Horizon console fails to connect when TLS everywhere is enabled

Solution Verified - Updated -

Issue

  • When trying to access the console with TLS everywhere enabled we are getting a 1006 error in the console and in the nova-novncproxy.log it states that the handshake failed:
2019-05-29 13:27:36.150 55 INFO nova.console.websocketproxy [-] 10.10.10.10 - - [29/May/2019 13:27:36] 10.10.10.10: Path: '/websockify?token=c24dc66f-8ad4-4186-ac88-5ea4a0b44c50'
2019-05-29 13:27:36.155 55 WARNING oslo_config.cfg [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -] Option "rabbit_port" from group "oslo_messaging_rabbit" is deprecated for removal (Replaced by [DEFAULT]/transport_url).  Its value may be silently ignored in the future.
2019-05-29 13:27:36.156 55 WARNING oslo_config.cfg [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -] Option "rabbit_userid" from group "oslo_messaging_rabbit" is deprecated for removal (Replaced by [DEFAULT]/transport_url).  Its value may be silently ignored in the future.
2019-05-29 13:27:36.156 55 WARNING oslo_config.cfg [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -] Option "rabbit_password" from group "oslo_messaging_rabbit" is deprecated for removal (Replaced by [DEFAULT]/transport_url).  Its value may be silently ignored in the future.
2019-05-29 13:27:36.455 55 INFO nova.console.websocketproxy [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -]   4: connect info: {u'instance_uuid': u'b33bbaa5-9044-483f-887e-2cbf17d28630', u'internal_access_path': None, u'last_activity_at': 1559136455.572782, u'console_type': u'novnc', u'host': u'10.10.10.11', u'token': u'c24dc66f-8ad4-4186-ac88-5ea4a0b44c50', u'access_url': u'https://public_url:13080/vnc_auto.html?token=c24dc66f-8ad4-4186-ac88-5ea4a0b44c50', u'port': u'5904'}
2019-05-29 13:27:36.456 55 INFO nova.console.websocketproxy [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -]   4: connecting to: 10.10.10.11:5904
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -] Unable to perform security proxying, shutting down connection: SecurityProxyNegotiationFailed: Failed to negotiate security type with server: Auth handshake failed
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy Traceback (most recent call last):
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy   File "/usr/lib/python2.7/site-packages/nova/console/websocketproxy.py", line 215, in new_websocket_client
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy     tsock = self.server.security_proxy.connect(tenant_sock, tsock)
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy   File "/usr/lib/python2.7/site-packages/nova/console/securityproxy/rfb.py", line 192, in connect
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy     reason=_("Auth handshake failed"))
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy SecurityProxyNegotiationFailed: Failed to negotiate security type with server: Auth handshake failed
2019-05-29 13:27:36.475 55 ERROR nova.console.websocketproxy
2019-05-29 13:27:36.477 55 INFO nova.console.websocketproxy [req-114edc96-7e5e-4f01-b1c6-569249727861 - - - - -] handler exception: Failed to negotiate security type with server: Auth handshake failed

Environment

  • Red Hat OpenStack Platform 13.0 (RHOSP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In