- Red Hat Enterprise Virtualization (RHEV) 3.3
- Client: browser-based SPICE-HTML5 or noVNC
- What is the websocket proxy in RHEV 3.3?
- What is the procedure to configure the Web Based(HTML5) console for Spice in RHEV 3.3?
Attempting to open up any console using noVNC produces the following error:
Server disconnected (code: 1006)
- For SPICE HTML5, a grey/blank console is observed in the browser.
- Is it possible to install and configure rhevm-websocket-proxy after doing the 3.2 -> 3.3 upgrade?
- The installation guide says "Make sure that the ovirt-engine-websocket-proxy package was installed prior to installing the engine, otherwise it won't be correctly configured." Does this mean that it can't be done, or just that it requires more configuration if doing it afterwards?
Important: This solution discusses one method of proxying the Spice console which allows users to connect to a SPICE console directly from their browser without additional software. Another method of proxying uses Squid.
Documentation is available in the RHEV 3.3 Installation Guide for configuring the websockets proxy.
Supportability: The SPICE-HTML5 and noVNC console features (provided by the WebSocket Proxy) is in "Tech Preview" status.
Additional requirements are listed in the RHEV-M 3.3 Release Notes:
On the engine host:
- The WebSocket proxy must be set up and running in the environment.
- The engine must be aware of the WebSocket proxy - use engine-config to set the WebSocketProxy option.
On the client:
- The client must have a browser with WebSocket and postMessage support.
- If SSL is enabled, the engine's Certificate Authority must be imported in the client browser.
Please note: Installation of the
rhevm-websocket-proxy is required *prior* to installing or updating to RHEV 3.3. During installation,
engine-setup will ask if it should configure the WebSocket Proxy. If the answer is "Yes" (the default) and the aforementioned package is installed on the engine host, no additional configuration is needed. A note indicating this is being added to the documentation in Red Hat Bug #1062795.
Custom WebSocket proxy configuration
One can deploy the WebSocket proxy on a system other than engine host as well. The default can be restored by:
engine-config -s WebSocketProxy=Engine:6100 service ovirt-engine restart
- A non-default configuration can use a custom host, e.g. WebSocketProxy=engine.example.com:6100
- Note: In the case of custom host or port, adjust the rhevm-websocket-proxy configuration accordingly and make sure the service runs.
- Verify that there are ca.crt certificates installed for the web browsers.
rhevm-websocket-proxyinstalled when the RHEV-M was upgraded or installed with RHEV 3.3?
ls /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf If the file is NOT there, enable WebSocketProxy by running engine-setup --otopi-environment="OVESETUP_CONFIG/websocketProxyConfig=bool:True"
WebSocketProxyvalue set in
rhevm-config? Default installs should look like below.
engine-config -g WebSocketProxy WebSocketProxy: Engine:6100 version: general
Is the that port open on the RHEV-M firewall?
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6100 -j ACCEPT
Is the service running and chkconfig'd on?
service ovirt-websocket-proxy start chkconfig ovirt-websocket-proxy on
Has the RHEV-M CA certificate been imported into the operating system keychain or the browser certificate store? Here's steps for Firefox, steps for Internet Explorer and (unsupported) steps for Google Chrome.
If the certificate was NOT imported browser will only show grey screen like this with no further warnings:
websocket proxycerts has correct
e.g. # openssl x509 -dates -subject -issuer -noout -in /etc/pki/ovirt-engine/certs/websocket-proxy.cer notBefore=Jun 4 04:48:48 2014 notAfter=May 10 04:48:48 2019 GMT subject= /C=US/O=localdomain/CN=rhevm.localdomain issuer= /C=US/O=localdomain/CN=rhevm.localdomain.64625
- If the
CNname is incorrect then refer Kbase-1289423 to regenerate websocket proxy certificate .
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.