Bug 1608291

Summary: [RFE] Should be able to change the Port number of NoVnc
Product: Red Hat Enterprise Virtualization Manager Reporter: Kumar Mashalkar <kmashalk>
Component: ovirt-engineAssignee: Ryan Barry <rbarry>
Status: CLOSED ERRATA QA Contact: Liran Rotenberg <lrotenbe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.2.4CC: lsurette, mavital, michal.skrivanek, Rhev-m-bugs, srevivo, tburke, vrulev
Target Milestone: ovirt-4.3.0Keywords: FutureFeature, ZStream
Target Release: 4.3.0Flags: mavital: testing_plan_complete+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-4.3.0_alpha Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1625171 (view as bug list) Environment:
Last Closed: 2019-05-08 12:38:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1625171    

Description Kumar Mashalkar 2018-07-25 09:18:19 UTC 
Description of problem: 
User should be able to change the port number of NoVnc.

As per one of the customer, using port 6100 is not feasible due to their environment Network restrictions.

Version-Release number of selected component (if applicable):
RHV 4.2
Comment 1 Kumar Mashalkar 2018-07-25 09:22:33 UTC 
As a workaround, We have provided below steps to change the port number.

1) engine-config -s WebSocketProxy=<FQDN>:<PORT>

2) Edit /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
Change PROXY_PORT=6100 to your desired PORT number.
PROXY_PORT=<PORT>

3) Edit /usr/share/ovirt-engine/engine.ear/services.war/novnc-main.jsp
Search and Change Port number 6100 to your desired port number.
Most probably, You should find it on line 214 as below:
~~~
var url = new URL('wss://' + getHost() + ':6100/' + path);
~~~

4) Allow port 6200 in firewalld
Edit /etc/firewalld/services/ovirt-websocket-proxy.xml
Change the port 6100 to your desired port
  <port protocol="tcp" port="<PORT>"/>

Once added, reload the firewalld
# firewall-cmd --reload

5) Once above changes are made successfully, restart below services:
# systemctl restart ovirt-engine
# systemctl restart ovirt-websocket-proxy

6) Need to re-import the certificates when you open the noVNC console of the VM.

Need a simple way to change the port number for end user customer. Specially editing /usr/share/ovirt-engine/engine.ear/services.war/novnc-main.jsp is not feasible.
Comment 2 Michal Skrivanek 2018-07-26 04:49:54 UTC 
Should be a trivial change to eliminate step 3. The rest would remain, should be ok as a kbase
Comment 3 Liran Rotenberg 2018-08-26 13:21:47 UTC 
Verified on:
ovirt-engine-4.2.6.4-0.0.master.20180823141941.gitb3a5b18.el7.noarch
ovirt-engine-websocket-proxy-4.2.6.4-0.0.master.20180823141941.gitb3a5b18.el7.noarch
ovirt-engine-setup-plugin-websocket-proxy-4.2.6.4-0.0.master.20180823141941.gitb3a5b18.el7.noarch

Steps:
1. Connect to the engine via SSH.
2. Run:
# engine-config -s WebSocketProxy=<FQDN>:<PORT>
where FQDN is the engine FQDN and PORT is the new desired port.
-Verify the change by running:
# engine-config -g WebSocketProxy
WebSocketProxy: <FQDN>:<PORT> version: general

3. Edit /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf 
Change PROXY_PORT=6100 to your desired PORT number. PROXY_PORT=<PORT>

4. Edit /etc/firewalld/services/ovirt-websocket-proxy.xml 
Change the port 6100 to your desired port <port protocol="tcp" port="<PORT>"/>

4a. Run:
# firewall-cmd --reload

5. Run:
# systemctl restart ovirt-engine
# systemctl restart ovirt-websocket-proxy

6. Verify listening port:
Run:
# lsof -u ovirt -Pnc '/^.*python.*proxy/' | egrep 'IP.*LISTEN'
ovirt-web  4755 ovirt    4u     IPv4            5083008       0t0      TCP *:<PORT> (LISTEN)

# netstat -plnt | grep ':<PORT>'
tcp        0      0 0.0.0.0:<PORT>            0.0.0.0:*               LISTEN      4755/python         

7. Create a new VM, Console set to noVNC.
8. Start the VM.
9. Open console to the VM.

Results:
The new port is set correctly, and the noVNC console works on the new port.
The web url is change by the port:
https://<FQDN>/ovirt-engine/services/novnc-main.jsp?host=<FQDN>&port=<PORT>&title=<VM NAME>%20-%20noVNC

Additional note:
For noVNC before invoking the noVNC console the user need to confirm certificate.
Can be done with: https://<FQDN>/ovirt-engine/
Click on CA Certificate under Downloads and confirm.
Comment 4 RHV bug bot 2018-08-28 18:32:52 UTC 
WARN: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:

[Found non-acked flags: '{'rhevm-4.2.z': '?'}', ]

For more info please contact: rhv-devops: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:

[Found non-acked flags: '{'rhevm-4.2.z': '?'}', ]

For more info please contact: rhv-devops
Comment 5 Raz Tamir 2018-08-28 20:30:08 UTC 
QE verification bot: the bug was verified upstream
Comment 7 Ryan Barry 2018-11-13 13:48:36 UTC 
*** Bug 1463277 has been marked as a duplicate of this bug. ***
Comment 9 errata-xmlrpc 2019-05-08 12:38:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:1085