Problem with spice after upgrade to 2.4.0

Spice console stopped working. As seen in picture:

in web development console is info: must set host and port

In spice.js there is a following function:

export function startSpice() {
  const scheme = 'ws://';

  const host = window.location.hostname;
  const port = $('#spice-area').data('port');
  const password = $('#spice-area').data('password');

  if (!host || !port) {
    // eslint-disable-next-line no-console
    console.log(__('must set host and port'));

$('#spice-area').data('port') should resolve to a port where QEMU SPICE console is running on compute host - this is the console page template:

<%= content_tag(:div, :id =>'spice-area', :data => spice_data_attributes(@console)) do %>

Meanwhile, our instance of foreman does not have any additional datafields at all; it’s just <div id="spice-area"> - it is probably an issue with webpage template rendering where spice_data_attributes values cannot be fetched, or maybe they are not being fetched at all?

Also, after manually adding the port data field and running the SPICE console manually via following commands in Javascript console, a “SecurityError: The operation is insecure” error appears:

document.querySelector('#spice-area').dataset.port = '5910'

This may be caused by a hardcoded const scheme = 'ws://'; in spice.js instead of wss:// - this needs to be verified after template rendering issue is handled.

Expected outcome:

spice console should be running

Foreman and Proxy versions:

dpkg -l | grep foreman | grep ii
ii  foreman                                2.4.0-1                                         amd64        Systems management web interface
ii  foreman-cli                            2.4.0-1                                         all          metapackage providing hammer CLI for Foreman
ii  foreman-console                        2.4.0-1                                         all          metapackage providing console dependencies for Foreman
ii  foreman-debug                          2.4.0-1                                         all          provides support utility foreman-debug.
ii  foreman-installer                      2.4.0-1                                         all          Automated puppet-based installer for The Foreman
ii  foreman-libvirt                        2.4.0-1                                         all          metapackage providing libvirt dependencies for Foreman
ii  foreman-postgresql                     2.4.0-1                                         all          metapackage providing PostgreSQL dependencies for Foreman
ii  foreman-proxy                          2.4.0-1                                         all          RESTful proxies for DNS, DHCP, TFTP, and Puppet
ii  ruby-foreman-deface                    1.5.3-1                                         all          Foreman Deface Plugin Dependency
ii  ruby-foreman-dhcp-browser              0.0.8-1                                         all          Foreman DHCP browser Plugin
ii  ruby-foreman-discovery                 16.3.4-1                                        all          Foreman Discovery Plugin
ii  ruby-foreman-setup                     6.0.0-1                                         all          Foreman Setup Plugin
ii  ruby-hammer-cli-foreman                2.4.0-1                                         all          Foreman commands for Hammer
ii  ruby-hammer-cli-foreman-discovery      1.0.1-1                                         all          Foreman CLI plugin for managing discovery hosts in foreman

Distribution and version:

Distributor ID: Ubuntu
Description:    Ubuntu 18.04.5 LTS
Release:        18.04
Codename:       bionic

Other relevant data:

Nothing relevant info in logs.

It’s weird because the hardcoded ws:// part is quite old. Don’t get me wrong, that’s very wrong IMHO but not a recent change.

You also upgraded. What’s the last version where you did see it work?

It was 2.1, when it was working for sure - but then I did upgrades from 2.1->2.2->2.3 -> 2.4 without checking this particular thing. Earlier we did upgrade from 1.24 -> 2.0 -> 2.1.

Maybe some regeneration of this file should do the job ? How to do it correctly without braking anything ?
some foreman-rake (assets:clobber|assets:precompile|webpack:compile) is ok ?

The source is:

The offending line was changed in:

That commit was part of 1.23.0 already. If you look at it closely, it was already hardcoded to ws:// in this commit:

That was part of 1.2.0. So I really think it never was able to use wss://. That’s why I’m confused it ever worked. Perhaps your browser is now stricter?

Fun fact: I already raised that concern here:

It links back to Bug #22801: Spice connection with websockets encryption - Foreman.

As for fixing it, it should respect the setting websockets_encrypt and use wss:// if needed. I went ahead and submitted this:

Right now I don’t have a setup to verify it. I’ll see about setting that up.

1 Like

Thank you for looking into the ws:// schema issue - I did some initial investigation that was provided by @brushek and I thought that this could be the cause of SecurityError appearing when tfm.spice.startSpice() was manually triggered after modifying the #spice-area div in browser.

Do you have any pointers about how we can make Foreman properly render the console page? As described in original post, SPICE console does not start at all due to data-port missing from #spice-area div and we have some issues with tracking down the cause of this problem. From what I gathered, the console port is probably dynamically fetched from compute resource, but I cannot find why it does not end up in console page div.

Sorry for the double posting, but I cannot edit the previous post anymore - here is a screenshot that should clarify the problem:

noVNC console works, and it has additional attributes like data-port, while the SPICE console does not have any attributes at all - it seems like the data from spice_data_attributes is not propagated into SPICE console ERB template.

I dove deeper and it looks like the port is missing in develop. Looks like it changed from proxy_port to port in but the spice console wasn’t modified.

That was included in 2.2.0.

I opened Bug #32566: Spice console no longer sets the port - Foreman

The fix is changing proxy_port to port here:

Then systemctl restart foreman. I’m submitting a patch.

This should be the patch:

1 Like

Thank you for looking into this! We have tested the suggested patches and they fixed the issue. Thanks again! :slight_smile: