<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size: 12pt; color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif, "EmojiFont", "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols;" dir="ltr">
<p style="margin-top:0;margin-bottom:0">Hi Tomas, <br>
</p>
<p style="margin-top:0;margin-bottom:0">To answer your question, yes I am really trying to use aSpice.</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0">I appreciate your suggestion. I'm not sure if it meets my objective.
<span>Maybe our goals are different?</span> It seems to me that movirt is built around portable management of the ovirt environment. I am attempting to provide a VDI type experience for running a vm. My goal is to run a lab environment with 30 chromebooks
loaded with a spice clent. The spice client would of course connect to the 30 vms running Kali and each session would be independent of each other.
<br>
</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0">I did a little further testing with a different client. (spice plugin for chrome). When I attempted to connect using that client I got a slightly different error message. The message still seemed to be of the same
nature- i.e.: there is a problem with SSL protocol and communication. <br>
</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0">Are you suggesting that movirt can help set up the proper certficates and config the vms to use spice? Thanks!<br>
</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>From:</b> Tomas Jelinek <tjelinek@redhat.com><br>
<b>Sent:</b> Monday, February 19, 2018 4:19 AM<br>
<b>To:</b> Jeremy Tourville<br>
<b>Cc:</b> users@ovirt.org<br>
<b>Subject:</b> Re: [ovirt-users] Spice Client Connection Issues Using aSpice</font>
<div> </div>
</div>
<div>
<div dir="ltr"><br>
<div class="x_gmail_extra"><br>
<div class="x_gmail_quote">On Sun, Feb 18, 2018 at 5:32 PM, Jeremy Tourville <span dir="ltr">
<<a href="mailto:Jeremy_Tourville@hotmail.com" target="_blank">Jeremy_Tourville@hotmail.com</a>></span> wrote:<br>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div dir="ltr">
<div id="x_gmail-m_4314768941515087156divtagdefaultwrapper" dir="ltr" style="font-size: 12pt; color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif, "EmojiFont", "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols;">
<p style="margin-top:0px; margin-bottom:0px">Hello,</p>
<p style="margin-top:0px; margin-bottom:0px">I am having trouble connecting to my guest vm (Kali Linux) which is running spice. My engine is running version: <span class="x_gmail-m_4314768941515087156gwt-InlineLabel x_gmail-m_4314768941515087156GNEKTHVBIXB"></span><span class="x_gmail-m_4314768941515087156gwt-InlineLabel">4.2.1.7-1.el7.centos</span>.</p>
<p style="margin-top:0px; margin-bottom:0px">I am using oVirt Node as my host running version:<span> 4.2.1.1.
<br>
</span></p>
<p style="margin-top:0px; margin-bottom:0px"><span><br>
</span></p>
<p style="margin-top:0px; margin-bottom:0px"><span>I have taken the following steps to try and get everything running properly.</span></p>
<ol style="margin-bottom:0px; margin-top:0px">
<li><span>Download the root CA certificate <a href="https://ovirtengine.lan/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA" class="x_gmail-m_4314768941515087156OWAAutoLink" id="x_gmail-m_4314768941515087156LPlnk141717" target="_blank">https://<wbr>ovirtengine.lan/ovirt-engine/<wbr>services/pki-resource?<wbr>resource=ca-certificate&<wbr>format=X509-PEM-CA</a></span></li><li><span>Edit the vm and define the graphical console entries. Video type is set to QXL, Graphics protocol is spice, USB support is enabled.</span></li><li><span>Install the guest agent in Debian per the instructions here - <a href="https://www.ovirt.org/documentation/how-to/guest-agent/install-the-guest-agent-in-debian/" class="x_gmail-m_4314768941515087156OWAAutoLink" id="x_gmail-m_4314768941515087156LPlnk263752" target="_blank">
https://www.ovirt.org/<wbr>documentation/how-to/guest-<wbr>agent/install-the-guest-agent-<wbr>in-debian/</a> It is my understanding that installing the guest agent will also install the virt IO device drivers.<br>
</span></li><li><span>Install the spice-vdagent per the instructions here - <a href="https://www.ovirt.org/documentation/how-to/guest-agent/install-the-spice-guest-agent/" class="x_gmail-m_4314768941515087156OWAAutoLink" id="x_gmail-m_4314768941515087156LPlnk313725" target="_blank">
https://www.ovirt.org/<wbr>documentation/how-to/guest-<wbr>agent/install-the-spice-guest-<wbr>agent/</a></span></li><li><span> On the aSpice client I have imported the CA certficate from step 1 above. I defined the connection using the IP of my Node and TLS port 5901.</span></li></ol>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>are you really using aSPICE client (e.g. the android SPICE client?). If yes, maybe you want to try to open it using moVirt (<a href="https://play.google.com/store/apps/details?id=org.ovirt.mobile.movirt&hl=en">https://play.google.com/store/apps/details?id=org.ovirt.mobile.movirt&hl=en</a>)
which delegates the console to aSPICE but configures everything including the certificates on it. Should be much simpler than configuring it by hand..<br>
</div>
<div> </div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div dir="ltr">
<div id="x_gmail-m_4314768941515087156divtagdefaultwrapper" dir="ltr" style="font-size: 12pt; color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif, "EmojiFont", "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols;">
<span><br>
To troubleshoot my connection issues I confirmed the port being used to listen. <br>
<div>virsh # domdisplay Kali<br>
<span>spice://<a href="http://172.30.42.12?tls-port=5901" target="_blank">172.30.42.12?tls-port=<wbr>5901</a></span></div>
<br>
I see the following when attempting to connect.<br>
tail -f <span>/var/log/libvirt/qemu</span>/Kali.log<br>
<br>
<div>
<div>140400191081600:error:<wbr>14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:s3_pkt.c:1493:SSL alert number 80<br>
((null):27595): Spice-Warning **: reds_stream.c:379:reds_stream_<wbr>ssl_accept: SSL_accept failed, error=1<br>
<br>
I came across some documentation that states in the caveat section "<span>Certificate of spice SSL should be separate certificate."</span><br>
<a href="https://www.ovirt.org/develop/release-management/features/infra/pki/" class="x_gmail-m_4314768941515087156OWAAutoLink" id="x_gmail-m_4314768941515087156LPlnk743161" target="_blank">https://www.ovirt.org/develop/<wbr>release-management/features/<wbr>infra/pki/</a><br>
<br>
Is this still the case for version 4? The document references version 3.2 and 3.3. If so, how do I generate a new certificate for use with spice? Please let me know if you require further info to troubleshoot, I am happy to provide it. Many thanks in advance.<br>
<a href="https://www.ovirt.org/develop/release-management/features/infra/pki/" class="x_gmail-m_4314768941515087156OWAAutoLink" id="x_gmail-m_4314768941515087156LPlnk743161" target="_blank"></a><br>
<br>
</div>
<br>
<br>
</div>
<br>
</span><br>
<span><br>
<br>
</span>
<p style="margin-top:0px; margin-bottom:0px"><br>
</p>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</body>
</html>