4 Ganeti Web Manager provides an in browser console using noVNC, an HTML5
5 client. noVNC requires WebSockets to function. Support for older
6 browsers is provided through a flash applet that is used transparently
7 in the absence of WebSockets.
14 .. figure:: /_static/vnc1.png
19 `VNC AuthProxy <http://code.osuosl.org/projects/twisted-vncauthproxy>`_
20 is required for the console tab to function. VNC servers do not speak
21 websockets and our proxy allows your ganeti cluster to sit behind a
22 firewall, VPN, or NAT.
24 .. figure:: /_static/vnc2.png
29 VNCAuthProxy has a control channel that is used to request port
30 forwarding to a specific VNC machine. It will respond with a local port
31 and temporary password that must be used within a short period. This
32 allows a secure connection with the VNCAuthProxy, without compromising
33 the vnc password, and without leaving the port open to anyone with a
36 Configuring VNC AuthProxy
37 -------------------------
39 Set the host and port that the proxy uses in **settings.py** with the
40 **VNC\_PROXY** setting.
42 Syntax is **HOST:CONTROL\_PORT**, for example: "localhost:8888".
44 If the host is localhost then the proxy will only be accessible to
45 clients and browsers on the same machine as the proxy. Production
46 servers should use a public hostname or IP.
50 # located in settings.py
51 VNC_PROXY='localhost:8888'
56 Twisted VNC Authproxy is started with twistd, the twisted daemon.
57 Eventually we will include init.d scripts for better managing the
61 twistd --pidfile=/tmp/proxy.pid -n vncap
63 Starting Flash Policy Server
64 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
66 Browsers that do not support WebSockets natively are supported through
67 the use of a flash applet. Flash applets that make use of sockets must
68 retrieve a policy file from the server they are connecting to. Twisted
69 VNCAuthProxy includes a policy server. It must be run separately since
70 it requires a root port. You may want to open port 843 in your firewall
71 for production systems.
73 Start the policy server with twistd
77 sudo twistd --pidfile=/tmp/policy.pid -n flashpolicy
82 The following ports are used by default
84 - **8888:** Control port used to request vnc forwarding. Should be open
85 between **Ganeti Web Manager** and **Proxy**
86 - **12000+:** Internal VNC Ports assigned by **Ganeti**. Should be open
87 between **Proxy** and **Ganeti Nodes**.
88 - **7000-8000:** External VNC Ports assigned by **Proxy**. Should be
89 open between **Proxy** and **Clients/Web Browsers**.
90 - **843:** Flash policy server. Required to support browsers without
91 native websocket support. Should be open between **Proxy** and
92 **Clients/Web Browsers**.
97 Python Path for flash policy server
98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
100 The following error indicates that your python path is not set or the
101 proxy is not installed.
105 /usr/bin/twistd: Unknown command: flashpolicy
107 Ensure that your virtualenv is active
111 source venv/bin/activate
113 If not using a virtualenv, then you must manually set the **PYTHONPATH**
114 environment variable as root.
118 export set PYTHONPATH=.