In this part of our “Playing around with NICE DCV” we will install and configure the DCV connection gateway. Downloading it from the NICE site is easy peasy as well as yum installing it.
The devils is mostly in the details, also here when you start integrating this component in your architecture.
It is a very neat package as you can see when we list the files in the package:
# rpm -ql nice-dcv-connection-gateway-2021.3.251-1.el7.x86_64 /etc/dcv-connection-gateway/dcv-connection-gateway.conf /usr/lib/systemd/system/dcv-connection-gateway.service /usr/libexec/dcv-connection-gateway/dcv-connection-gateway /usr/share/doc/dcv-connection-gateway/EULA.txt /usr/share/doc/dcv-connection-gateway/third-party-licenses.txt /var/lib/dcvcgw /var/log/dcv-connection-gateway
Not very configurable except for the config file, which is muy importante. Here is the reference to what can be put in there.
I chose this config:
[gateway] bind-addr = "0.0.0.0" quic-port = 8443 web-port = 8443 cert-file = "/etc/dcv-connection-gateway/cert.pem" cert-key-file = "/etc/dcv-connection-gateway/key.pem" [log] level = "trace" [dcv] tls-strict = false [resolver] url = "https://172.16.1.60:8447" ca-file = "/etc/dcv-connection-gateway/dcvsmbroker_ca.pem" tls-strict = false
I created a custom SSL certificate for this gateway (do not want to bore you with that). See the cert-file and cert-key option. If you don’t do that it will use a selfsigned one. Not a big problem but I did not want to be nagged by failing SSL verifications on my public facing gateway. For connections to backed components I disabled SSL verification. My firewall only allows me in. But only for playing around I chose this approach (machines also are destroyed immediately after this exploring session).
So now it’s ok to start:
# systemctl start dcv-connection-gateway #
Ok it took less than a second…right..
Let’s see the status:
#systemctl status dcv-connection-gateway.service ● dcv-connection-gateway.service - NICE DCV Connection Gateway Loaded: loaded (/usr/lib/systemd/system/dcv-connection-gateway.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2022-01-11 20:48:26 UTC; 2s ago Process: 22317 ExecReload=/usr/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Process: 32471 ExecStart=/usr/libexec/dcv-connection-gateway/dcv-connection-gateway --config /etc/dcv-connection-gateway/dcv-connection-gateway.conf (code=exited, status=1/FAILURE) Main PID: 32471 (code=exited, status=1/FAILURE
Ok, now the logfile then.. did not set the loglevel to ’trace’ for nothing eh? Well the default log file in /var/log/dcv-connection-gateway is emtpy so the parsing of the config file maybe? Maybe something in the default system log? Gotcha..
#tail /var/log/messages Jan 11 20:51:44 ip-172-16-1-61 systemd: Started NICE DCV Connection Gateway. Jan 11 20:51:44 ip-172-16-1-61 dcv-connection-gateway: Error: Error parsing the config file '"/etc/dcv-connection-gateway/dcv-connection-gateway.conf"' Jan 11 20:51:44 ip-172-16-1-61 dcv-connection-gateway: Caused by: Jan 11 20:51:44 ip-172-16-1-61 dcv-connection-gateway: 0: Cannot deserialize as TOML Jan 11 20:51:44 ip-172-16-1-61 dcv-connection-gateway: 1: missing field `web-resources` at line 16 column 1 Jan 11 20:51:44 ip-172-16-1-61 systemd: dcv-connection-gateway.service: main process exited, code=exited, status=1/FAILURE Jan 11 20:51:44 ip-172-16-1-61 systemd: Unit dcv-connection-gateway.service entered failed state. Jan 11 20:51:44 ip-172-16-1-61 systemd: dcv-connection-gateway.service failed.
Ok, now I am not sure what to do here, but let’s fill in a bogus web resources entry.
[web-resources] url = "http://172.16.1.60:8449" tls-strict = false
Starting it again an checking status: Now it runs!
● dcv-connection-gateway.service - NICE DCV Connection Gateway Loaded: loaded (/usr/lib/systemd/system/dcv-connection-gateway.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2022-01-11 20:57:15 UTC; 12s ago Process: 22317 ExecReload=/usr/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Main PID: 32593 (dcv-connection-) CGroup: /system.slice/dcv-connection-gateway.service └─32593 /usr/libexec/dcv-connection-gateway/dcv-connection-gateway --config /etc/dcv-connection-gateway/dcv-connection-gateway.conf Jan 11 20:57:15 ip-172-16-1-61.eu-west-1.compute.internal systemd: Started NICE DCV Connection Gateway.
Ok, now we can try to connect I guess!
I will continue in Part 3 where I left of and try to create sessions and connect to them.