Revision bd377d7e docs/upgrade.rst
b/docs/upgrade.rst | ||
---|---|---|
1 | 1 |
Upgrade notes |
2 | 2 |
^^^^^^^^^^^^^ |
3 | 3 |
|
4 |
v1.4next
|
|
5 |
========
|
|
6 |
Version 1.4next replaced Unix domain control sockets with TCP
|
|
4 |
v1.5
|
|
5 |
==== |
|
6 |
Version 1.5 replaced Unix domain control sockets with TCP
|
|
7 | 7 |
control sockets. This change made it necessary to also introduce an |
8 | 8 |
authentication file to replace the POSIX file permissions, which protected the |
9 | 9 |
domain sockets. |
10 | 10 |
|
11 |
The default path for the auth file is ``/var/lib/snf-vncauthproxy/users``
|
|
11 |
The default path for the auth file is ``/var/lib/vncauthproxy/users`` |
|
12 | 12 |
(configurable by the ``--auth-file`` option). Each line in the file represents |
13 | 13 |
one user which is allowed to use the control socket and should be in the |
14 | 14 |
following format: |
... | ... | |
19 | 19 |
user1 {cleartext}password |
20 | 20 |
user2 {HA1}md5hash |
21 | 21 |
|
22 |
If you want to use a hash instead of a password, you should provide the MD5 |
|
23 |
digest of the string ``user:vncauthproxy:password``. It can be generated with |
|
24 |
the following command: |
|
25 |
|
|
26 |
.. code-block:: console |
|
27 |
|
|
28 |
$ echo -n 'user:vncauthproxy:password' | openssl md5 |
|
29 |
|
|
22 | 30 |
The Debian package provides an example users file. |
23 | 31 |
|
24 |
Version 1.4next also introduced support for SSL for the control socket. If you
|
|
25 |
enable SSL support (``--enable-ssl`` parameter, disabled by default) you wil |
|
32 |
Version 1.5 also introduced support for SSL for the control socket. If you
|
|
33 |
enable SSL support (``--enable-ssl`` parameter, disabled by default) you will
|
|
26 | 34 |
have to provide a certficate and key file (``--cert-file`` and ``--key-file`` |
27 |
parameters). |
|
28 |
|
|
29 |
If you're using snf-vncauthproxy with Synnefo, you should make sure to set the |
|
30 |
``VNCAUTHPROXY_USER`` and ``VNCAUTHPROXY_PASSWORD`` options in |
|
31 |
``/etc/synnefo/20-snf-cyclades-app-api.conf``. They should match a user defined |
|
32 |
in snf-vncauthproxy's users (auth) file. You should also make sure that the |
|
33 |
node running snf-cyclades-app can connect to the snf-vncauthproxy's control |
|
34 |
socket address /port (the default deployment to run snf-vncauthproxy on the |
|
35 |
same host with snf-cyclades-app should work with the defaults of |
|
36 |
snf-vncauthproxy, with the exception of the authentiction file). |
|
35 |
parameters). The default values for certificate and key files are |
|
36 |
``/var/lib/vncauthrpoxy/{cert,key}.pem`` respectively. |
|
37 |
|
|
38 |
If you're using snf-vncauthproxy with Synnefo, you should make sure to edit the |
|
39 |
``CYCLADES_VNCAUTHPROXY_OPTS`` setting in |
|
40 |
``/etc/synnefo/20-snf-cyclades-app-api.conf``. The |
|
41 |
``CYCLADES_VNCAUTHPROXY_OPTS`` dict in |
|
42 |
``/etc/synnefo/20-snf-cyclades-app-api.conf`` should be edited to match |
|
43 |
snf-vncauthproxy configuration (user, password, SSL support, certificate file). |
|
44 |
You should also make sure that the node running snf-cyclades-app can connect to |
|
45 |
the snf-vncauthproxy's control socket address / port (the suggested deployment to |
|
46 |
run snf-vncauthproxy on the same host as snf-cyclades-app should work with |
|
47 |
the defaults of snf-vncauthproxy, with the exception of the authentication |
|
48 |
file). |
Also available in: Unified diff