I'm trying to connect to a VM console in GWM. It works without a
password but when a VM is then setup to use a password
(vnc-cluster-password) the web interface stops at "Authentication OK".
The VNC auth proxy shows 'Failed security result!'. Looking at
protocol.py it appears to be able to authenticate a client but not able
to authenticate to the server.
myuser@myhost:/var/www/ganeti_webmgr$ grep VNC settings.py
VNC_PROXY = '
10.0.0.14:8888'
myuser@myhost:/var/www/ganeti_webmgr$ source venv/bin/activate
(venv)myuser@myhost:/var/www/ganeti_webmgr$ twistd
--pidfile=/tmp/proxy.pid -n vncap -c tcp:8888:interface=10.0.0.14
2014-03-28 20:03:58-0600 [-] Log opened.
2014-03-28 20:03:58-0600 [-] twistd 11.0.0
(/var/www/ganeti_webmgr/venv/bin/python 2.7.3) starting up.
2014-03-28 20:03:58-0600 [-] reactor class:
twisted.internet.selectreactor.SelectReactor.
2014-03-28 20:03:58-0600 [-] vncap.control.ControlFactory starting on 8888
2014-03-28 20:03:58-0600 [-] Starting factory
<vncap.control.ControlFactory instance at 0x2442dd0>
2014-03-28 20:04:00-0600 [ControlProtocol,0,10.0.0.14] Received line
{"daddr": "
myhost.mydomain.com", "dport": 11000, "password":
"BeX3PFsEhK0V", "ws": true, "tls": false}
2014-03-28 20:04:00-0600 [ControlProtocol,0,10.0.0.14]
txws.WebSocketFactory starting on 5800
2014-03-28 20:04:00-0600 [ControlProtocol,0,10.0.0.14] Starting factory
<vncap.vnc.factory.VNCProxy instance at 0x194cb48>
2014-03-28 20:04:00-0600 [ControlProtocol,0,10.0.0.14] Starting factory
<txws.WebSocketFactory instance at 0x194c758>
2014-03-28 20:04:00-0600 [ControlProtocol,0,10.0.0.14] New forwarder
(5800->
myhost.mydomain.com:11000)
2014-03-28 20:04:00-0600 [txws.WebSocketFactory] Starting factory
<twisted.internet.endpoints._WrappingFactory instance at 0x243fd40>
2014-03-28 20:04:00-0600 [txws.WebSocketFactory] Received incoming
connection
2014-03-28 20:04:00-0600 [WebSocketProtocol,0,10.0.0.80] Using WS
protocol base64!
2014-03-28 20:04:00-0600 [WebSocketProtocol,0,10.0.0.80] Starting RFC
6455 conversation
2014-03-28 20:04:00-0600 [Uninitialized] Preparing proxies for client
<vncap.vnc.protocol.VNCClientAuthenticator instance at 0x243da70> and
server <vncap.vnc.protocol.VNCServerAuthenticator instance at 0x243fef0>
2014-03-28 20:04:00-0600 [_WrappingProtocol,client] Server version RFB
003.008 is valid
2014-03-28 20:04:00-0600 [WebSocketProtocol,0,10.0.0.80] Client version
RFB 003.008 is valid
2014-03-28 20:04:00-0600 [_WrappingProtocol,client] Available
authentication methods: 0x2
2014-03-28 20:04:00-0600 [_WrappingProtocol,client] Choosing VNC
authentication...
2014-03-28 20:04:00-0600 [_WrappingProtocol,client] 'Failed security
result!'
2014-03-28 20:04:00-0600 [_WrappingProtocol,client] Stopping factory
<twisted.internet.endpoints._WrappingFactory instance at 0x243fd40>
2014-03-28 20:04:00-0600 [WebSocketProtocol,0,10.0.0.80] Doing VNC auth,
buf '\x91\xf7O\r\x85\xfc\xee\x0c\x9e+\x02\xec\x96\xaa\xc5\xff'
2014-03-28 20:04:00-0600 [WebSocketProtocol,0,10.0.0.80] Successfully
authenticated a client!
2014-03-28 20:04:00-0600 [WebSocketProtocol,0,10.0.0.80] Successfully
authenticated <vncap.vnc.protocol.VNCServerAuthenticator instance at
0x243fef0>!
2014-03-28 20:04:30-0600 [-] Timed out connection on port 5800
2014-03-28 20:04:30-0600 [-] (TCP Port 5800 Closed)
2014-03-28 20:04:30-0600 [-] Stopping factory
<vncap.vnc.factory.VNCProxy instance at 0x194cb48>
2014-03-28 20:04:30-0600 [-] Stopping factory <txws.WebSocketFactory
instance at 0x194c758>
This is all happening on a local network, no firewalls involved. I can
connect with a standard VNC client, no problem. I'm viewing GWM in
firefox 28.0.
By the way, is there another less intrusive way (as opposed to rebooting
the VM) to get a VNC password change to take effect for a VM?
I'd also like to know what needs to be done in order to support
functionality of the 'Encrypt' button, found on the VM Console page. I
added self generated keys/vncap.crt and keys/vncap.key files to
eliminate the file not found error given by VNC auth proxy but that
didn't seem to effect any change in behavior.
As a side note/possible bug: The Hypervisor settings on the VM Overview
page don't seem to always update. When I set a VNC password file (with
gnt-cluster modify), that change was not seen on the VM Overview page
unless another hypervisor setting is modified (like cdrom_image_path
with gnt-instance modify - perhaps the difference here is that it's an
instance-level change rather than a cluster-level defaults change) and
then a reboot is issued via the web interface (a command line reboot did
not seem to refresh the settings on the VM Overview page, whereas a web
interface reboot did but only after the additional hypervisor setting
change).
I followed the docs for a production apache/mysql install but haven't
done anything with caching. Could that be related to this side issue?
Any ideas?
Thanks.
--
Scott