Saturday 6 September 2014

OpenStack Guest Console Access with Juju



Console access to guests has now arrived in the /next versions of the OpenStack charms. The charms support novnc, xvpvnc and spice. To get started simply set the console-access-protocol setting, in the nova-cloud-controller charm, to the desired protocol

juju set nova-cloud-controller console-access-protocol=novnc

This will setup the nova console proxy and nova consoleauth services as well as configuring the compute nodes for console access. The console access protocol is baked into a guest when it is created, if you enable it for the first time it will only be available on new guests. Similarly, if you change the protocol then console access for existing guests will stop working. xvpvnc and novnc can be enabled simultaneously by setting console-access-protocol to vnc however spice and the vnc protocols are mutually exclusive. To get console access to the guest a url with an access token is needed, this can be retrieved from nova:

nova get-vnc-console 6dbaaa57-beb4-48f7-9eef-b88258fd8edc novnc
+-------+------------------------------------------------------------------------------------+
| Type  | Url                                                                                |
+-------+------------------------------------------------------------------------------------+
| novnc | http://10.0.0.10:6080/vnc_auto.html?token=afffffe7-f777-4412-8745-f4be45621111     |
+-------+------------------------------------------------------------------------------------+


Client Access via a public IP


The client may not have access to the private network that the nova-cloud-controller is listening on. If a separate public IP is used to access the console then console-proxy-ip should be set to that public IP. This will update the url that nova and horizon pass back to the client.

HA Mode


Currently, there will only ever be one console proxy running even if there are multiple nova-cloud-controllers. The console proxy service follows the vip, so if the vip moves the proxy and console auth services will be shutdown on the old host and brought up on the new.