As written, we have already applied that patch, tha VM is started as expected and we don’t see that error anymore in the ~VM-log.
However, the VNC-console is still not working as we expect.
It keeps hanging with “Loading …”, only one small black part on the top is shown (see initial screenshot) and that is all.
So we can’t see wat is happening during the further process, if there are other problems, …
It would be fine to have a working VNC-console to follow up the further process of the VM-creation (PXE installation).
This works well on our old system with Centos 7/Foreman 2.3/Ketello 3.18 system but not on our new system with CentOS 8/Foreman 2.4/Katello 4.0
Make sure you have a VALID certificate (not confirmed security exception), CA is installed in your browser, you are connected through HTTPS. Modern browsers do not allow javascript to do WS/WSS connections.
Then debug the session in browser, we need to see more details.
Also check if VNC port is responding on the hypervisor, check pysockify as well, firewalls etc. This is unfortunately a pain to debug. We haven’t changed anything significant in 2.4 in this regard.
We ran the foreman-installer command in order to update the initial self-signed certificate on the foreman server with our own one.
Afterwards we upgraded the katello-ca-consumer-latest.noarch.rpm on the host on which we will create the VM.
However, when starting the VM-console we now get the error “The connection was closed by the browser. please verify that the certificate authority is valid”
But when checking the certificates in the browser, they are valid.
What’s a bit tricky is that the VNC console opens its own socket to listen on with its own certificates. That port is only open shortly after the VNC page is opened. That means you need to know which port is used (5910 - 5930 are used) and be quick. That’s usually not nice.
In browsers you can open the developer console (Tools -> Browser Tools -> Web Developer Tools in Firefox) and open the network tab. There you can find the websockets connection. Perhaps that’s better.
What you can certainly do is go to the Settings in the UI where you can see websockets settings with a CA and key file. Please verify those have the correct value that you would expect (should match what Apache uses).
In chrome, with a websocket-plugin installed, we could see that the websocket was well started.
And on the foreman-server we could also see that a process was started using that port:
But the console keeps showing the error “The connection was closed by the browser. please verify that the certificate authority is valid”, and only a small part of the console is shown.
Additional info:
The host on which we will install the VM is also running with CentOS 8, and the VM should be installed over PXE.
On our old Foreman 2.1/Katello 3.15 this all worked like a charm, using the initial self-signed certificate.
However, I have seen that after upgrading it to Foreman 2.3.3/Katello 2.18, it is also no more possible to open the console. We also get the same error.