Horizon console fails to connect when TLS everywhere is enabled

Solution Verified - Updated -

Issue

  • When trying to access the console with TLS everywhere enabled we are getting a 1006 error in the console and in the nova-novncproxy.log it states that the handshake failed:
2019-05-29 13:27:36.150 55 INFO nova.console.websocketproxy [-] 10.10.10.10 - - [29/May/2019 13:27:36] 10.10.10.10: Path: '/websockify?token=c24dc66f-8ad4-4186-ac88-5ea4a0b44c50'
2019-05-29 13:27:36.155 55 WARNING oslo_config.cfg [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -] Option "rabbit_port" from group "oslo_messaging_rabbit" is deprecated for removal (Replaced by [DEFAULT]/transport_url).  Its value may be silently ignored in the future.
2019-05-29 13:27:36.156 55 WARNING oslo_config.cfg [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -] Option "rabbit_userid" from group "oslo_messaging_rabbit" is deprecated for removal (Replaced by [DEFAULT]/transport_url).  Its value may be silently ignored in the future.
2019-05-29 13:27:36.156 55 WARNING oslo_config.cfg [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -] Option "rabbit_password" from group "oslo_messaging_rabbit" is deprecated for removal (Replaced by [DEFAULT]/transport_url).  Its value may be silently ignored in the future.
2019-05-29 13:27:36.455 55 INFO nova.console.websocketproxy [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -]   4: connect info: {u'instance_uuid': u'b33bbaa5-9044-483f-887e-2cbf17d28630', u'internal_access_path': None, u'last_activity_at': 1559136455.572782, u'console_type': u'novnc', u'host': u'10.10.10.11', u'token': u'c24dc66f-8ad4-4186-ac88-5ea4a0b44c50', u'access_url': u'https://public_url:13080/vnc_auto.html?token=c24dc66f-8ad4-4186-ac88-5ea4a0b44c50', u'port': u'5904'}
2019-05-29 13:27:36.456 55 INFO nova.console.websocketproxy [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -]   4: connecting to: 10.10.10.11:5904
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -] Unable to perform security proxying, shutting down connection: SecurityProxyNegotiationFailed: Failed to negotiate security type with server: Auth handshake failed
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy Traceback (most recent call last):
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy   File "/usr/lib/python2.7/site-packages/nova/console/websocketproxy.py", line 215, in new_websocket_client
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy     tsock = self.server.security_proxy.connect(tenant_sock, tsock)
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy   File "/usr/lib/python2.7/site-packages/nova/console/securityproxy/rfb.py", line 192, in connect
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy     reason=_("Auth handshake failed"))
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy SecurityProxyNegotiationFailed: Failed to negotiate security type with server: Auth handshake failed
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy
2019-05-29 13:27:36.477 55 INFO nova.console.websocketproxy [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -] handler exception: Failed to negotiate security type with server: Auth handshake failed

Environment

  • Red Hat OpenStack Platform 13.0 (RHOSP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content