root / docs / upgrade.rst @ bd377d7e
History | View | Annotate | Download (1.9 kB)
1 |
Upgrade notes |
---|---|
2 |
^^^^^^^^^^^^^ |
3 |
|
4 |
v1.5 |
5 |
==== |
6 |
Version 1.5 replaced Unix domain control sockets with TCP |
7 |
control sockets. This change made it necessary to also introduce an |
8 |
authentication file to replace the POSIX file permissions, which protected the |
9 |
domain sockets. |
10 |
|
11 |
The default path for the auth file is ``/var/lib/vncauthproxy/users`` |
12 |
(configurable by the ``--auth-file`` option). Each line in the file represents |
13 |
one user which is allowed to use the control socket and should be in the |
14 |
following format: |
15 |
|
16 |
.. code-block:: console |
17 |
|
18 |
user password |
19 |
user1 {cleartext}password |
20 |
user2 {HA1}md5hash |
21 |
|
22 |
If you want to use a hash instead of a password, you should provide the MD5 |
23 |
digest of the string ``user:vncauthproxy:password``. It can be generated with |
24 |
the following command: |
25 |
|
26 |
.. code-block:: console |
27 |
|
28 |
$ echo -n 'user:vncauthproxy:password' | openssl md5 |
29 |
|
30 |
The Debian package provides an example users file. |
31 |
|
32 |
Version 1.5 also introduced support for SSL for the control socket. If you |
33 |
enable SSL support (``--enable-ssl`` parameter, disabled by default) you will |
34 |
have to provide a certficate and key file (``--cert-file`` and ``--key-file`` |
35 |
parameters). The default values for certificate and key files are |
36 |
``/var/lib/vncauthrpoxy/{cert,key}.pem`` respectively. |
37 |
|
38 |
If you're using snf-vncauthproxy with Synnefo, you should make sure to edit the |
39 |
``CYCLADES_VNCAUTHPROXY_OPTS`` setting in |
40 |
``/etc/synnefo/20-snf-cyclades-app-api.conf``. The |
41 |
``CYCLADES_VNCAUTHPROXY_OPTS`` dict in |
42 |
``/etc/synnefo/20-snf-cyclades-app-api.conf`` should be edited to match |
43 |
snf-vncauthproxy configuration (user, password, SSL support, certificate file). |
44 |
You should also make sure that the node running snf-cyclades-app can connect to |
45 |
the snf-vncauthproxy's control socket address / port (the suggested deployment to |
46 |
run snf-vncauthproxy on the same host as snf-cyclades-app should work with |
47 |
the defaults of snf-vncauthproxy, with the exception of the authentication |
48 |
file). |