Revision bd377d7e docs/upgrade.rst
| b/docs/upgrade.rst | ||
|---|---|---|
| 1 | 1 |
Upgrade notes |
| 2 | 2 |
^^^^^^^^^^^^^ |
| 3 | 3 |
|
| 4 |
v1.4next
|
|
| 5 |
========
|
|
| 6 |
Version 1.4next replaced Unix domain control sockets with TCP
|
|
| 4 |
v1.5
|
|
| 5 |
==== |
|
| 6 |
Version 1.5 replaced Unix domain control sockets with TCP
|
|
| 7 | 7 |
control sockets. This change made it necessary to also introduce an |
| 8 | 8 |
authentication file to replace the POSIX file permissions, which protected the |
| 9 | 9 |
domain sockets. |
| 10 | 10 |
|
| 11 |
The default path for the auth file is ``/var/lib/snf-vncauthproxy/users``
|
|
| 11 |
The default path for the auth file is ``/var/lib/vncauthproxy/users`` |
|
| 12 | 12 |
(configurable by the ``--auth-file`` option). Each line in the file represents |
| 13 | 13 |
one user which is allowed to use the control socket and should be in the |
| 14 | 14 |
following format: |
| ... | ... | |
| 19 | 19 |
user1 {cleartext}password
|
| 20 | 20 |
user2 {HA1}md5hash
|
| 21 | 21 |
|
| 22 |
If you want to use a hash instead of a password, you should provide the MD5 |
|
| 23 |
digest of the string ``user:vncauthproxy:password``. It can be generated with |
|
| 24 |
the following command: |
|
| 25 |
|
|
| 26 |
.. code-block:: console |
|
| 27 |
|
|
| 28 |
$ echo -n 'user:vncauthproxy:password' | openssl md5 |
|
| 29 |
|
|
| 22 | 30 |
The Debian package provides an example users file. |
| 23 | 31 |
|
| 24 |
Version 1.4next also introduced support for SSL for the control socket. If you
|
|
| 25 |
enable SSL support (``--enable-ssl`` parameter, disabled by default) you wil |
|
| 32 |
Version 1.5 also introduced support for SSL for the control socket. If you
|
|
| 33 |
enable SSL support (``--enable-ssl`` parameter, disabled by default) you will
|
|
| 26 | 34 |
have to provide a certficate and key file (``--cert-file`` and ``--key-file`` |
| 27 |
parameters). |
|
| 28 |
|
|
| 29 |
If you're using snf-vncauthproxy with Synnefo, you should make sure to set the |
|
| 30 |
``VNCAUTHPROXY_USER`` and ``VNCAUTHPROXY_PASSWORD`` options in |
|
| 31 |
``/etc/synnefo/20-snf-cyclades-app-api.conf``. They should match a user defined |
|
| 32 |
in snf-vncauthproxy's users (auth) file. You should also make sure that the |
|
| 33 |
node running snf-cyclades-app can connect to the snf-vncauthproxy's control |
|
| 34 |
socket address /port (the default deployment to run snf-vncauthproxy on the |
|
| 35 |
same host with snf-cyclades-app should work with the defaults of |
|
| 36 |
snf-vncauthproxy, with the exception of the authentiction file). |
|
| 35 |
parameters). The default values for certificate and key files are |
|
| 36 |
``/var/lib/vncauthrpoxy/{cert,key}.pem`` respectively.
|
|
| 37 |
|
|
| 38 |
If you're using snf-vncauthproxy with Synnefo, you should make sure to edit the |
|
| 39 |
``CYCLADES_VNCAUTHPROXY_OPTS`` setting in |
|
| 40 |
``/etc/synnefo/20-snf-cyclades-app-api.conf``. The |
|
| 41 |
``CYCLADES_VNCAUTHPROXY_OPTS`` dict in |
|
| 42 |
``/etc/synnefo/20-snf-cyclades-app-api.conf`` should be edited to match |
|
| 43 |
snf-vncauthproxy configuration (user, password, SSL support, certificate file). |
|
| 44 |
You should also make sure that the node running snf-cyclades-app can connect to |
|
| 45 |
the snf-vncauthproxy's control socket address / port (the suggested deployment to |
|
| 46 |
run snf-vncauthproxy on the same host as snf-cyclades-app should work with |
|
| 47 |
the defaults of snf-vncauthproxy, with the exception of the authentication |
|
| 48 |
file). |
|
Also available in: Unified diff