Cant access to remote VNC on a federation scenario

Franco-Sparrow commented 4 months ago

Description

Cant access to remote VNC on a federation configuration. I have the following clusters:

ECASA-NC-CLOUD2: master zone
ECASA-NC-CLOUD3: slave zone

I am using self-signed certificates for both clusters. Each orchestrator from each cluster has installed their certificates as trusted. The VNC works on the remote cluster, configured as slave zone, by accesing directly to the cluster.

On the master zone orchestrator logs for sunstone:

/var/log/one/sunstone.log, while accesing to the VNC of local VM

Thu May 30 17:33:01 2024 [I]: 127.0.0.1 - - [30/May/2024:17:33:01 -0400] "GET /vm/1?csrftoken=baf8ec1cf6b68c6dd7cb78ee647e66f44036cdbea24e8e94cd3d197db03f283d HTTP/1.1" 200 - 0.2031
Thu May 30 17:33:01 2024 [I]: 127.0.0.1 - - [30/May/2024:17:33:01 -0400] "POST /vm/1/guac/vnc HTTP/1.1" 200 - 0.0124
Thu May 30 17:33:01 2024 [I]: 127.0.0.1 - - [30/May/2024:17:33:01 -0400] "GET /guac?socket=d3M6Ly9jbG91ZDIuZWNhc2EuYXZpYW5ldC5jdS9maXJlZWRnZS9ndWFjYW1vbGU/dHlwZT12bmMmdG9rZW49ZXlKcGRpSTZJa0Y0VEd0S1ZHOW1LMnBRTUdndmVWVk9VWGxTV2tFOVBTSXNJblpoYkhWbElqb2lOMGxaV0RFMFYxaEpOakZ1UW5WUlVHOVNlVVZJTUZCaU5VSkRPRVpTWWxoT1lTdGpialZHYzFGSlprbEdlVmt2YzBsdlNuQTNZVVJCU0RFMlRtTmFTbmh5WWxack55OVBSaTlwZG5CSVIxZHdVbnBoVEdaMlEzaENWbVpNV1Zkc05tZHNjMUZYT1c5UWFFNVdUVFJpTWprelZYQlRhazFHUm5aNlVsUlpPVE5TWmtKUFpHOXVUMFZGY2poU1JqTkRkMU41SzJZMFlWRnJOR00xU21Wdk1FYzNhalIwUm1Gd1VFazNaazlLTlcxaFZVb3piM1pXVUZWT01qbFBNMjltYUZSSU1XSnVRa0UxWW5aTGJHcENSM3BIY21KUU1FeEVUWE5JVEVwVlZXd3paREJwZUd0aVpHdFhhbTlQTkRKYVNFVklUVmxaUW5KcVUzcDVZVzlPV1hSYWFEZENObE5FTkVkNFFYTXhSbmg0ZERSaFVrRTlQU0o5JmluZm89ZXlKcFpDSTZJakVpTENKdVlXMWxJam9pZEdWemRESWlMQ0p6ZEdGMFpTSTZJbEpWVGs1SlRrY2lMQ0p6CmRHRnlkRjkwYVcxbElqb2lNVGN4TmprME9UVTJOaUlzSW01bGRIZHZjbXR6SWpwYlhYMD0K HTTP/1.1" 200 - 0.0081

/var/log/one/sunstone.log, while accesing to the VNC of remote VM

Thu May 30 17:34:33 2024 [I]: 127.0.0.1 - - [30/May/2024:17:34:33 -0400] "GET /user/0?id=0&csrftoken=baf8ec1cf6b68c6dd7cb78ee647e66f44036cdbea24e8e94cd3d197db03f283d HTTP/1.1" 200 - 0.4003
Thu May 30 17:34:34 2024 [I]: 127.0.0.1 - - [30/May/2024:17:34:34 -0400] "GET /vm/5?csrftoken=baf8ec1cf6b68c6dd7cb78ee647e66f44036cdbea24e8e94cd3d197db03f283d HTTP/1.1" 200 - 0.0104
Thu May 30 17:34:34 2024 [I]: 127.0.0.1 - - [30/May/2024:17:34:34 -0400] "POST /vm/5/guac/vnc HTTP/1.1" 200 - 0.0174
Thu May 30 17:34:34 2024 [I]: 127.0.0.1 - - [30/May/2024:17:34:34 -0400] "GET /guac?socket=d3M6Ly9jbG91ZDIuZWNhc2EuYXZpYW5ldC5jdS9maXJlZWRnZS9ndWFjYW1vbGU/dHlwZT12bmMmdG9rZW49ZXlKcGRpSTZJbGR0UldReldqZ3JOVEJ0WmxKVlR6QXhOMjlMVTFFOVBTSXNJblpoYkhWbElqb2liRUV2VkdvelNGTnplRWxGV25jMlpYVnBaWEk1WWxwTUswcExjV0pKYWxwS1MyeEpVbTB6WmxKRk5FVlJVMGhFYjJKblFUaHlNekowY2xSemRYWkdWazlqZWtaNFRURXdkVmxYUWt4Nk5EWXhOR2N5VlhCV0wxVmhNbE51VkdOMVEwSndMekpuV20xc04yRklSVU5hV2s1Q1oxTldMMjFCWmpST2EzRmlSbTFKTlVOd1ptZFFVVEJpT1dsQlZVbE9PVU13Y1hWamFuSkpXVkI0ZVdoTGJtNTFObGd2YVdGUFNsbFhNekpPU1RkSWVYazFNekJXUVZoTlYxRnFNa041V0dZeVRXTTFVRFowWjNwb1dVNVhkQ3QyV0dRcllXWm1ha3hPUVVNdlpHOUlkbUo2YnpGcFpYaG1jSFFyTUdaSWFuVldVM1ZoZWxSVFVpdHBNRmR5TUZkWU16aGlLek5NU1ZWR04zWjFZM0UzV1ROMVZrRTlQU0o5JmluZm89ZXlKcFpDSTZJalVpTENKdVlXMWxJam9pZEdWemRDSXNJbk4wWVhSbElqb2lVbFZPVGtsT1J5SXNJbk4wCllYSjBYM1JwYldVaU9pSXhOekUzTVRBME1Ea3hJaXdpYm1WMGQyOXlhM01pT2x0ZGZRPT0K HTTP/1.1" 200 - 0.2052

I dont know if this is supported on current versions, it is not specified. At least it was not supported on the older ones:

To Reproduce

Follow the official documentation:

https://docs.opennebula.io/6.8/installation_and_configuration/data_center_federation/config.html#:~:text=To%20federate%20OpenNebula%20Zones%2C%20they,coordinated%20update%20of%20all%20Zones.

This is not explained in the documentation, but I found this from reading the sunstone-server.conf:

nano /etc/one/sunstone-server.conf

Enabling allow_vnc_federation:

:allow_vnc_federation: yes

Restart the opennebula-sunstone service:

systemctl restart opennebula-sunstone

Expected behavior

Access to every VNC, no matter if is from local VM or remote VM of the slave zones, if supported...

Details

Affected Component: [ Sunstone]
Hypervisor: [KVM]
Version: [6.8.2]

Additional context Add any other context about the problem here.

Progress Status

[ ] Code committed
[ ] Testing - QA
[ ] Documentation (Release notes - resolved issues, compatibility, known issues)

Franco-Sparrow commented 4 months ago

Hi

Does any body can help me with this please?

jloboescalona2 commented 4 months ago

I close this issue because it is duplicated with this one

OpenNebula / one