<div dir="ltr"><div><div><div>You can use Spice Proxy. The easiest way is to run proxy on Squid. I recommend connect via VPN.<br><br></div>Here is a part of my Squid's configuration to connect Spice consoles from VPN <a href="http://10.25.0.0/16">10.25.0.0/16</a> and LAN <a href="http://192.168.0.0/16">192.168.0.0/16</a> to oVirt's hosts on <a href="http://192.168.2.0/24">192.168.2.0/24</a>:<br><br>acl manager proto cache_object<br>acl localhost src <a href="http://127.0.0.1/32">127.0.0.1/32</a> ::1<br>acl to_localhost dst <a href="http://127.0.0.0/8">127.0.0.0/8</a> <a href="http://0.0.0.0/32">0.0.0.0/32</a> ::1<br>acl localnet src <a href="http://192.168.0.0/16">192.168.0.0/16</a><br>acl localnet src <a href="http://10.25.0.0/16">10.25.0.0/16</a><br>acl Safe_ports port 80 # http<br>acl CONNECT method CONNECT<br>http_access allow localnet<br>http_access allow manager localhost<br>http_access deny manager<br>http_access deny !Safe_ports<br>acl spice_servers dst <a href="http://192.168.2.0/24">192.168.2.0/24</a><br>http_access allow spice_servers<br>http_access allow localnet<br>http_access allow localhost<br>http_access allow all<br>http_port 3128<br>hierarchy_stoplist cgi-bin ?<br>cache_dir ufs /var/spool/squid 100 16 256<br>cache_mem 32 MB<br>coredump_dir /var/spool/squid<br>refresh_pattern ^ftp: 1440 20% 10080<br>refresh_pattern ^gopher: 1440 0% 1440<br>refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>refresh_pattern . 0 20% 4320<br>cache_effective_user squid<br>cache_effective_group squid<br><br></div>You have to configure Spice Proxy on oVirt Engine by `engine-config -s SpiceProxyDefault=someProxy`. Here is my solution:<br><br>root@host021:~ engine-config -a |grep SpiceProxyDefault<br>SpiceProxyDefault: <a href="http://10.25.2.21:3128/">http://10.25.2.21:3128/</a> version: general<br><br></div>You can use Proxy on your public IP if you don't like to use VPN, but remember to make sure that your machines are secured enough.<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-04-02 18:06 GMT+02:00 Jason Keltz <span dir="ltr"><<a href="mailto:jas@cse.yorku.ca" target="_blank">jas@cse.yorku.ca</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm trying to figure out the most reasonable method for me to access the console on my ovirt installation.<br>
Each node has ovirtmgmt, storage, and external network connectivity.<br>
The standalone engine host has ovirtmgmt, and external network.<br>
I connect to engine via the external network, right click on a VM and try to access the console. If I use the "Remote Viewer" method, the connection fails. This is because my client on the external network doesn't have access to ovirtmgmt.<br>
I can access the spice-html5 client, and that "basically" works, though it's crashed more than once. I suspect that Remote Viewer will be more stable.<br>
So my question is - what is the best way for me to connect to the console from the external network?<br>
Either, I have to start up my client on a machine that has an IP on ovirtmgmt (eg. remote login to engine, and run firefox there?)<br>
or I have to route external packets from my host to say, the engine host, and run IP forwarding there? probably not too secure...<br>
or I have to figure out a way to make ovirt use the external network for display traffic... that would probably be best (?) but I can't seem to figure out whether it's possible.<br>
In particular since the external network is a VM network (it's actually 2 x 1 G links bound via LACP), and not part of ovirt infrastructure, it's not clear if I can use it for display and VM external connectivity as well.<br>
<br>
Any thoughts would be much appreciated.<br>
<br>
Jason.<br>
<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/<u></u>mailman/listinfo/users</a><br>
</blockquote></div><br></div>