Dear All
How to diagnose "Failed to connect to server" error when attempting to
open noVNC console in foreman web UI? I could not find anything helpful
in the logs[1]. {grep for AVC [4]}
Does the websockify process connect to the libvirt (hypervisor) host as
user foreman?
I noticed in https://foreman-test.example.com/pub/ that only the
katello-server-ca.crt
was available, whereas the katello[3] docs said
to use katello-default-ca.crt
[root@foreman-test ~]# grep -r "katello-default-ca.crt" /etc/
http://paste.fedoraproject.org/336637/76107791/
That katello-default-ca.crt
seems to be the one in use in the config
files, but they are the same. So that is not the problem.
On my libvert host:
~]$ firewall-cmd --list-ports
1025-65535/udp 1025-65535/tcp
I got SELinux error on Fed22 so had to do:
/sbin/restorecon -v /dev/shm/lldpad.state
BROWSER
Firefox
network.websocket.allowInsecureFromHTTPS true
BACKGROUND STUFF
I have a new install of katello on a RHEL7 server. My libvirt host is
Fedora 22 (configured as my Compute resource).
I followed foreman docs' LibVirt notes[2]
I created the foreman users on the Satellite base system and the libvirt
system (because the Satellite web UI runs as that user), I created ssh
keys for that user, ssh-copy-id to the libvirt system.
~]$ id foreman
uid=1002(foreman) gid=1012(foreman)
groups=1012(foreman),10(wheel),977(libvirt) << ADDED TO GROUP
I added this polkit rule.:
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" && subject.local &&
subject.active && subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
// Allow any user in the 'libvirt' group to connect to system libvirtd
// without entering a password.
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" &&
subject.isInGroup("libvirt")) {
return polkit.Result.YES;
}
});
/etc/polkit-1/rules.d/80-libvirt.rules (END)
It works for everything (virsh test commnds, the Satellite web UI lists
all the VMs, I can stop and start them) but the noVNC console always fails.
[root@foreman-test ~]# rpm -q foreman
foreman-1.10.2-1.el7.noarch
[root@foreman-test ~]# rpm -q katello
katello-2.4.0-7.el7.noarch
[root@foreman-test ~]#
chrony is running, my systems have correct time and where less than a
minute apart when I checked.
[1] https://paste.fedoraproject.org/336635/
[2] http://www.theforeman.org/manuals/1.10/index.html#5.2.5LibvirtNotes
[3] http://www.katello.org/docs/2.4/installation/index.html#katello-deploy
[4] http://paste.fedoraproject.org/336647/61275014/
Thank you for any advice