Feb/2015:14:20:15 +0100] 192.168.1.128 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /ovirt-engine/services/files/novnc/include/websock.js HTTP/1.1" -
perhaps anything related with iptables rules on host?
No, the issue here is that novnc was orphaned in epel6 and we built a custom novnc within ovirt for having it back. Now someone took maintainership of novnc within epel6 and in order to get it back the package must have enough karma. That's why test is requested.
Ah ok, I didn't remember this . As soon as I will solve the 1006 error I can go ahead
Gianluca
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
On Tue, Feb 3, 2015 at 2:35 PM, Sandro Bonazzola <sbonazzo@redhat.com> wrote:
Any particular log to check? When I click console button in user portal I get this on engine.log
Adding some people that may know the answer.
Hello I found the answer here.. I have to acquire certificate also on 6100 port, not only on 6100... donna exactly the reason but it works as was in this thread: http://lists.ovirt.org/pipermail/users/2014-November/029169.html Now I can get the novnc desktop console and so can go to test the new novnc package indicated in your first link. What does it give more than current, to check against? I see that I have the novnc package installed only on engine, is this correct? Now I have novnc-0.4-7.el6.noarch on engine. Gianluca
On Tue, Feb 3, 2015 at 6:03 PM, Gianluca Cecchi <gianluca.cecchi@gmail.com> wrote:
On Tue, Feb 3, 2015 at 2:35 PM, Sandro Bonazzola <sbonazzo@redhat.com> wrote:
Any particular log to check? When I click console button in user portal I get this on engine.log
Adding some people that may know the answer.
Hello I found the answer here.. I have to acquire certificate also on 6100 port, not only on 6100... donna exactly the reason but it works as was in this thread: http://lists.ovirt.org/pipermail/users/2014-November/029169.html
Now I can get the novnc desktop console and so can go to test the new novnc package indicated in your first link. What does it give more than current, to check against?
I see that I have the novnc package installed only on engine, is this correct? Now I have novnc-0.4-7.el6.noarch on engine.
Gianluca
Correct phrase: Hello I found the answer here.. I have to acquire certificate also on 6100 port, not only on 443.
Il 03/02/2015 18:03, Gianluca Cecchi ha scritto:
On Tue, Feb 3, 2015 at 2:35 PM, Sandro Bonazzola <sbonazzo@redhat.com <mailto:sbonazzo@redhat.com>> wrote:
> > Any particular log to check? > When I click console button in user portal I get this on engine.log
Adding some people that may know the answer.
Hello I found the answer here.. I have to acquire certificate also on 6100 port, not only on 6100... donna exactly the reason but it works as was in this thread: http://lists.ovirt.org/pipermail/users/2014-November/029169.html
Now I can get the novnc desktop console and so can go to test the new novnc package indicated in your first link. What does it give more than current, to check against?
It shouldn't give anything more, it should just work as the previous one
I see that I have the novnc package installed only on engine, is this correct? Now I have novnc-0.4-7.el6.noarch on engine.
Yes, it's correct
Gianluca
-- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com
participants (2)
-
Gianluca Cecchi -
Sandro Bonazzola