After Referencing: http://www.ovirt.org/Features/noVNC_console http://www.ovirt.org/Features/SpiceHTML5
and looking at some of the related engine code. I am still attempting to get the spice/novnc browser based consoles to work. I am working from a build from master yesterday I used to upgrade over a previous 3.3 master build from about a month back. VDSM version on host is 4.12.0 built minutes ago. I have installed and configured the websocket proxy like so: Set WebSocketProxy to engine ENGINEIP port 6100 engine-config -s WebSocketProxy=ENGINEIP:6100 /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=websocket-proxy --password=install --subject="/C=US/O=DHC/CN=ENGINEFQDN" This generates: /etc/pki/ovirt-engine/keys/websocket-proxy.p12 /etc/pki/ovirt-engine/certs/websocket-proxy.cer /etc/pki/ovirt-engine/requests/websocket-proxy.req However it does not generate the key that websockify wants so we do: openssl pkcs12 -in websocket-proxy.p12 -nocerts -nodes -out /etc/pki/ovirt-engine/keys/websocket-proxy.key The configuration of ovirt-websocket-proxy: PROXY_HOST=* PROXY_PORT=6100 SOURCE_IS_IPV6=False SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key FORCE_DATA_VERIFICATION=False CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer SSL_ONLY=True TRACE_ENABLE=False TRACE_FILE= ENGINE_USR="/usr/share/ovirt-engine" Install spice-html5 git clone http://anongit.freedesktop.org/git/spice/spice-html5.git mv spice-html5 /usr/share Test spice: In Webadmin UI we set create a VM, set display as spice, start it and set it's console to spice-html5. Result spice-html client opens in a new tab but does not connect. >From engine.log: 2013-08-01 12:49:52,352 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-9) Running command: SetVmTicketCommand internal: false. Entities affected : ID: fec3260c-871a-4fbe-a006-9eee4fbfbbcc Type: VM 2013-08-01 12:49:52,371 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-9) START, SetVmTicketVDSCommand(HostName = ovirtnodefoo, HostId = 5713e5c8-6252-4bce-a3f6-bbd8e1e6eb57, vmId=fec3260c-871a-4fbe-a006-9eee4fbfbbcc, ticket=TKfzUQJLLrUI, validTime=120,m userName=admin@internal, userId=fdfc627c-d875-11e0-90f0-83df133b58cc), log id: 5d258049 2013-08-01 12:49:52,445 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-9) FINISH, SetVmTicketVDSCommand, log id: 5d258049 Test novnc: In Webadmin UI we set create a VM, set display as VNC, start it and set it's console to novnc. Result novnc client opens in a new tab but does not connect, but does display error: "Server disconnected (code: 1006) >From engine.log: 2013-08-01 12:50:44,800 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand] (ajp--127.0.0.1-8702-9) Running command: SetVmTicketCommand internal: false. Entities affected : ID: fec3260c-871a-4fbe-a006-9eee4fbfbbcc Type: VM 2013-08-01 12:50:44,833 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-9) START, SetVmTicketVDSCommand(HostName = ovirtnodefoo, HostId = 5713e5c8-6252-4bce-a3f6-bbd8e1e6eb57, vmId=fec3260c-871a-4fbe-a006-9eee4fbfbbcc, ticket=IPWOWh6U9erd, validTime=120,m userName=admin@internal, userId=fdfc627c-d875-11e0-90f0-83df133b58cc), log id: bff6161 2013-08-01 12:50:44,917 INFO [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand] (ajp--127.0.0.1-8702-9) FINISH, SetVmTicketVDSCommand, log id: bff6161 I verified connection of both the spice/vnc console directly at the host level with a quick connect via virt-viewer. A quick scan with nmap of engine and host to verify sockets are open: Nmap scan report for engine Host is up (0.0042s latency). Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 6100/tcp open synchronet-db Nmap scan report for host Host is up (0.0045s latency). Not shown: 997 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 5900/tcp open vnc For grins I stopped the websocket proxy and manually started a websockify like so: websockify 3.57.111.11:6100 3.57.111.12:5900--cert=/etc/pki/ovirt-engine/certs/websocket-proxy.cer --key=/etc/pki/ovirt-engine/keys/websocket-proxy.key WARNING: no 'numpy' module, HyBi protocol is slower or disabled WebSocket server settings: - Listen on ENGINEIP:6100 - Flash security policy server - SSL/TLS support - proxying from ENGINEIP:6100 to HOSTIP:5900 Attempting another connection via https://ENGINEFQDN//ovirt-engine-novnc-main.html?host=ENGINEIP&port=6100results in: 1: handler exception: [Errno 1] _ssl.c:1359: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca I should also note in case it matters that the SSLEnabled=false, and EnableSpiceRootCertificateValidation are both set as false are set in my engine options. Am I doing something wrong here, I don't see any reason this should not work? - DHC
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users