RHEL 9 OpenNebula Sunstone noVNC Issues

I just migrated my front-end from a RHEL 8 server to a RHEL 9 server. Everything works as expected except for the VNC connections to the VMs. opennebula-novnc starts and is running without issue. I synced all of my config files, where necessary, from the old host to the new one, including my proxy config and everything.

When I attempt to launch a VNC session, it opens the new page with “Failed” and then prints two lines to /var/log/one/novnc.log:
handler exception: [Errno 2] No such file or directory
handler exception: [Errno 2] No such file or directory

I’m at a loss where the issue could lie since the RHEL 8 instance worked just fine. The specific errors appear to be python-related, but again, not sure where.

Here is some useful config files that are identical between the RHEL 8 server and RHEL 9:

/etc/lighttpd/conf.d/proxy.conf

proxy.server = ( “” =>
(“” =>
(
“host” => “127.0.0.1”,
“port” => 9869
)
)
)

SSL engine

ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd/server.pem”

ssl.honor-cipher-order = “enable”
ssl.cipher-list = “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”
ssl.use-compression = “disable”

server.modules += ( “mod_setenv” )

setenv.add-response-header = (
“Strict-Transport-Security” => “max-age=63072000; includeSubDomains; preload”,
“X-Frame-Options” => “DENY”,
“X-Content-Type-Options” => “nosniff”,
“X-XSS-Protection” => “1; mode=Block”
)
ssl.use-sslv2 = “disable”
ssl.use-sslv3 = “disable”

/etc/lighttpd/modules.conf

server.modules = (
“mod_access”,
“mod_alias”
)
include conf_dir + “/conf.d/proxy.conf”

/etc/lighttpd/lighttpd.conf

include conf_dir + “/modules.conf”
server.port = 443

/etc/one/sunstone-server.conf

:vnc_proxy_port: 29876
:vnc_proxy_support_wss: yes
:vnc_proxy_cert: /etc/lighttpd/server.pem
:vnc_proxy_key:
:vnc_proxy_ipv6: false
:vnc_request_password: false
:allow_vnc_federation: no
#:private_fireedge_endpoint: http://localhost:2616 < if I uncomment this, VNC gets a tunnel error
:public_fireedge_endpoint: http://localhost:2616

And to add, the proxy works just fine too. I connect to the web UI through the proxy.

Self-solved. The sunstone-server.conf is misleading (at least for RHEL 9). On RHEL 8, I ran the proxy_cert with both the key and the cert in one file and set that in sunstone-server.conf. In RHEL 9, that doesn’t appear to work. I bolded the statement in the config file below.

This is what I changed from above, I split the server.pem file into a .crt and .key file:
#cert: Certificate to encrypt wss connections.
#key: Key for wss connections. Only necessary if not included in cert.
:vnc_proxy_cert: /etc/lighttpd/server.crt
:vnc_proxy_key: /etc/lighttpd/server.key

Thanks @alex.shulta to share the workaround. I’ll check with the team to see if we need to add a mention on the documentation.

Cheers,

1 Like

Hi @alex.shulta,

I’ve checked with the team, and they mentioned that noVNC is no longer supported, but Guacamole, so probably the issue has been solved in recent versions of OpenNebula.

Check if you can install 6.10, since it’s the latest version and brings some fixes, so this issue might be solved already.

Cheers,

I am running this on 6.10. I guess I didn’t mention that in my post. It was 6.10 on my RHEL 8 server and 6.10 on my RHEL 9 server.

Ok, that’s weird then. In any case, I forgot to mention that on top of this, you should download the opennebula-guacd package and have fireedge active, and configure sunstone to communicate with fireedge. setting :private_fireedge_endpoint and :public_fireedge_endpoint in /etc/one/sunstone-server.conf.

More info on the documentation Legacy Components

Cheers,