Improve vnc proxy docs.

Change-Id: I306be059a3215b6c51b6cd8d546a208479dfe5e3
This commit is contained in:
Anthony Young 2012-03-08 18:14:45 +00:00
parent 7b44ad2756
commit 4b8e3d9425

View File

@ -22,13 +22,15 @@ The VNC Proxy is an OpenStack component that allows users of Nova to access
their instances through vnc clients. In essex and beyond, there is support
for for both libvirt and XenServer using both java and websocket cleints.
In general, a VNC console Connection works like so:
The VNC console Connection works as follows:
* User connects to api and gets an access_url like http://ip:port/?token=xyz
* User pastes url in browser or as client parameter
* Browser/Client connects to proxy
* Proxy authorizes users token, maps the token to a host and port of an
instance's VNC server
* Proxy authorizes users token, maps the token to the -private- host and port
of an instance's VNC server, which is located on the compute host.
In this way, the vnc proxy works as a bridge between the public network,
and the private host network.
* Proxy initiates connection to VNC server, and continues proxying until
the session ends
@ -51,6 +53,24 @@ nova-consoleauth service in a cluster configuration.
nova-consoleauth should not be confused with nova-console, which is a xen-specific
service that is not used by the most recent vnc proxy architecture.
Typical Deployment
==================
A typical deployment will consist of the following components:
* One nova-consoleauth process. Typically this runs on the controller host.
* One or more nova-novncproxy services. This supports browser-based novnc
clients.
For simple deployments, this service typically will run on the same machine
as nova-api, since it proxies between the public network and the private
compute host network.
* One or more nova-xvpvncproxy services. This supports the special java client
discussed in this document.
For simple deployments, this service typically will run on the same machine
as nova-api, since it proxies between the public network and the private
compute host network.
Getting an Access Url
---------------------
Nova provides the ability to create access_urls through the os-consoles extension.
@ -69,6 +89,8 @@ nova-xvpvncproxy service, which you should run to enable this feature.
* :option:`--xvpvncproxy_base_url=[base url for client connections]` -
this is the public base url to which clients will connect. "?token=abc"
will be added to this url for the purposes of auth.
When using the system as described in this document, an appropriate value is
"http://$SERVICE_HOST:6081/console" where SERVICE_HOST is a public hostname.
* :option:`--xvpvncproxy_port=[port]` - port to bind (defaults to 6081)
* :option:`--xvpvncproxy_host=[host]` - host to bind (defaults to 0.0.0.0)
@ -115,6 +137,9 @@ By default, nova-novncproxy binds 0.0.0.0:6080. This can be configured with:
* :option:`--novncproxy_base_url=[base url for client connections]` -
this is the public base url to which clients will connect. "?token=abc"
will be added to this url for the purposes of auth.
When using the system as described in this document, an appropriate value is
"http://$SERVICE_HOST:6080/vnc_auto.html" where SERVICE_HOST is a public
hostname.
* :option:`--novncproxy_port=[port]`
* :option:`--novncproxy_host=[host]`
@ -133,8 +158,12 @@ the java client:
Support for a streamlined flow via dashboard will land in essex.
Important Options
-----------------
Important nova-compute Options
------------------------------
To enable vncproxy in your cloud, in addition to to running one or both of the
proxies and nova-consoleauth, you need to configure the following flags on your
compute hosts.
* :option:`--[no]vnc_enabled` - defaults to enabled. If this flag is
disabled your instances will launch without vnc support.
* :option:`--vncserver_listen` - defaults to 127.0.0.1
@ -143,8 +172,8 @@ Important Options
For multi-host libvirt deployments this should be set to a host
management ip on the same network as the proxies.
* :option:`--vncserver_proxyclient_address` - defaults to 127.0.0.1
This is the address that nova will instruct proxies to use when connecting to
to instance vncservers.
This is the address of the compute host that nova will instruct
proxies to use when connecting to instance vncservers.
For all-in-one xen server domU deployments this can be set to 169.254.0.1.
For multi-host xen server domU deployments this can be set to a dom0
management ip on the same network as the proxies.