Improve vnc proxy docs.
Change-Id: I306be059a3215b6c51b6cd8d546a208479dfe5e3
This commit is contained in:
parent
7b44ad2756
commit
4b8e3d9425
@ -22,13 +22,15 @@ The VNC Proxy is an OpenStack component that allows users of Nova to access
|
||||
their instances through vnc clients. In essex and beyond, there is support
|
||||
for for both libvirt and XenServer using both java and websocket cleints.
|
||||
|
||||
In general, a VNC console Connection works like so:
|
||||
The VNC console Connection works as follows:
|
||||
|
||||
* User connects to api and gets an access_url like http://ip:port/?token=xyz
|
||||
* User pastes url in browser or as client parameter
|
||||
* Browser/Client connects to proxy
|
||||
* Proxy authorizes users token, maps the token to a host and port of an
|
||||
instance's VNC server
|
||||
* Proxy authorizes users token, maps the token to the -private- host and port
|
||||
of an instance's VNC server, which is located on the compute host.
|
||||
In this way, the vnc proxy works as a bridge between the public network,
|
||||
and the private host network.
|
||||
* Proxy initiates connection to VNC server, and continues proxying until
|
||||
the session ends
|
||||
|
||||
@ -51,6 +53,24 @@ nova-consoleauth service in a cluster configuration.
|
||||
nova-consoleauth should not be confused with nova-console, which is a xen-specific
|
||||
service that is not used by the most recent vnc proxy architecture.
|
||||
|
||||
|
||||
Typical Deployment
|
||||
==================
|
||||
A typical deployment will consist of the following components:
|
||||
|
||||
* One nova-consoleauth process. Typically this runs on the controller host.
|
||||
* One or more nova-novncproxy services. This supports browser-based novnc
|
||||
clients.
|
||||
For simple deployments, this service typically will run on the same machine
|
||||
as nova-api, since it proxies between the public network and the private
|
||||
compute host network.
|
||||
* One or more nova-xvpvncproxy services. This supports the special java client
|
||||
discussed in this document.
|
||||
For simple deployments, this service typically will run on the same machine
|
||||
as nova-api, since it proxies between the public network and the private
|
||||
compute host network.
|
||||
|
||||
|
||||
Getting an Access Url
|
||||
---------------------
|
||||
Nova provides the ability to create access_urls through the os-consoles extension.
|
||||
@ -69,6 +89,8 @@ nova-xvpvncproxy service, which you should run to enable this feature.
|
||||
* :option:`--xvpvncproxy_base_url=[base url for client connections]` -
|
||||
this is the public base url to which clients will connect. "?token=abc"
|
||||
will be added to this url for the purposes of auth.
|
||||
When using the system as described in this document, an appropriate value is
|
||||
"http://$SERVICE_HOST:6081/console" where SERVICE_HOST is a public hostname.
|
||||
* :option:`--xvpvncproxy_port=[port]` - port to bind (defaults to 6081)
|
||||
* :option:`--xvpvncproxy_host=[host]` - host to bind (defaults to 0.0.0.0)
|
||||
|
||||
@ -115,6 +137,9 @@ By default, nova-novncproxy binds 0.0.0.0:6080. This can be configured with:
|
||||
* :option:`--novncproxy_base_url=[base url for client connections]` -
|
||||
this is the public base url to which clients will connect. "?token=abc"
|
||||
will be added to this url for the purposes of auth.
|
||||
When using the system as described in this document, an appropriate value is
|
||||
"http://$SERVICE_HOST:6080/vnc_auto.html" where SERVICE_HOST is a public
|
||||
hostname.
|
||||
* :option:`--novncproxy_port=[port]`
|
||||
* :option:`--novncproxy_host=[host]`
|
||||
|
||||
@ -133,8 +158,12 @@ the java client:
|
||||
Support for a streamlined flow via dashboard will land in essex.
|
||||
|
||||
|
||||
Important Options
|
||||
-----------------
|
||||
Important nova-compute Options
|
||||
------------------------------
|
||||
To enable vncproxy in your cloud, in addition to to running one or both of the
|
||||
proxies and nova-consoleauth, you need to configure the following flags on your
|
||||
compute hosts.
|
||||
|
||||
* :option:`--[no]vnc_enabled` - defaults to enabled. If this flag is
|
||||
disabled your instances will launch without vnc support.
|
||||
* :option:`--vncserver_listen` - defaults to 127.0.0.1
|
||||
@ -143,8 +172,8 @@ Important Options
|
||||
For multi-host libvirt deployments this should be set to a host
|
||||
management ip on the same network as the proxies.
|
||||
* :option:`--vncserver_proxyclient_address` - defaults to 127.0.0.1
|
||||
This is the address that nova will instruct proxies to use when connecting to
|
||||
to instance vncservers.
|
||||
This is the address of the compute host that nova will instruct
|
||||
proxies to use when connecting to instance vncservers.
|
||||
For all-in-one xen server domU deployments this can be set to 169.254.0.1.
|
||||
For multi-host xen server domU deployments this can be set to a dom0
|
||||
management ip on the same network as the proxies.
|
||||
|
Loading…
Reference in New Issue
Block a user