noVNC problems after upgrading to 3.5.0
I had noVNC working under 3.4, but can’t seem to get it back up after updating to 3.5.0. VNC is working if I make direct connections, but it looks like the web socket proxy never tries to connect to the host server. noVNC is just reporting then generic 1006 error. Firefox reports it already has the right ca.crt installed, so it’s not that. From watching the network, it looks like it never gets authenticated properly to the web proxy, and never tries to connect on from there. Any way to get some debugging info for the web socket proxy? Not locating any in the usual log files when I try this… Anyone else seeing a similar problem? -Darrell
<html><bodyHi Darrel, have you accepted the certificate for the web socket proxy? ( usually https://<your engine>:6100/ ) Cheers, Luf Darrell Budic píše v Čt 13. 11. 2014 v 14:25 -0600:
I had noVNC working under 3.4, but can’t seem to get it back up after updating to 3.5.0. VNC is working if I make direct connections, but it looks like the web socket proxy never tries to connect to the host server. noVNC is just reporting then generic 1006 error. Firefox reports it already has the right ca.crt installed, so it’s not that. From watching the network, it looks like it never gets authenticated properly to the web proxy, and never tries to connect on from there.
Any way to get some debugging info for the web socket proxy? Not locating any in the usual log files when I try this…
Anyone else seeing a similar problem?
-Darrell _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited. If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information. Please note that all communications and information transmitted through this email system may be monitored by NetSuite or its agents and that all incoming email is automatically scanned by a third party spam and filtering service </body></html>
On Nov 14, 2014, at 7:09 AM, Finstrle, Ludek <lfinstrle@netsuite.com> = wrote: =20 =20 Hi Darrel, =20 have you accepted the certificate for the web socket proxy? ( usually https://<your <https://<your> engine>:6100/ ) =20 Cheers, =20 Luf =20 Darrell Budic p=C3=AD=C5=A1e v =C4=8Ct 13. 11. 2014 v 14:25 -0600:
I had noVNC working under 3.4, but can=E2=80=99t seem to get it back = up after updating to 3.5.0. VNC is working if I make direct connections, = but it looks like the web socket proxy never tries to connect to the = host server. noVNC is just reporting then generic 1006 error. Firefox = reports it already has the right ca.crt installed, so it=E2=80=99s not =
=20 Any way to get some debugging info for the web socket proxy? Not = locating any in the usual log files when I try this=E2=80=A6 =20 Anyone else seeing a similar problem? =20 -Darrell _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users = <http://lists.ovirt.org/mailman/listinfo/users> =20 =20 NOTICE: This email and any attachments may contain confidential and =
--Apple-Mail=_B6A1E7E5-D1C9-421D-BCC2-D0125D5DE1FB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 That was it, thanks! -Darrell that. =46rom watching the network, it looks like it never gets = authenticated properly to the web proxy, and never tries to connect on = from there. proprietary information of NetSuite Inc. and is for the sole use of the = intended recipient for the stated purpose. Any improper use or = distribution is prohibited. If you are not the intended recipient, = please notify the sender; do not review, copy or distribute; and = promptly delete or destroy all transmitted information. Please note that = all communications and information transmitted through this email system = may be monitored and retained by NetSuite or its agents and that all = incoming email is automatically scanned by a third party spam and = filtering service which may result in deletion of a legitimate e-mail = before it is read by the intended recipient. --Apple-Mail=_B6A1E7E5-D1C9-421D-BCC2-D0125D5DE1FB Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" = class=3D"">That was it, thanks!<div class=3D""><br class=3D""></div><div = class=3D""> -Darrell</div><div class=3D""><br = class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D"">On = Nov 14, 2014, at 7:09 AM, Finstrle, Ludek <<a = href=3D"mailto:lfinstrle@netsuite.com" = class=3D"">lfinstrle@netsuite.com</a>> wrote:</div><br = class=3D"Apple-interchange-newline"><div class=3D""><div class=3D""> <br class=3D""> Hi Darrel,<br class=3D""> <br class=3D""> have you accepted the certificate for the web socket proxy?<br = class=3D""> ( usually <a href=3D"https://<your" target=3D"_blank" = class=3D"">https://<your</a> engine>:6100/ )<br class=3D""> <br class=3D""> Cheers,<br class=3D""> <br class=3D""> Luf<br class=3D""> <br class=3D""> Darrell Budic p=C3=AD=C5=A1e v =C4=8Ct 13. 11. 2014 v 14:25 -0600:<br = class=3D""> > I had noVNC working under 3.4, but can=E2=80=99t seem to get it = back up after updating to 3.5.0. VNC is working if I make direct = connections, but it looks like the web socket proxy never tries to = connect to the host server. noVNC is just reporting then generic 1006 = error. Firefox reports it already has the right ca.crt installed, so = it=E2=80=99s not that. =46rom watching the network, it looks like it = never gets authenticated properly to the web proxy, and never tries to = connect on from there.<br class=3D""> > <br class=3D""> > Any way to get some debugging info for the web socket proxy? Not = locating any in the usual log files when I try this=E2=80=A6<br = class=3D""> > <br class=3D""> > Anyone else seeing a similar problem?<br class=3D""> > <br class=3D""> > -Darrell<br class=3D""> > _______________________________________________<br class=3D""> > Users mailing list<br class=3D""> > <a href=3D"mailto:Users@ovirt.org" class=3D"">Users@ovirt.org</a><br = class=3D""> > <a href=3D"http://lists.ovirt.org/mailman/listinfo/users" = target=3D"_blank" = class=3D"">http://lists.ovirt.org/mailman/listinfo/users</a><br = class=3D""> <br class=3D""> <br class=3D""> <font size=3D"1" class=3D""> NOTICE: This email and any attachments may contain confidential and = proprietary information of NetSuite Inc. and is for the sole use of the = intended recipient for the stated purpose. Any improper use or = distribution is prohibited. If you are not the intended recipient, = please notify the sender; do not review, copy or distribute; and = promptly delete or destroy all transmitted information. Please note that = all communications and information transmitted through this email system = may be monitored and retained by NetSuite or its agents and that all = incoming email is automatically scanned by a third party spam and = filtering service which may result in deletion of a legitimate e-mail = before it is read by the intended recipient.</font> </div> </div></blockquote></div><br class=3D""></div></body></html>= --Apple-Mail=_B6A1E7E5-D1C9-421D-BCC2-D0125D5DE1FB--
----- Original Message -----
From: "Darrell Budic" <budic@onholyground.com> To: "Ludek Finstrle" <lfinstrle@netsuite.com> Cc: "users" <users@ovirt.org> Sent: Friday, November 14, 2014 5:31:57 PM Subject: Re: [ovirt-users] noVNC problems after upgrading to 3.5.0
That was it, thanks!
If you are correctly trusting your oVirt internal CA you don't need to explicitly trust every single certificate signed by that CA. Please double check it.
-Darrell
On Nov 14, 2014, at 7:09 AM, Finstrle, Ludek < lfinstrle@netsuite.com > wrote:
Hi Darrel,
have you accepted the certificate for the web socket proxy? ( usually https://<your engine>:6100/ )
Cheers,
Luf
Darrell Budic píše v Čt 13. 11. 2014 v 14:25 -0600:
I had noVNC working under 3.4, but can’t seem to get it back up after updating to 3.5.0. VNC is working if I make direct connections, but it looks like the web socket proxy never tries to connect to the host server. noVNC is just reporting then generic 1006 error. Firefox reports it already has the right ca.crt installed, so it’s not that. From watching the network, it looks like it never gets authenticated properly to the web proxy, and never tries to connect on from there.
Any way to get some debugging info for the web socket proxy? Not locating any in the usual log files when I try this…
Anyone else seeing a similar problem?
-Darrell _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited. If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information. Please note that all communications and information transmitted through this email system may be monitored and retained by NetSuite or its agents and that all incoming email is automatically scanned by a third party spam and filtering service which may result in deletion of a legitimate e-mail before it is read by the intended recipient.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
That’s what I thought too, but... Firefox tells me “This certificate is already installed as a certificate authority.” though. It looks like the cert for :6100 is the proper one, too. Maybe a firefox change with their new signing rules (i’ve disabled security.use_mozillapkix_verification due to problems with other internal certs)? I tried removing all the old web site certs and still had to add the https://<engine>:6100 cert to get the noVNC console to connect.
On Nov 14, 2014, at 11:25 AM, Simone Tiraboschi <stirabos@redhat.com> wrote:
----- Original Message -----
From: "Darrell Budic" <budic@onholyground.com> To: "Ludek Finstrle" <lfinstrle@netsuite.com> Cc: "users" <users@ovirt.org> Sent: Friday, November 14, 2014 5:31:57 PM Subject: Re: [ovirt-users] noVNC problems after upgrading to 3.5.0
That was it, thanks!
If you are correctly trusting your oVirt internal CA you don't need to explicitly trust every single certificate signed by that CA. Please double check it.
-Darrell
On Nov 14, 2014, at 7:09 AM, Finstrle, Ludek < lfinstrle@netsuite.com > wrote:
Hi Darrel,
have you accepted the certificate for the web socket proxy? ( usually https://<your engine>:6100/ )
Cheers,
Luf
Darrell Budic píše v Čt 13. 11. 2014 v 14:25 -0600:
I had noVNC working under 3.4, but can’t seem to get it back up after updating to 3.5.0. VNC is working if I make direct connections, but it looks like the web socket proxy never tries to connect to the host server. noVNC is just reporting then generic 1006 error. Firefox reports it already has the right ca.crt installed, so it’s not that. From watching the network, it looks like it never gets authenticated properly to the web proxy, and never tries to connect on from there.
Any way to get some debugging info for the web socket proxy? Not locating any in the usual log files when I try this…
Anyone else seeing a similar problem?
-Darrell _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
NOTICE: This email and any attachments may contain confidential and proprietary information of NetSuite Inc. and is for the sole use of the intended recipient for the stated purpose. Any improper use or distribution is prohibited. If you are not the intended recipient, please notify the sender; do not review, copy or distribute; and promptly delete or destroy all transmitted information. Please note that all communications and information transmitted through this email system may be monitored and retained by NetSuite or its agents and that all incoming email is automatically scanned by a third party spam and filtering service which may result in deletion of a legitimate e-mail before it is read by the intended recipient.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14.11.2014 23:27, Darrell Budic wrote:
That’s what I thought too, but... Firefox tells me “This certificate is already installed as a certificate authority.” though. It looks like the cert for :6100 is the proper one, too. Maybe a firefox change with their new signing rules (i’ve disabled security.use_mozillapkix_verification due to problems with other internal certs)? I tried removing all the old web site certs and still had to add the https://<engine>:6100 cert to get the noVNC console to connect.
also I'm wondering why the certificate should get exchanged during upgrade? is this the "normal" upgrade path? Does upgrade renew/change any previously installed certificates? I guess this should not happen? thanks for any answers in advance Sven -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQGcBAEBAgAGBQJUZ7GHAAoJEAq0kGAWDrqlt8QMAMSy5pw3LE+mYC/kux8DIiQh nbD9xnJj2jZpbg21/wp+aHDGXp99NJl6GGN0ClMnZkPAH1WmCYmxq7zEcqSGnAV7 Nu5+LsmFvyktK+u2INXNi/5Z3NNYCUbGLHOL2d4CprmBOAy/5G+5G4ucBNRmBTIH 8MzLop2sJEtHQ6ZK2VbzpD/5k7K87VwhLSGIXx9R72AEmeuH9p0Q4GNDxhLU99lO 5fMyF63ExECoMGdb/JwSUQ/juZ79K6UnRY63qTdFlMXW7eddf+zetmZrS8eE4lHe HEe+IuMSqqsHovpHn7lCnM27AsQzG6UITqCz9atlO34zlqd2jvaoWhsbYBO0wrUS MKUsMB/abdp/N1Vhs1WigsYkCvv4OoSzabBkrQ+pU9ivzK+zagwi65lqx1nsgfCH UigwWWnb6SWUeGpPu40UYOCAqYWCGCcH3H0kuuGtVsql55Vr++OSHoG9Q9kRYpj3 0d6GfSW9V+6hvhc/jv9C6BAzTY0clNSwiBKBZZyi2w== =VavE -----END PGP SIGNATURE-----
----- Original Message -----
From: "Sven Kieske" <svenkieske@gmail.com> To: users@ovirt.org Sent: Saturday, November 15, 2014 9:03:19 PM Subject: Re: [ovirt-users] noVNC problems after upgrading to 3.5.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 14.11.2014 23:27, Darrell Budic wrote:
That’s what I thought too, but... Firefox tells me “This certificate is already installed as a certificate authority.” though. It looks like the cert for :6100 is the proper one, too. Maybe a firefox change with their new signing rules (i’ve disabled security.use_mozillapkix_verification due to problems with other internal certs)? I tried removing all the old web site certs and still had to add the https://<engine>:6100 cert to get the noVNC console to connect.
also I'm wondering why the certificate should get exchanged during upgrade?
is this the "normal" upgrade path? Does upgrade renew/change any previously installed certificates?
I guess this should not happen?
No, it's shouldn't and, as far as I know, it doesn't. Darrell, can you please check the certification path of that cert and when it was signed?
thanks for any answers in advance
Sven -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQGcBAEBAgAGBQJUZ7GHAAoJEAq0kGAWDrqlt8QMAMSy5pw3LE+mYC/kux8DIiQh nbD9xnJj2jZpbg21/wp+aHDGXp99NJl6GGN0ClMnZkPAH1WmCYmxq7zEcqSGnAV7 Nu5+LsmFvyktK+u2INXNi/5Z3NNYCUbGLHOL2d4CprmBOAy/5G+5G4ucBNRmBTIH 8MzLop2sJEtHQ6ZK2VbzpD/5k7K87VwhLSGIXx9R72AEmeuH9p0Q4GNDxhLU99lO 5fMyF63ExECoMGdb/JwSUQ/juZ79K6UnRY63qTdFlMXW7eddf+zetmZrS8eE4lHe HEe+IuMSqqsHovpHn7lCnM27AsQzG6UITqCz9atlO34zlqd2jvaoWhsbYBO0wrUS MKUsMB/abdp/N1Vhs1WigsYkCvv4OoSzabBkrQ+pU9ivzK+zagwi65lqx1nsgfCH UigwWWnb6SWUeGpPu40UYOCAqYWCGCcH3H0kuuGtVsql55Vr++OSHoG9Q9kRYpj3 0d6GfSW9V+6hvhc/jv9C6BAzTY0clNSwiBKBZZyi2w== =VavE -----END PGP SIGNATURE----- _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (4)
-
Darrell Budic -
Finstrle, Ludek -
Simone Tiraboschi -
Sven Kieske