4.7. Configuring VNC for VMs

With the exception of VMs based on the Debian templates, VMs might not be set up to support VNC by default. For example, if you P2V a server that does not have a VNC server installed, the resulting VM won't have VNC installed either. Before you can connect with the XenCenter graphical console, you need to ensure that the VNC server and an X display manager are installed on the VM and properly configured. This section describes the procedures for configuring VNC on each of the supported Linux operating system distributions to allow proper interactions with the XenCenter graphical console.

CentOS-based VMs should use the instructions for the Red Hat-based VMs below, as they use the same base code to provide graphical VNC access. CentOS 4 is based on Red Hat Enterprise Linux 4, and CentOS 5 is based on Red Hat Enterprise Linux 5.

4.7.1. Setting up Red Hat-based VMs for VNC

Note

Before setting up your Red Hat VMs for VNC, be sure that you have installed the Linux guest agent. See Section 4.4, “Installing the Linux guest agent” for details.

In order to configure VNC on Red Hat VMs, you need to modify the GDM configuration. The GDM configuration is held in a file whose location varies depending on the version of Red Hat Linux you are using. Before modifying it, we first must determine the location of this configuration file; this file will then be modified in a number of subsequent procedures in this section.

4.7.1.1. Determining the location of your VNC configuration file

If you are using Red Hat Linux version 3 or 4 the GDM configuration file is /etc/X11/gdm/gdm.conf. This is a unified configuration file that contains both default values as specified by the provider of your version of GDM in addition to your own customized configuration. This type of file is used by default in older versions of GDM, as included in these version of Red Hat Linux.

If you are using Red Hat Linux version 5 the GDM configuration file is /etc/gdm/custom.conf. This is a split configuration file that contains only user-specified values that override the default configuration. This type of file is used by default in newer versions of GDM, as included in these versions of Red Hat Linux.

4.7.1.2. Configuring GDM to use VNC

As root at the prompt in the VM's text console, type in rpm -q vnc-server gdm. The package names vnc-server and gdm should appear, with their version numbers specified.
If these package names are displayed, the appropriate packages are already installed. If you see a message saying that one of the packages is not installed, then you may not have selected the graphical desktop options during installation. You will need to install these packages before you can continue. See the appropriate Red Hat Linux x86 Installation Guide for details regarding installing additional software on your VM.
Open the GDM configuration file with your preferred text editor and add the following lines to the file:
```
[server-VNC]
name=VNC Server
command=/usr/bin/Xvnc -SecurityTypes None -geometry 1024x768 -depth 16 -BlacklistTimeout 0
flexible=true
```
- With configuration files as found on Red Hat Linux 3 and 4, this should be added above the [server-Standard section.
- With configuration files as found on Red Hat Linux 5, this should be added into the empty [servers] section.
Modify the configuration so that the Xvnc server is used instead of the standard X server:
- If you are using Red Hat Linux 3 or 4, there will be a line just above that says:
```
0=Standard
```
  Modify it to read:
```
0=VNC
```
- If you are using Red Hat Linux 5 or greater, you will need to add the above line just below the [servers] section and before the [server-VNC] section.
Save and close the file.

Restart GDM for your change in configuration to take effect, by running /usr/sbin/gdm-restart.

Note that, for Red Hat Linux, runlevel 5 is used for graphical startup. If your installation is configured to start up in runlevel 3, you will need to change this in order for the display manager to be started (and therefore to get access to a graphical console). Please refer to Section 4.7.4, “Checking runlevels” for further details.

4.7.1.3. Firewall settings

The firewall configuration by default does not allow VNC to traffic to go through. If you have a firewall between the VM and XenCenter, you need to allow traffic over the port that the VNC connection uses. By default, a VNC server listens for connections from a VNC viewer on TCP port 5900 + N, where N is the display number (usually just zero). So a VNC server setup for Display-0 will listen on TCP port 5900, Display-1 is TCP-5901, etc. Consult your firewall documentation to make sure these ports are open.

You might want to further customize your firewall configuration if you want to use IP connection tracking or limit the initiation of connections to be from one side only.

To customize Red Hat-based VMs firewall to open the VNC port

For Red Hat Linux 3, use redhat-config-securitylevel-tui.
For Red Hat Linux 4 and 5, use system-config-securitylevel-tui.
Select “Customize” and add 5900 to the other ports list.

Alternatively, you can disable the firewall until the next reboot by using service iptables stop, or permanently by using chkconfig iptables off. This can of course expose additional services to the outside world and reduce the overall security of your VM.

4.7.1.4. VNC screen resolution

If, after connecting to a Virtual Machine with the graphical console, the screen resolution is mismatched (for example, the VM's display is too big to comfortably fit in the Graphical Console pane), you can control it by setting the VNC server's -geometry parameter as follows:

Open the GDM configuration file with your preferred text editor. Please refer to Section 4.7.1.1, “Determining the location of your VNC configuration file” for information about determining the location of this file.
Find the [server-VNC] section you added above.
Edit the command line to read, for example,
```
command=/usr/bin/Xvnc -SecurityTypes None -geometry 800x600
```
where the value of the -geometry parameter can be any valid screen width and height.
Save and close the file.

4.7.2. Setting up SLES-based VMs for VNC

Note

Before setting up your SUSE Linux Enterprise Server VMs for VNC, be sure that you have installed the Linux guest agent. See Section 4.4, “Installing the Linux guest agent” for details.

SLES has support for enabling “Remote Administration” as a configuration option in YaST. You can select to enable Remote Administration at install time, available on the Network Services screen of the SLES installer. This will allow you to connect an external VNC viewer to your guest to view the graphical console; the methodology for using the SLES remote administration feature is slightly different than that provided by XenCenter, but it is possible to modify the configuration files in your SUSE Linux VM such that it is integrated with the graphical console feature.

4.7.2.1. Checking for a VNCserver

Before making configuration changes, you should verify that you have a VNC server installed. SUSE ships the tightvnc server by default; this is a suitable VNC server, but you can also use the standard RealVNC distribution if you prefer.

You can check that you have the tightvnc software installed by running the command:

rpm -q tightvnc

4.7.2.2. Enabling Remote Administration

If Remote Administration was not enabled during installation of the SLES software, you can enable it as follows:

Open a text console on the VM and run the YaST utility:
```
# yast
		
```
Note
Due to the complex control characters used to draw the YaST configuration screens, your screen usually becomes corrupted while using the text-mode YaST configuration tools. For example, you will be unable to see portions of the display, for example. In the steps that follow, use the key combination Ctrl+L to redraw the display and remove artifacts when necessary.
Use the arrow keys to select Network Services in the left menu, then Tab to the right menu and use the arrow keys to select Remote Administration. Press Enter.
In the Remote Administration screen, Tab to the Remote Administration Settings section. Use the arrow keys to select Allow Remote Administration and press Enter to place an X in the checkbox.
Tab to the Firewall Settings section. Use the arrow keys to select Open Port in Firewall and press Enter to place an X in the checkbox.
Tab to the Finish button and press Enter.
A messsage box appears telling you that you will need to restart the display manager for your settings to take effect. Press Enter to acknowledge the message.
The original top-level menu of YaST appears. Tab to the Quit button and press Enter.

4.7.2.3. Modifying the xinetd configuration

After enabling Remote Administration, you need to modify a configuration file if you want to allow XenCenter to connect, or else use a third party VNC client.

Open the file /etc/xinetd.d/vnc in your preferred text editor.

The file contains sections like the following:

service vnc1
{
  socket_type = stream
  protocol    = tcp
  wait        = no
  user        = nobody
  server      = /usr/X11R6/bin/Xvnc
  server_args = :42 -inetd -once -query localhost -geometry 1024x768 -depth 16
  type        = UNLISTED
  port        = 5901
}

Make the following changes:
- edit the port line to read port = 5900
- edit the server_args line to include the argument -BlacklistTimeout 0 at the end
Save and close the file.
Restart the display manager and xinetd service with the following commands:
```
/etc/init.d/xinetd restart
rcxdm restart
```

SUSE Linux uses runlevel 5 for graphical startup. If your remote desktop does not appear, verify that your VM is configured to start up in runlevel 5. Refer to Section 4.7.4, “Checking runlevels” for details.

4.7.2.4. Firewall settings

You might want to further customize your firewall configuration if you want to use IP connection tracking or limit the initiation of connections to be from one side only.

To customize SLES-based VMs firewall to open the VNC port

Open a text console on the VM and run the YaST utility:
```
# yast
		
```
Note
Due to the complex control characters used to draw the YaST configuration screens, your screen usually becomes corrupted while using the text-mode YaST configuration tools. For example, you will be unable to see portions of the display, for example. In the steps that follow, use the key combination Ctrl+L to redraw the display and remove artifacts when necessary.
Use the arrow keys to select Security and Users in the left menu, then Tab to the right menu and use the arrow keys to select Firewall. Press Enter.
In the Firewall screen, Tab to the Firewall Configuration: Settings section. Use the arrow keys to select the Allowed Services in the left menu.
Tab to the Firewall Configuration: Allowed Services fields on the right. Use the arrow keys to select the Advanced... button (near the bottom right, just above the Next button) and press Enter.
In the Additional Allowed Ports screen, type 5900 in the TCP Ports field. Tab to the OK button and press Enter.
Tab back to the list of screens on the left side and use the arrow keys to select Start-Up. Tab back to the right and Tab to the Save Settings and Restart Firewall Now button and press Enter.
Tab to the Next button and press Enter, then in the Summary screen Tab to the Accept button and press Enter, and finally on the top-level YaST screen Tab to the Quit button and press Enter.
Restart the display manager and xinetd service with the following commands:
```
/etc/init.d/xinetd restart
rcxdm restart
```

Alternatively, you can disable the firewall until the next reboot by using the rcSuSEfirewall2 stop command, or permanently by using YaST. This can of course expose additional services to the outside world and reduce the overall security of your VM.

4.7.2.5. VNC screen resolution

If, after connecting to a Virtual Machine with the Graphical Console, the screen resolution is mismatched (for example, the VM's display is too big to comfortably fit in the Graphical Console pane), you can control it by setting the VNC server's -geometry parameter as follows:

Open the /etc/xinetd.d/vnc file with your preferred text editor and find the service_vnc1 section (corresponding to displayID 1).
Edit the -geometry argument in the server-args line to the desired display resolution. For example,
```
server_args  = :42 -inetd -once -query localhost -geometry 800x600 -depth 16
```
where the value of the -geometry parameter can be any valid screen width and height.
Save and close the file.

Restart the vnc server:

/etc/init.d/xinetd restart
rcxdm restart

4.7.3. Setting up Debian-based VMs for VNC

The built-in Debian Sarge and Etch templates come pre-configured with VNC setup and ready use. However, the default VNC configuration in Debian does not permit the root administration user to log in by default. To log in by VNC, you can either:

Log in to the text console and create a new, unprivileged user via the adduser command. This is the recommended course of action.
At the graphical console login prompt, select Actions, Configure the Login Manager, type in your root password, then select Security, Allow local system administrator login, and finally select Close.

If you need to reset the VNC password, use the command

vnc4passwd /etc/vncpass

4.7.4. Checking runlevels

Red Hat and SUSE Linux VMs use runlevel 5 for graphical startup. This section describes how to verify that your VM is configured to start up in runlevel 5 and how to change it if it is not.

Check /etc/inittab to see what the default runlevel is set to. Look for the line that reads:
```
id:n:initdefault:
```
If n is not 5, edit the file to make it so.
You can run the command telinit q ; telinit 5 after this change to avoid having to actually reboot to switch runlevels.