[Users] Ceph / rbd and ovirt
by Josh Logan
I'm currently setting up an ovirt cluster and so far it looks good. I like
the integration with Foreman http://theforeman.org/ .
I would like to use Ceph / rbd for my storage. I saw some mention of
patches coming in May, but I did not find any new posts.
What is the status of this work? Is there some patches I can try out? I
have a working Ceph cluster and a working ovirt cluster, I just need a way
to bring them together.
Thanks, JOSH
12 years, 2 months
[Users] Run Once won't change boot sequence
by Alexandre Santos
Hello again,
to install my VMs, I create them without CDROM and booting firstly from the
HD. Then I go and choose "Run Once" and choose the ISO I want to use and
boot from CDROM, on boot options. After installing the OS, I reboot and the
first boot is again the CDROM. I have to shutdown the VM so the
configuration chosen with HD being the first boot option is again the
default.
Alex
12 years, 2 months
[Users] Authentication for REST APIs?
by Brian Vetter
I was trying to use both the rest api to view a user's vm information. I found that the REST APIs always returned an authentication error if the account I had logged into was not an ovirt administrator. I am guessing that either (a) I am using the wrong URL in the REST api or (b) you must be some kind of admin to access the REST APIs. I noticed the same behavior when I was using the ovirt-shell tool.
For example, I was trying to follow the instructions in http://wiki.ovirt.org/wiki/How_to_Connect_to_SPICE_Console_Without_Portal to get the list of VMs (presumably for the user that is logging in), I get an unauthorized error. If the user account I login with in the curl or ovirt-shell connect statement is an admin, I get the list of VMs.
So my question here is does the REST-API need admin privileges or am I using a url that requires admin privileges whereas some others don't. And if it is the latter, is there somewhere that documents the various rest api resources? For example, to go back to the "How to connect to Spice console ..." article, how would one use the REST API to fetch one's virtual machines, their status, and connection info for them?
Thanks,
Brian
12 years, 2 months
Re: [Users] Can oVirt be installed in a virtual machine?
by Itamar Heim
On 09/13/2012 12:20 AM, Nicolas Chenier wrote:
> Yes!
how critical is the availability?
you could place it in a VM on shared storage.
then launch it on one host.
but you should never launch it on the other host before you made sure it
doesn't run on the first node, or it will be corrupted.
you also want to set the SPM priority on the node it is running to lower
than the other node so SPM won't be scheduled on engine node.
>
> On 2012-09-12 5:02 PM, "Itamar Heim" <iheim(a)redhat.com
> <mailto:iheim@redhat.com>> wrote:
>
> On 09/12/2012 11:58 PM, Nicolas Chenier wrote:
>
> Thank you Itamar, much appreciated...
>
> So how would you go about getting this setup if you only have 2 host
> servers?
>
>
> are they supposed to be in same cluster with shared storage, live
> migration, etc.?
>
>
>
> On Wed, Sep 12, 2012 at 4:43 PM, Itamar Heim <iheim(a)redhat.com
> <mailto:iheim@redhat.com>
> <mailto:iheim@redhat.com <mailto:iheim@redhat.com>>> wrote:
>
> On 09/12/2012 08:26 PM, Nicolas Chenier wrote:
>
> Hi all,
>
> I am starting a small hosting business and want to use
> oVirt w/
> KVM as
> my virtualization platform.
>
> I currently have 2 host servers and an iSCSI NAS.
>
> Do I need a dedicated machine to run oVirt? Can I run
> it from a VM?
>
>
> either will work, but not easy right now to host the engine
> on its
> own hypervisor.
>
>
>
> Can I use the all-in-one solution in a Production
> environment,
> with a
> 2nd host? ... would I need to install oVirt on both
> hosts, in
> the event
> that one of my servers went down?
>
>
> the all-in-one is mostly intended for POC level, using
> local storage
> of the host.
> if you plan to use both hosts with local storage, you
> should be able
> to use it, depending on strength of your hosts.
>
>
>
> I am trying to see how I can survive if my oVirt server
> fails.
> It would
> be great if it ran from a VM but I can also see issues with
> doing that...
>
> Another option would be to run oVirt on my workstation
> and have it
> connect to my 2 host servers in colocation over the
> internet?
>
>
> should work over WAN, but if you are hosting, wouldn't
> users need to
> access the engine / your workstation?
>
>
> Please let me know how you've accomplished an oVirt
> setup with 2
> servers.
>
> Thank you!
>
> Nic
>
>
>
>
> ___________________________________________________
> Users mailing list
> Users(a)ovirt.org <mailto:Users@ovirt.org> <mailto:Users@ovirt.org
> <mailto:Users@ovirt.org>>
> http://lists.ovirt.org/____mailman/listinfo/users
> <http://lists.ovirt.org/__mailman/listinfo/users>
> <http://lists.ovirt.org/__mailman/listinfo/users
> <http://lists.ovirt.org/mailman/listinfo/users>>
>
>
>
>
>
>
12 years, 2 months
[Users] ovirt cli commands / script wont exit the shell
by Alex Leonhardt
This is a multi-part message in MIME format.
--------------050106070209060408090504
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
hi there,
i'm playing with the Ovirt CLI and started to script a few things, but
it seems as if the console stays connected when I execute the commands -
I even included a "exit" and tried "disconnect", but nothing would do it
- any hints / clues ?
the script is very simple :
---
action vm vm2 start
exit
---
or
---
action vm vm1 stop
disconnect
exit
---
I always end up back here :
###
==========================================
>>> connected to oVirt manager 3.1.0.0 <<<
==========================================
[oVirt shell (connected)]# action vm vm2 start
status-state: complete
[oVirt shell (connected)]# exit
[oVirt shell (connected)]#
###
Thanks
Alex
--------------050106070209060408090504
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font size="-1"><font face="Tahoma">hi there,<br>
<br>
i'm playing with the Ovirt CLI and started to script a few
things, but it seems as if the console stays connected when I
execute the commands - I even included a "exit" and tried
"disconnect", but nothing would do it - any hints / clues ? <br>
<br>
the script is very simple : <br>
<br>
---<br>
action vm vm2 start<br>
exit<br>
---<br>
<br>
or<br>
<br>
---<br>
action vm vm1 stop<br>
disconnect<br>
exit<br>
---<br>
<br>
I always end up back here : <br>
<br>
###<br>
<br>
==========================================<br>
>>> connected to oVirt manager 3.1.0.0 <<<<br>
==========================================<br>
<br>
[oVirt shell (connected)]# action vm vm2 start<br>
<br>
<br>
status-state: complete<br>
<br>
[oVirt shell (connected)]# exit<br>
<br>
[oVirt shell (connected)]# <br>
<br>
###<br>
<br>
Thanks<br>
Alex<br>
<br>
</font></font>
</body>
</html>
--------------050106070209060408090504--
12 years, 2 months
Re: [Users] Users Digest, Vol 13, Issue 17
by Jonathan Larson
--_000_19A02BE7DAAF904D9E66EDE8550C40080A3BC443mbx024e1nj10exc_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Sent from my Android phone using TouchDown (www.nitrodesk.com)
-----Original Message-----
From: users-request(a)ovirt.org [users-request(a)ovirt.org]
Received: Saturday, 06 Oct 2012, 12:00
To: users(a)ovirt.org [users(a)ovirt.org]
Subject: Users Digest, Vol 13, Issue 17
Send Users mailing list submissions to
users(a)ovirt.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.ovirt.org/mailman/listinfo/users
or, via email, send a message with subject or body 'help' to
users-request(a)ovirt.org
You can reach the person managing the list at
users-owner(a)ovirt.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Users digest..."
Today's Topics:
1. Re: Nightly Builds, was Authentication for REST APIs?
(Steve Gordon)
2. Re: Ceph / rbd and ovirt (Ayal Baron)
3. Re: [Spice-devel] mouse problem with muiltiple monitors (was
HowTo: Spice ActiveX Plugin/Virt Viewer Console on oVirt 3.1)
(Dead Horse)
4. Re: fw: Migrating ovirt-engine to new server (Juan Hernandez)
----------------------------------------------------------------------
Message: 1
Date: Fri, 5 Oct 2012 14:02:19 -0400 (EDT)
From: Steve Gordon <sgordon(a)redhat.com>
To: Brian Vetter <bjvetter(a)gmail.com>
Cc: users(a)ovirt.org
Subject: Re: [Users] Nightly Builds, was Authentication for REST APIs?
Message-ID: <372383135.7069086.1349460139686.JavaMail.root(a)redhat.com>
Content-Type: text/plain; charset=3Dutf-8
----- Original Message -----
> From: "Brian Vetter" <bjvetter(a)gmail.com>
> To: "Itamar Heim" <iheim(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Friday, October 5, 2012 12:03:13 PM
> Subject: Re: [Users] Nightly Builds, was Authentication for REST APIs?
>
> I found instructions on the wiki for using nightly builds at:
>
> http://wiki.ovirt.org/wiki/Installing_ovirt-engine_from_rpm
>
> The instructions didn't work. In particular, the ovirt-engine.repo
> file was not found at the provided url.
> http://www.ovirt.org/releases/nightly/fedora/16/ovirt-engine.repo
>
> I did find an ovirt-engine.repo file at:
> http://www.ovirt.org/releases/nightly/rpm/Fedora/17/ovirt-engine.repo
>
> The contents of that repo file point it back to the
> releases/3.1/rpm/Fedora/17 directory. I'm presuming that if I change
> the baseurl to releases/nightly/rpm/... it will all work (which I'll
> be doing this afternoon).
>
> In any case, someone might want to fix the ovirt-engine.repo file in
> the nightly tree and then update the urls in the wiki.
>
> Brian
I would recommend using this package to install the repo file:
http://www.ovirt.org/releases/ovirt-release-fedora.noarch.rpm
It includes definitions for both the stable and nightly repositories - defa=
ulting to stable. You can:
yum install ovirt-engine --enablerepo=3Dovirt-nightly
Or enable it in the /etc/yum.repos.d/ovirt.repo file. Agree that the other =
repo files littering the directory structure should be cleaned up (I though=
t they already had been). Who has access to do that?
Steve
------------------------------
Message: 2
Date: Fri, 5 Oct 2012 20:02:46 -0400 (EDT)
From: Ayal Baron <abaron(a)redhat.com>
To: Josh Logan <joshtlogan(a)gmail.com>
Cc: users(a)ovirt.org
Subject: Re: [Users] Ceph / rbd and ovirt
Message-ID: <887641321.6918996.1349481766537.JavaMail.root(a)redhat.com>
Content-Type: text/plain; charset=3Dutf-8
Hi Josh,
----- Original Message -----
>
>
>
> On Sun, Sep 23, 2012 at 8:41 AM, Itamar Heim < iheim(a)redhat.com >
> wrote:
>
>
>
> On 09/23/2012 05:33 PM, Josh Logan wrote:
>
>
>
>
> On Sun, Sep 23, 2012 at 6:10 AM, Itamar Heim < iheim(a)redhat.com
>
>
> <mailto: iheim(a)redhat.com >> wrote:
>
> On 09/22/2012 08:58 AM, Josh Logan wrote:
>
>
> I'm currently setting up an ovirt cluster and so far it looks
> good. I
> like the integration with Foreman http://theforeman.org/ .
>
> I would like to use Ceph / rbd for my storage. I saw some
> mention of
> patches coming in May, but I did not find any new posts.
>
> What is the status of this work? Is there some patches I can
> try out?
> I have a working Ceph cluster and a working ovirt cluster, I
> just need a
> way to bring them together.
>
> Thanks, JOSH
>
>
>
> I don't remember any active work on this right now (for sure nothing
> like the gluster integration being done).
> but iiuc, ceph provides posixfs support - did you try creating a
> posixfs based storage domain?
> (you would need a "full" host (not ovirt-node) to install ceph
> client components on).
>
> Thanks,
> Itamar
>
>
>
> I am doing my work on Fedora 17 hosts, not ovirt-node, since I know
> this
> will need more OS support.
>
> There are a few different Ceph filesystems. But the posix based one
> is
> the least ready for production. The rbd filesystem is integrated into
> qemu and libvirt is the most suited for VM images.
>
> Are the Gluster patches available? I would like to see what that
> feature looks like and if I can modify them for Ceph.
> If there is a better filesystem to investigate please let me know.
>
> Thanks, JOSH
>
>
> gluster as a native storage domain (rather than posixfs) is still in
> reviews (and has patches only for vdsm side).
> http://gerrit.ovirt.org/#/c/ 6856/
>
> you can also use NFS in the meantime if relevant for ceph.
>
>
>
> Thanks for the pointer. I'll follow that and see what I learn.
>
> The vdsm side may be similar since both are network disk device.
> There are only 2 steps needed to start up a VM with rbd.
>
> qemu-img create -f rbd rbd:data/host1 10G
>
> Then to start the image for qemu add -drive
> file=3Drbd:data/host1,if=3Dnone,id=3Ddrive-virtio-disk0,format=3Draw
>
> or within libvirt:
> <disk type=3D'network' device=3D'disk'>
> <driver name=3D'qemu' type=3D'raw'/>
> <source protocol=3D'rbd' name=3D'data/host1'/>
> <target dev=3D'vda' bus=3D'virtio'/>
> <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05'
> function=3D'0x0'/>
> </disk>
>
> So the steps are simple, and maybe Gluster is more complex then I
> should use as an example.
Have you followed up on this?
Do you need more pointers?
Regards,
Ayal.
>
> Thanks, JOSH
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
------------------------------
Message: 3
Date: Fri, 5 Oct 2012 21:34:00 -0500
From: Dead Horse <deadhorseconsulting(a)gmail.com>
To: Christophe Fergeau <cfergeau(a)redhat.com>
Cc: spice-devel(a)lists.freedesktop.org, "<users(a)ovirt.org>"
<users(a)ovirt.org>
Subject: Re: [Users] [Spice-devel] mouse problem with muiltiple
monitors (was HowTo: Spice ActiveX Plugin/Virt Viewer Console on oV=
irt
3.1)
Message-ID:
<CAEWPe=3Dp8Xf3uYHDbD5uAz46i-OnHJxfYxrzJ-XkNc64GfwtjBQ(a)mail.gmail.c=
om>
Content-Type: text/plain; charset=3D"iso-8859-1"
I've actually started to notice that this occurs natively as well (I rarely
if ever use the activex console on a native windows install). However I
have noted that with a Native Windows install and the Activex Remote Viewer
version 0.5.3 that alot of guests have mouse issues w/o spice vdagent or
the windows spice agent in place (very annoying during LFC guests with no
knowledge of "spice mice"). Windows installs can be slipstreamed with the
spice drivers to fix this but thats really a pain. Linux guests however not
as easy. This actually seems to a repeat of this issue:
http://lists.ovirt.org/pipermail/users/2012-February/000351.html (for which
a fix was applied to windows spicec + activex NOT remote-viewer) possible
regression? Using the usbtablet custom vdsm hook does indeed solve issues
with guests that encounter this issue. I have noted it within older linux
guests (no surprise they know nothing of a spice mouse), windows guests,
solaris guests, some of the older opensuse and ubuntu as well as fedora.
The most confusing one was RHEL 6.x which without the spice vdagent loaded
will experience the cursor jumping in and out of the window or randomly on
the spice display. I note the one downside of the usbtablet is that power
users are able to view custom hooks in the PUP UI, but cannot set them as
only the "admin role" not "user role" can do this. That is to say the power
user can look at and even set the hook but is stopped short of committing
it to the VM settings.
- DHC
On Fri, Oct 5, 2012 at 5:18 AM, Christophe Fergeau <cfergeau(a)redhat.com>wro=
te:
> On Thu, Sep 13, 2012 at 12:26:43PM +0300, Itamar Heim wrote:
> > On 09/13/2012 10:24 AM, Karli Sj?berg wrote:
> > >
> > >13 sep 2012 kl. 01.21 skrev Dead Horse:
> > >
> > >>Thank you! glad to be able to help ;)
> > >>
> > >>As Itamar mentioned if you are running the spice client inside a VM
> > >>(dunno if this is case) you will need the guest paravirtual driver
> > >>and/or services for mouse handling. I have observed exactly this
> > >>behavior before when running the spice client in a VM when the guest
> > >>tools/drivers for mouse handling are not present (In my case most of
> > >>the time VirtualBox).
> > >
> > >Very amusing "bug":) But cripples SPICE?s usage.
> > >
> > >I have tested this from 5 different physical machines running Win7/IE,
> > >and this behavior shows itself only on machines with more than one
> > >monitor, or a laptop with another monitor attached .e.g. These guest
> > >tools you both mention, would these be
> > >"http://spice-space.org/download/binaries/spice-guest-tools-0.1.exe"?
> > >And can you install them in a physical machine as well?
> >
> > cc-ing spice-devel to see if they have insights on your issue
>
> Could this be related to
> https://bugzilla.redhat.com/show_bug.cgi?id=3D852841
> ?
>
> Christophe
>
12 years, 2 months
Re: [Users] Users Digest, Vol 13, Issue 17
by Jonathan Larson
--_000_19A02BE7DAAF904D9E66EDE8550C40080A3BC40Ambx024e1nj10exc_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
-----Original Message-----
From: users-request(a)ovirt.org [users-request(a)ovirt.org]
Received: Saturday, 06 Oct 2012, 12:00
To: users(a)ovirt.org [users(a)ovirt.org]
Subject: Users Digest, Vol 13, Issue 17
Send Users mailing list submissions to
users(a)ovirt.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.ovirt.org/mailman/listinfo/users
or, via email, send a message with subject or body 'help' to
users-request(a)ovirt.org
You can reach the person managing the list at
users-owner(a)ovirt.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Users digest..."
Today's Topics:
1. Re: Nightly Builds, was Authentication for REST APIs?
(Steve Gordon)
2. Re: Ceph / rbd and ovirt (Ayal Baron)
3. Re: [Spice-devel] mouse problem with muiltiple monitors (was
HowTo: Spice ActiveX Plugin/Virt Viewer Console on oVirt 3.1)
(Dead Horse)
4. Re: fw: Migrating ovirt-engine to new server (Juan Hernandez)
----------------------------------------------------------------------
Message: 1
Date: Fri, 5 Oct 2012 14:02:19 -0400 (EDT)
From: Steve Gordon <sgordon(a)redhat.com>
To: Brian Vetter <bjvetter(a)gmail.com>
Cc: users(a)ovirt.org
Subject: Re: [Users] Nightly Builds, was Authentication for REST APIs?
Message-ID: <372383135.7069086.1349460139686.JavaMail.root(a)redhat.com>
Content-Type: text/plain; charset=3Dutf-8
----- Original Message -----
> From: "Brian Vetter" <bjvetter(a)gmail.com>
> To: "Itamar Heim" <iheim(a)redhat.com>
> Cc: users(a)ovirt.org
> Sent: Friday, October 5, 2012 12:03:13 PM
> Subject: Re: [Users] Nightly Builds, was Authentication for REST APIs?
>
> I found instructions on the wiki for using nightly builds at:
>
> http://wiki.ovirt.org/wiki/Installing_ovirt-engine_from_rpm
>
> The instructions didn't work. In particular, the ovirt-engine.repo
> file was not found at the provided url.
> http://www.ovirt.org/releases/nightly/fedora/16/ovirt-engine.repo
>
> I did find an ovirt-engine.repo file at:
> http://www.ovirt.org/releases/nightly/rpm/Fedora/17/ovirt-engine.repo
>
> The contents of that repo file point it back to the
> releases/3.1/rpm/Fedora/17 directory. I'm presuming that if I change
> the baseurl to releases/nightly/rpm/... it will all work (which I'll
> be doing this afternoon).
>
> In any case, someone might want to fix the ovirt-engine.repo file in
> the nightly tree and then update the urls in the wiki.
>
> Brian
I would recommend using this package to install the repo file:
http://www.ovirt.org/releases/ovirt-release-fedora.noarch.rpm
It includes definitions for both the stable and nightly repositories - defa=
ulting to stable. You can:
yum install ovirt-engine --enablerepo=3Dovirt-nightly
Or enable it in the /etc/yum.repos.d/ovirt.repo file. Agree that the other =
repo files littering the directory structure should be cleaned up (I though=
t they already had been). Who has access to do that?
Steve
------------------------------
Message: 2
Date: Fri, 5 Oct 2012 20:02:46 -0400 (EDT)
From: Ayal Baron <abaron(a)redhat.com>
To: Josh Logan <joshtlogan(a)gmail.com>
Cc: users(a)ovirt.org
Subject: Re: [Users] Ceph / rbd and ovirt
Message-ID: <887641321.6918996.1349481766537.JavaMail.root(a)redhat.com>
Content-Type: text/plain; charset=3Dutf-8
Hi Josh,
----- Original Message -----
>
>
>
> On Sun, Sep 23, 2012 at 8:41 AM, Itamar Heim < iheim(a)redhat.com >
> wrote:
>
>
>
> On 09/23/2012 05:33 PM, Josh Logan wrote:
>
>
>
>
> On Sun, Sep 23, 2012 at 6:10 AM, Itamar Heim < iheim(a)redhat.com
>
>
> <mailto: iheim(a)redhat.com >> wrote:
>
> On 09/22/2012 08:58 AM, Josh Logan wrote:
>
>
> I'm currently setting up an ovirt cluster and so far it looks
> good. I
> like the integration with Foreman http://theforeman.org/ .
>
> I would like to use Ceph / rbd for my storage. I saw some
> mention of
> patches coming in May, but I did not find any new posts.
>
> What is the status of this work? Is there some patches I can
> try out?
> I have a working Ceph cluster and a working ovirt cluster, I
> just need a
> way to bring them together.
>
> Thanks, JOSH
>
>
>
> I don't remember any active work on this right now (for sure nothing
> like the gluster integration being done).
> but iiuc, ceph provides posixfs support - did you try creating a
> posixfs based storage domain?
> (you would need a "full" host (not ovirt-node) to install ceph
> client components on).
>
> Thanks,
> Itamar
>
>
>
> I am doing my work on Fedora 17 hosts, not ovirt-node, since I know
> this
> will need more OS support.
>
> There are a few different Ceph filesystems. But the posix based one
> is
> the least ready for production. The rbd filesystem is integrated into
> qemu and libvirt is the most suited for VM images.
>
> Are the Gluster patches available? I would like to see what that
> feature looks like and if I can modify them for Ceph.
> If there is a better filesystem to investigate please let me know.
>
> Thanks, JOSH
>
>
> gluster as a native storage domain (rather than posixfs) is still in
> reviews (and has patches only for vdsm side).
> http://gerrit.ovirt.org/#/c/ 6856/
>
> you can also use NFS in the meantime if relevant for ceph.
>
>
>
> Thanks for the pointer. I'll follow that and see what I learn.
>
> The vdsm side may be similar since both are network disk device.
> There are only 2 steps needed to start up a VM with rbd.
>
> qemu-img create -f rbd rbd:data/host1 10G
>
> Then to start the image for qemu add -drive
> file=3Drbd:data/host1,if=3Dnone,id=3Ddrive-virtio-disk0,format=3Draw
>
> or within libvirt:
> <disk type=3D'network' device=3D'disk'>
> <driver name=3D'qemu' type=3D'raw'/>
> <source protocol=3D'rbd' name=3D'data/host1'/>
> <target dev=3D'vda' bus=3D'virtio'/>
> <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x05'
> function=3D'0x0'/>
> </disk>
>
> So the steps are simple, and maybe Gluster is more complex then I
> should use as an example.
Have you followed up on this?
Do you need more pointers?
Regards,
Ayal.
>
> Thanks, JOSH
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
------------------------------
Message: 3
Date: Fri, 5 Oct 2012 21:34:00 -0500
From: Dead Horse <deadhorseconsulting(a)gmail.com>
To: Christophe Fergeau <cfergeau(a)redhat.com>
Cc: spice-devel(a)lists.freedesktop.org, "<users(a)ovirt.org>"
<users(a)ovirt.org>
Subject: Re: [Users] [Spice-devel] mouse problem with muiltiple
monitors (was HowTo: Spice ActiveX Plugin/Virt Viewer Console on oV=
irt
3.1)
Message-ID:
<CAEWPe=3Dp8Xf3uYHDbD5uAz46i-OnHJxfYxrzJ-XkNc64GfwtjBQ(a)mail.gmail.c=
om>
Content-Type: text/plain; charset=3D"iso-8859-1"
I've actually started to notice that this occurs natively as well (I rarely
if ever use the activex console on a native windows install). However I
have noted that with a Native Windows install and the Activex Remote Viewer
version 0.5.3 that alot of guests have mouse issues w/o spice vdagent or
the windows spice agent in place (very annoying during LFC guests with no
knowledge of "spice mice"). Windows installs can be slipstreamed with the
spice drivers to fix this but thats really a pain. Linux guests however not
as easy. This actually seems to a repeat of this issue:
http://lists.ovirt.org/pipermail/users/2012-February/000351.html (for which
a fix was applied to windows spicec + activex NOT remote-viewer) possible
regression? Using the usbtablet custom vdsm hook does indeed solve issues
with guests that encounter this issue. I have noted it within older linux
guests (no surprise they know nothing of a spice mouse), windows guests,
solaris guests, some of the older opensuse and ubuntu as well as fedora.
The most confusing one was RHEL 6.x which without the spice vdagent loaded
will experience the cursor jumping in and out of the window or randomly on
the spice display. I note the one downside of the usbtablet is that power
users are able to view custom hooks in the PUP UI, but cannot set them as
only the "admin role" not "user role" can do this. That is to say the power
user can look at and even set the hook but is stopped short of committing
it to the VM settings.
- DHC
On Fri, Oct 5, 2012 at 5:18 AM, Christophe Fergeau <cfergeau(a)redhat.com>wro=
te:
> On Thu, Sep 13, 2012 at 12:26:43PM +0300, Itamar Heim wrote:
> > On 09/13/2012 10:24 AM, Karli Sj?berg wrote:
> > >
> > >13 sep 2012 kl. 01.21 skrev Dead Horse:
> > >
> > >>Thank you! glad to be able to help ;)
> > >>
> > >>As Itamar mentioned if you are running the spice client inside a VM
> > >>(dunno if this is case) you will need the guest paravirtual driver
> > >>and/or services for mouse handling. I have observed exactly this
> > >>behavior before when running the spice client in a VM when the guest
> > >>tools/drivers for mouse handling are not present (In my case most of
> > >>the time VirtualBox).
> > >
> > >Very amusing "bug":) But cripples SPICE?s usage.
> > >
> > >I have tested this from 5 different physical machines running Win7/IE,
> > >and this behavior shows itself only on machines with more than one
> > >monitor, or a laptop with another monitor attached .e.g. These guest
> > >tools you both mention, would these be
> > >"http://spice-space.org/download/binaries/spice-guest-tools-0.1.exe"?
> > >And can you install them in a physical machine as well?
> >
> > cc-ing spice-devel to see if they have insights on your issue
>
> Could this be related to
> https://bugzilla.redhat.com/show_bug.cgi?id=3D852841
> ?
>
> Christophe
>
12 years, 2 months
[Users] [vdsm] SPICE SSL Woes
by Bret Palsson
I can't seem to get this secure spice session to work. Any help is appreciated, already burnt 20 hours on this.
Spice versions:
spice-server-0.10.1
spice-client 0.12.0
spice-xpi 2.7
spicec: I set the password to abcd using a bash script found on this mailing list, valid for 1200 seconds.
=============================================
# spicec --password abcd --secure-channels all -h 10.20.20.2 --secure-port 5902 --ca-file cacert.pem
Error: failed to connect w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1)
139833084392776:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:1063:
Warning: SSL Error:
=============================================
spice-xpi: spice-xpi.log
=============================================
built and installed latest (which is great has better debugging output:
2012-10-02 07:58:26,805 DEBUG nsPluginInstance::SetHostIP: 10.20.20.2
2012-10-02 07:58:26,806 DEBUG nsPluginInstance::SetPort: 5901
2012-10-02 07:58:26,806 DEBUG nsPluginInstance::SetTitle: Test:%d - Press SHIFT+F12 to Release Cursor
2012-10-02 07:58:26,807 DEBUG nsPluginInstance::SetDynamicMenu:
2012-10-02 07:58:26,807 DEBUG nsPluginInstance::SetFullScreen: 0
2012-10-02 07:58:26,808 DEBUG nsPluginInstance::SetPassword: Password set
2012-10-02 07:58:26,808 DEBUG nsPluginInstance::SetNumberOfMonitors: 1
2012-10-02 07:58:26,808 DEBUG nsPluginInstance::SetUsbListenPort: 0
2012-10-02 07:58:26,809 DEBUG nsPluginInstance::SetAdminConsole: 1
2012-10-02 07:58:26,809 DEBUG nsPluginInstance::SetSecurePort: 5902
2012-10-02 07:58:26,810 DEBUG nsPluginInstance::SetSSLChannels: original channels: smain,sinputs,scursor,splayback,srecord,sdisplay
2012-10-02 07:58:26,810 DEBUG nsPluginInstance::SetSSLChannels: modified channels: main,inputs,cursor,playback,record,display
2012-10-02 07:58:26,810 DEBUG nsPluginInstance::SetGuestHostName: Test
2012-10-02 07:58:26,811 DEBUG nsPluginInstance::SetCipherSuite: DEFAULT
2012-10-02 07:58:26,811 DEBUG nsPluginInstance::SetHostSubject: O=Best Company,CN=10.20.20.2
2012-10-02 07:58:26,812 DEBUG nsPluginInstance::SetTrustStore: Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Best Company, CN=CA-ovirt-engine.example.com.28202
Validity
Not Before: Sep 6 21:49:14 2012
Not After : Sep 6 03:49:15 2022 GMT
Subject: C=US, O=Best Company, CN=CA-ovirt-engine.example.com.28202
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:bc:70:bd:bc:a0:07:7a:99:5e:84:c6:91:70:30:
3e:f0:2a:c9:96:cb:ac:d5:f4:e7:a4:8d:85:c2:2d:
39:12:fa:2f:3f:3c:bf:bb:ed:90:31:28:ae:38:49:
68:e2:4a:ca:89:21:4c:1c:b5:72:ca:e5:c7:3d:d8:
64:95:22:98:45:67:50:43:dd:8e:cb:9e:39:d4:9b:
11:16:71:e1:d9:81:1e:4d:1c:2c:9c:6d:7c:d1:43:
a1:af:4a:83:77:e8:ad:0d:92:cb:fa:45:b8:d3:b6:
50:99:3e:4e:a7:91:30:57:ce:a7:5b:62:95:7f:9b:
fd:26:05:a9:e0:8e:45:2b:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:93:27:08:E5:4D:2B:CE:EC:55:2C:E6:C4:C0:EE:32:0C:87:22:BF
Authority Information Access:
CA Issuers - URI:http://ovirt-engine.example.com:80/ca.crt
X509v3 Authority Key Identifier:
keyid:87:93:27:08:E5:4D:2B:CE:EC:55:2C:E6:C4:C0:EE:32:0C:87:22:BF
DirName:/C=US/O=Best Company/CN=CA-ovirt-engine.example.com.28202
serial:01
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha1WithRSAEncryption
a1:a9:17:91:ba:6e:0d:15:ce:28:e0:b8:7f:3c:5e:ba:6e:8d:
31:91:bf:99:0c:74:5f:95:86:e6:90:fd:3c:13:3a:64:9e:40:
f7:4f:e0:45:b8:8e:27:b3:23:d4:75:bb:be:5f:73:4f:48:e4:
8c:6d:11:eb:76:70:81:c7:a5:8a:35:0b:ef:a5:cf:3d:ae:fd:
1f:94:b7:e4:c3:4c:7f:fb:5b:09:eb:e8:b1:35:3c:b8:ba:e8:
b7:d0:5f:8a:98:b5:9a:6c:24:53:2a:49:61:0e:7c:5e:b3:d2:
d4:c3:dd:ca:b9:57:a3:f0:e4:9c:d6:3d:43:40:9d:dd:ff:cd:
94:be
-----BEGIN CERTIFICATE-----
MIIDCDCCAnGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEc
MBoGA1UEChMTSml2ZSBDb21tdW5pY2F0aW9uczEfMB0GA1UEAxMWQ0EtY20uaml2
ZWlwLm5ldC4yODIwMjAiFxExMjA5MDYyMTQ5MTQrMDcwMBcNMjIwOTA2MDM0OTE1
WjBMMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSml2ZSBDb21tdW5pY2F0aW9uczEf
MB0GA1UEAxMWQ0EtY20uaml2ZWlwLm5ldC4yODIwMjCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAvHC9vKAHeplehMaRcDA+8CrJlsus1fTnpI2Fwi05EvovPzy/
u+2QMSiuOElo4krKiSFMHLVyyuXHPdhklSKYRWdQQ92Oy5451JsRFnHh2YEeTRws
nG180UOhr0qDd+itDZLL+kW407ZQmT5Op5EwV86nW2KVf5v9JgWp4I5FK+MCAwEA
AaOB9TCB8jAdBgNVHQ4EFgQUh5MnCOVNK87sVSzmxMDuMgyHIr8wOgYIKwYBBQUH
AQEELjAsMCoGCCsGAQUFBzAChh5odHRwOi8vY20uaml2ZWlwLm5ldDo4MC9jYS5j
cnQwdAYDVR0jBG0wa4AUh5MnCOVNK87sVSzmxMDuMgyHIr+hUKROMEwxCzAJBgNV
BAYTAlVTMRwwGgYDVQQKExNKaXZlIENvbW11bmljYXRpb25zMR8wHQYDVQQDExZD
QS1jbS5qaXZlaXAubmV0LjI4MjAyggEBMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAKGpF5G6bg0VzijguH88XrpujTGR
v5kMdF+VhuaQ/TwTOmSeQPdP4EW4jiezI9R1u75fc09I5IxtEet2cIHHpYo1C++l
zz2u/R+Ut+TDTH/7Wwnr6LE1PLi66LfQX4qYtZpsJFMqSWEOfF6z0tTD3cq5V6Pw
5JzWPUNAnd3/zZS+
-----END CERTIFICATE-----
2012-10-02 07:58:26,813 DEBUG nsPluginInstance::SetHotKeys: release-cursor=shift+f12,toggle-fullscreen=shift+f11
2012-10-02 07:58:26,813 DEBUG nsPluginInstance::SetNoTaskMgrExecution: 0
2012-10-02 07:58:26,813 DEBUG nsPluginInstance::SetSendCtrlAltDelete: 0
2012-10-02 07:58:26,814 DEBUG nsPluginInstance::SetUsbAutoShare: 1
2012-10-02 07:58:26,815 DEBUG nsPluginInstance::SetUsbFilter: -1,-1,-1,-1,0
2012-10-02 07:58:26,816 INFO nsPluginInstance::Connect: SPICE_XPI_SOCKET: /tmp/spicec-8ym5mJ/spice-xpi
2012-10-02 07:58:26,816 INFO nsPluginInstance::Connect: SPICE_FOREIGN_MENU_SOCKET: /tmp/spicec-8ym5mJ/spice-foreign
2012-10-02 07:58:26,816 DEBUG nsPluginInstance::Connect: Controller pid: 50483
2012-10-02 07:58:26,816 DEBUG QErrorHandler: Something went wrong: connect error, 2
2012-10-02 07:58:26,817 DEBUG SpiceController::Connect: Connect Error
2012-10-02 07:58:26,817 INFO nsPluginInstance::Connect: Launching /usr/libexec/spice-xpi-client
2012-10-02 07:58:26,817 DEBUG QErrorHandler: Something went wrong: connect error, 2
2012-10-02 07:58:26,817 DEBUG SpiceController::Connect: Connect Error
2012-10-02 07:58:27,818 DEBUG SpiceController::Connect: Connected!
2012-10-02 07:58:29,821 INFO nsPluginInstance::Connect: Initiating connection with controller
2012-10-02 07:59:05,999 DEBUG nsPluginInstance::ControllerWaitHelper: Controller finished, pid: 50483, exit code: 0
2012-10-02 07:59:05,999 ERROR nsPluginInstance::CallOnDisconnected: could not get browser window, when trying to call OnDisconnected
=============================================
Openssl test:
=============================================
[root@centos6 ~]# openssl s_client -connect 10.20.20.2:5902 -CAfile cacert.pem
CONNECTED(00000003)
depth=1 C = US, O = Best Company, CN = CA-ovirt-engine.example.com.28202
verify return:1
depth=0 O = Best Company, CN = 10.20.20.2
verify error:num=9:certificate is not yet valid
notBefore=Oct 4 01:40:57 2012
verify return:1
depth=0 O = Best Company, CN = 10.20.20.2
notBefore=Oct 4 01:40:57 2012
verify return:1
---
Certificate chain
0 s:/O=Best Company/CN=10.20.20.2
i:/C=US/O=Best Company/CN=CA-ovirt-engine.example.com.28202
1 s:/C=US/O=Best Company/CN=CA-ovirt-engine.example.com.28202
i:/C=US/O=Best Company/CN=CA-ovirt-engine.example.com.28202
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDDTCCAnagAwIBAgIBBzANBgkqhkiG9w0BAQUFADBMMQswCQYDVQQGEwJVUzEc
MBoGA1UEChMTSml2ZSBDb21tdW5pY2F0aW9uczEfMB0GA1UEAxMWQ0EtY20uaml2
ZWlwLm5ldC4yODIwMjAiFxExMjEwMDQwMTQwNTctMDYwMBcNMTcxMDA0MDc0MDU4
WjAzMRwwGgYDVQQKExNKaXZlIENvbW11bmljYXRpb25zMRMwEQYDVQQDEwoxMC4y
MC4yMC4yMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfxg43vrorGXoui5Cs
69xeS/R31r2FkfE3UO57BzKbToBY88Hj7dUkFjlFVwg3/eUIBh0jYQ5Qq5Q4Kl9p
Oy4/58VwqRd6P/C3a9LgF1rdvXEnmtNZyoXNmvFeTgpEF+165hr6aPXmMqXqaSEv
ab/mFdxVKM6FwgUWQb/uW3Rp3QIDAQABo4IBEjCCAQ4wHQYDVR0OBBYEFIhzxNFR
sbDS9hLGOID0RLPlYrLPMDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAoYeaHR0
cDovL2NtLmppdmVpcC5uZXQ6ODAvY2EuY3J0MHQGA1UdIwRtMGuAFIeTJwjlTSvO
7FUs5sTA7jIMhyK/oVCkTjBMMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTSml2ZSBD
b21tdW5pY2F0aW9uczEfMB0GA1UEAxMWQ0EtY20uaml2ZWlwLm5ldC4yODIwMoIB
ATAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAgBgNVHSUBAf8EFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAayUoWzI77OMVGa1QeWKQ
VF/iwu5URB8sbsmFk9NmfUOtIYsVsmdMsoDSYQsL7mEe0SA5GOXpS1sThdXsU1uf
9bZ+dyrmCBmg0/cPOiXA8R1GgS+Bwjc+MxEOuXzTmumfW19hlbKbRXRwgx+vRgDv
JbUNV6jXUHqhBeGnsVhiLrQ=
-----END CERTIFICATE-----
subject=/O=Best Company/CN=10.20.20.2
issuer=/C=US/O=Best Company/CN=CA-ovirt-engine.example.com.28202
---
No client certificate CA names sent
---
SSL handshake has read 1884 bytes and written 311 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 9747FACA4B5CC4542E050F4B8534E1B71234BC5F99F3221D284BC53D0A5CB746
Session-ID-ctx:
Master-Key: 7A579DA9F75E76C63F3FDFCB5BBE42EE28AEF5211C5AC5ECAE8679166C98FBB5AD00BFC4B8AC5D7E214A3B0069CF50E7
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - ae f2 91 79 e4 94 85 a2-02 60 aa 91 54 a5 3f 13 ...y.....`..T.?.
0010 - 90 b4 78 20 27 5a 52 61-78 a1 4d db 73 25 c0 f8 ..x 'ZRax.M.s%..
0020 - 65 7f 43 76 72 35 08 96-0d 32 c4 72 eb ae c4 a9 e.Cvr5...2.r....
0030 - 83 78 7f 48 8c c6 a9 38-78 ea 90 60 52 62 0e 4d .x.H...8x..`Rb.M
0040 - 7c 3e 41 62 63 2d 27 b3-bc ba bb b7 87 ac 12 df |>Abc-'.........
0050 - 04 61 3d c8 8f cd 14 e4-51 bf 74 66 2c a0 a6 70 .a=.....Q.tf,..p
0060 - 3e d2 5f 4c 63 10 80 83-18 d7 4e 08 e0 5b c5 5a >._Lc.....N..[.Z
0070 - 75 94 27 de 1e 8e 61 e9-64 af 52 eb 1e 98 00 e2 u.'...a.d.R.....
0080 - 4f 80 8c 1f ec 40 b7 25-7b 72 a3 1a 99 8a 6a ca O....@.%{r....j.
0090 - 90 80 f9 1e 5f 99 96 0a-3e bb 4f b6 86 d1 49 0c ...._...>.O...I.
Start Time: 1349186957
Timeout : 300 (sec)
Verify return code: 9 (certificate is not yet valid)
---
=============================================
12 years, 2 months
[Users] Console and keyboard setup on VNC
by Alexandre Santos
Hello all,
first post here :-)
When using VNC as the console to access the VM I can't use the portuguese
keyboard and see special characters. I tried it with VMs running Fedora,
CentOS and Debian.
If I ssh the VM, everything is correct on the terminal console.
Is this a issue from oVirt or from the VNC server running behind (I guess
it's the second).
Any help?
TYA
Alex
12 years, 2 months
