cloudstack
cloudstack copied to clipboard
VM Console not working for noVNC using cloudstack UI 4.19.0
ISSUE TYPE
- Other
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
OS / ENVIRONMENT
SUMMARY
Console not working . We have mysql ssl enabled and console proxy ssl is disabled for now.
Failed to connect/access token expired.
While checking logs on CCVM ..we see vnc auth failed.
2024-02-13 16:12:12,926 INFO [vnc.security.VncTLSSecurity] (Thread-86:null) Processing VNC TLS security 2024-02-13 16:12:12,930 INFO [utils.nio.Link] (Thread-86:null) Conf file found: /usr/local/cloud/systemvm/conf/agent.properties 2024-02-13 16:12:12,964 INFO [vnc.security.VncAuthSecurity] (Thread-83:null) Finished VNCAuth security 2024-02-13 16:12:12,966 ERROR [consoleproxy.vnc.NoVncClient] (Thread-83:null) Connection to VNC server failed: wrong password. 2024-02-13 16:12:12,966 ERROR [consoleproxy.vnc.NoVncClient] (Thread-83:null) Connection to VNC server failed: wrong password. - Reason: Authentication failed 2024-02-13 16:12:13,164 INFO [vnc.security.VncAuthSecurity] (Thread-86:null) VNC server requires password authentication 2024-02-13 16:12:13,184 INFO [vnc.security.VncAuthSecurity] (Thread-86:null) Finished VNCAuth security
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS
@yashi4engg could you share the cloudstack and hypervisor type and version where this issue is observed?
@rajujith -- cloudstack version 4.19 , Hypervisor - KVM with OEL8 ,
We have mysql and cloudstack mgmt installed on same node where mysql is ssl enabled.
can you destroy CPVM and retry ? @yashi4engg
@weizhouapache -- I tried that but still not working and getting same error.
@weizhouapache -- I tried that but still not working and getting same error.
@yashi4engg do all vms have the same issue ? or only a specific vm ?
@weizhouapache -- All VMs facing same issue .
@weizhouapache -- All VMs facing same issue .
@yashi4engg can you check if all packages (management, agent) and systemvm template have all been upgraded to 4.19.0 ? what hypervisor and OS distribution do you use ?
All packages for 4.19 as this is new setup with 4.19 .
KVM hypervisors with OEL8.9. mysql is ssl enabled.
@weizhouapache WE have enabled FIPS for hosts and cloudstack and then it started giving VNc console errors.
@weizhouapache WE have enabled FIPS for hosts and cloudstack and then it started giving VNc console errors.
Each cloudstack VM has a VNC password. unfortunately it is not supported in FIPS mode.
please refer to https://people.redhat.com/pbonzini/qemu-test-doc/_build/html/topics/vnc_005fsecurity.html#vnc_005fsec_005fpassword
FIPS isn't a support config yet I think @yashi4engg cc @weizhouapache can advise.