CentOS7.2 部署VNC服务记录 / 四六文摘

不做过多介绍了，下面直接记录下CentOS7系统下安装配置vncserver的操作记录（测试机ip是10.10.1.4）

0）更改为启动桌面或命令行模式

获取当前系统启动模式[root@localhost ~]# systemctl get-defaultmulti-user.target 查看配置文件[root@localhost ~]# cat /etc/inittab# inittab is no longer used when using systemd.## ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.## Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target## systemd uses 'targets' instead of runlevels. By default, there are two main targets:## multi-user.target: analogous to runlevel 3          #命令行模式# graphical.target: analogous to runlevel 5           #图形界面模式## To view current default target, run:# systemctl get-default## To set a default target, run:# systemctl set-default TARGET.target# [root@localhost ~]# systemctl set-default graphical.target           #由命令行模式更改为图形界面模式[root@localhost ~]# systemctl set-default multi-user.target          #由图形界面模式更改为命令行模式 [root@localhost ~]# systemctl get-defaultgraphical.target

1）关闭防火墙
centos的防火墙是firewalld，关闭防火墙的命令
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl disable firewalld.service

[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
[root@localhost ~]# cat /etc/sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targeted

2）安装软件：
[root@localhost ~]# yum update
[root@localhost ~]# yum groupinstall "GNOME Desktop" "X Window System" "Desktop"
[root@localhost ~]# yum install tigervnc-server tigervnc vnc vnc-server

3）配置vnc连接
[root@localhost ~]# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

修改/etc/systemd/system/vncserver@:1.service
找到这一行
ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
PIDFile=/home/<USER>/.vnc/%H%i.pid

这里直接用root 用户登录，所以我替换成
ExecStart=/sbin/runuser -l root -c "/usr/bin/vncserver %i"
PIDFile=/root/.vnc/%H%i.pid

如果是其他用户的话比如john替换如下
ExecStart=/sbin/runuser -l john -c "/usr/bin/vncserver %i"
PIDFile=/home/john/.vnc/%H%i.pid

由于直接root用户登录，所以配置如下：
[root@localhost ~]# cat /etc/systemd/system/vncserver@:1.service
.........
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l root -c "/usr/bin/vncserver %i"
PIDFile=/root/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

为VNC设密码（比如密码设置为123456aA）
[root@localhost ~]# vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n #注意表示"是否输入一个只能查看的密码，选择否",否则连接vnc会出现黑屏
A view-only password is not used

[root@localhost ~]# vim /etc/libvirt/qemu.conf
vnc_password = "123456aA"
vnc_listen = "0.0.0.0"

重加载 systemd
[root@localhost ~]# systemctl daemon-reload

启动vnc
[root@localhost ~]# systemctl enable vncserver@:1.service
[root@localhost ~]# systemctl start vncserver@:1.service

确认VNC服务端口（用于远程vnc连接使用，这里查看vnc端口是5901）
[root@localhost ~]# ps -ef|grep Xvnc
root 141698 1 0 13:09 ? 00:00:14 /usr/bin/Xvnc :11 -auth /root/.Xauthority -desktop kvm-server:11 (root) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /root/.vnc/passwd -rfbport 5901 -rfbwait 30000

注意，这里测试机器关闭了防火墙
如果防火墙开了，需要开通一下规则：
[root@localhost ~]# firewall-cmd --permanent --add-service vnc-server
[root@localhost ~]# systemctl restart firewalld.service
如果是iptable，则需要在/etc/sysconfig/iptables里添加：
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5903 -j ACCEPT

关闭vnc连接
[root@localhost ~]# /usr/bin/vncserver -kill :1

测试vnc连接（这种方式可用于在浏览器里通过http方式远程连接VNC，代替VNC客户端连接。注意这里vnc端口是5901） #注意："yum install -y novnc"安装novnc后才会有novnc_server命令工具

[root@kojibuilder05 ~]# novnc_server --vnc 10.10.1.4:5901 --listen 6081
Warning: could not find self.pem
Starting webserver and WebSockets proxy on port 6081
WARNING: no 'numpy' module, HyBi protocol will be slower
WebSocket server settings:
- Listen on :6081
- Flash security policy server
- Web server. Web root: /usr/share/novnc
- No SSL/TLS support (no cert file)
- proxying from :6081 to 10.10.1.4:5901

Navigate to this URL:

http://kojibuilder05:6081/vnc.html?host=kojibuilder05&port=6081 #注意：这个是http方式连接vnc的地址

Press Ctrl-C to exit # 注意：如在浏览器里以http方式连接vnc，则这里不能按"Ctrl C"结束，浏览器连接的日志信息会在这行下面输出

10.10.1.103 - - [04/Dec/2020 14:14:39] code 404, message File not found
10.10.1.103 - - [04/Dec/2020 14:14:44] 10.10.1.103: Plain non-SSL (ws://) WebSocket connection
10.10.1.103 - - [04/Dec/2020 14:14:44] 10.10.1.103: Version hybi-13, base64: 'False'
10.10.1.103 - - [04/Dec/2020 14:14:44] 10.10.1.103: Path: '/websockify'
10.10.1.103 - - [04/Dec/2020 14:14:44] connecting to: 10.10.1.4:5901

也可以在本地windows机器上安装vnc viewer，远程访问

在windows下安装vnc客户端，

下载地址：https://pan.baidu.com/s/1hrSIr4K

提取密码：dqdt

VNC远程连接信息（下面ip是VNC服务端的地址）：

VNC Server： 10.10.1.4:5901

Encrytion：Let VNC Server choose

然后输入vncpasswd的密码即可完成VNC远程连接！

问题：Could not make bus activated clients aware of XDG_CURRENT_DESKTOP=GNOME environment variable:
Could not connect: Connection refused

[root@kevin ~]# cat /root/.vnc/kevin:1.log

...........

(imsettings-check:31898): GLib-GIO-CRITICAL **: 21:56:03.842: g_dbus_proxy_call_sync_internal: assertion 'G_IS_DBUS_PROXY (proxy)' failed

GLib-GIO-Message: 21:56:03.854: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications.

** (process:31798): WARNING **: 21:56:03.861: Could not make bus activated clients aware of XDG_CURRENT_DESKTOP=GNOME environment variable:

Could not connect: Connection refused

原因：dbus-daemon存在冲突。

因为root系统环境中装有anaconda，它的bin目录中的dbus-daemon会与系统自带的dbus-daemon冲突。

[root@kevin ~]# find / -name "dbus-daemon"

/usr/bin/dbus-daemon

/data/anaconda3/bin/dbus-daemon

/data/anaconda3/pkgs/dbus-1.13.6-h746ee38_0/bin/dbus-daemon

[root@kevin ~]# which dbus-daemon

/data/anaconda3/bin/dbus-daemon

解决办法：使用非root用户启动vncserver

[root@kevin ~]# useradd vncuser

[root@kevin ~]# echo "vncuser@123"|passwd --stdin vncuser

[root@kevin ~]# vim /etc/sudoers

vncuser ALL=(ALL) NOPASSWD: ALL

修改vncserver使用vncuser这个非root用户启动

[root@kevin ~]# cat /etc/systemd/system/vncserver@:1.service

..........

ExecStart=/usr/sbin/runuser -l vncuser -c "/usr/bin/vncserver %i"

PIDFile=/root/.vnc/%H%i.pid

接着切入到非root用户vncuser下启动vncserver

[root@kevin ~]# su - vncuser

Last login: Tue Jul 2 22:05:38 CST 2019 on pts/2

设置vnc登录密码

[vncuser@kevin ~]$ vncpasswd

启动vnc

[vncuser@kevin ~]$ vncserver

查看vnc日志

[vncuser@kevin ~]$ cd .vnc/

[vncuser@kevin .vnc]$ ll

total 20

-rw-r--r-- 1 vncuser vncuser 332 Jul 2 22:06 config

-rw-rw-r-- 1 vncuser vncuser 1046 Jul 2 22:10 kevin:1.log

-rw-rw-r-- 1 vncuser vncuser 5 Jul 2 22:06 kevin:1.pid

-rw------- 1 vncuser vncuser 8 Jul 2 22:06 passwd

-rwxr-xr-x 1 vncuser vncuser 112 Jul 2 22:06 xstartup

[vncuser@kevin .vnc]$ cat kevin\:1.log

Xvnc TigerVNC 1.8.0 - built Nov 2 2018 19:05:14

See http://www.tigervnc.org for information on TigerVNC.

Underlying X server release 12001000, The X.Org Foundation

Tue Jul 2 22:06:26 2019

vncext: VNC extension running!

vncext: Listening for VNC connections on all interface(s), port 5901

vncext: created VNC server for screen 0

touch: cannot touch ‘/home/vncuser/.cache/imsettings/log’: No such file or directory

Tue Jul 2 22:06:30 2019

ComparingUpdateTracker: 0 pixels in / 0 pixels out

ComparingUpdateTracker: (1:-nan ratio)

Tue Jul 2 22:10:22 2019

Connections: accepted: 192.168.1.200::56162

Tue Jul 2 22:10:23 2019

Connections: closed: 192.168.1.200::56162 (reading version failed: not an RFB

client?)

EncodeManager: Framebuffer updates: 0

EncodeManager: Total: 0 rects, 0 pixels

EncodeManager: 0 B (1:-nan ratio)

ComparingUpdateTracker: 0 pixels in / 0 pixels out

ComparingUpdateTracker: (1:-nan ratio)

启动vncserver出现报错：
Error: Too many open files
Error getting authority: Error initializing authority: GDBus.Error:org.freedesktop.DBus.Error.LimitsExceeded: The maximum number of active connections for UID 0 has been reached (g-dbus-error-quark, 8)

vncserver服务器异常断电关机，在服务器重启后，尝试启动vncserver服务，出现报错！！

[root@kvm02 ~]# systemctl start vncserver@:1.service

Error: Too many open files

Error getting authority: Error initializing authority: GDBus.Error:org.freedesktop.DBus.Error.LimitsExceeded: The maximum number of active connections for UID 0 has been reached (g-dbus-error-quark, 8)

1）检查确认服务器的系统最大文件打开数的设置

查看ulimit设置，设置的是当前shell的当前用户的打开的最大限制

[root@kvm02 ~]# ulimit -n

65535

[root@kvm02 ~]# cat /etc/security/limits.conf

........

# End of file

* soft nofile 65535

* hard nofile 65535

* soft nproc 102400

* hard nproc 102400

* soft core 4194304

* hard core 4194304

查看系统级别的能够打开的文件句柄的数量，Centos7默认是794168

[root@kvm02 ~]# cat /proc/sys/fs/file-max

2000000

查看系统级打开最大文件句柄的数量

[root@kvm02 ~]# cat /etc/sysctl.conf |grep fs.file-max

fs.file-max = 2000000 #os can config

[root@kvm02 ~]# sysctl -p

2) 查看当前系统打开的文件数量

[root@kvm02 ~]# lsof | wc -l

139456

[root@kvm02 ~]# lsof |grep delete|awk '{print $2}'|sort|uniq |xargs kill -9

3) 确保防火墙关闭了，清空防火墙策略

[root@kvm02 ~]# iptables -F

[root@kvm02 ~]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

4）把vncserver@:1.service 中的 Type 参数设置为 simple，这一步很关键！！！

[root@kvm02 ~]# cat /etc/systemd/system/vncserver@:1.service

..........

[Service]

Type=simple #修改这一行Type参数为simple，其他行内容不变。

# Clean any existing files in /tmp/.X11-unix environment

ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

ExecStart=/usr/sbin/runuser -l root -c "/usr/bin/vncserver %i"

PIDFile=/root/.vnc/%H%i.pid

ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

.........

5）最后再尝试重启

[root@kvm02 ~]# systemctl stop vncserver@:1.service

[root@kvm02 ~]# systemctl enable vncserver@:1.service

[root@kvm02 ~]# systemctl start vncserver@:1.service

[root@kvm02 ~]# systemctl status vncserver@:1.service

● vncserver@:1.service - Remote desktop service (VNC)

Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)

Active: active (running) since Tue 2020-04-14 13:47:56 CST; 22min ago

Main PID: 1733 (Xvnc)

CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service

‣ 1733 /usr/bin/Xvnc :1 -auth /root/.Xauthority -desktop kvm02.kevin.cn:1 (root) -fp catalogue:/etc/X11/fontpath.d -geometry...

Apr 14 13:47:56 kvm02.kevin.cn systemd[1]: Starting Remote desktop service (VNC)...

Apr 14 13:47:56 kvm02.kevin.cn systemd[1]: Started Remote desktop service (VNC).

查看vnc服务进程及其端口,如下可以看出端口是5911

但是注意：vncserver大多数情况下默认端口是5901，这个要特别注意查看确认，以保证vnc远程连接时使用正确端口！！！！

[root@kvm02 ~]# ps -ef|grep Xvnc

root 1733 1 0 13:47 ? 00:00:06 /usr/bin/Xvnc :1 -auth /root/.Xauthority -desktop kvm02.kevin.cn:1 (root) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /root/.vnc/passwd -rfbport 5911 -rfbwait 30000

root 5099 4256 0 14:10 pts/2 00:00:00 grep --color=auto Xvnc

6）novnc输出http方式连接vnc的地址

注意：下面的10.0.32.22是vnc服务器本地ip，5911是vncserver服务端口

[root@kvm02 ~]# novnc_server --vnc 10.10.132.22:5911 --listen 6081

Warning: could not find self.pem

Starting webserver and WebSockets proxy on port 6081

WebSocket server settings:

- Listen on :6081

- Flash security policy server

- Web server. Web root: /usr/share/novnc

- No SSL/TLS support (no cert file)

- proxying from :6081 to 10.0.32.22:5911

Navigate to this URL:

http://kvm02.kevin.cn:6081/vnc.html?host=kvm02.kevin.cn&port=6081

Press Ctrl-C to exit

============================================================================================================

注意：

上面的"Press Ctrl-C to exit"这一行内容不要终止！

接着在浏览器里输入上面命令输出中的URL，以http方式访问vnc，输入密码即可！

访问地址为：http://10.10.132.22:6081/vnc.html?host=10.10.132.22&port=6081

浏览器里http方法连接vnc的日志信息会在"Press Ctrl-C to exit"这一行下面打印输出来......

感谢https://www.cnblogs.com/kevingrace/p/5821450.html

https://www.cnblogs.com/kevingrace/p/8377645.html

来源：https://www.icode9.com/content-3-774051.html

CentOS7.2 部署VNC服务记录

相关推荐