|Summary:||NoVNC with E2E encryption fails with Unsupported security types: 19|
|Product:||[oVirt] ovirt-engine||Reporter:||Liran Rotenberg <lrotenbe>|
|Component:||WebSocket Proxy||Assignee:||Tomasz Barański <tbaransk>|
|WebSocket Proxy sub component:||General||QA Contact:||Liran Rotenberg <lrotenbe>|
|Status:||CLOSED CURRENTRELEASE||Docs Contact:|
|Priority:||high||CC:||gshereme, lrotenbe, michal.skrivanek, nicolas, rbarry, tjelinek|
|Fixed In Version:||Doc Type:||No Doc Update|
|Doc Text:||Story Points:||---|
|Last Closed:||2019-02-13 07:43:01 UTC||Type:||Bug|
|oVirt Team:||Virt||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Liran Rotenberg 2018-12-13 17:23:42 UTC
Description of problem: When end to end encryption is enabled for VNC. Triggering NoVNC console results with: "Unsupported security types: 19". Version-Release number of selected component (if applicable): ovirt-engine-4.3.0-0.4.master.20181207184726.git7928cae.el7.noarch novnc-0.5.1-2.el7.noarch How reproducible: 100% Steps to Reproduce: Note: Steps 1-2 are if the VNC encryption isn't set) 1. Set the cluster with VNC encryption(Cluster->Enable VNC Encryption) 2. Reinstall the host to apply the changes 3. Verify the host with VNC encryption: # cat /etc/libvirt/qemu.conf | grep "vnc_tls = 1" Watch that it's not commented. 4. Run VM with VNC console 5. Check the VM is with VNC encryption: # ps -ef | grep qemu You should see: tls,x509 in it. 6. Start NoVNC console to the VM. Actual results: Console isn't open, Got the error: "Unsupported security types: 19". Expected results: Console open as usual. Additional info: This is regression caused by BZ: 1597085
Comment 1 Michal Skrivanek 2018-12-14 06:31:36 UTC
Comment 2 Tomasz Barański 2018-12-14 08:11:37 UTC
Initial investigation points to the engine rather than Python-based proxy.
Comment 3 Liran Rotenberg 2018-12-14 16:18:27 UTC
(In reply to Michal Skrivanek from comment #1) > python-websockify version? python-websockify-0.8.0-3.el7.noarch
Comment 4 Liran Rotenberg 2019-01-22 11:42:41 UTC
Verified on: ovirt-engine-4.3.0-0.8.master.20190120162615.git5926f20.el7.noarch novnc-0.5.1-2.el7.noarch python-websockify-0.8.0-3.el7.noarch Firefox 59.0.2 (64-bit) Steps: Note: Steps 1-2 are if the VNC encryption isn't set) 1. Set the cluster with VNC encryption(Cluster->Enable VNC Encryption) 2. Reinstall the host to apply the changes 3. Verify the host with VNC encryption: # cat /etc/libvirt/qemu.conf | grep "vnc_tls = 1" Watch that it's not commented. 4. Run VM with VNC console 5. Check the VM is with VNC encryption: # ps -ef | grep qemu You should see: tls,x509 in it. 6. Start NoVNC console to the VM. Result: Checked with firefox, NoVNC console is working. Tested by changed configuration in about:config, security.tls.version.min and security.tls.version.max, only TLS 1.0 didn't work. SSL 3.0, TLS 1.1, TLS 1.2 worked as expected in NoVNC.
Comment 5 Sandro Bonazzola 2019-02-13 07:43:01 UTC
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.