Bug 1625171

Summary: [downstream clone - 4.2.6] [RFE] Should be able to change the Port number of NoVnc
Product: Red Hat Enterprise Virtualization Manager Reporter: RHV bug bot <rhv-bugzilla-bot>
Component: ovirt-engineAssignee: Ryan Barry <rbarry>
Status: CLOSED ERRATA QA Contact: Liran Rotenberg <lrotenbe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.2.4CC: dfodor, eheftman, lsurette, mavital, michal.skrivanek, Rhev-m-bugs, srevivo, tburke, ylavi
Target Milestone: ovirt-4.2.6Keywords: FutureFeature, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1608291 Environment:
Last Closed: 2018-09-04 13:41:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Virt RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1608291    
Bug Blocks:    

Description RHV bug bot 2018-09-04 10:18:30 UTC 
+++ This bug is a downstream clone. The original bug is: +++
+++   bug 1608291 +++
======================================================================

Description of problem: 
User should be able to change the port number of NoVnc.

As per one of the customer, using port 6100 is not feasible due to their environment Network restrictions.

Version-Release number of selected component (if applicable):
RHV 4.2

(Originally by Kumar Mashalkar)
Comment 1 RHV bug bot 2018-09-04 10:18:37 UTC 
As a workaround, We have provided below steps to change the port number.

1) engine-config -s WebSocketProxy=<FQDN>:<PORT>

2) Edit /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf
Change PROXY_PORT=6100 to your desired PORT number.
PROXY_PORT=<PORT>

3) Edit /usr/share/ovirt-engine/engine.ear/services.war/novnc-main.jsp
Search and Change Port number 6100 to your desired port number.
Most probably, You should find it on line 214 as below:
~~~
var url = new URL('wss://' + getHost() + ':6100/' + path);
~~~

4) Allow port 6200 in firewalld
Edit /etc/firewalld/services/ovirt-websocket-proxy.xml
Change the port 6100 to your desired port
  <port protocol="tcp" port="<PORT>"/>

Once added, reload the firewalld
# firewall-cmd --reload

5) Once above changes are made successfully, restart below services:
# systemctl restart ovirt-engine
# systemctl restart ovirt-websocket-proxy

6) Need to re-import the certificates when you open the noVNC console of the VM.

Need a simple way to change the port number for end user customer. Specially editing /usr/share/ovirt-engine/engine.ear/services.war/novnc-main.jsp is not feasible.

(Originally by Kumar Mashalkar)
Comment 3 RHV bug bot 2018-09-04 10:18:41 UTC 
Should be a trivial change to eliminate step 3. The rest would remain, should be ok as a kbase

(Originally by michal.skrivanek)
Comment 4 RHV bug bot 2018-09-04 10:18:47 UTC 
Verified on:
ovirt-engine-4.2.6.4-0.0.master.20180823141941.gitb3a5b18.el7.noarch
ovirt-engine-websocket-proxy-4.2.6.4-0.0.master.20180823141941.gitb3a5b18.el7.noarch
ovirt-engine-setup-plugin-websocket-proxy-4.2.6.4-0.0.master.20180823141941.gitb3a5b18.el7.noarch

Steps:
1. Connect to the engine via SSH.
2. Run:
# engine-config -s WebSocketProxy=<FQDN>:<PORT>
where FQDN is the engine FQDN and PORT is the new desired port.
-Verify the change by running:
# engine-config -g WebSocketProxy
WebSocketProxy: <FQDN>:<PORT> version: general

3. Edit /etc/ovirt-engine/ovirt-websocket-proxy.conf.d/10-setup.conf 
Change PROXY_PORT=6100 to your desired PORT number. PROXY_PORT=<PORT>

4. Edit /etc/firewalld/services/ovirt-websocket-proxy.xml 
Change the port 6100 to your desired port <port protocol="tcp" port="<PORT>"/>

4a. Run:
# firewall-cmd --reload

5. Run:
# systemctl restart ovirt-engine
# systemctl restart ovirt-websocket-proxy

6. Verify listening port:
Run:
# lsof -u ovirt -Pnc '/^.*python.*proxy/' | egrep 'IP.*LISTEN'
ovirt-web  4755 ovirt    4u     IPv4            5083008       0t0      TCP *:<PORT> (LISTEN)

# netstat -plnt | grep ':<PORT>'
tcp        0      0 0.0.0.0:<PORT>            0.0.0.0:*               LISTEN      4755/python         

7. Create a new VM, Console set to noVNC.
8. Start the VM.
9. Open console to the VM.

Results:
The new port is set correctly, and the noVNC console works on the new port.
The web url is change by the port:
https://<FQDN>/ovirt-engine/services/novnc-main.jsp?host=<FQDN>&port=<PORT>&title=<VM NAME>%20-%20noVNC

Additional note:
For noVNC before invoking the noVNC console the user need to confirm certificate.
Can be done with: https://<FQDN>/ovirt-engine/
Click on CA Certificate under Downloads and confirm.

(Originally by Liran Rotenberg)
Comment 5 RHV bug bot 2018-09-04 10:18:51 UTC 
WARN: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:

[Found non-acked flags: '{'rhevm-4.2.z': '?'}', ]

For more info please contact: rhv-devops: Bug status wasn't changed from MODIFIED to ON_QA due to the following reason:

[Found non-acked flags: '{'rhevm-4.2.z': '?'}', ]

For more info please contact: rhv-devops

(Originally by rhv-bugzilla-bot)
Comment 6 RHV bug bot 2018-09-04 10:18:55 UTC 
QE verification bot: the bug was verified upstream

(Originally by Raz Tamir)
Comment 7 Dusan Fodor 2018-09-04 10:29:51 UTC 
moving to verified as per clone original
Comment 9 errata-xmlrpc 2018-09-04 13:41:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2623