CentOS7.2 部署VNC服务记录

不做过多介绍了，下面直接记录下CentOS7系统下安装配置vncserver的操作记录（测试机ip是192.168.1.8）

0）更改为启动桌面或命令行模式

获取当前系统启动模式
[root@localhost ~]# systemctl get-default 
multi-user.target

查看配置文件
[root@localhost ~]# cat /etc/inittab
# inittab is no longer used when using systemd.
#
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
#
# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
#
# multi-user.target: analogous to runlevel 3          #命令行模式
# graphical.target: analogous to runlevel 5           #图形界面模式
#
# To view current default target, run:
# systemctl get-default
#
# To set a default target, run:
# systemctl set-default TARGET.target
#

[root@localhost ~]# systemctl set-default graphical.target           #由命令行模式更改为图形界面模式
[root@localhost ~]# systemctl set-default multi-user.target          #由图形界面模式更改为命令行模式

[root@localhost ~]# systemctl get-default 
graphical.target

1）关闭防火墙
centos的防火墙是firewalld，关闭防火墙的命令
[root@localhost ~]# systemctl stop firewalld.service 
[root@localhost ~]# systemctl disable firewalld.service 

[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce
[root@localhost ~]# cat /etc/sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targeted

2）安装软件：
[root@localhost ~]# yum update
[root@localhost ~]# yum groupinstall "GNOME Desktop" "X Window System" "Desktop"
[root@localhost ~]# yum install tigervnc-server tigervnc vnc vnc-server

3）配置vnc连接
[root@localhost ~]# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

修改/etc/systemd/system/vncserver@:1.service
找到这一行
ExecStart=/sbin/runuser -l <USER> -c "/usr/bin/vncserver %i"
PIDFile=/home/<USER>/.vnc/%H%i.pid

这里直接用root 用户登录，所以我替换成
ExecStart=/sbin/runuser -l root -c "/usr/bin/vncserver %i"
PIDFile=/root/.vnc/%H%i.pid

如果是其他用户的话比如john替换如下
ExecStart=/sbin/runuser -l john -c "/usr/bin/vncserver %i"
PIDFile=/home/john/.vnc/%H%i.pid

由于直接root用户登录，所以配置如下：
[root@localhost ~]# cat /etc/systemd/system/vncserver@:1.service
.........
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l root -c "/usr/bin/vncserver %i"
PIDFile=/root/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target

为VNC设密码（比如密码设置为123456）
[root@localhost ~]# vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n             #注意表示"是否输入一个只能查看的密码，选择否",否则连接vnc会出现黑屏
A view-only password is not used

[root@localhost ~]# vim /etc/libvirt/qemu.conf
vnc_password = "123456"
vnc_listen = "0.0.0.0"

重加载 systemd
[root@localhost ~]# systemctl daemon-reload

启动vnc
[root@localhost ~]# systemctl enable vncserver@:1.service
[root@localhost ~]# systemctl start vncserver@:1.service

确认VNC服务端口（用于远程vnc连接使用，这里查看vnc端口是5901）
[root@localhost ~]# ps -ef|grep Xvnc
root 141698 1 0 13:09 ? 00:00:14 /usr/bin/Xvnc :11 -auth /root/.Xauthority -desktop kvm-server:11 (root) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /root/.vnc/passwd -rfbport 5901 -rfbwait 30000

注意，这里测试机器关闭了防火墙
如果防火墙开了，需要开通一下规则：
[root@localhost ~]# firewall-cmd --permanent --add-service vnc-server
[root@localhost ~]# systemctl restart firewalld.service
如果是iptable，则需要在/etc/sysconfig/iptables里添加：
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5903 -j ACCEPT

关闭vnc连接
[root@localhost ~]# /usr/bin/vncserver -kill :1

测试vnc连接（这种方式可用于在浏览器里通过http方式远程连接VNC，代替VNC客户端连接。注意这里vnc端口是5901）
[root@localhost ~]# novnc_server --vnc 192.168.1.8:5901 --listen 6081      #注意："yum install -y novnc"安装novnc后才会有novnc_server命令工具
Warning: could not find self.pem
Starting webserver and WebSockets proxy on port 6081
WebSocket server settings:
- Listen on :6081
- Flash security policy server
- Web server. Web root: /usr/share/novnc
- No SSL/TLS support (no cert file)
- proxying from :6081 to 192.168.1.8:5901

Navigate to this URL:

http://kvm-server:6081/vnc.html?host=kvm-server&port=6081            #注意：这个是http方式连接vnc的地址

Press Ctrl-C to exit                                  # 注意：如在浏览器里以http方式连接vnc，则这里不能按"Ctrl + C"结束，浏览器连接的日志信息会在这行下面输出

由于kvm-server的主机名对应ip是112.112.113.56，所以在浏览器里输入：
http://112.112.113.56:6081/vnc.html?host=112.112.113.56&port=6081 ，然后输入密码，就可以在浏览器里以http方式连接VNC服务了

也可以在本地windows机器上安装vnc viewer，远程访问
在windows下安装vnc客户端，
下载地址：https://pan.baidu.com/s/1hrSIr4K
提取密码：dqdt
   
VNC远程连接信息（下面ip是VNC服务端的地址）：
VNC Server： 112.112.113.56:5901
Encrytion：Let VNC Server choose
   
然后输入vncpasswd的密码即可完成VNC远程连接！

                                                                                                                                             

问题：Could not make bus activated clients aware of XDG_CURRENT_DESKTOP=GNOME environment variable:
Could not connect: Connection refused

[root@kevin ~]# cat /root/.vnc/kevin:1.log
...........
...........
(imsettings-check:31898): GLib-GIO-CRITICAL **: 21:56:03.842: g_dbus_proxy_call_sync_internal: assertion 'G_IS_DBUS_PROXY (proxy)' failed
GLib-GIO-Message: 21:56:03.854: Using the 'memory' GSettings backend.  Your settings will not be saved or shared with other applications.

** (process:31798): WARNING **: 21:56:03.861: Could not make bus activated clients aware of XDG_CURRENT_DESKTOP=GNOME environment variable: 
Could not connect: Connection refused

原因：dbus-daemon存在冲突。
因为root系统环境中装有anaconda，它的bin目录中的dbus-daemon会与系统自带的dbus-daemon冲突。

[root@kevin ~]# find / -name "dbus-daemon"
/usr/bin/dbus-daemon
/data/anaconda3/bin/dbus-daemon
/data/anaconda3/pkgs/dbus-1.13.6-h746ee38_0/bin/dbus-daemon

[root@kevin ~]# which dbus-daemon
/data/anaconda3/bin/dbus-daemon

解决办法：使用非root用户启动vncserver
[root@kevin ~]# useradd vncuser
[root@kevin ~]# echo "vncuser@123"|passwd --stdin vncuser
[root@kevin ~]# vim /etc/sudoers
vncuser ALL=(ALL)       NOPASSWD: ALL

修改vncserver使用vncuser这个非root用户启动
[root@kevin ~]# cat /etc/systemd/system/vncserver@:1.service
..........
..........
ExecStart=/usr/sbin/runuser -l vncuser -c "/usr/bin/vncserver %i"
PIDFile=/root/.vnc/%H%i.pid

接着切入到非root用户vncuser下启动vncserver
[root@kevin ~]# su - vncuser
Last login: Tue Jul  2 22:05:38 CST 2019 on pts/2

设置vnc登录密码
[vncuser@kevin ~]$ vncpasswd 

启动vnc
[vncuser@kevin ~]$ vncserver 

查看vnc日志
[vncuser@kevin ~]$ cd .vnc/
[vncuser@kevin .vnc]$ ll
total 20
-rw-r--r-- 1 vncuser vncuser  332 Jul  2 22:06 config
-rw-rw-r-- 1 vncuser vncuser 1046 Jul  2 22:10 kevin:1.log
-rw-rw-r-- 1 vncuser vncuser    5 Jul  2 22:06 kevin:1.pid
-rw------- 1 vncuser vncuser    8 Jul  2 22:06 passwd
-rwxr-xr-x 1 vncuser vncuser  112 Jul  2 22:06 xstartup

[vncuser@kevin .vnc]$ cat kevin:1.log 

Xvnc TigerVNC 1.8.0 - built Nov  2 2018 19:05:14
Copyright (C) 1999-2017 TigerVNC Team and many others (see README.txt)
See http://www.tigervnc.org for information on TigerVNC.
Underlying X server release 12001000, The X.Org Foundation


Tue Jul  2 22:06:26 2019
 vncext:      VNC extension running!
 vncext:      Listening for VNC connections on all interface(s), port 5901
 vncext:      created VNC server for screen 0
touch: cannot touch ‘/home/vncuser/.cache/imsettings/log’: No such file or directory

Tue Jul  2 22:06:30 2019
 ComparingUpdateTracker: 0 pixels in / 0 pixels out
 ComparingUpdateTracker: (1:-nan ratio)

Tue Jul  2 22:10:22 2019
 Connections: accepted: 192.168.1.200::56162

Tue Jul  2 22:10:23 2019
 Connections: closed: 192.168.1.200::56162 (reading version failed: not an RFB
              client?)
 EncodeManager: Framebuffer updates: 0
 EncodeManager:   Total: 0 rects, 0 pixels
 EncodeManager:          0 B (1:-nan ratio)
 ComparingUpdateTracker: 0 pixels in / 0 pixels out
 ComparingUpdateTracker: (1:-nan ratio)

                                                                                                                                             

启动vncserver出现报错：
Error: Too many open files
Error getting authority: Error initializing authority: GDBus.Error:org.freedesktop.DBus.Error.LimitsExceeded: The maximum number of active connections for UID 0 has been reached (g-dbus-error-quark, 8)

vncserver服务器异常断电关机，在服务器重启后，尝试启动vncserver服务，出现报错！！
[root@kvm02 ~]# systemctl start vncserver@:1.service 
Error: Too many open files
Error getting authority: Error initializing authority: GDBus.Error:org.freedesktop.DBus.Error.LimitsExceeded: The maximum number of active connections for UID 0 has been reached (g-dbus-error-quark, 8)

1）检查确认服务器的系统最大文件打开数的设置
查看ulimit设置，设置的是当前shell的当前用户的打开的最大限制
[root@kvm02 ~]# ulimit -n
65535
[root@kvm02 ~]# cat /etc/security/limits.conf 
........
# End of file
 * soft nofile 65535
 * hard nofile 65535
 * soft nproc 102400
 * hard nproc 102400
 * soft core 4194304
 * hard core 4194304

查看系统级别的能够打开的文件句柄的数量，Centos7默认是794168
[root@kvm02 ~]# cat /proc/sys/fs/file-max
2000000

查看系统级打开最大文件句柄的数量
[root@kvm02 ~]# cat /etc/sysctl.conf |grep fs.file-max
fs.file-max = 2000000  #os can config

[root@kvm02 ~]# sysctl -p

2) 查看当前系统打开的文件数量
[root@kvm02 ~]# lsof | wc -l  
139456
[root@kvm02 ~]# lsof |grep delete|awk '{print $2}'|sort|uniq |xargs kill -9

3) 确保防火墙关闭了，清空防火墙策略
[root@kvm02 ~]# iptables -F
[root@kvm02 ~]# iptables -L              
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

4）把vncserver@:1.service 中的 Type 参数设置为 simple，这一步很关键！！！
[root@kvm02 ~]# cat /etc/systemd/system/vncserver@:1.service
..........
[Service]
Type=simple            #修改这一行Type参数为simple，其他行内容不变。
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l root -c "/usr/bin/vncserver %i"
PIDFile=/root/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
.........
.........

5）最后再尝试重启
[root@kvm02 ~]# systemctl stop vncserver@:1.service
[root@kvm02 ~]# systemctl enable vncserver@:1.service
[root@kvm02 ~]# systemctl start vncserver@:1.service

[root@kvm02 ~]# systemctl status vncserver@:1.service
● vncserver@:1.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2020-04-14 13:47:56 CST; 22min ago
 Main PID: 1733 (Xvnc)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
           ‣ 1733 /usr/bin/Xvnc :1 -auth /root/.Xauthority -desktop kvm02.kevin.cn:1 (root) -fp catalogue:/etc/X11/fontpath.d -geometry...

Apr 14 13:47:56 kvm02.kevin.cn systemd[1]: Starting Remote desktop service (VNC)...
Apr 14 13:47:56 kvm02.kevin.cn systemd[1]: Started Remote desktop service (VNC).

查看vnc服务进程及其端口,如下可以看出端口是5911
但是注意：vncserver大多数情况下默认端口是5901，这个要特别注意查看确认，以保证vnc远程连接时使用正确端口！！！！
[root@kvm02 ~]# ps -ef|grep Xvnc
root       1733      1  0 13:47 ?        00:00:06 /usr/bin/Xvnc :1 -auth /root/.Xauthority -desktop kvm02.kevin.cn:1 (root) -fp catalogue:/etc/X11/fontpath.d -geometry 1024x768 -pn -rfbauth /root/.vnc/passwd -rfbport 5911 -rfbwait 30000
root       5099   4256  0 14:10 pts/2    00:00:00 grep --color=auto Xvnc

6）novnc输出http方式连接vnc的地址
注意：下面的10.0.32.22是vnc服务器本地ip，5911是vncserver服务端口
[root@kvm02 ~]# novnc_server --vnc 10.10.132.22:5911 --listen 6081
Warning: could not find self.pem
Starting webserver and WebSockets proxy on port 6081
WebSocket server settings:
  - Listen on :6081
  - Flash security policy server
  - Web server. Web root: /usr/share/novnc
  - No SSL/TLS support (no cert file)
  - proxying from :6081 to 10.0.32.22:5911


Navigate to this URL:

    http://kvm02.kevin.cn:6081/vnc.html?host=kvm02.kevin.cn&port=6081

Press Ctrl-C to exit


============================================================================================================
注意：
上面的"Press Ctrl-C to exit"这一行内容不要终止！
接着在浏览器里输入上面命令输出中的URL，以http方式访问vnc，输入密码即可！
访问地址为：http://10.10.132.22:6081/vnc.html?host=10.10.132.22&port=6081
浏览器里http方法连接vnc的日志信息会在"Press Ctrl-C to exit"这一行下面打印输出来......