novnc acces denied [closed]

asked 2016-02-15 09:35:12 -0500

Lucas LAMBOLEY gravatar image

updated 2016-02-16 03:01:15 -0500

Hi,

I have some trouble with VNC. I have 4 nodes, two computes, one control and one network. I have two instance, one on compute1 and other in compute2. When i want to go on console with dashboard, it's failed with acces denied. If i test with nova get-vnc-console id-vm novnc, i got the same issue.

So i have tried to go on http://IP_CONTROLLER:6080, i got acces denied. BUT, when i am in controller, and i do http://127.0.0.1:6080 i got novnc ... So with localhost it's work but not with the IP.. i can change base_url to 127.0.0.1, but if i do that i can acces to instance only on controller..

I don't know the problem, is it apache ? or it's vnc config ?

CONTROLLER

novncproxy_host=0.0.0.0
vncserver_host= 0.0.0.0
novncproxy_port=6080
novncproxy_base_url=http://controller:6080/vnc_auto.html
vnc_port=5900
[vnc]
novncproxy_base_url=http://10.0.0.1:6080/vnc_auto.html
vncserver_listen=10.0.0.1
vncserver_proxyclient_address=10.0.0.1
vnc_enabled=true

COMPUTEX

novncproxy_host=0.0.0.0
novncproxy_port=6080
vncserver_proxyclient_address=compute1
vnc_keymap=en-us
vnc_enabled=True
vncserver_listen=10.0.0.3
novncproxy_base_url=http://10.0.0.1:6080/vnc_auto.html
[vnc]
novncproxy_base_url=http://controller:6080/vnc_auto.html
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=0.0.0.0

Thanks for your HELP :)

EDIT: it's not iptables.

[root@controller ~(keystone_lucas)]# iptables -nvL
Chain INPUT (policy ACCEPT 89185 packets, 21M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 82611 packets, 14M bytes)
 pkts bytes target     prot opt in     out     source               destination

EDIT2: wget 127.0.0.1:6080 and wget controller:6080 work. I haven't acces denied when wget controller:6080.

EDIT3: vncserver works :

 [root@controller ~(keystone_lucas)]# netstat -an | grep 6080
tcp        0      0 0.0.0.0:6080            0.0.0.0:*               LISTEN

EDIT4: It failed when novnc want to connect to port 5900. Pourt 5900 open in compute. If i do telnet 10.0.0.4 5900 it's said connection refused, but if i do telnet 127.0.0.1 5900 it's works.. Like port 6080.

EDIT5: Only accept connection on 127.0.0.1:5900, i need to change it, but i don't know how.

tcp        0      0 127.0.0.1:5900          0.0.0.0:*               LISTEN

EDIT6: It's works if base_url = 127.0.0.1. I have seen #vnc_port=5900. So with talent i have thinking there is a vnc_host=X. So i have create it, and set 0.0.0.0. And it work. I think it's the same problem with the port 6080.

[root@compute2 ~]# netstat -an | grep 5900
tcp        0      0 10.0.0.4:5900           0.0.0.0:*               LISTEN     
tcp        0      0 10.0.0.4:5900           10.0.0.1:53553          ESTABLISHED

Sorry for my ... (more)

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by Lucas LAMBOLEY
close date 2016-02-16 03:01:46.030947