Bug 1000049
| Summary: | RHEV installer should install and configure rhevm-websocket-proxy | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Andrew Cathrow <acathrow> |
| Component: | ovirt-engine-setup | Assignee: | Alon Bar-Lev <alonbl> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | sefi litmanovich <slitmano> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 3.3.0 | CC: | acathrow, alonbl, bazulay, fkobzik, iheim, jcall, michal.skrivanek, oschreib, pablo.iranzo, rbalakri, Rhev-m-bugs, yeylon, zdover |
| Target Milestone: | --- | ||
| Target Release: | 3.3.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | integration | ||
| Fixed In Version: | is16 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-21 22:16:44 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 976172 | ||
|
Description
Andrew Cathrow
2013-08-22 14:53:00 UTC
Michal, What do we need to do for Spice html? Was this bug opened after actual test? 1. If ovirt-engine-websocket-proxy is installed the user will be prompted for: Configure WebSocket Proxy on this machine? 2. This is not 'VNC' as the same service is also used for spice. 3. We do not prompt for port number and use default port 6100 4. Overriding this port can be done using answer file/configuration file or: engine-setup --otopi-environment="OVESETUP_CONFIG/websocketProxyPort=int:XXXX" 5. Service will be started and mark to start at boot. If you did not have ovirt-engine-websocket-proxy installed and you already setup product, you can always install it and re-run engine-setup, you will be prompted for configuration of newly installed component. --- Personally, I think we should install and configure this service as default for any engine setup. commit 045d1e7a9e42c8a91756e64ee5d314d9842a21d6
Author: Alon Bar-Lev <alonbl>
Date: Mon Jun 24 03:23:45 2013 +0300
packaging: setup: add websocket proxy configuration
configuration of websocket proxy on engine machine using setup.
1. enroll certificate.
2. enforce ssl.
3. enforce ticket validation.
Change-Id: I5d5fad4dc61d9c89c4165a74e9922eded483beac
Signed-off-by: Alon Bar-Lev <alonbl>
(In reply to Andrew Cathrow from comment #1) > Michal, > What do we need to do for Spice html? exactly the same as for novnc (In reply to Alon Bar-Lev from comment #2) > Was this bug opened after actual test? Of course. But since none of this is documented yet all that was seen was that the package wasn't installed. Running setup again isn't something anyone would know to do. > > engine-setup > --otopi-environment="OVESETUP_CONFIG/websocketProxyPort=int:XXXX" Let's make sure that all the (great) new setup options are documented. Arthur Berezin can work with the team to gather all the ino > > --- > > Personally, I think we should install and configure this service as default > for any engine setup. Yes. Let's not make the user hunt around. It sounds like we just have to add the package as a dependency of the meta package and then everything would happpen (like magic) yeah. except for the certificate. We should add it to the resource page...at least an information (In reply to Michal Skrivanek from comment #6) > yeah. except for the certificate. We should add it to the resource page...at > least an information The CA certificate for the end users? Will you be handling that or is that another BZ? (In reply to Andrew Cathrow from comment #5) > > Personally, I think we should install and configure this service as default > > for any engine setup. > > Yes. Let's not make the user hunt around. > It sounds like we just have to add the package as a dependency of the meta > package and then everything would happpen (like magic) If we add this as dependency we should not ask the question if user wants to configure, but just configure the component. User can always modify the configuration later. Default engine configuration will include the websocket proxy configured and started on the engine machine. No questions asked. Please ACK. The problem is following - you either use a true proper certificate, but then the configuration of websocket-proxy is entirely manual (editing conf files, pointing to the right cert files) - or we automatically on install generate a certificate signed by engine. But then you have to import that CA into the browser to be accepted. It's the same as for the regular https, but novnc and spice-html5 is considered a different thing and you have to confirm the exception (again)...but since we use jboss for serving client pages and the way it had to be done the popup doesn't show up so you wouldn't know what's wrong. Hence you need to import or confirm exception beforehand. (In reply to Michal Skrivanek from comment #9) > The problem is following - you either use a true proper certificate, but > then the configuration of websocket-proxy is entirely manual (editing conf > files, pointing to the right cert files) This is the same issue with engine certificate. Default installation should be simple, and use the internal CA. Certificate can be replaced at any time, just like in the engine case. The procedure should be part of the "Using 3rd party certificate". What we need is to make it simpler for the user to trust the internal CA certificate, this can be achieved by most browser a simple link to: http://enigne/ca.crt We can also try and use XMLHttpRequest to try and access the websocket proxy and see if we have an error or not. However, I do not think this discussion belongs to the request to configure the websocket proxy during setup. (In reply to Alon Bar-Lev from comment #8) > (In reply to Andrew Cathrow from comment #5) > > > Personally, I think we should install and configure this service as default > > > for any engine setup. > > > > Yes. Let's not make the user hunt around. > > It sounds like we just have to add the package as a dependency of the meta > > package and then everything would happpen (like magic) > > If we add this as dependency we should not ask the question if user wants to > configure, but just configure the component. > > User can always modify the configuration later. > > Default engine configuration will include the websocket proxy configured and > started on the engine machine. > > No questions asked. > > Please ACK. (In reply to Alon Bar-Lev from comment #11) ACK > Let's make sure that all the (great) new setup options are documented
> Arthur Berezin can work with the team to gather all the ino
I am the Docs contact for NoVNC and, by extension, rhevm-websocket-proxy. I am commenting here to let you guys know that I would like to document this as thoroughly as possible. Please get me the information for the new setup options.
Thanks in advance.
Zac
OK, I decided to leave the question if websocket proxy should be configured. If someone think we should remove it please reopen. Verified on rhevm 3.3 IS16. Closing - RHEV 3.3 Released Closing - RHEV 3.3 Released |