[Openstack] noVNC and EPEL

Adam Young ayoung at redhat.com
Tue Jun 12 18:56:35 UTC 2012 

I have a working noVNC RPM for both F17 and EPEL.

Well...I think it is working...everything is set as best as I can tell 
to what it should be.  However, I have not been able to get a VNC 
console on a VM from the Web UI.  I have been able to do so using 
noVNC,  so we have a partial solution.  I've been advised that 
misconfiguration of the compute nodes is often at fault for noVNC not 
working:

<sleepsonthefloor> ayoung: it is very common for people to misconfigure 
flags on the compute hosts
<sleepsonthefloor> FLAGS.vncserver_proxyclient_address and 
FLAGS.novncproxy_base_url

My packages are at:
http://admiyo.fedorapeople.org/noVNC/

Paidrig "pixelbeat" Brady has tweaked them and gotten them blessed into 
the Fedora and EPEL system.

With the RPM installed, the steps to get novnc_server (not the Nova 
proxy) working are:

1.  Generate a key. I put this in /etc/nova:
  openssl req -new -x509 -days 365 -nodes -out self.pem -keyout self.pem

2.  Figure out the port for the vnc server you want.  This will depend 
on the VM.  In general, the first VM you spin up will have 9000,  the 
next 9001.  You can  brute force the search using

qemu-syst 21809      qemu   13u     IPv4             178192 0t0        
TCP localhost:vnc-server (LISTEN)
qemu-syst 26373      qemu   11u     IPv4            3446722 0t0        
TCP localhost:5901 (LISTEN)

Note that the first line lists the port by service name (vnc-server) out 
of /etc/services  (technically the NSSwitch services database, but we 
all probably have that set to files.)

I ensured I could connect to the server using the  tiger-vnc package and 
vncviewer.


3.  Run the novnc server.  In the upstream, this is launch.sh.  For 
Fedora we've given it the slightly more descriptive name novnc_server.

cd /usr/share/novnc
novnc_server --cert /etc/nova/self.pem --vnc localhost:5901


4.  Get the self signed cert into your browser by pointing at the server 
using https://hostname:6080.  This will kick you into the "invalid 
certificate"  dialog.  Accept the Cert and it will forward you to 
noVNC.  No password is required:  click connect and you should be 
viewing the appropriate VM.



I have not been able to get the Horizon Dashboard to noVNC integration 
working.  I suspect that the correct command line should be something like:

  nova-novncproxy  --flagfile=/etc/nova/nova.conf 
--web=/usr/share/novnc/ --cert=/etc/nova/self.pem 
--log-file=/var/log/nova/novnc.log

But no connections go through.  Nothing shows up in the log (and I have 
confirmed that is not due to permissions).  Nothing shows up on the 
command line, either except the startup information:

[root at ayoung-stack2 novnc]# nova-novncproxy 
--flagfile=/etc/nova/nova.conf   --web=/usr/share/novnc/ 
--cert=/etc/nova/self.pem --log-file=/var/log/nova/novnc.log
WebSocket server settings:
   - Listen on 0.0.0.0:6080
   - Flash security policy server
   - Web server. Web root: /usr/share/novnc
   - SSL/TLS support
   - proxying from 0.0.0.0:6080 to ignore:ignore


For Fedora,  we cannot ship the binary Flash blob.  I've been working 
under the assumtion that the Nova noVNC proxy uses the browsers 
websocket support....

More information about the Openstack mailing list