novnc acces denied [closed]
Hi,
I have some trouble with VNC. I have 4 nodes, two computes, one control and one network. I have two instance, one on compute1 and other in compute2. When i want to go on console with dashboard, it's failed with acces denied. If i test with nova get-vnc-console id-vm novnc, i got the same issue.
So i have tried to go on http://IP_CONTROLLER:6080, i got acces denied. BUT, when i am in controller, and i do http://127.0.0.1:6080 i got novnc ... So with localhost it's work but not with the IP.. i can change base_url to 127.0.0.1, but if i do that i can acces to instance only on controller..
I don't know the problem, is it apache ? or it's vnc config ?
CONTROLLER
novncproxy_host=0.0.0.0
vncserver_host= 0.0.0.0
novncproxy_port=6080
novncproxy_base_url=http://controller:6080/vnc_auto.html
vnc_port=5900
[vnc]
novncproxy_base_url=http://10.0.0.1:6080/vnc_auto.html
vncserver_listen=10.0.0.1
vncserver_proxyclient_address=10.0.0.1
vnc_enabled=true
COMPUTEX
novncproxy_host=0.0.0.0
novncproxy_port=6080
vncserver_proxyclient_address=compute1
vnc_keymap=en-us
vnc_enabled=True
vncserver_listen=10.0.0.3
novncproxy_base_url=http://10.0.0.1:6080/vnc_auto.html
[vnc]
novncproxy_base_url=http://controller:6080/vnc_auto.html
vncserver_listen=0.0.0.0
vncserver_proxyclient_address=0.0.0.0
Thanks for your HELP :)
EDIT: it's not iptables.
[root@controller ~(keystone_lucas)]# iptables -nvL
Chain INPUT (policy ACCEPT 89185 packets, 21M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 82611 packets, 14M bytes)
pkts bytes target prot opt in out source destination
EDIT2: wget 127.0.0.1:6080 and wget controller:6080 work. I haven't acces denied when wget controller:6080.
EDIT3: vncserver works :
[root@controller ~(keystone_lucas)]# netstat -an | grep 6080
tcp 0 0 0.0.0.0:6080 0.0.0.0:* LISTEN
EDIT4: It failed when novnc want to connect to port 5900. Pourt 5900 open in compute. If i do telnet 10.0.0.4 5900 it's said connection refused, but if i do telnet 127.0.0.1 5900 it's works.. Like port 6080.
EDIT5: Only accept connection on 127.0.0.1:5900, i need to change it, but i don't know how.
tcp 0 0 127.0.0.1:5900 0.0.0.0:* LISTEN
EDIT6: It's works if base_url = 127.0.0.1. I have seen #vnc_port=5900. So with talent i have thinking there is a vnc_host=X. So i have create it, and set 0.0.0.0. And it work. I think it's the same problem with the port 6080.
[root@compute2 ~]# netstat -an | grep 5900
tcp 0 0 10.0.0.4:5900 0.0.0.0:* LISTEN
tcp 0 0 10.0.0.4:5900 10.0.0.1:53553 ESTABLISHED
Sorry for my ...