Bug 1278436 - WebUI:HTML5-Console: HMTL5 console not working in FF and IE, partially working in Chrome
WebUI:HTML5-Console: HMTL5 console not working in FF and IE, partially workin...
Status: CLOSED WORKSFORME
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: UI - OPS (Show other bugs)
5.5.0
Unspecified Unspecified
high Severity high
: GA
: 5.5.0
Assigned To: Martin Povolny
Dave Johnson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-05 08:29 EST by Ramesh A
Modified: 2015-11-11 15:38 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-11-09 05:57:58 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
case-2.png (51.17 KB, image/png)
2015-11-05 08:33 EST, Ramesh A
no flags Details
case-1.png (17.29 KB, image/png)
2015-11-05 08:34 EST, Ramesh A
no flags Details

  None (edit)
Description Ramesh A 2015-11-05 08:29:34 EST
Description of problem:
HMTL5 console not working in FF and IE, partially working in Chrome

Version-Release number of selected component (if applicable):
5.5.0.9-beta2.20151102161742_5530c9a

How reproducible:
100%

Steps to Reproduce:
1. Open html5 console from different browsers(IE, FF, Chrome) on different platforms (rhel7, rhel6, fedora22, win7)


Actual results:
Case-1:
======
When Firewall is disabled (as port 5900:5999 is not enabled in the current build BZ#1278432), "Failed to connect to server (code: 1006)" is observed in all the browsers across all the platforms.
Refer to case-1.png for more details

Case-2:
========
When ports are enabled, Chrome seems to work (most of the times), but FF and IE shows "noVNC ready: native WebSockets, canvas rendering" in the WebUI with no console.
Refer to case-2.png for more details

Note:
=====
No error messages recorded in evm.log and production.log files so far

Expected results:
Should be able to successfully display html5 consoles

Additional info:
Comment 2 Ramesh A 2015-11-05 08:33 EST
Created attachment 1090088 [details]
case-2.png
Comment 3 Ramesh A 2015-11-05 08:34 EST
Created attachment 1090089 [details]
case-1.png
Comment 4 Martin Povolny 2015-11-05 11:22:57 EST
Ramesh, in one of the screenshots it is clear that the SSL it not properly configured. I can see the crossed over red icon in the corner.

In the 2nd screenshot I cannot see an icon indicating SSL status.

As I have said like a 100 times, correct SSL configuration is a pre-requisite for the consoles to work properly.

Can you, please, make sure, that you have your SSL configured properly?

I have not successfully tested VNC consoles with Chrome and Firefox, surely can do the same again with IE too.

TO spees things up, please, attach to this BZ the certificates you created
   * CA certificate that you improted in your browser, 
   * the server certificate and 
   * the secret key that you uploaded to the appliance 

please, send me the IP address of your appliance and also write down the names of the VMs that you succesfully connected to and those where you where not successfull

I know there are some firewall setup rules that are needed to do on the hypervisor machines and I know that on some of the QE infrastructure these rules where applied and on other hypervisors I was not quite sure.

So I need to see the VMs you are trying and find out what hosts they live on to make sure we are not hitting an issue with firewall configuration on the hosts.

There are ways to troubleshoot this rather deeper by looking into the logs for the command that launches the VNC proxy and trying to connect to the endpoints using 'openssl s_client -connect HOST_IP:PORT' based on result of 'cd /var/www/miq/vmdb/; grep WsProxy log/evm.log' see lines:

[----] I, [2015-11-04T10:22:33.554779 #19533:57b994]  INFO -- : MIQ(WsProxy.start_proxy) Websocket proxy to cfme-esx-55-01.cfme.lab.eng.rdu2.redhat.com:5914 on port 5900, password: DyX3FlPY, encrypt: true

that show the port where the proxy is running as well as where on vSphere the proxy leads to.
Comment 5 Ramesh A 2015-11-05 13:07:38 EST
Hi Martin,

I have sent the details in the email.

Thanks,
Ramesh
Comment 6 Ramesh A 2015-11-06 01:28:55 EST
Hi Martin,

I did further investigation on this issue.  I think this all resolves to the firewall.

Case-1:
=======
Enabled firewalld service, enable the port 5900:5999 ==> Throws "Connection closed (code 1000)" error

Case-2:
========
Disable firewalld service ==> html5 console works absolutely fine

Tried with the same vm's as mentioned in the email.

Thanks,
Ramesh
Comment 7 Martin Povolny 2015-11-06 07:14:13 EST
a significant typo I made yesterday:

I have not successfully tested VNC consoles with Chrome and Firefox, surely can do the same again with IE too.

vs 

I have NOW successfully tested VNC consoles with Chrome and Firefox, surely can do the same again with IE too.
Comment 8 Martin Povolny 2015-11-06 07:14:22 EST
a significant typo I made yesterday:

I have not successfully tested VNC consoles with Chrome and Firefox, surely can do the same again with IE too.

vs 

I have NOW successfully tested VNC consoles with Chrome and Firefox, surely can do the same again with IE too.
Comment 9 Martin Povolny 2015-11-09 05:57:58 EST
So I retested: FF, Chrome and IE10 with a new CA.

I scripted some of the work here: http://file.brq.redhat.com/~mpovolny/miq-ssl/

This can be used to speed up the testing as well as for demo purposes.

The test config needs a fix: the CA config need to be updated to ommit CRL, or IE users might hit HTTP Error 12057 - SSL Revocation, fixed by: http://www.genopro.com/ssl/

Note You need to log in before you can comment on or make changes to this bug.