Joustie's blog

Jan 11, 2022 - 3 minute read

Playing around with NICE DCV Part 2

In this part of our “Playing around with NICE DCV” we will install and configure the DCV connection gateway. Downloading it from the NICE site is easy peasy as well as yum installing it.

The devils is mostly in the details, also here when you start integrating this component in your architecture.

It is a very neat package as you can see when we list the files in the package:

# rpm -ql nice-dcv-connection-gateway-2021.3.251-1.el7.x86_64
/etc/dcv-connection-gateway/dcv-connection-gateway.conf
/usr/lib/systemd/system/dcv-connection-gateway.service
/usr/libexec/dcv-connection-gateway/dcv-connection-gateway
/usr/share/doc/dcv-connection-gateway/EULA.txt
/usr/share/doc/dcv-connection-gateway/third-party-licenses.txt
/var/lib/dcvcgw
/var/log/dcv-connection-gateway

Not very configurable except for the config file, which is muy importante. Here is the reference to what can be put in there.

I chose this config:

[gateway]
bind-addr = "0.0.0.0"
quic-port = 8443
web-port = 8443
cert-file = "/etc/dcv-connection-gateway/cert.pem"
cert-key-file = "/etc/dcv-connection-gateway/key.pem"

[log]
level = "trace"

[dcv]
tls-strict = false

[resolver]
url = "https://172.16.1.60:8447"
ca-file = "/etc/dcv-connection-gateway/dcvsmbroker_ca.pem"
tls-strict = false

About SSL

I created a custom SSL certificate for this gateway (do not want to bore you with that). See the cert-file and cert-key option. If you don’t do that it will use a selfsigned one. Not a big problem but I did not want to be nagged by failing SSL verifications on my public facing gateway. For connections to backed components I disabled SSL verification. My firewall only allows me in. But only for playing around I chose this approach (machines also are destroyed immediately after this exploring session).

According to the documentation one can install and configure a ‘web resources server’. This is an external server that will serve the static files, CSS and javascript to enable an in-browser NICE DCV connection. Nice, but I want to try this feature later. I can be ‘omitted’ according to the docs so I did just that…

Architecture drawing

So now it’s ok to start:

# systemctl start  dcv-connection-gateway
#

Ok it took less than a second…right..

Let’s see the status:

#systemctl status dcv-connection-gateway.service
● dcv-connection-gateway.service - NICE DCV Connection Gateway
   Loaded: loaded (/usr/lib/systemd/system/dcv-connection-gateway.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2022-01-11 20:48:26 UTC; 2s ago
  Process: 22317 ExecReload=/usr/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
  Process: 32471 ExecStart=/usr/libexec/dcv-connection-gateway/dcv-connection-gateway --config /etc/dcv-connection-gateway/dcv-connection-gateway.conf (code=exited, status=1/FAILURE)
 Main PID: 32471 (code=exited, status=1/FAILURE

Ok, now the logfile then.. did not set the loglevel to ‘trace’ for nothing eh? Well the default log file in /var/log/dcv-connection-gateway is emtpy so the parsing of the config file maybe? Maybe something in the default system log? Gotcha..

#tail /var/log/messages
Jan 11 20:51:44 ip-172-16-1-61 systemd: Started NICE DCV Connection Gateway.
Jan 11 20:51:44 ip-172-16-1-61 dcv-connection-gateway: Error: Error parsing the config file '"/etc/dcv-connection-gateway/dcv-connection-gateway.conf"'
Jan 11 20:51:44 ip-172-16-1-61 dcv-connection-gateway: Caused by:
Jan 11 20:51:44 ip-172-16-1-61 dcv-connection-gateway: 0: Cannot deserialize as TOML
Jan 11 20:51:44 ip-172-16-1-61 dcv-connection-gateway: 1: missing field `web-resources` at line 16 column 1
Jan 11 20:51:44 ip-172-16-1-61 systemd: dcv-connection-gateway.service: main process exited, code=exited, status=1/FAILURE
Jan 11 20:51:44 ip-172-16-1-61 systemd: Unit dcv-connection-gateway.service entered failed state.
Jan 11 20:51:44 ip-172-16-1-61 systemd: dcv-connection-gateway.service failed.

Ok, now I am not sure what to do here, but let’s fill in a bogus web resources entry.

[web-resources]
url = "http://172.16.1.60:8449"
tls-strict = false

Starting it again an checking status: Now it runs!

● dcv-connection-gateway.service - NICE DCV Connection Gateway
   Loaded: loaded (/usr/lib/systemd/system/dcv-connection-gateway.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2022-01-11 20:57:15 UTC; 12s ago
  Process: 22317 ExecReload=/usr/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
 Main PID: 32593 (dcv-connection-)
   CGroup: /system.slice/dcv-connection-gateway.service
           └─32593 /usr/libexec/dcv-connection-gateway/dcv-connection-gateway --config /etc/dcv-connection-gateway/dcv-connection-gateway.conf

Jan 11 20:57:15 ip-172-16-1-61.eu-west-1.compute.internal systemd[1]: Started NICE DCV Connection Gateway.

Ok, now we can try to connect I guess!

I will continue in Part 3 where I left of and try to create sessions and connect to them.