Problem:
We are using libvirt Compute Resources to create VMs but are unable to connect to the console of these VMs using VNC. We are getting the error: “The connection was closed by the browser. please verify that the certificate authority is valid” when attempting to connect to the console via the Foreman web UI. We are able to connect to the VM console if we use a local VNC client and connect directly to the hypervisor/port. We have tried all the troubleshooting steps outlined here: https://theforeman.org/manuals/3.9/index.html#7.1NoVNC
We have also tried using a cert from InCommon for websockets_ssl_cert instead of the puppet cert we were originally using, but we get the same error. This was an attempt to avoid the issue of our browser not recognizing the certificate authority. Changing :websockets_encrypt to false causes the websocket to get stuck on “Loading…”. Eventually, the websockify process times out and stops running, but the websocket window in the GUI still says “Loading…”
Any ideas for further troubleshooting are most welcome. Thanks.
Expected outcome:
The Foreman web UI should connect to the VM console using VNC.
Foreman and Proxy versions:
Foreman 3.9.3
Foreman Proxy 3.9.1
as you know, I’m also having a variation of this problem on a later OS and foreman version, I’m curious did anything change for you that stopped this working (OS update, foreman update, certificate update) has it ever worked or is this the first time you’re trying it ?
This is the first time we’re trying to use the VNC feature because it’s the first time we’re using Foreman’s compute resources to create VMs. So we have not had it working yet, unfortunately.
ok - I’ve been using this for years, and it’s ‘broke’ now but I can’t find any updates that could have caused this so I was curious to if it broke for you or if it had never worked. I know I had it working on 3.9 that you’re using, so this has to be config
I’ve got a few things I”m about to test and will feedback in the other threads too, I don’t hold out high hope of it working as it’s a little bit of guess work due to how hard it is to get valid debug output to point at the problem, but this worked for years, and I can’t see any changes to the code base that would break it, the last version I had it working in was 3.13, and I had working in much much earlier versions in the past.
I look forward to your updates. I have been assuming a misconfiguration of the network or the certificates by me. But I’ve triple checked both of those things and (as far as I understand it) they’re configured properly. So I don’t know what to try next.
it will be (I think) miss-configuration of the certificates as mine broke when I changed certificate providers and as you see in my thread, launch the websocket daemon with the same settings as foreman = works, let foreman launch it with the same settings fail, I think that’s the key not the actual certs (as like you) I can manually verify them, use them in the browser, and verify them in the websocket process outside of foreman.
I don’t want to touch the box that’s failing at the moment as that’s failing, so I”m setting up a second test node as I ‘think’ I have an idea what’s going on but I need to work it backwards. it will take me a few days to set it up and test, but for the first time in months, I may have an idea on this.
