附录F:在单独的机器上安装Websocket代理
websocket代理允许用户通过noVNC和SPICE HTML5控制台连接到虚拟机。noVNC客户端使用websocket传递VNC数据。但是,QEMU中的VNC服务器不提供websocket支持,因此必须在客户端和VNC服务器之间放置一个websocket代理。代理可以在任何可以访问网络的机器上运行,包括引擎机器。
出于安全性和性能方面的原因,用户可能希望在单独的机器上配置websocket代理。
本节介绍如何在不运行引擎的单独机器上安装和配置websocket代理。
在单独的机器上安装和配置WebSocket代理
-
安装websocket代理:
# yum install ovirt-engine-websocket-proxy
-
运行engine-setup命令配置websocket代理。
# engine-setup
注意:如果rhevm软件包也已安装,请选择No何时在此主机上配置引擎。
-
按* Enter可以engine-setup在机器上配置websocket代理服务器。
Configure WebSocket Proxy on this machine? (Yes, No) [Yes]:
-
按Enter接受自动检测到的主机名,或输入备用主机名,然后按Enter键。请注意,如果使用虚拟主机,则自动检测到的主机名可能不正确:
Host fully qualified DNS name of this server [host.example.com]:
-
按Enter键允许engine-setup配置防火墙并打开外部通信所需的端口。如果您不允许engine-setup修改防火墙配置,则必须手动打开所需的端口。
Setup can automatically configure the firewall on this system. Note: automatic configuration of the firewall may overwrite current settings. Do you want Setup to configure the firewall? (Yes, No) [Yes]:
-
输入引擎机器的标准DNS名称,然后按Enter键。
Host fully qualified DNS name of the engine server []: engine_host.example.com
-
按Enter键允许engine-setup在引擎机器上执行操作,或按2手动执行操作。
Setup will need to do some actions on the remote engine server. Either automatically, using ssh as root to access it, or you will be prompted to manually perform each such action. Please choose one of the following: 1 - Access remote engine server using ssh as root 2 - Perform each action manually, use files to copy content around (1, 2) [1]:
-
按Enter接受默认的SSH端口号,或输入Engine机器的端口号。
ssh port on remote engine server [22]:
-
输入root密码以登录引擎机器,然后按Enter键。
root password on remote engine server engine_host.example.com:
-
选择是否查看iptables规则,如果他们不同于当前的设置。
Generated iptables rules are different from current ones. Do you want to review them? (Yes, No) [No]:
-
按Enter确认配置设置。
--== CONFIGURATION PREVIEW ==-- Firewall manager : iptables Update Firewall : True Host FQDN : host.example.com Configure WebSocket Proxy : True Engine Host FQDN : engine_host.example.com Please confirm installation settings (OK, Cancel) [OK]:
提供指令来配置引擎机器使用配置的websocket代理。
Manual actions are required on the engine host in order to enroll certs for this host and configure the engine about it. Please execute this command on the engine host: engine-config -s WebSocketProxy=host.example.com:6100 and than restart the engine service to make it effective
-
登录到引擎机器并执行提供的说明。
# engine-config -s WebSocketProxy=host.example.com:6100 # systemctl restart ovirt-engine.service
本文转自 Barron1 51CTO博客,原文链接:http://blog.51cto.com/13172370/1980285,如需转载请自行联系原作者