From 4b8e3d9425e6fb3125cea434cc54ad12540db6e9 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Thu, 8 Mar 2012 18:14:45 +0000 Subject: [PATCH] Improve vnc proxy docs. Change-Id: I306be059a3215b6c51b6cd8d546a208479dfe5e3 --- doc/source/runnova/vncconsole.rst | 43 ++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/doc/source/runnova/vncconsole.rst b/doc/source/runnova/vncconsole.rst index b85475c1ef52..c19773d104ba 100644 --- a/doc/source/runnova/vncconsole.rst +++ b/doc/source/runnova/vncconsole.rst @@ -22,13 +22,15 @@ The VNC Proxy is an OpenStack component that allows users of Nova to access their instances through vnc clients. In essex and beyond, there is support for for both libvirt and XenServer using both java and websocket cleints. -In general, a VNC console Connection works like so: +The VNC console Connection works as follows: * User connects to api and gets an access_url like http://ip:port/?token=xyz * User pastes url in browser or as client parameter * Browser/Client connects to proxy -* Proxy authorizes users token, maps the token to a host and port of an - instance's VNC server +* Proxy authorizes users token, maps the token to the -private- host and port + of an instance's VNC server, which is located on the compute host. + In this way, the vnc proxy works as a bridge between the public network, + and the private host network. * Proxy initiates connection to VNC server, and continues proxying until the session ends @@ -51,6 +53,24 @@ nova-consoleauth service in a cluster configuration. nova-consoleauth should not be confused with nova-console, which is a xen-specific service that is not used by the most recent vnc proxy architecture. + +Typical Deployment +================== +A typical deployment will consist of the following components: + + * One nova-consoleauth process. Typically this runs on the controller host. + * One or more nova-novncproxy services. This supports browser-based novnc + clients. + For simple deployments, this service typically will run on the same machine + as nova-api, since it proxies between the public network and the private + compute host network. + * One or more nova-xvpvncproxy services. This supports the special java client + discussed in this document. + For simple deployments, this service typically will run on the same machine + as nova-api, since it proxies between the public network and the private + compute host network. + + Getting an Access Url --------------------- Nova provides the ability to create access_urls through the os-consoles extension. @@ -69,6 +89,8 @@ nova-xvpvncproxy service, which you should run to enable this feature. * :option:`--xvpvncproxy_base_url=[base url for client connections]` - this is the public base url to which clients will connect. "?token=abc" will be added to this url for the purposes of auth. + When using the system as described in this document, an appropriate value is + "http://$SERVICE_HOST:6081/console" where SERVICE_HOST is a public hostname. * :option:`--xvpvncproxy_port=[port]` - port to bind (defaults to 6081) * :option:`--xvpvncproxy_host=[host]` - host to bind (defaults to 0.0.0.0) @@ -115,6 +137,9 @@ By default, nova-novncproxy binds 0.0.0.0:6080. This can be configured with: * :option:`--novncproxy_base_url=[base url for client connections]` - this is the public base url to which clients will connect. "?token=abc" will be added to this url for the purposes of auth. + When using the system as described in this document, an appropriate value is + "http://$SERVICE_HOST:6080/vnc_auto.html" where SERVICE_HOST is a public + hostname. * :option:`--novncproxy_port=[port]` * :option:`--novncproxy_host=[host]` @@ -133,8 +158,12 @@ the java client: Support for a streamlined flow via dashboard will land in essex. -Important Options ------------------ +Important nova-compute Options +------------------------------ +To enable vncproxy in your cloud, in addition to to running one or both of the +proxies and nova-consoleauth, you need to configure the following flags on your +compute hosts. + * :option:`--[no]vnc_enabled` - defaults to enabled. If this flag is disabled your instances will launch without vnc support. * :option:`--vncserver_listen` - defaults to 127.0.0.1 @@ -143,8 +172,8 @@ Important Options For multi-host libvirt deployments this should be set to a host management ip on the same network as the proxies. * :option:`--vncserver_proxyclient_address` - defaults to 127.0.0.1 - This is the address that nova will instruct proxies to use when connecting to - to instance vncservers. + This is the address of the compute host that nova will instruct + proxies to use when connecting to instance vncservers. For all-in-one xen server domU deployments this can be set to 169.254.0.1. For multi-host xen server domU deployments this can be set to a dom0 management ip on the same network as the proxies.