Ask Your Question
1

How to properly setup HAproxy novnc

asked 2014-08-26 13:53:50 -0500

bobyakov gravatar image

updated 2014-08-27 14:34:37 -0500

smaffulli gravatar image

Need some help in properly configuring novnc to work with HAproxy. If I try launching vm through console receive page can not be displayed. If I go directly to public URL (novnc) of controller with instance information it works. I'm pretty sure my configuration is wrong, just not sure how to correct it.

Side note: If I update novncproxy_base_url on compute node to the public IP of one controller, I am able to access novnc URL directly, but still not through console.

Have 2 HAproxy server with a vip on internal network

Haproxy1 10.1.1.1 (internal)  130.245.1.1 (external)
Haproxy2 10.1.1.2 (internal)  130.245.1.2 (external)
VIP 10.1.1.3

Controllers

   Controller1 10.1.1.4 (internal)  130.245.1.4 (external)
   Controller2 10.1.1.5 (internal)  130.245.1.5 (external)

Compute node : 10.1.1.6

no vnc CONFIG INFORMATION:

Controllers Nova.conf

my_ip = 10.1.1.4  (each controller respectively controller 1 = 10.1.1.4 controller 2 = 10.1.1.5) 
vncserver_listen = 10.1.1.4 (each controller respectively controller 1 = 10.1.1.4 controller 2 = 10.1.1.5)
vncserver_proxyclient_address = 10.1.1.3 (vip)

Compute nova.conf

my_ip = 10.1.1.6
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.1.1.6
novncproxy_base_url = http:/10.1.1.3:6080/vnc_auto.html   (VIP)

Haproxy:

listen novnc
 bind 10.1.1.3:6080  
        balance source
        option tcpka
        maxconn 10000
        server controller1 130.245.1.4:6080 check inter 2000 rise 2 fall 5
        server controller2 130.245.1.5:6080 check inter 2000 rise 2 fall 5
edit retag flag offensive close merge delete

Comments

Updated controller nova.conf same issue. If I make the novncproxy_base_url on ccompute to public side of controller, I can get to it if I plug in URL directly not through condole. Also noticed something weird in Browser logs, when it errors out theURL shows as : http://HAPROXYIP/novncproxy_base_url

bobyakov gravatar imagebobyakov ( 2014-08-27 13:12:52 -0500 )edit
bobyakov gravatar imagebobyakov ( 2014-08-27 13:14:24 -0500 )edit

We have this configured in our setup when you deploy with HA. I don't remember all of the exact settings. You could take a look at some of the puppet manifests or deploy an HA on vms to pull the haproxy config we use and the settings in nova.conf.

mpetason gravatar imagempetason ( 2014-08-27 13:24:32 -0500 )edit

Actually after updating vncserver_listen = 0.0.0.0 and updating novncproxy_base_url = from 10.1.1.4 (internal) to 130.245.1.4 (external), I am now getting further. console loading with error : Failed to connect to server (code: 1006)

bobyakov gravatar imagebobyakov ( 2014-08-27 13:25:27 -0500 )edit

What are you actually listening on regarding that port?

netstat nat | grep 6080
mpetason gravatar imagempetason ( 2014-08-27 13:34:45 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
2

answered 2014-08-27 13:47:49 -0500

bobyakov gravatar image

Able to get it to work.... Steps:

  1. On compute node: updated vncserver_listen = 0.0.0.0
  2. Updated novncproxy_base_url to public IP of controller.
  3. Added public IP to /etc/hosts on each controller
  4. disabled nova-consoleauth on all but one controller.
edit flag offensive delete link more
0

answered 2014-08-27 12:56:59 -0500

mpetason gravatar image

updated 2014-08-27 12:57:19 -0500

Try changing this to 0.0.0.0:

vncserver_listen = 10.1.1.4 (each controller respectively controller 1 = 10.1.1.4 controller 2 = 10.1.1.5)

It doesn't need to be aware of the IP address and if the traffic is going through the vip it could be what is causing issues.

edit flag offensive delete link more

Comments

I moved this to an answer. Comments are small bits of details, added or asked. This looks more like an answer to me (and it can be edited as you go to provide a more clear solution).

smaffulli gravatar imagesmaffulli ( 2014-08-27 14:33:03 -0500 )edit

Works for me. We were going through a couple different troubleshooting steps so I wanted to make sure it was correct.

mpetason gravatar imagempetason ( 2014-08-27 14:42:09 -0500 )edit

Yeah, I hear you, it makes sense. I still think it works better to iterate updating question and answer as you go, adding/removing details, instead of adding comments since these are harder to parse.

smaffulli gravatar imagesmaffulli ( 2014-08-27 14:44:55 -0500 )edit

Sounds good.

bobyakov gravatar imagebobyakov ( 2014-08-28 08:36:47 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-08-26 13:53:50 -0500

Seen: 3,030 times

Last updated: Aug 27 '14