Search

E.3. Websocket Proxy

download PDF

E.3.1. Websocket Proxy Overview

The websocket proxy allows users to connect to virtual machines via a noVNC console.

The websocket proxy can be installed and configured on the Red Hat Virtualization Manager machine during the initial configuration (see Configuring the Red Hat Virtualization Manager), or on a separate machine (see Installing a Websocket Proxy on a Separate Machine).

The websocket proxy can also be migrated from the Manager machine to a separate machine. See Section E.3.2, “Migrating the Websocket Proxy to a Separate Machine”.

E.3.2. Migrating the Websocket Proxy to a Separate Machine

Important

The websocket proxy and noVNC are Technology Preview features only. Technology Preview features are not supported with Red Hat production service-level agreements (SLAs) and might not be functionally complete, and Red Hat does not recommend using them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information see Red Hat Technology Preview Features Support Scope.

For security or performance reasons the websocket proxy can run on a separate machine that does not run the Red Hat Virtualization Manager. The procedure to migrate the websocket proxy from the Manager machine to a separate machine involves removing the websocket proxy configuration from the Manager machine, then installing the proxy on the separate machine.

The engine-cleanup command can be used to remove the websocket proxy from the Manager machine:

Removing the Websocket Proxy from the Manager machine
  1. On the Manager machine, run engine-cleanup to remove the required configuration.

    # engine-cleanup
  2. Type No when asked to remove all components and press Enter.

    Do you want to remove all components? (Yes, No) [Yes]: No
  3. Type No when asked to remove the engine and press Enter.

    Do you want to remove the engine? (Yes, No) [Yes]: No
  4. Type Yes when asked to remove the websocket proxy and press Enter.

    Do you want to remove the WebSocket proxy? (Yes, No) [No]: Yes

    Select No if asked to remove any other components.

Installing a Websocket Proxy on a Separate Machine
Important

The websocket proxy and noVNC are Technology Preview features only. Technology Preview features are not supported with Red Hat production service-level agreements (SLAs) and might not be functionally complete, and Red Hat does not recommend using them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information see Red Hat Technology Preview Features Support Scope.

The websocket proxy allows users to connect to virtual machines through a noVNC console. The noVNC client uses websockets to pass VNC data. However, the VNC server in QEMU does not provide websocket support, so a websocket proxy must be placed between the client and the VNC server. The proxy can run on any machine that has access to the network, including the the Manager machine.

For security and performance reasons, users may want to configure the websocket proxy on a separate machine.

Procedure

  1. Install the websocket proxy:

    # yum install ovirt-engine-websocket-proxy
  2. Run the engine-setup command to configure the websocket proxy.

    # engine-setup
    Note

    If the rhvm package has also been installed, choose No when asked to configure the Manager (Engine) on this host.

  3. Press Enter to allow engine-setup to configure a websocket proxy server on the machine.

    Configure WebSocket Proxy on this machine? (Yes, No) [Yes]:
  4. Press Enter to accept the automatically detected host name, or enter an alternative host name and press Enter. Note that the automatically detected host name may be incorrect if you are using virtual hosts:

    Host fully qualified DNS name of this server [host.example.com]:
  5. Press Enter to allow engine-setup to configure the firewall and open the ports required for external communication. If you do not allow engine-setup to modify your firewall configuration, then you must manually open the required ports.

    Setup can automatically configure the firewall on this system.
    Note: automatic configuration of the firewall may overwrite current settings.
    Do you want Setup to configure the firewall? (Yes, No) [Yes]:
  6. Enter the FQDN of the Manager machine and press Enter.

    Host fully qualified DNS name of the engine server []: manager.example.com
  7. Press Enter to allow engine-setup to perform actions on the Manager machine, or press 2 to manually perform the actions.

    Setup will need to do some actions on the remote engine server. Either automatically, using ssh as root to access it, or you will be prompted to manually perform each such action.
    Please choose one of the following:
    1 - Access remote engine server using ssh as root
    2 - Perform each action manually, use files to copy content around
    (1, 2) [1]:
    1. Press Enter to accept the default SSH port number, or enter the port number of the Manager machine.

      ssh port on remote engine server [22]:
    2. Enter the root password to log in to the Manager machine and press Enter.

      root password on remote engine server engine_host.example.com:
  8. Select whether to review iptables rules if they differ from the current settings.

    Generated iptables rules are different from current ones.
    Do you want to review them? (Yes, No) [No]:
  9. Press Enter to confirm the configuration settings.

    --== CONFIGURATION PREVIEW ==--
    
    Firewall manager                        : iptables
    Update Firewall                         : True
    Host FQDN                               : host.example.com
    Configure WebSocket Proxy               : True
    Engine Host FQDN                        : engine_host.example.com
    
    Please confirm installation settings (OK, Cancel) [OK]:

    Instructions are provided to configure the Manager machine to use the configured websocket proxy.

    Manual actions are required on the engine host
    in order to enroll certs for this host and configure the engine about it.
    
    Please execute this command on the engine host:
       engine-config -s WebSocketProxy=host.example.com:6100
    and than restart the engine service to make it effective
  10. Log in to the Manager machine and execute the provided instructions.

    # engine-config -s WebSocketProxy=host.example.com:6100
    # systemctl restart ovirt-engine.service
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.