Open charliesls opened 5 years ago
There could be some settings error. It could be firewall, qemu.conf, libvirt.conf settings. Or nonvcd daemon does not work. Please check again installation steps
I did it three times at least Where can i find some logs for the VNC function?
@catborise
@charliesls Can you tell me you setup?
@Bandic007 can you tell me your webvirtcloud setup? Especially why you need reverse proxy. I do not use reverse proxy and i do not know why you need it. May be @charliesls needs reverse proxy also. Documentation may enrich with your setup Thanks
@catborise - It is a bit complicated on my side but I will explain. My setup is remote and behind a router. I don't want to expose vnc prots on the router firewall and also it will be not just a single one but a stack of ports as every vm uses its own port. And I am already using port 80 and 443 of the router so I reverse proxied the vns trough them. But this brings me to another issue of mine - I have a second compute host which is remote from the first one. They are both connected but webvirtcloud is instaleed only on the first one, and I am reverse proxying to it - which causes the vnc for the second remote host to not work with the proxy setup. I believe it can be achieved if more than one host is placed on the same location. I will give you my configs to setup it like this, but will be glad if you can suggest more refined and better way to do this and to work on all nodes. I am using nginx for the reverse proxying and made some small changes in 3-4 files to add support for it. Let me gather the configs and will give you links to them. I have them in commits in my version of the repo.
Hmm okey i understand @Bandic007 why do not you install webvirtcloud on a vm instance? I dont know if it is possible or not but For remote access shouldnt vpn a better solution?
ok but since kvm will work, I will have to still open ports on the routers that are placed before my two separate hosts for the vnc. Correct? How will this help me avoid the proxying?
If you connect the management network of kvm hosts with VPN you do need not to open any port on router other than vpn port. Also this way much more secure. I am using that way without any problem.
I guess IPsec tunnel can be a good option actually. Thanks for the idea.
check the webvirtcloud server and ensure port 6080 is listening
noVNC doesn't work CentOS Linux release 7.6.1810 As follows:
Something went wrong,connection is closed
I have the same problem. Ubuntu 18.04.2 LTS
Maybe it's because of the uninstalled packages libsasl2-modules libauthen-sasl-perl sasl2-bin ?? I have libvirt accepts connections over UNIX socket, SASL authentication is not needed, that's why these packages are not installed.
# sudo aptitude search "~i sasl"
# i libsasl2-2
# i A libsasl2-modules-db
Here is the log novncd:
2019-06-01 19:52:32,091 - websocket.type - INFO : WebSocket server settings:
2019-06-01 19:52:32,091 - websocket.type - INFO : - Listen on 10.0.0.1:6080
2019-06-01 19:52:32,091 - websocket.type - INFO : - Flash security policy server
2019-06-01 19:52:32,091 - websocket.type - INFO : - No SSL/TLS support (no cert file)
2019-06-01 19:52:32,091 - websocket.type - INFO : - proxying from 10.0.0.1:6080 to ignore:ignore
2019-06-01 19:55:20,317 - websocket.type - DEBUG : 10.0.0.4: new handler Process
2019-06-01 19:55:20,325 - websocket.type - INFO : ubuntu-x64-rdp - - [01/Jun/2019 19:55:20] "GET /websockify HTTP/1.1" 101 -
2019-06-01 19:55:20,326 - websocket.type - INFO : ubuntu-x64-rdp - - [01/Jun/2019 19:55:20] 10.0.0.4: Plain non-SSL (ws://) WebSocket connection
2019-06-01 19:55:20,326 - websocket.type - INFO : ubuntu-x64-rdp - - [01/Jun/2019 19:55:20] 10.0.0.4: Version hybi-13, base64: 'False'
2019-06-01 19:55:20,326 - websocket.type - INFO : ubuntu-x64-rdp - - [01/Jun/2019 19:55:20] 10.0.0.4: Path: '/websockify'
2019-06-01 19:55:20,349 - root - DEBUG : Connection infos :
- connhost : 'localhost'
- connport : '22'
- connuser : ''
- conntype : '4'
- console_host : '127.0.0.1'
- console_port : '5901'
- console_socket : 'None'
2019-06-01 19:55:20,349 - websocket.type - INFO : ubuntu-x64-rdp - - [01/Jun/2019 19:55:20] Need a tunnel to access console but can't mount one because it's not a
SSH host
2019-06-01 19:55:20,349 - websocket.type - INFO : handler exception: <bound method NovaProxyRequestHandler.msg of <__main__.NovaProxyRequestHandler object at 0x7f
81fcf20f90>>
2019-06-01 19:55:20,349 - websocket.type - DEBUG : exception
Traceback (most recent call last):
File "/srv/webvirtcloud/venv/local/lib/python2.7/site-packages/websockify/websocket.py", line 930, in top_new_client
client = self.do_handshake(startsock, address)
File "/srv/webvirtcloud/venv/local/lib/python2.7/site-packages/websockify/websocket.py", line 860, in do_handshake
self.RequestHandlerClass(retsock, address, self)
File "/srv/webvirtcloud/venv/local/lib/python2.7/site-packages/websockify/websocket.py", line 114, in __init__
SimpleHTTPRequestHandler.__init__(self, req, addr, server)
File "/usr/lib/python2.7/SocketServer.py", line 652, in __init__
self.handle()
File "/srv/webvirtcloud/venv/local/lib/python2.7/site-packages/websockify/websocket.py", line 581, in handle
SimpleHTTPRequestHandler.handle(self)
File "/usr/lib/python2.7/BaseHTTPServer.py", line 340, in handle
self.handle_one_request()
File "/usr/lib/python2.7/BaseHTTPServer.py", line 328, in handle_one_request
method()
File "/srv/webvirtcloud/venv/local/lib/python2.7/site-packages/websockify/websocket.py", line 543, in do_GET
if not self.handle_websocket():
File "/srv/webvirtcloud/venv/local/lib/python2.7/site-packages/websockify/websocket.py", line 531, in handle_websocket
self.new_websocket_client()
File "/srv/webvirtcloud/console/novncd", line 222, in new_websocket_client
self._new_client(daemon, socket_factory)
File "/srv/webvirtcloud/console/novncd", line 162, in _new_client
raise Exception(self.msg)
Exception: <bound method NovaProxyRequestHandler.msg of <__main__.NovaProxyRequestHandler object at 0x7f81fcf20f90>>
2019-06-01 19:55:20,429 - websocket.type - DEBUG : Ignoring interrupted syscall
Here is the installation sequence webvirtcloud:
sudo apt-get -y install git python-virtualenv python-dev python-lxml libvirt-dev zlib1g-dev libxslt1-dev nginx supervisor python-guestfs
git clone https://github.com/retspen/webvirtcloud
cd webvirtcloud
cp webvirtcloud/settings.py.template webvirtcloud/settings.py
vi webvirtcloud/settings.py
#---------------------------------------------
SECRET_KEY = 'my-super-secret-key'
#---------------------------------------------
sudo cp conf/supervisor/webvirtcloud.conf /etc/supervisor/conf.d
sudo cp conf/nginx/webvirtcloud.conf /etc/nginx/conf.d
cd
sudo mv webvirtcloud /srv/
cd /srv/webvirtcloud
sudo virtualenv venv
source venv/bin/activate
sudo /srv/webvirtcloud/venv/bin/pip install --upgrade pip
sudo /srv/webvirtcloud/venv/bin/pip install -r conf/requirements.txt
# ...
# Successfully built websockify libvirt-python rwlock
# Installing collected packages: pytz, Django, numpy, websockify, gunicorn, lxml, libvirt-python, rwlock
# Successfully installed Django-1.11.20 gunicorn-19.9.0 libvirt-python-4.10.0 lxml-4.2.5 numpy-1.16.3 pytz-2019.1 rwlock-0.0.7 websockify-0.8.0
sudo /srv/webvirtcloud/venv/bin/python manage.py migrate
sudo chown -R www-data:www-data /srv/webvirtcloud
sudo rm /etc/nginx/sites-enabled/default
sudo vi /etc/nginx/conf.d/webvirtcloud.conf
#----------------------------------------------
server {
listen 10.0.0.1:80;
# ...
location / {
## proxy_pass http://127.0.0.1:8000;
proxy_pass http://unix:/srv/webvirtcloud/venv/wvcloud.socket;
# ...
}
}
#----------------------------------------------
sudo service nginx restart
sudo vi /srv/webvirtcloud/gunicorn.conf.py
#---------------------------------------------
bind = 'unix:/srv/webvirtcloud/venv/wvcloud.socket'
#bind = '127.0.0.1:8000'
#
# def get_workers():
# procs = os.sysconf('SC_NPROCESSORS_ONLN')
# if procs > 0:
# return procs * 2 + 1
# else:
# return 3
# workers = get_workers()
workers = 3
#---------------------------------------------
sudo service supervisor restart
sudo adduser www-data libvirtd
sudo adduser www-data libvirt
# Did not execute the following command, libvirt was already installed earlier:
# wget -O - https://clck.ru/9V9fH | sudo sh
#
# On the link opened the file, looked through the commands for the section Ubuntu Install Functions
# The sasl2-bin package was not installed, because the connection of supervisor to libvirt is performed via UNIX-socket (virsh -c qemu:///system)
# SASL authentication is not needed (or am I wrong?)
# Package virt-manager did not install (it is not clear why it is needed, we use webvirtcloud).
# The remaining packages for the hypervisor were previously installed.
#
# The following settings for connecting to libvirt over TCP were NOT performed:
# sudo sed -i 's/#libvirtd_opts=""/libvirtd_opts="-l"/g' /etc/default/libvirtd
# sudo sed -i 's/#listen_tls/listen_tls/g' /etc/libvirt/libvirtd.conf
# sudo sed -i 's/#listen_tcp/listen_tcp/g' /etc/libvirt/libvirtd.conf
# sudo sed -i 's/#listen_addr = "192.168.0.1"/listen_addr = "127.0.0.1"/g' /etc/libvirt/libvirtd.conf
# sudo sed -i 's/#auth_tcp/auth_tcp/g' /etc/libvirt/libvirtd.conf
# sudo sed -i 's/#vnc_listen/vnc_listen/g' /etc/libvirt/qemu.conf //--> the setting is not changed, VNC accepts connections at 127.0.0.1 (not at 0.0.0.0).
sudo wget -O /usr/local/bin/gstfsd https://raw.githubusercontent.com/retspen/webvirtcloud/master/conf/daemon/gstfsd
sudo vi /usr/local/bin/gstfsd
#---------------------------------------------
PORT = 16510
# ADDRESS = "0.0.0.0"
ADDRESS = "127.0.0.1"
#---------------------------------------------
sudo chmod +x /usr/local/bin/gstfsd
sudo wget -O /etc/supervisor/conf.d/gstfsd.conf https://raw.githubusercontent.com/retspen/webvirtcloud/master/conf/supervisor/gstfsd.conf
sudo vi /etc/iptables.rules
#---------------------------------------------
# ...
-A INPUT -i virbr0 -p tcp -s 10.0.0.4 -m tcp --dport 80 -j ACCEPT
-A INPUT -i virbr0 -p tcp -s 10.0.0.4 -m tcp --dport 6080 -j ACCEPT
# ...
#---------------------------------------------
sudo reboot
sudo supervisorctl status
gstfsd RUNNING pid 24683, uptime 2:21:55
novncd RUNNING pid 24682, uptime 2:21:55
webvirtcloud RUNNING pid 24681, uptime 2:21:55
Hi, do you install webvirtcloud on hypervisor host or different machine(vm or baremetal)?
Sasl does not related with vnc. It related with libvirt connection. It is an option not a must.
Vm instances use 5900-59xx ports. They should be reached if webvirtcloud on different machine other than hypervisor.
Hi! Webvirtcloud is installed on the hypervisor host.
I'll try to set a password to access the VNC console. Maybe that's why it doesn't work. Or maybe novnc requires https. Certificates have not been generated yet. I'm going to give it a go.
You should try it with vnc to see if it is accessible. (Tigervnc or equivalent) Novnc does not require https. It can work with http
The problem with noVNC was solved only after I applied these patches:
https://github.com/mplx/docker-webvirtcloud/blob/master/01-wsproxy.patch
https://github.com/retspen/webvirtcloud/issues/126#issuecomment-394981688
In other words, it works when the requests from the browser are proxied through nginx, and do not go directly to port 6080.
Hi,
I got the same problem after a fresh install on debian buster.
supervisorctl status
gstfsd RUNNING pid 791, uptime 0:00:57
novncd RUNNING pid 790, uptime 0:00:57
webvirtcloud RUNNING pid 789, uptime 0:00:57
is running fine.
The VNC Server is also running on Port 5900 and I can connect to it directly from 127.0.0.1 as well as from my local network.
I already rund webvirtcloud on three other boxes for a couple of months and had never these problems.... Though this time, its a real 'minimal' debian buster installation, so fewer packages than usual are installed - but I don't know it thats the source of the problem since all dependencies are met.
The worst thing is, when clicking on console and the novnc window pops up, the only log entry I find is the nginx access log entry, nothing else.
Even tcpdump shows only some connections over port 8000 which are even answered!
20:40:27.056476 IP 127.0.0.1.44438 > 127.0.0.1.8000: Flags [.], ack 273, win 510, options [nop,nop,TS val 1110387263 ecr 1110387263], length 0 20:40:27.056545 IP 127.0.0.1.8000 > 127.0.0.1.44438: Flags [P.], seq 273:18871, ack 801, win 512, options [nop,nop,TS val 1110387263 ecr 1110387263], length 18598 20:40:27.056734 IP 127.0.0.1.44438 > 127.0.0.1.8000: Flags [F.], seq 801, ack 18871, win 512, options [nop,nop,TS val 1110387263 ecr 1110387263], length 0 20:40:27.057362 IP 127.0.0.1.8000 > 127.0.0.1.44438: Flags [F.], seq 18871, ack 802, win 512, options [nop,nop,TS val 1110387264 ecr 1110387263], length 0 20:40:27.057377 IP 127.0.0.1.44438 > 127.0.0.1.8000: Flags [.], ack 18872, win 512, options [nop,nop,TS val 1110387264 ecr 1110387264], length 0 20:40:29.285988 IP 127.0.0.1.44440 > 127.0.0.1.8000: Flags [S], seq 4265248017, win 65495, options [mss 65495,sackOK,TS val 1110389492 ecr 0,nop,wscale 7], length 0 20:40:29.286009 IP 127.0.0.1.8000 > 127.0.0.1.44440: Flags [S.], seq 2445331821, ack 4265248018, win 65483, options [mss 65495,sackOK,TS val 1110389493 ecr 1110389492,nop,wscale 7], length 0 20:40:29.286028 IP 127.0.0.1.44440 > 127.0.0.1.8000: Flags [.], ack 1, win 512, options [nop,nop,TS val 1110389493 ecr 1110389493], length 0 20:40:29.293393 IP 127.0.0.1.8000 > 127.0.0.1.44440: Flags [P.], seq 1:195, ack 694, win 512, options [nop,nop,TS val 1110389500 ecr 1110389493], length 194 20:40:29.293410 IP 127.0.0.1.44440 > 127.0.0.1.8000: Flags [.], ack 195, win 511, options [nop,nop,TS val 1110389500 ecr 1110389500], length 0 20:40:29.293447 IP 127.0.0.1.8000 > 127.0.0.1.44440: Flags [P.], seq 195:208, ack 694, win 512, options [nop,nop,TS val 1110389500 ecr 1110389500], length 13 20:40:29.293456 IP 127.0.0.1.44440 > 127.0.0.1.8000: Flags [.], ack 208, win 511, options [nop,nop,TS val 1110389500 ecr 1110389500], length 0 20:40:29.293544 IP 127.0.0.1.44440 > 127.0.0.1.8000: Flags [F.], seq 694, ack 208, win 512, options [nop,nop,TS val 1110389500 ecr 1110389500], length 0 20:40:29.294252 IP 127.0.0.1.8000 > 127.0.0.1.44440: Flags [F.], seq 208, ack 695, win 512, options [nop,nop,TS val 1110389501 ecr 1110389500], length 0 20:40:29.294277 IP 127.0.0.1.44440 > 127.0.0.1.8000: Flags [.], ack 209, win 512, options [nop,nop,TS val 1110389501 ecr 1110389501], length 0 ^C 30 packets captured 72 packets received by filter
Any advice?
Thanks a lot!
Cheers,
P.S.: just figured out, when I change vnc to spice I get an error 'WebSocket error: Can't connect to websocket on URL: ws://192.168.64.35/websockify'
@4920441 hi, i installed a debian10 host and try webvirtcloud with local install and docker install. And i installed a centos host. It works with centos host but not with debian10 host. I do not understand root cause but i will look forward it. Something broken on debian 10
ps: if you do not use reverse proxy. please change WS_PUBLIC_HOST in settings.py to 6080
After uncountable debugging it seems it has to do with nginx is not forwarding anything to Port 6080. I traced it with logs and tcpdump....
The Patchfile did not work for me out of the box (don't know why, threw a lot of unmatched errors, so I searched and replaced it manually.... in the appropriate files.
https://github.com/mplx/docker-webvirtcloud/blob/master/01-wsproxy.patch
Dont know why that is, but now it works..... maybe the type how the links are generated is not compatible any more with the nginx release distributed in debian or what not....
novncd is a killer feature, that cannot be broken or the whole project is broken :-(
Maybe my information helps to fix it in an upcoming commit.
BTW: I would like a debian package, did anyone invest some work in that? Since nearly all packages are already in debian the work on dependencies shouldn't be too much....
docker pull suisrc/webvirtcloud:0.0.2, 部署过程中,配置文件和console的html文件有点兼容问题,我在这个docker镜像中解决了一下
After uncountable debugging it seems it has to do with nginx is not forwarding anything to Port 6080. I traced it with logs and tcpdump....
The Patchfile did not work for me out of the box (don't know why, threw a lot of unmatched errors, so I searched and replaced it manually.... in the appropriate files.
https://github.com/mplx/docker-webvirtcloud/blob/master/01-wsproxy.patch
Dont know why that is, but now it works..... maybe the type how the links are generated is not compatible any more with the nginx release distributed in debian or what not....
novncd is a killer feature, that cannot be broken or the whole project is broken :-(
Maybe my information helps to fix it in an upcoming commit.
BTW: I would like a debian package, did anyone invest some work in that? Since nearly all packages are already in debian the work on dependencies shouldn't be too much....
Hey thanks! I faced the same problem. According the patch file, I found the reason. Thanks!
noVNC doesn't work
CentOS Linux release 7.6.1810 As follows:
Something went wrong,connection is closed