Websocket-proxy not working after upgrade to 4.3
Hi, We recently upgraded to 4.3.8 and everything is working fine but the VNC Console (Browser). Once I click on "VNC Console (Browser)" on any machine from the VM Portal, I get a message like this: Disconnected from Console Cannot connect to websocket proxy server. Please check your websocket proxy certificate or ask your administrator for help. For further information please refer to the console manual. Press the 'Connect' button to reconnect the console. Thing is that everything seems ok to me, and I cannot find further error log about it. /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf content is: PROXY_PORT=6100 SSL_CERTIFICATE=/etc/ssl/certs/fqdn.combined.cert SSL_KEY=/etc/ssl/private/fqdn.key FORCE_DATA_VERIFICATION=False CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer SSL_ONLY=True On a "status" command on ovirt-websocket-proxy I just see: feb 05 12:23:22 fqdn systemd[1]: Starting oVirt Engine websockets proxy... feb 05 12:23:22 fqdn systemd[1]: Started oVirt Engine websockets proxy. feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO daemonContext:434 Using the following ciphers: HIGH:!aNULL feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO daemonContext:438 Minimum SSL version requested: TLSv1.2 feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 WebSocket server settings: feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 - Listen on *:6100 feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 - Flash security policy server feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 - SSL/TLS support feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 - Deny non-SSL/TLS connections feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 - proxying from *:6100 to targets generated by str On the ovirt-engine.log, I just see this information: 2020-02-05 12:29:10,085Z INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-110) [68218d5b] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 5bf9a0bb-da18-4d07-87da-759c0b045e28 Type: VMAction group CONNECT_TO_VM with role type USER 2020-02-05 12:29:10,095Z INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-110) [68218d5b] START, SetVmTicketVDSCommand(HostName = kvmr01.fqdn, SetVmTicketVDSCommandParameters:{hostId='1828d0dc-e953-4d6a-8a95-528bb7aa849a', vmId='5bf9a0bb-da18-4d07-87da-759c0b045e28', protocol='VNC', ticket='oVoKEtgmDKnM', validTime='120', userName='user', userId='66a7a37f-d804-4192-9734-93f01a95dd98', disconnectAction='LOCK_SCREEN'}), log id: 596fbfb9 2020-02-05 12:29:10,167Z INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-110) [68218d5b] FINISH, SetVmTicketVDSCommand, return: , log id: 596fbfb9 2020-02-05 12:29:10,195Z INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-110) [68218d5b] EVENT_ID: VM_SET_TICKET(164), User user@domain-authz initiated console session for VM user.fqdn 2020-02-05 12:29:10,308Z INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-110) [097f6518-5f87-4947-aee6-e76c9b740bcd] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 5bf9a0bb-da18-4d07-87da-759c0b045e28 Type: VMAction group CONNECT_TO_VM with role type USER 2020-02-05 12:29:10,316Z INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-110) [097f6518-5f87-4947-aee6-e76c9b740bcd] START, SetVmTicketVDSCommand(HostName = kvmr01.fqdn, SetVmTicketVDSCommandParameters:{hostId='1828d0dc-e953-4d6a-8a95-528bb7aa849a', vmId='5bf9a0bb-da18-4d07-87da-759c0b045e28', protocol='VNC', ticket='A7PQWaXupvbZ', validTime='7200', userName='user', userId='66a7a37f-d804-4192-9734-93f01a95dd98', disconnectAction='LOCK_SCREEN'}), log id: 71e5165c 2020-02-05 12:29:10,387Z INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-110) [097f6518-5f87-4947-aee6-e76c9b740bcd] FINISH, SetVmTicketVDSCommand, return: , log id: 71e5165c 2020-02-05 12:29:10,408Z INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-110) [097f6518-5f87-4947-aee6-e76c9b740bcd] EVENT_ID: VM_SET_TICKET(164), User user@domain-authz initiated console session for VM user.fqdn Please, any tip on how to debug this? I cannot seem to find the reason for this. Thanks.
A little bit more info on it. I debugged the requests with Chrome and seems that the webservice call is made with https://engine:6100 (literally), instead of https://<fqdn>:6100. A snapshot is included in this mail. I don't know why is it trying to connect to this address, seems like a missed step on the upgrade process? (we upgraded 4.1 -> 4.2 -> 4.3). How can I fix this problem? Thanks! El 2020-02-05 12:32, nicolas@devels.es escribió:
Hi,
We recently upgraded to 4.3.8 and everything is working fine but the VNC Console (Browser).
Once I click on "VNC Console (Browser)" on any machine from the VM Portal, I get a message like this:
Disconnected from Console Cannot connect to websocket proxy server. Please check your websocket proxy certificate or ask your administrator for help. For further information please refer to the console manual. Press the 'Connect' button to reconnect the console.
Thing is that everything seems ok to me, and I cannot find further error log about it.
/etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf content is:
PROXY_PORT=6100 SSL_CERTIFICATE=/etc/ssl/certs/fqdn.combined.cert SSL_KEY=/etc/ssl/private/fqdn.key FORCE_DATA_VERIFICATION=False CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer SSL_ONLY=True
On a "status" command on ovirt-websocket-proxy I just see:
feb 05 12:23:22 fqdn systemd[1]: Starting oVirt Engine websockets proxy... feb 05 12:23:22 fqdn systemd[1]: Started oVirt Engine websockets proxy. feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO daemonContext:434 Using the following ciphers: HIGH:!aNULL feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO daemonContext:438 Minimum SSL version requested: TLSv1.2 feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 WebSocket server settings: feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 - Listen on *:6100 feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 - Flash security policy server feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 - SSL/TLS support feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 - Deny non-SSL/TLS connections feb 05 12:23:22 fqdn ovirt-websocket-proxy.py[3314]: ovirt-websocket-proxy[3314] INFO msg:887 - proxying from *:6100 to targets generated by str
On the ovirt-engine.log, I just see this information:
2020-02-05 12:29:10,085Z INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-110) [68218d5b] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 5bf9a0bb-da18-4d07-87da-759c0b045e28 Type: VMAction group CONNECT_TO_VM with role type USER 2020-02-05 12:29:10,095Z INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-110) [68218d5b] START, SetVmTicketVDSCommand(HostName = kvmr01.fqdn, SetVmTicketVDSCommandParameters:{hostId='1828d0dc-e953-4d6a-8a95-528bb7aa849a', vmId='5bf9a0bb-da18-4d07-87da-759c0b045e28', protocol='VNC', ticket='oVoKEtgmDKnM', validTime='120', userName='user', userId='66a7a37f-d804-4192-9734-93f01a95dd98', disconnectAction='LOCK_SCREEN'}), log id: 596fbfb9 2020-02-05 12:29:10,167Z INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-110) [68218d5b] FINISH, SetVmTicketVDSCommand, return: , log id: 596fbfb9 2020-02-05 12:29:10,195Z INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-110) [68218d5b] EVENT_ID: VM_SET_TICKET(164), User user@domain-authz initiated console session for VM user.fqdn 2020-02-05 12:29:10,308Z INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (default task-110) [097f6518-5f87-4947-aee6-e76c9b740bcd] Running command: SetVmTicketCommand internal: false. Entities affected : ID: 5bf9a0bb-da18-4d07-87da-759c0b045e28 Type: VMAction group CONNECT_TO_VM with role type USER 2020-02-05 12:29:10,316Z INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-110) [097f6518-5f87-4947-aee6-e76c9b740bcd] START, SetVmTicketVDSCommand(HostName = kvmr01.fqdn, SetVmTicketVDSCommandParameters:{hostId='1828d0dc-e953-4d6a-8a95-528bb7aa849a', vmId='5bf9a0bb-da18-4d07-87da-759c0b045e28', protocol='VNC', ticket='A7PQWaXupvbZ', validTime='7200', userName='user', userId='66a7a37f-d804-4192-9734-93f01a95dd98', disconnectAction='LOCK_SCREEN'}), log id: 71e5165c 2020-02-05 12:29:10,387Z INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (default task-110) [097f6518-5f87-4947-aee6-e76c9b740bcd] FINISH, SetVmTicketVDSCommand, return: , log id: 71e5165c 2020-02-05 12:29:10,408Z INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-110) [097f6518-5f87-4947-aee6-e76c9b740bcd] EVENT_ID: VM_SET_TICKET(164), User user@domain-authz initiated console session for VM user.fqdn
Please, any tip on how to debug this? I cannot seem to find the reason for this.
Thanks. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RTNRXO2EGC6N3G...
On Wed, Feb 5, 2020 at 2:50 PM <nicolas@devels.es> wrote:
A little bit more info on it. I debugged the requests with Chrome and seems that the webservice call is made with https://engine:6100 (literally), instead of https://<fqdn>:6100.
A snapshot is included in this mail.
I don't know why is it trying to connect to this address, seems like a missed step on the upgrade process? (we upgraded 4.1 -> 4.2 -> 4.3).
How can I fix this problem?
Thanks!
To get current value stored: engine-config -g WebSocketProxy If wrong, to change it: engine-config -s WebSocketProxy=your_desidred_fqdn:6100 systemctl restart ovirt-engine HIH, Gianluca
What does this show engine-config -g WebSocketProxy should be <fqdn>:6100 if not try setting it with engine-config -s WebSocketProxy=<fqdn>:6100 then restarting the engine. Regards, Paul S. ________________________________ From: Gianluca Cecchi <gianluca.cecchi@gmail.com> Sent: 05 February 2020 13:57 To: Nicolás <nicolas@devels.es> Cc: users <users@ovirt.org> Subject: [ovirt-users] Re: Websocket-proxy not working after upgrade to 4.3 Caution External Mail: Do not click any links or open any attachments unless you trust the sender and know that the content is safe. On Wed, Feb 5, 2020 at 2:50 PM <nicolas@devels.es<mailto:nicolas@devels.es>> wrote: A little bit more info on it. I debugged the requests with Chrome and seems that the webservice call is made with https://engine:6100 (literally), instead of https://<fqdn>:6100. A snapshot is included in this mail. I don't know why is it trying to connect to this address, seems like a missed step on the upgrade process? (we upgraded 4.1 -> 4.2 -> 4.3). How can I fix this problem? Thanks! To get current value stored: engine-config -g WebSocketProxy If wrong, to change it: engine-config -s WebSocketProxy=your_desidred_fqdn:6100 systemctl restart ovirt-engine HIH, Gianluca To view the terms under which this email is distributed, please go to:- http://leedsbeckett.ac.uk/disclaimer/email/
El 2020-02-05 13:57, Gianluca Cecchi escribió:
On Wed, Feb 5, 2020 at 2:50 PM <nicolas@devels.es> wrote:
A little bit more info on it. I debugged the requests with Chrome and seems that the webservice call is made with https://engine:6100 [1]
(literally), instead of https://<fqdn>:6100.
A snapshot is included in this mail.
I don't know why is it trying to connect to this address, seems like a missed step on the upgrade process? (we upgraded 4.1 -> 4.2 -> 4.3).
How can I fix this problem?
Thanks!
To get current value stored:
engine-config -g WebSocketProxy
If wrong, to change it:
engine-config -s WebSocketProxy=your_desidred_fqdn:6100
systemctl restart ovirt-engine
Thanks, this helped. Not sure why the value was changed, since websocket proxy was working without an issue on 4.1.9... Anyway, it works now. Thanks guys.
HIH, Gianluca
Links: ------ [1] https://engine:6100
Hi, nicolas@devels.es writes:
A little bit more info on it. I debugged the requests with Chrome and seems that the webservice call is made with https://engine:6100 (literally), instead of https://<fqdn>:6100.
A snapshot is included in this mail.
I don't know why is it trying to connect to this address, seems like a missed step on the upgrade process? (we upgraded 4.1 -> 4.2 -> 4.3).
How can I fix this problem?
Did you set your webproxy URL in your engine configuration? E.g.: engine-config -s SpiceProxyDefault=http://<FQDN>:6100 -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
participants (4)
-
Derek Atkins -
Gianluca Cecchi -
nicolas@devels.es -
Staniforth, Paul