Skip to end of metadata
Go to start of metadata

 

FreeRDP Proxy for VM terminal in Hyper-V

Abiquo 3.1 has a new integration FreeRDP to enable a direct connection through the eye icon to virtual machines running on Hyper-V 2012 R2. This connection uses FreeRDP-WebConnect/wsgate, which is a FreeRDP proxy for access to Hyper-V. Cloud users can now connect directly to their Hyper-V virtual machines by clicking on the eye button. This feature is currently only available for Hyper-V but it could be extended to more hypervisors in future in response to customer demand. If you do not perform this configuration, the details of how to connect to the VM will be shown as in previous versions of Abiquo.



Install wsgate proxy

Install Abqiuo package

  • Use a machine running Centos 6.5
  • Add a new yum repo
rpm -Uvh http://mirror.abiquo.com/abiquo/3.1/os/x86_64/abiquo-release-ee-3.1.0-1.el6.noarch.rpm
[root@localhost ~]# rpm -Uvh http://mirror.abiquo.com/abiquo/3.1/os/x86_64/abiquo-release-ee-3.1.0-1.el6.noarch.rpm
Retrieving http://mirror.bcn.abiquo.com/abiquo/3.1/os/x86_64/abiquo-release-ee-3.1.0-1.el6.noarch.rpm
warning: /var/tmp/rpm-tmp.XH7bln: Header V4 DSA/SHA1 Signature, key ID e2440914: NOKEY
Preparing...                ########################################### [100%]
   1:abiquo-release-ee      warning: /etc/yum.repos.d/Abiquo-Base.repo saved as /etc/yum.repos.d/Abiquo-Base.repo.rpmorig
########################################### [100%]
warning: /etc/yum.repos.d/CentOS-Base.repo saved as /etc/yum.repos.d/CentOS-Base.repo.rpmsave
[root@localhost ~]#


  • Install abiquo-wsgate. This package is a bundle of a compiled version of wsgate.
yum install abiquo-wsgate
[root@localhost ~]# yum install abiquo-wsgate
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
abiquo-base                                                                                                                                                                              | 2.9 kB     00:00     
abiquo-base/primary_db                                                                                                                                                                   | 693 kB     00:00     
abiquo-updates                                                                                                                                                                           | 2.9 kB     00:00     
centos-base                                                                                                                                                                              | 3.7 kB     00:00     
centos-updates                                                                                                                                                                           | 3.4 kB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package abiquo-wsgate.x86_64 0:1.2.0-1.el6 will be installed
--> Processing Dependency: libpng12.so.0(PNG12_0)(64bit) for package: abiquo-wsgate-1.2.0-1.el6.x86_64
--> Processing Dependency: libpng for package: abiquo-wsgate-1.2.0-1.el6.x86_64
--> Processing Dependency: libdw.so.1(ELFUTILS_0.122)(64bit) for package: abiquo-wsgate-1.2.0-1.el6.x86_64
--> Processing Dependency: elfutils-libs for package: abiquo-wsgate-1.2.0-1.el6.x86_64
--> Processing Dependency: libpng12.so.0()(64bit) for package: abiquo-wsgate-1.2.0-1.el6.x86_64
--> Processing Dependency: libdw.so.1()(64bit) for package: abiquo-wsgate-1.2.0-1.el6.x86_64
--> Running transaction check
---> Package elfutils-libs.x86_64 0:0.152-1.el6 will be installed
---> Package libpng.x86_64 2:1.2.49-1.el6_2 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================================================================================================
 Package                                            Arch                                        Version                                                  Repository                                        Size
================================================================================================================================================================================================================
Installing:
 abiquo-wsgate                                      x86_64                                      1.2.0-1.el6                                              abiquo-base                                      8.7 M
Installing for dependencies:
 elfutils-libs                                      x86_64                                      0.152-1.el6                                              centos-base                                      181 k
 libpng                                             x86_64                                      2:1.2.49-1.el6_2                                         abiquo-base                                      182 k
Transaction Summary
================================================================================================================================================================================================================
Install       3 Package(s)
Total download size: 9.0 M
Installed size: 63 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): abiquo-wsgate-1.2.0-1.el6.x86_64.rpm                                                                                                                                              | 8.7 MB     00:00     
(2/3): elfutils-libs-0.152-1.el6.x86_64.rpm                                                                                                                                              | 181 kB     00:00     
(3/3): libpng-1.2.49-1.el6_2.x86_64.rpm                                                                                                                                                  | 182 kB     00:00     
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                            12 MB/s | 9.0 MB     00:00     
warning: rpmts_HdrFromFdno: Header V4 DSA/SHA1 Signature, key ID e2440914: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Abiquo
Importing GPG key 0xE2440914:
 Userid : Abiquo RPM Packagers <sysadmins@abiquo.com>
 Package: 13:abiquo-release-ee-3.1.0-1.el6.noarch (installed)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-Abiquo
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : elfutils-libs-0.152-1.el6.x86_64                                                                                                                                                             1/3 
  Installing : 2:libpng-1.2.49-1.el6_2.x86_64                                                                                                                                                               2/3 
  Installing : abiquo-wsgate-1.2.0-1.el6.x86_64                                                                                                                                                             3/3 
  Verifying  : 2:libpng-1.2.49-1.el6_2.x86_64                                                                                                                                                               1/3 
  Verifying  : abiquo-wsgate-1.2.0-1.el6.x86_64                                                                                                                                                             2/3 
  Verifying  : elfutils-libs-0.152-1.el6.x86_64                                                                                                                                                             3/3 
Installed:
  abiquo-wsgate.x86_64 0:1.2.0-1.el6                                                                                                                                                                            
Dependency Installed:
  elfutils-libs.x86_64 0:0.152-1.el6                                                                       libpng.x86_64 2:1.2.49-1.el6_2                                                                      
Complete!
[root@localhost ~]#

Configure wsgate

To simplify the deployment, the rpm includes a configuration generator. Do the following steps:

  • Edit /opt/wsgate/etc/abiquo-wsgate.conf. This files stores your network and Hyper-V information. You need to specify one line for each Hyper-V you will add to Abiquo. You will also need one public IP attached to this host for each Hyper-V. By default, in an environment configured with SSL, the VMs will connect on port 4430
vi /opt/wsgate/etc/abiquo-wsgate.conf
10.60.10.20     10.20.20.20     Administrator@your_domain       password1!
10.60.10.21     10.20.20.21     Administrator@your_domain       password2!

In this example, the server that host wsgate has 2 public IPs (10.60.10.20 and 10.60.10.21). 10.60.10.20 will redirect to a Hyper-V with an IP of 10.20.20.20 and will log in with the username Administrator@your_domain (note that the user is on a domain controller) with the password password1!.

  • After you have finished editing the configuration, run the generator.

/opt/wsgate/etc/generate_conf.sh
[root@localhost etc]# /opt/wsgate/etc/generate_conf.sh 
Created a wsgate for 10.60.10.20. Remember to create a certificate for this ip in /opt/wsgate/etc/ssl/10.60.10.20.pem
Created a wsgate for 10.60.10.21. Remember to create a certificate for this ip in /opt/wsgate/etc/ssl/10.60.10.21.pem
[root@localhost etc]#

The output of this command is very important. The binary does not return a proper error level when it fails, so if you try to start wsgate while ignoring the certificate creation, you will get an OK, but in reality the process will have failed to start.

Generate a certificate

If you want to use SSL, you will need to get a valid certificate from an authorized CA or ensure your users trust the CA you are using (for example,a self-signed certificate). To generate a self-signed certificate, usually only for testing purposes, run the following command:

openssl req -x509 -nodes -newkey rsa:2048 -keyout /root/privateKey.key -out /root/certificate.crt
cat /root/privateKey.key /root/certificate.crt > /opt/wsgate/etc/ssl/10.60.10.20.pem
cat /root/privateKey.key /root/certificate.crt > /opt/wsgate/etc/ssl/10.60.10.21.pem
[root@localhost ~]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /root/privateKey.key -out /root/certificate.crt
Generating a 2048 bit RSA private key
.....+++
......+++
writing new private key to '/root/privateKey.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ES
State or Province Name (full name) []:Catalonia
Locality Name (eg, city) [Default City]:Barcelona
Organization Name (eg, company) [Default Company Ltd]:Abiquo Ltd.
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, your name or your server's hostname) []:10.60.10.20
Email Address []:someemail@abiquo.com
[root@localhost ~]# cat /root/privateKey.key /root/certificate.crt > /opt/wsgate/etc/ssl/10.60.10.20.pem
[root@localhost ~]# cat /root/privateKey.key /root/certificate.crt > /opt/wsgate/etc/ssl/10.60.10.21.pem
[root@localhost ~]#
 

Start wsgate

service wsgate start
[root@localhost ~]# /etc/init.d/wsgate start
Starting a new wsgate for 10.60.10.20: 
                                                           [  OK  ]
Starting a new wsgate for 10.60.10.21: 
                                                           [  OK  ]
[root@localhost ~]# 

If you want wsgate to start when your server is powered on, run the following command:

chkconfig wsgate on
[root@localhost ~]# chkconfig wsgate on
[root@localhost ~]# chkconfig --list wsgate
wsgate          0:off   1:off   2:on    3:on    4:on    5:on    6:off
[root@localhost ~]# 

------------------------

WSGate without SSL

The configuration without SSL is NOT a recommended configuration and must not be used in production environments.

To run wsgate without SSL in a test environment, edit the configuration template and modify it to look like the following example.

vi /opt/wsgate/etc/wsgate.ini.template

Sample file showing sections relevant to environments without SSL. In this case, the connection port will be 80.

configuration example no ssl
...
 
# Redirect permanently to https
# If listeners for both SSL and non-SSL are configured, enabling this,
# will answer all requests on the non-SSL port with a HTTP redirect response
# pointing to the SSL port.
#
# Default: false
redirect = false


...
 
[ssl]
# Set SSL listener port. If omitted, no SSL listener will be started.
#port = 4430
# Set bind address of non-SSL listener.
#bindaddr = 0.0.0.0
# Set server cert filename. This option is mandatory, if SSL an listener
# is enabled. It must contain a PEM encoded certificate and the corresponding
# private key.
#certfile = /opt/wsgate/etc/bundle.pem
# Set password of SSL private key.
#certpass = verysecret

Re-run the configuration generator:

/opt/wsgate/etc/generate_conf.sh
[root@localhost etc]# /opt/wsgate/etc/generate_conf.sh 
Created a wsgate for 10.60.10.20. Remember to create a certificate for this ip in /opt/wsgate/etc/ssl/10.60.10.20.pem
Created a wsgate for 10.60.10.21. Remember to create a certificate for this ip in /opt/wsgate/etc/ssl/10.60.10.21.pem
[root@localhost etc]#

 

Restart your wsgate proxy to apply the new configuration

service wsgate restart

Sample output:

[root@localhost ~]# service wsgate restart
Shutting down wsgate:                                      [  OK  ]
Starting wsgate:                                           [  OK  ]
[root@localhost ~]# 

Now, configure Abiquo to disable the secure connection to wsgate. You must do this on the UI server (by default this is the Abiquo server)

vi /var/www/html/ui/config/client-config.json
...
 
    "rdpaccess.usesslproxy":false
}

Add a new Hyper-V

  • Modify abiquo-wsgate.conf with the new data
vi /opt/wsgate/etc/abiquo-wsgate.conf
10.60.10.20     10.20.20.20     Administrator@your_domain       password1!
10.60.10.21     10.20.20.21     Administrator@your_domain       password2!
10.60.10.22     10.20.20.22     Administrator@your_domain       password3!

 

  • Re-run the configuration generator
/opt/wsgate/etc/generate_conf.sh
[root@localhost ~]# /opt/wsgate/etc/generate_conf.sh 
Created a wsgate for 10.60.10.20. Remember to create a certificate for this ip in /opt/wsgate/etc/ssl/10.60.10.20.pem
Created a wsgate for 10.60.10.21. Remember to create a certificate for this ip in /opt/wsgate/etc/ssl/10.60.10.21.pem
Created a wsgate for 10.60.10.22. Remember to create a certificate for this ip in /opt/wsgate/etc/ssl/10.60.10.22.pem
[root@localhost ~]# 

 

  • Generate new certificates
[root@localhost ~]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /root/privateKey.key -out /root/certificate.crt
Generating a 2048 bit RSA private key
.....+++
......+++
writing new private key to '/root/privateKey.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ES
State or Province Name (full name) []:Catalonia
Locality Name (eg, city) [Default City]:Barcelona
Organization Name (eg, company) [Default Company Ltd]:Abiquo Ltd.
Organizational Unit Name (eg, section) []:Engineering
Common Name (eg, your name or your server's hostname) []:10.60.10.22
Email Address []:someemail@abiquo.com
[root@localhost ~]# cat /root/privateKey.key /root/certificate.crt > /opt/wsgate/etc/ssl/10.60.10.22.pem
[root@localhost ~]#
  • Restart wsgate
service wsgate restart
[root@localhost ~]# service wsgate restart
Shutting down wsgate for 10.60.10.20: 
                                                           [  OK  ]
Shutting down wsgate for 10.60.10.21: 
                                                           [  OK  ]
Shutting down wsgate for 10.60.10.22: 
                                                           [  OK  ]
Starting a new wsgate for 10.60.10.20: 
                                                           [  OK  ]
Starting a new wsgate for 10.60.10.21: 
                                                           [  OK  ]
Starting a new wsgate for 10.60.10.22: 
                                                           [  OK  ]
[root@localhost ~]#

 

Configure the hypervisor in Abiquo

Create or edit the Hyper-V hypervisor.

Add the wsgate proxy address that is registered in your DNS as the Remote access IP.

Click Save.

Now all new VMs created in the Hyper-V hypervisor on this machine will have remote access through freeRDP when users click the eye button.

User connection to VM

When users click the eye button for VMs on Hyper-V, a popup will open with an HTML5 client connecting to the configured wsgate proxy and then the remote console will open.

 

 

  • No labels