SPICE/VNC console not showing in fireedge or sunstone for LCX container on ONE 6.8


SPICE/VNC console is not showing for an LXC container.


In order to evaluate ONE for LCX containers (I am already familiar with ONE for KVM but on 5.x versions), I am running a testbed single host ONE infrastructure with:

  • one single physical server with Ubuntu 22.04 as the KVM and LCX hypervisor
  • one KVM guest Ubuntu 22.04 with ONE 6.8(.3?) installed, running on this same host
  • the same physical server runs ONE 6.8(.3?) host as a LXC host
  • networking is a simple linux bridge on the hypervisor

I was able to start an LXC container pulled from the Linux Containers marketplace for Ubuntu 22.04 (jammy).

ssh root access to the container works fine thanks to the ssh public key I set in Sunstone user profile.

My goal is to access from Sunstone to the console of the container, like I would do with a VM.

I managed to configure fireedge, and connect to the SSH console, from either sunstone or fireedge.

However, I can’t connect to the VNC/SPICE console, from neither sunstone nor fireedge.

What I tried:

  1. setting :private_fireedge_endpoint: and :public_fireedge_endpoint: to empty string ‘’ in /etc/one/sunstone-server.conf :
    Results: the console in the page opened from Sunstone’s SPICE menu is black with no console showing
  2. setting in /etc/one/sunstone-server.conf

:private_fireedge_endpoint: ‘
:public_fireedge_endpoint: ‘http://:2616’
2.1. CLIENT_ERROR shows in the header of page opened from Sunstone VNC menu
2.2. Disconnected. Aborted, see logs. shows in the lower-right corner of page opened from Fireedge VNC Icon

So I checked the logs … :


[2024-05-May 3, 2024 13:34:23] [Connection 6]  Closing connection with error:  Error: not opened
    at WebSocket.send (/usr/lib/one/fireedge/node_modules/opennebula-guacamole/node_modules/ws/lib/WebSocket.js:218:38)
    at ClientConnection.send (/usr/lib/one/fireedge/node_modules/opennebula-guacamole/lib/ClientConnection.js:126:24)
    at GuacdClient.sendBufferToWebSocket (/usr/lib/one/fireedge/node_modules/opennebula-guacamole/lib/GuacdClient.js:172:35)
    at GuacdClient.processReceivedData (/usr/lib/one/fireedge/node_modules/opennebula-guacamole/lib/GuacdClient.js:163:14)
    at Socket.emit (events.js:314:20)
    at Socket.EventEmitter.emit (domain.js:483:12)
    at addChunk (_stream_readable.js:297:12)
    at readableAddChunk (_stream_readable.js:272:9)
    at Socket.Readable.push (_stream_readable.js:213:10)
    at TCP.onStreamRead (internal/stream_base_commons.js:188:23)

In a little older /var/log/one/novnc.log : - - [03/May/2024 13:10:39] Plain non-SSL (ws://) WebSocket connection - - [03/May/2024 13:10:39] Version hybi-13, base64: 'False' - - [03/May/2024 13:10:39] Path: '/?password=null&encrypt=no&token=xxx anonymizedxxx&info=yyyyyyyyyyyyyyyyyyyyyyyyyyyy-anonymized--yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy=' - - [03/May/2024 13:10:39] connecting to: hypervisor-hostname:5905
handler exception: [Errno 111] Connection refused

Looking at the log it is not clear to me whether:

  • the LXC container itself is lacking a console support, or …
  • whether the ONE configuration (or code ?) is failing somewhere… ?

Maybe something like this is happening ?

Sunstone Browser → noVNC → hypervisor:5905 → || broken here ? || → LXC daemon or socket ? → || or broken here ? || → container-console

Hence my questions:

  1. Does ONE/Sunstone support VNC/SPICE console for LXC the same way as for KVMs : click and connect ?
  2. Does ONE/Sunstone support VNC/SPICE console for LXC containers who are ubuntu server systems, not desktop systems ?
  3. Is it required to install ubuntu-desktop packages on a LXC ubuntu container for ONE to support the VNC/SPICE console ?
  4. or is there simply something simple I missed in the configuration ?
  5. last, was the VNC console lost when ONE moved to LXC away from LXD ?

Thanks for any direction to help have the VNC/SPICE console work …

The LXC containers have VNC support. Unlike KVM/libvirt, the feature isn’t built-in, the VNC server is launched on the host where the container runs and it exports the output of a lxc command. When you install the opennebula-node-lxc package you get the result of building the svncterm program which generates the VNC server.

Any hints what process name or ports number to search for on the hypervisor in order to verify whether this vnc server is successfully created or not ?

the process name to look out for would be svncterm_server and the port is whatever is specified on the VM instance template on the GRAPHICS section.