Foreman ui noVNC console broke

Problem:
Trying to start a console for vm in Foreman but only get a black stripe on screen saying loading. I do noticed when i look at log that the Starting VNC Proxy websockify.py is using ip:port when I think it should be fqdn:ip. Where and what file would I need to change so that the fqdn of VM is used instead of its IP address?
Expected outcome:
VM Console
Foreman and Proxy versions:
3.0 with Katello
Foreman and Proxy plugin versions:

Distribution and version:
CentOS 8.4
Other relevant data:

Hello and welcome @canglin

Did it ever work?

Did you upgrade and then it stopped?

No cannot get this to work. Reinstall a few times and now even installed just Foreman (no katello) and still this console will not display anything more than that little black line on the screen. Do you have this issue also? It seem this has been an issue for a while now and I can’t seem to find anyone with the fix

Can’t believe no one on this forum have seen this issue. I reinstall etc but issue still continue. I noticed out on google etc that a lot of people have issues with the noVNC console so there seem to be some sort of issue not being addressed. I have oVirt as provider and i can go over to oVirt and console works without any issues. What’s going on with Foreman. Anyone care to explain?

What we need to know in order to help you:

  • Do you have a valid HTTPS connection to Foreman UI? Green lock in the browser. Note “Confirm security exception” or self-signed cert will NOT work (Javascript will be prohibited from making secure connections).
  • Compute resource type you are trying to connect to? Version?
  • What is your foreman FQDN and IP? (Feel free to anonymize the data but do not make any mistakes.)
  • What is your hypervisor (compute resource) FQDN and IP? (Feel free to anonymize the data but do not make any mistakes.)
  • Shortly after you make an attempt, paste the process named “websockify.py” with all its arguments, feel free to anynomize IP/FQDN correctly.

Cheers!

Do you have a valid HTTPS connection to Foreman UI? Green lock in the browser. Note “Confirm security exception” or self-signed cert will NOT work (Javascript will be prohibited from making secure connections).

I don’t have the “Green lock in the browser” Mine have a warning bang on it - what steps need to be taken to get this green?

Compute resource type you are trying to connect to? Version?
What is your foreman FQDN and IP? (Feel free to anonymize the data but do not make any mistakes.)

I have RHV -M 4.4.7.7-0.1.el8ev managing oVirt Node 4.4.8. I used Foreman 3.0 with Katello 4.2 to create VM which works but when trying to use the console in Foreman UI to connect to the VM. Everything works except connecting to the VM console in Foreman UI. When the VM shows up in oVirt I can open a console in the oVirt Web UI without any issues.

labmgt.“mydomain”.net ip 192.168.33.2

192.168.33.4 and 5 are oVirt hypervisors in HA mode so when creating VM it can land on either

What is your hypervisor (compute resource) FQDN and IP? (Feel free to anonymize the data but do not make any mistakes.)

See above

Shortly after you make an attempt, paste the process named “websockify.py” with all its arguments, feel free to anynomize IP/FQDN correctly.

foreman 23525 1 6 18:54 ? 00:00:00 /usr/libexec/platform-python /usr/share/foreman/extras/noVNC/websockify.py --daemon --idle-timeout=120 --timeout=120 5914 192.168.33.5:5903 --cert /etc/pki/katello/certs/katello-apache.crt --key /etc/pki/katello/private/katello-apache.key

Production log with debug on:

2021-10-07T19:12:32 [I|app|fb2b07a0] Started GET “/hosts/levi-bagge.n3.mydomain.net/console” for 192.168.33.202 at 2021-10-07 19:12:32 -0400
2021-10-07T19:12:32 [I|app|fb2b07a0] Processing by HostsController#console as HTML
2021-10-07T19:12:32 [I|app|fb2b07a0] Parameters: {“id”=>“levi-bagge.n3.mydomain.net”}
2021-10-07T19:12:32 [D|tax|fb2b07a0] Current location set to Lab
2021-10-07T19:12:32 [D|tax|fb2b07a0] Current organization set to Org
2021-10-07T19:12:33 [D|app|fb2b07a0] Starting VNC Proxy: /usr/share/foreman/extras/noVNC/websockify.py --daemon --idle-timeout=120 --timeout=120 5921 192.168.33.5:5903 --cert /etc/pki/katello/certs/katello-apache.crt --key /etc/pki/katello/private/katello-apache.key
2021-10-07T19:12:33 [D|app|fb2b07a0] VNCProxy Error: WebSocket server settings:
fb2b07a0 |
2021-10-07T19:12:33 [D|app|fb2b07a0] VNCProxy Error: - Listen on :5921
fb2b07a0 |
2021-10-07T19:12:33 [D|app|fb2b07a0] VNCProxy Error: - Flash security policy server
fb2b07a0 |
2021-10-07T19:12:33 [D|app|fb2b07a0] VNCProxy Error: - SSL/TLS support
fb2b07a0 |
2021-10-07T19:12:33 [D|app|fb2b07a0] VNCProxy Error: - Backgrounding (daemon)
fb2b07a0 |
2021-10-07T19:12:33 [I|app|fb2b07a0] Rendering hosts/console/vnc.html.erb within layouts/application
2021-10-07T19:12:33 [I|app|fb2b07a0] Rendered hosts/console/vnc.html.erb within layouts/application (Duration: 2.9ms | Allocations: 1035)
2021-10-07T19:12:33 [I|app|fb2b07a0] Rendered layouts/_application_content.html.erb (Duration: 1.1ms | Allocations: 652)
2021-10-07T19:12:33 [I|app|fb2b07a0] Rendering layouts/base.html.erb
2021-10-07T19:12:33 [I|app|fb2b07a0] Rendered layouts/base.html.erb (Duration: 73.6ms | Allocations: 39518)
2021-10-07T19:12:33 [I|app|fb2b07a0] Completed 200 OK in 1007ms (Views: 81.2ms | ActiveRecord: 5.8ms | Allocations: 274943)

Note: because the websockify goes away after a short time I did multiple sessions to with debug off and on. So ports may have changed.

2 Likes

All looks good, just trust the CA in your browser. We have no upstream docs for that, use the RH KBASE article for instructions.

Thanks lzap, those instructions worked and I was able to get the console of the vm finally.

2 Likes

Solution is behind a paywall :frowning:

The important parts can be seen without an account.
From what I see (and from what has been posted here before), you cannot do “accept risk” when your browser tells you it does not trust the Foreman WebUI Certificate but you have to instead download the certificate from your Foreman server and properly import it to your browsers CA Trust store. You will most likely need to revoke the trust exception first, too. You should be able to find how to do most of that in your browser’s documentation.

Correct and it is actually not a paywall, more of a registrationwall. You can simply register and even get than RHEL for free for personal use. Just search for “Red Hat Developer Subscription for Individuals” (as I am not sure which post is the newest).