E.3. Websocket Proxy
E.3.1. Websocket Proxy Overview
The websocket proxy allows users to connect to virtual machines via a noVNC console.
The websocket proxy can be installed and configured on the Red Hat Virtualization Manager machine during the initial configuration (see Configuring the Red Hat Virtualization Manager), or on a separate machine (see Installing a Websocket Proxy on a Separate Machine).
The websocket proxy can also be migrated from the Manager machine to a separate machine. See Section E.3.2, “Migrating the Websocket Proxy to a Separate Machine”.
E.3.2. Migrating the Websocket Proxy to a Separate Machine
The websocket proxy and noVNC are Technology Preview features only. Technology Preview features are not supported with Red Hat production service-level agreements (SLAs) and might not be functionally complete, and Red Hat does not recommend using them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information see Red Hat Technology Preview Features Support Scope.
For security or performance reasons the websocket proxy can run on a separate machine that does not run the Red Hat Virtualization Manager. The procedure to migrate the websocket proxy from the Manager machine to a separate machine involves removing the websocket proxy configuration from the Manager machine, then installing the proxy on the separate machine.
The engine-cleanup
command can be used to remove the websocket proxy from the Manager machine:
Removing the Websocket Proxy from the Manager machine
On the Manager machine, run
engine-cleanup
to remove the required configuration.engine-cleanup
# engine-cleanup
Copy to Clipboard Copied! Type
No
when asked to remove all components and pressEnter
.Do you want to remove all components? (Yes, No) [Yes]: No
Do you want to remove all components? (Yes, No) [Yes]: No
Copy to Clipboard Copied! Type
No
when asked to remove the engine and pressEnter
.Do you want to remove the engine? (Yes, No) [Yes]: No
Do you want to remove the engine? (Yes, No) [Yes]: No
Copy to Clipboard Copied! Type
Yes
when asked to remove the websocket proxy and pressEnter
.Do you want to remove the WebSocket proxy? (Yes, No) [No]: Yes
Do you want to remove the WebSocket proxy? (Yes, No) [No]: Yes
Copy to Clipboard Copied! Select
No
if asked to remove any other components.
Installing a Websocket Proxy on a Separate Machine
The websocket proxy and noVNC are Technology Preview features only. Technology Preview features are not supported with Red Hat production service-level agreements (SLAs) and might not be functionally complete, and Red Hat does not recommend using them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information see Red Hat Technology Preview Features Support Scope.
The websocket proxy allows users to connect to virtual machines through a noVNC console. The noVNC client uses websockets to pass VNC data. However, the VNC server in QEMU does not provide websocket support, so a websocket proxy must be placed between the client and the VNC server. The proxy can run on any machine that has access to the network, including the the Manager machine.
For security and performance reasons, users may want to configure the websocket proxy on a separate machine.
Procedure
Install the websocket proxy:
yum install ovirt-engine-websocket-proxy
# yum install ovirt-engine-websocket-proxy
Copy to Clipboard Copied! Run the
engine-setup
command to configure the websocket proxy.engine-setup
# engine-setup
Copy to Clipboard Copied! NoteIf the
rhvm
package has also been installed, chooseNo
when asked to configure the Manager (Engine
) on this host.Press
Enter
to allowengine-setup
to configure a websocket proxy server on the machine.Configure WebSocket Proxy on this machine? (Yes, No) [Yes]:
Configure WebSocket Proxy on this machine? (Yes, No) [Yes]:
Copy to Clipboard Copied! Press
Enter
to accept the automatically detected host name, or enter an alternative host name and pressEnter
. Note that the automatically detected host name may be incorrect if you are using virtual hosts:Host fully qualified DNS name of this server [host.example.com]:
Host fully qualified DNS name of this server [host.example.com]:
Copy to Clipboard Copied! Press
Enter
to allowengine-setup
to configure the firewall and open the ports required for external communication. If you do not allowengine-setup
to modify your firewall configuration, then you must manually open the required ports.Setup can automatically configure the firewall on this system. Note: automatic configuration of the firewall may overwrite current settings. Do you want Setup to configure the firewall? (Yes, No) [Yes]:
Setup can automatically configure the firewall on this system. Note: automatic configuration of the firewall may overwrite current settings. Do you want Setup to configure the firewall? (Yes, No) [Yes]:
Copy to Clipboard Copied! Enter the FQDN of the Manager machine and press
Enter
.Host fully qualified DNS name of the engine server []: manager.example.com
Host fully qualified DNS name of the engine server []: manager.example.com
Copy to Clipboard Copied! Press
Enter
to allowengine-setup
to perform actions on the Manager machine, or press2
to manually perform the actions.Setup will need to do some actions on the remote engine server. Either automatically, using ssh as root to access it, or you will be prompted to manually perform each such action. Please choose one of the following: 1 - Access remote engine server using ssh as root 2 - Perform each action manually, use files to copy content around (1, 2) [1]:
Setup will need to do some actions on the remote engine server. Either automatically, using ssh as root to access it, or you will be prompted to manually perform each such action. Please choose one of the following: 1 - Access remote engine server using ssh as root 2 - Perform each action manually, use files to copy content around (1, 2) [1]:
Copy to Clipboard Copied! Press
Enter
to accept the default SSH port number, or enter the port number of the Manager machine.ssh port on remote engine server [22]:
ssh port on remote engine server [22]:
Copy to Clipboard Copied! Enter the root password to log in to the Manager machine and press
Enter
.root password on remote engine server engine_host.example.com:
root password on remote engine server engine_host.example.com:
Copy to Clipboard Copied!
Select whether to review iptables rules if they differ from the current settings.
Generated iptables rules are different from current ones. Do you want to review them? (Yes, No) [No]:
Generated iptables rules are different from current ones. Do you want to review them? (Yes, No) [No]:
Copy to Clipboard Copied! Press
Enter
to confirm the configuration settings.--== CONFIGURATION PREVIEW ==-- Firewall manager : iptables Update Firewall : True Host FQDN : host.example.com Configure WebSocket Proxy : True Engine Host FQDN : engine_host.example.com Please confirm installation settings (OK, Cancel) [OK]:
--== CONFIGURATION PREVIEW ==-- Firewall manager : iptables Update Firewall : True Host FQDN : host.example.com Configure WebSocket Proxy : True Engine Host FQDN : engine_host.example.com Please confirm installation settings (OK, Cancel) [OK]:
Copy to Clipboard Copied! Instructions are provided to configure the Manager machine to use the configured websocket proxy.
Manual actions are required on the engine host in order to enroll certs for this host and configure the engine about it. Please execute this command on the engine host: engine-config -s WebSocketProxy=host.example.com:6100 and than restart the engine service to make it effective
Manual actions are required on the engine host in order to enroll certs for this host and configure the engine about it. Please execute this command on the engine host: engine-config -s WebSocketProxy=host.example.com:6100 and than restart the engine service to make it effective
Copy to Clipboard Copied! Log in to the Manager machine and execute the provided instructions.
engine-config -s WebSocketProxy=host.example.com:6100 systemctl restart ovirt-engine.service
# engine-config -s WebSocketProxy=host.example.com:6100 # systemctl restart ovirt-engine.service
Copy to Clipboard Copied!