[novnc-console] Cannot connect to console

Mohammed Naser mnaser at vexxhost.com
Fri Jun 4 18:53:36 UTC 2021


Hi Derek,

What's the permissions of the letsencrypt cert files and the user that
Nova is running on?

sudo -u nova stat /etc/letsencrypt/live/ <MY_CONTROLLER_FQDN>/fullchain.pem

Will probably fail, so you might wanna fix that!

M

On Fri, Jun 4, 2021 at 11:23 AM Derek O keeffe <derekokeeffe85 at yahoo.ie> wrote:
>
> Hi all,
>
> This is my first post to this list so excuse me if I have not submitted correctly.
>
> I have installed openstack Victoria manually as a multi node setup. A controller & 3 computes. Everything works fine and the way it's expected. I have secured horizon with letsencrypt certs (for now) and again all is fine. When I did a test deploy I also used those certs to load the novnc console securely and it worked.
>
> My problem with my new deploy is that the console will not load no matter what I try. I get the following error when I enable debug mode in nova.
>
> 2021-06-04 15:54:11.004 356545 ERROR nova.console.websocketproxy Traceback (most recent call last):
> 2021-06-04 15:54:11.004 356545 ERROR nova.console.websocketproxy   File "/usr/lib/python3/dist-packages/websockify/websockifyserver.py", line 691, in top_new_client
> 2021-06-04 15:54:11.004 356545 ERROR nova.console.websocketproxy     client = self.do_handshake(startsock, address)
> 2021-06-04 15:54:11.004 356545 ERROR nova.console.websocketproxy   File "/usr/lib/python3/dist-packages/websockify/websockifyserver.py", line 578, in do_handshake
> 2021-06-04 15:54:11.004 356545 ERROR nova.console.websocketproxy     context.load_cert_chain(certfile=self.cert, keyfile=self.key, password=self.key_password)
> 2021-06-04 15:54:11.004 356545 ERROR nova.console.websocketproxy PermissionError: [Errno 13] Permission denied
>
> If I don't have debug enabled I just get the permission denied error. I have switched to the nova user and confirmed I can access the certs directory and read the certs. All my nova services are running fine as well.
>
> My controller conf is the following:
> [default]
> ssl_only=true
> cert=/etc/letsencrypt/live/ <MY_CONTROLLER_FQDN>/fullchain.pem
> key=/etc/letsencrypt/live/ <MY_CONTROLLER_FQDN>/privkey.pem
>
> [vnc]
> enabled = true
> server_listen = 0.0.0.0
> server_proxyclient_address = $my_ip
> novncproxy_base_url = https://<MY_CONTROLLER_FQDN>:6080/vnc_auto.html
>
> My compute config is the following:
> [vnc]
> enabled = true
> server_listen = 0.0.0.0
> server_proxyclient_address = $my_ip
> novncproxy_base_url = https://<MY_CONTROLLER_FQDN>:6080/vnc_auto.html
>
>
> If anyone could help that would be really appreciated or any advice to further troubleshoot!! I cannot see anything else in any logs but I might not be looking in the right place. Thank you in advance.
>
> Derek
>
>
>


-- 
Mohammed Naser
VEXXHOST, Inc.



More information about the openstack-discuss mailing list