E.3. Websocket Proxy
E.3.1. Websocket Proxy Overview
The websocket proxy allows users to connect to virtual machines via a noVNC console.
The websocket proxy can be installed and configured on the Red Hat Virtualization Manager machine during the initial configuration (see Configuring the Red Hat Virtualization Manager), or on a separate machine (see Installing a Websocket Proxy on a Separate Machine).
The websocket proxy can also be migrated from the Manager machine to a separate machine. See Section E.3.2, “Migrating the Websocket Proxy to a Separate Machine”.
E.3.2. Migrating the Websocket Proxy to a Separate Machine
The websocket proxy and noVNC are Technology Preview features only. Technology Preview features are not supported with Red Hat production service-level agreements (SLAs) and might not be functionally complete, and Red Hat does not recommend using them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information see Red Hat Technology Preview Features Support Scope.
For security or performance reasons the websocket proxy can run on a separate machine that does not run the Red Hat Virtualization Manager. The procedure to migrate the websocket proxy from the Manager machine to a separate machine involves removing the websocket proxy configuration from the Manager machine, then installing the proxy on the separate machine.
The engine-cleanup
command can be used to remove the websocket proxy from the Manager machine:
Removing the Websocket Proxy from the Manager machine
On the Manager machine, run
engine-cleanup
to remove the required configuration.# engine-cleanup
Type
No
when asked to remove all components and pressEnter
.Do you want to remove all components? (Yes, No) [Yes]: No
Type
No
when asked to remove the engine and pressEnter
.Do you want to remove the engine? (Yes, No) [Yes]: No
Type
Yes
when asked to remove the websocket proxy and pressEnter
.Do you want to remove the WebSocket proxy? (Yes, No) [No]: Yes
Select
No
if asked to remove any other components.
Installing a Websocket Proxy on a Separate Machine
The websocket proxy and noVNC are Technology Preview features only. Technology Preview features are not supported with Red Hat production service-level agreements (SLAs) and might not be functionally complete, and Red Hat does not recommend using them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information see Red Hat Technology Preview Features Support Scope.
The websocket proxy allows users to connect to virtual machines through a noVNC console. The noVNC client uses websockets to pass VNC data. However, the VNC server in QEMU does not provide websocket support, so a websocket proxy must be placed between the client and the VNC server. The proxy can run on any machine that has access to the network, including the the Manager machine.
For security and performance reasons, users may want to configure the websocket proxy on a separate machine.
Procedure
Install the websocket proxy:
# yum install ovirt-engine-websocket-proxy
Run the
engine-setup
command to configure the websocket proxy.# engine-setup
NoteIf the
rhvm
package has also been installed, chooseNo
when asked to configure the Manager (Engine
) on this host.Press
Enter
to allowengine-setup
to configure a websocket proxy server on the machine.Configure WebSocket Proxy on this machine? (Yes, No) [Yes]:
Press
Enter
to accept the automatically detected host name, or enter an alternative host name and pressEnter
. Note that the automatically detected host name may be incorrect if you are using virtual hosts:Host fully qualified DNS name of this server [host.example.com]:
Press
Enter
to allowengine-setup
to configure the firewall and open the ports required for external communication. If you do not allowengine-setup
to modify your firewall configuration, then you must manually open the required ports.Setup can automatically configure the firewall on this system. Note: automatic configuration of the firewall may overwrite current settings. Do you want Setup to configure the firewall? (Yes, No) [Yes]:
Enter the FQDN of the Manager machine and press
Enter
.Host fully qualified DNS name of the engine server []: manager.example.com
Press
Enter
to allowengine-setup
to perform actions on the Manager machine, or press2
to manually perform the actions.Setup will need to do some actions on the remote engine server. Either automatically, using ssh as root to access it, or you will be prompted to manually perform each such action. Please choose one of the following: 1 - Access remote engine server using ssh as root 2 - Perform each action manually, use files to copy content around (1, 2) [1]:
Press
Enter
to accept the default SSH port number, or enter the port number of the Manager machine.ssh port on remote engine server [22]:
Enter the root password to log in to the Manager machine and press
Enter
.root password on remote engine server engine_host.example.com:
Select whether to review iptables rules if they differ from the current settings.
Generated iptables rules are different from current ones. Do you want to review them? (Yes, No) [No]:
Press
Enter
to confirm the configuration settings.--== CONFIGURATION PREVIEW ==-- Firewall manager : iptables Update Firewall : True Host FQDN : host.example.com Configure WebSocket Proxy : True Engine Host FQDN : engine_host.example.com Please confirm installation settings (OK, Cancel) [OK]:
Instructions are provided to configure the Manager machine to use the configured websocket proxy.
Manual actions are required on the engine host in order to enroll certs for this host and configure the engine about it. Please execute this command on the engine host: engine-config -s WebSocketProxy=host.example.com:6100 and than restart the engine service to make it effective
Log in to the Manager machine and execute the provided instructions.
# engine-config -s WebSocketProxy=host.example.com:6100 # systemctl restart ovirt-engine.service