{"id":63,"date":"2018-08-24T14:43:21","date_gmt":"2018-08-24T22:43:21","guid":{"rendered":"http:\/\/iaastalk.com\/?p=63"},"modified":"2018-08-24T14:43:21","modified_gmt":"2018-08-24T22:43:21","slug":"set-up-spice-console","status":"publish","type":"post","link":"http:\/\/iaastalk.com\/?p=63","title":{"rendered":"Set up  Spice Console"},"content":{"rendered":"<h2 id=\"SpiceConsoleSetupinPike-BasicFlow\">Basic Flow<\/h2>\n<p>Obtain an URL for the web based spice console<\/p>\n<p>openstack console url show &#8211;spice UUID<\/p>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div>\n<div id=\"highlighter_114406\" class=\"syntaxhighlighter sh-midnight nogutter  bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">+-------+-----------------------------------------------------------------------------------------------------+<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"bash plain\">| Field | Value\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"bash plain\">+-------+-----------------------------------------------------------------------------------------------------+<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"bash plain\">| <\/code><code class=\"bash functions\">type<\/code>\u00a0 <code class=\"bash plain\">| spice-html5\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 |<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"bash plain\">| url\u00a0\u00a0 | http:<\/code><code class=\"bash plain\">\/\/<\/code><code class=\"bash plain\">yyy.xxx.com<\/code><code class=\"bash plain\">\/spice_auto<\/code><code class=\"bash plain\">.html?token=9654cb37-000-000-000-fbf30f17293b |<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"bash plain\">+-------+-----------------------------------------------------------------------------------------------------+<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>Stick the above url into a browser which will load spice console written in javascript, connecting back to spicehtml5proxy, which in turn forward traffics to the corresponding HV.<\/p>\n<h3 id=\"SpiceConsoleSetupinPike-Obtainaccessurlandtoken\">Obtain access url and token<\/h3>\n<p><strong>request path<\/strong><\/p>\n<p>Client\u00a0\u2192 Nova API \u2192 RPC (get_spice_console)\u2192 Cell\u00a0\u2192 RPC (get_spice_console)\u00a0\u2192 HV<\/p>\n<p><strong>response path<\/strong><\/p>\n<p>Client \u2190(url+Token)\u00a0\u2190\u00a0 Nova API\u00a0 \u2190 Cell (Save token\u00a0\u2192 connection info\u00a0 into Console Auth Store with a TTL) \u2190\u00a0 (host, port, url+token, token )\u00a0 \u2190 HV<\/p>\n<h3 id=\"SpiceConsoleSetupinPike-Onbrowser:\">On browser:<\/h3>\n<p>URL allows loading app<\/p>\n<p>round 1.<\/p>\n<p>browser \u2192 (url with token)\u00a0\u2192 vip\u00a0\u2192 spicehtml5proxy ( from default.web)<\/p>\n<p>browser\u00a0 \u2190 vip\u00a0\u2190 (spice web based client) \u2190 spicehtml5proxy<\/p>\n<p>2.<\/p>\n<p>browser \u2190 \u2192 (websocket based spice traffics + token) \u2190 \u2192vip\u00a0 \u2190 \u2192\u00a0 spicehtml5proxy (obtain connection info by token from Console Auth) \u2190\u00a0 (forward traffics)\u00a0 \u2192 HV<\/p>\n<p>*\u00a0python &gt;=2.74 is required on controller<\/p>\n<h2 id=\"SpiceConsoleSetupinPike-NovaControllersetting\"><strong>Nova Controller setting<\/strong><\/h2>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div>\n<div id=\"highlighter_143681\" class=\"syntaxhighlighter sh-midnight nogutter  bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">[default]<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"bash plain\">web = <\/code><code class=\"bash plain\">\/usr\/share\/spice-html5<\/code> <code class=\"bash plain\">(this is default location from where all web contents get loaded.)<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><\/div>\n<div class=\"line number4 index3 alt1\"><\/div>\n<div class=\"line number5 index4 alt2\"><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"bash plain\">[vnc]<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><code class=\"bash plain\">enabled = False<\/code><\/div>\n<div class=\"line number8 index7 alt1\"><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"bash plain\">[spice]<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"bash plain\">agent_enabled = True (optional)<\/code><\/div>\n<div class=\"line number11 index10 alt2\"><code class=\"bash plain\">enabled = True<\/code><\/div>\n<div class=\"line number12 index11 alt1\"><code class=\"bash plain\">html5proxy_base_url =\u00a0 http:<\/code><code class=\"bash plain\">\/\/os-vnc-vip-b01<\/code><code class=\"bash plain\">.ccg23.paypalc3.com<\/code><code class=\"bash plain\">\/spice_auto<\/code><code class=\"bash plain\">.html (URL end user can reach from browser, VIP etc...)<\/code><\/div>\n<div class=\"line number13 index12 alt2\"><code class=\"bash comments\">#server_listen\u00a0 (used by HV only)<\/code><\/div>\n<div class=\"line number14 index13 alt1\"><code class=\"bash comments\">#server_proxyclient_address\u00a0 (used by HV only)<\/code><\/div>\n<div class=\"line number15 index14 alt2\"><\/div>\n<div class=\"line number16 index15 alt1\"><code class=\"bash plain\">html5proxy_host = controller IP proxy listen at, should be reachable from VIP<\/code><\/div>\n<div class=\"line number17 index16 alt2\"><\/div>\n<div class=\"line number18 index17 alt1\"><code class=\"bash plain\">html5proxy_host = port proxy listening at<\/code><\/div>\n<div class=\"line number19 index18 alt2\"><\/div>\n<div class=\"line number20 index19 alt1\"><\/div>\n<div class=\"line number21 index20 alt2\"><code class=\"bash plain\">[console]<\/code><\/div>\n<div class=\"line number22 index21 alt1\"><code class=\"bash plain\">allowed_origins=http:<\/code><code class=\"bash plain\">\/\/os-vnc-vip-b01<\/code><code class=\"bash plain\">.ccg23.paypalc3.com (To be save <\/code><code class=\"bash keyword\">in<\/code> <code class=\"bash keyword\">case<\/code> <code class=\"bash plain\">LB modified Origin or Host)<\/code><\/div>\n<div class=\"line number23 index22 alt2\"><code class=\"bash plain\">token_ttl =\u00a0 <\/code><code class=\"bash functions\">set<\/code> <code class=\"bash plain\">up token ttl here<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<h2 id=\"SpiceConsoleSetupinPike-Hypervisorsetting\"><strong>Hypervisor setting<\/strong><\/h2>\n<p>HV will return connection details like where to connect back from proxy including host and port.<\/p>\n<p>Token is also generated on HV, and cell manager add it into console Auth later, so is full access url with token, so html5proxy_base_url is required on every HV as well.<\/p>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div>\n<div id=\"highlighter_413324\" class=\"syntaxhighlighter sh-midnight nogutter  bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">[vnc]<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"bash plain\">enabled = False<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"bash plain\">[spice]<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"bash plain\">agent_enabled = True (optional)<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"bash plain\">enabled = True<\/code><\/div>\n<div class=\"line number6 index5 alt1\"><code class=\"bash plain\">server_listen = IP reachable form controller<\/code><\/div>\n<div class=\"line number7 index6 alt2\"><\/div>\n<div class=\"line number8 index7 alt1\"><code class=\"bash plain\">server_proxyclient_address\u00a0 =\u00a0 <\/code><code class=\"bash functions\">hostname<\/code> <code class=\"bash plain\">or IP reachable form controller<\/code><\/div>\n<div class=\"line number9 index8 alt2\"><code class=\"bash plain\">server_listen &amp; server_proxyclient_address needs to be identical<\/code><\/div>\n<div class=\"line number10 index9 alt1\"><code class=\"bash plain\">html5proxy_base_url = (URL end user can reach from browser, VIP etc...)<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<h2 id=\"SpiceConsoleSetupinPike-Console-auth&amp;tokenstorebackend\"><strong>Console-auth &amp; token store backend<br \/>\n<\/strong><\/h2>\n<p>By default Console-auth save everything in local dictionary. So each spicehtml5proxy or cell manager ( when authorize a new token) may talk to different console-auth which maintains it&#8217;s own independent token cache.<\/p>\n<p>Fortunately token store is implemented with oslo_cache library\u00a0 with caching back-end configurable.<\/p>\n<p>In production a memcachd should be used so that console-auth can scale.<\/p>\n<div class=\"code panel pdl conf-macro output-block\" data-hasbody=\"true\" data-macro-name=\"code\">\n<div class=\"codeContent panelContent pdl\">\n<div>\n<div id=\"highlighter_563353\" class=\"syntaxhighlighter sh-midnight nogutter  bash\">\n<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td class=\"code\">\n<div class=\"container\" title=\"Hint: double-click to select code\">\n<div class=\"line number1 index0 alt2\"><code class=\"bash plain\">[cache]<\/code><\/div>\n<div class=\"line number2 index1 alt1\"><code class=\"bash plain\">enabled = True<\/code><\/div>\n<div class=\"line number3 index2 alt2\"><code class=\"bash plain\">memcache_servers = .....<\/code><\/div>\n<div class=\"line number4 index3 alt1\"><code class=\"bash plain\">[consoleauth]<\/code><\/div>\n<div class=\"line number5 index4 alt2\"><code class=\"bash plain\">token_ttl =\u00a0 <\/code><code class=\"bash functions\">set<\/code> <code class=\"bash plain\">up token ttl here<\/code><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>more details regarding\u00a0 oslo cache configuration<\/p>\n<p><a class=\"external-link\" href=\"https:\/\/docs.openstack.org\/oslo.cache\/latest\/configuration\/index.html\" rel=\"nofollow\">https:\/\/docs.openstack.org\/oslo.cache\/latest\/configuration\/index.html<\/a><\/p>\n<h2 id=\"SpiceConsoleSetupinPike-3VIP\/LB\">3 VIP\/LB<\/h2>\n<p>Last, but not the least, Vip\/LB has to\u00a0 support either websocket, if doing L7, or just plain TCP,\u00a0 since spice traffics requires upgrading http to websocket.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Basic Flow Obtain an URL for the web based spice console openstack console url show &#8211;spice UUID +&#8212;&#8212;-+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;+ | Field | Value\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 | +&#8212;&#8212;-+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;+ | type\u00a0 | spice-html5\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 | | url\u00a0\u00a0 | http:\/\/yyy.xxx.com\/spice_auto.html?token=9654cb37-000-000-000-fbf30f17293b | +&#8212;&#8212;-+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;+ Stick the above url into a browser which will load spice console written in javascript, connecting back to spicehtml5proxy, which [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"http:\/\/iaastalk.com\/index.php?rest_route=\/wp\/v2\/posts\/63"}],"collection":[{"href":"http:\/\/iaastalk.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/iaastalk.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/iaastalk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/iaastalk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=63"}],"version-history":[{"count":1,"href":"http:\/\/iaastalk.com\/index.php?rest_route=\/wp\/v2\/posts\/63\/revisions"}],"predecessor-version":[{"id":64,"href":"http:\/\/iaastalk.com\/index.php?rest_route=\/wp\/v2\/posts\/63\/revisions\/64"}],"wp:attachment":[{"href":"http:\/\/iaastalk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=63"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/iaastalk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=63"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/iaastalk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=63"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}