nova novnc timeout
melanie witt
melwittt at gmail.com
Thu Nov 19 21:25:36 UTC 2020
On 11/19/20 01:35, Ankele zhang wrote:
> Hello~
> I have a OpenStack Rocky platform. My nova.cfg has configured
> "[consoleauth] token_ttl=360000 [workarounds] enable_consoleauth=true",
> I get the console url and access my VM console in web. the console url
> invalid after two or one minutes not 360000s.
> How can I resolve this?
> Look forward to hearing from you.
Hi Ankele,
I'm sure you have already read this but for reference, this is the blurb
in the release notes around the console proxy changes [1]. Note that the
[workarounds]enable_consoleauth option has been removed in the Train
release, so to avoid interruptions in consoles during an upgrade to
Train, you must ensure your deployment has fully migrated to the new
per-cell console proxy model in Rocky or Stein.
In Rocky, console token auths are stored in the cell database(s) (new
way) and if [workarounds]enable_consoleauth=true on the nova-api nodes,
they are additionally stored in the nova-consoleauth service (old way).
Then, on the console proxy side, if [workarounds]enable_consoleauth=true
on the nova-novncproxy nodes, the proxy will first try to validate the
token in the nova-consoleauth service (old way) and if that's not
successful, it will fall back to contacting the cell database to
validate the token (new way). In order for it to succeed at validating
the token in the cell database, the nova-novncproxy needs to be deployed
per cell and have access to the cell database [database]connection.
If you need to use nova-consoleauth to transition to the
database-backend model, you must set
[workarounds]enable_consoleauth=true on both the nova-novncproxy nodes
(for token validation) and the nova-api nodes (for token auth storage in
the old way). The [consoleauth]token_ttl option needs to be set to the
value you desire on both the nova-consoleauth nodes (old way) and
nova-compute nodes (new way).
So, I suspect the issue is you need to set the aforementioned config
options on nodes where you don't yet have them set.
To transition to the new way without console interruption, you will need
to (1) deploy nova-novncproxy services to each of your cells and make
sure they have [database]connection set to the corresponding cell
database, (2) wait until all token auths generated before Rocky are
expired, (3) set [workarounds]enable_consoleauth=false on
nova-novncproxy and nova-api nodes, (4) remove the nova-consoleauth
service from your deployment.
Hope this helps,
-melanie
[1]
https://docs.openstack.org/releasenotes/nova/rocky.html#relnotes-18-0-0-stable-rocky-upgrade-notes
More information about the openstack-discuss
mailing list