9:57 p.m.
This is a multi-part message in MIME format.
--------------030406020907050309060406
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
You call all of that configuration for accessing consoles, easy? :) :)
Engine should be able to set up the proxy automatically... I haven't
used squid, so I have to look in more detail at the configuration that
you've provided.
I did find some other functionality which would have been much much
(much!) easier for me to use had it worked. I was able to Edit each
host, go to the "Console" tab, then click "Override display address",
and for display address enter the name of the node. I did this for each
of my 3 nodes. In theory, this should solve the problem. Now, when
accessing the console via remote viewer, the file that is sent from the
engine includes the external IP of the node, so everything should work,
but it does not...
Here's what I see:
(remote-viewer:20327): remote-viewer-DEBUG: Couldn't load
configuration: File is empty
(remote-viewer:20327): GSpice-WARNING **: Connection refused
(firefox:20235): Gtk-WARNING **: Unable to retrieve the file info for
`file:///tmp/console.vv': Error stating file '/tmp/console.vv': No
such file or directory
If I choose to save the file instead of opening it directly via remote
viewer, it does contain the proper hostname. I can't telnet to port
5900 on the virt host though, which is odd. I thought it might be
because the hypervisor firewall restricted the access, so I temporarily
cleared all the firewall rules on the one host. That didn't work either.
If I could make this work, it would solve the problem for me.
Jason.
On 04/02/2015 01:59 PM, shimano wrote:
You can use Spice Proxy. The easiest way is to run proxy on Squid. I
recommend connect via VPN.
Here is a part of my Squid's configuration to connect Spice consoles
from VPN 10.25.0.0/16 <http://10.25.0.0/16> and LAN 192.168.0.0/16
<http://192.168.0.0/16> to oVirt's hosts on 192.168.2.0/24
<http://192.168.2.0/24>;:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 <http://127.0.0.1/32> ::1
acl to_localhost dst 127.0.0.0/8 <http://127.0.0.0/8> 0.0.0.0/32
<http://0.0.0.0/32> ::1
acl localnet src 192.168.0.0/16 <http://192.168.0.0/16>
acl localnet src 10.25.0.0/16 <http://10.25.0.0/16>
acl Safe_ports port 80 # http
acl CONNECT method CONNECT
http_access allow localnet
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
acl spice_servers dst 192.168.2.0/24 <http://192.168.2.0/24>
http_access allow spice_servers
http_access allow localnet
http_access allow localhost
http_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs /var/spool/squid 100 16 256
cache_mem 32 MB
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
You have to configure Spice Proxy on oVirt Engine by `engine-config -s
SpiceProxyDefault=someProxy`. Here is my solution:
root@host021:~ engine-config -a |grep SpiceProxyDefault
SpiceProxyDefault: http://10.25.2.21:3128/ version: general
You can use Proxy on your public IP if you don't like to use VPN, but
remember to make sure that your machines are secured enough.
2015-04-02 18:06 GMT+02:00 Jason Keltz <jas(a)cse.yorku.ca
<mailto:jas@cse.yorku.ca>>:
I'm trying to figure out the most reasonable method for me to
access the console on my ovirt installation.
Each node has ovirtmgmt, storage, and external network connectivity.
The standalone engine host has ovirtmgmt, and external network.
I connect to engine via the external network, right click on a VM
and try to access the console. If I use the "Remote Viewer"
method, the connection fails. This is because my client on the
external network doesn't have access to ovirtmgmt.
I can access the spice-html5 client, and that "basically" works,
though it's crashed more than once. I suspect that Remote Viewer
will be more stable.
So my question is - what is the best way for me to connect to the
console from the external network?
Either, I have to start up my client on a machine that has an IP
on ovirtmgmt (eg. remote login to engine, and run firefox there?)
or I have to route external packets from my host to say, the
engine host, and run IP forwarding there? probably not too secure...
or I have to figure out a way to make ovirt use the external
network for display traffic... that would probably be best (?) but
I can't seem to figure out whether it's possible.
In particular since the external network is a VM network (it's
actually 2 x 1 G links bound via LACP), and not part of ovirt
infrastructure, it's not clear if I can use it for display and VM
external connectivity as well.
Any thoughts would be much appreciated.
Jason.
_______________________________________________
Users mailing list
Users(a)ovirt.org <mailto:Users@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--------------030406020907050309060406
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
You call all of that configuration for accessing consoles, easy? :)
:) Engine should be able to set up the proxy automatically... I
haven't used squid, so I have to look in more detail at the
configuration that you've provided. <br>
<br>
I did find some other functionality which would have been much much
(much!) easier for me to use had it worked. I was able to Edit
each host, go to the "Console" tab, then click "Override display
address", and for display address enter the name of the node. I did
this for each of my 3 nodes. In theory, this should solve the
problem. Now, when accessing the console via remote viewer, the
file that is sent from the engine includes the external IP of the
node, so everything should work, but it does not...<br>
Here's what I see:<br>
<br>
<blockquote type="cite">(remote-viewer:20327): remote-viewer-DEBUG:
Couldn't load configuration: File is empty<br>
<br>
(remote-viewer:20327): GSpice-WARNING **: Connection refused<br>
<br>
(firefox:20235): Gtk-WARNING **: Unable to retrieve the file info
for `<a class="moz-txt-link-freetext"
href="file:///tmp/console.vv">file:///tmp/console.vv</a>': Error
stating file
'/tmp/console.vv': No such file or directory<br>
<br>
</blockquote>
If I choose to save the file instead of opening it directly via
remote viewer, it does contain the proper hostname. I can't telnet
to port 5900 on the virt host though, which is odd. I thought it
might be because the hypervisor firewall restricted the access, so I
temporarily cleared all the firewall rules on the one host. That
didn't work either.<br>
<br>
If I could make this work, it would solve the problem for me.<br>
<br>
Jason.<br>
<br>
<br>
On 04/02/2015 01:59 PM, shimano wrote:<br>
<blockquote
cite="mid:CAB=_TpidHg8GzjJki636Rswp8rRSwNFoScOKUQhtPpFsXHexXQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>You can use Spice Proxy. The easiest way is to run
proxy on Squid. I recommend connect via VPN.<br>
<br>
</div>
Here is a part of my Squid's configuration to connect Spice
consoles from VPN <a moz-do-not-send="true"
href="http://10.25.0.0/16">10.25.0.0/16</a> and LAN
<a
moz-do-not-send="true"
href="http://192.168.0.0/16">192.168.0.0/16</a>
to oVirt's hosts on <a moz-do-not-send="true"
href="http://192.168.2.0/24">192.168.2.0/24</a>:<br>
<br>
acl manager proto cache_object<br>
acl localhost src <a moz-do-not-send="true"
href="http://127.0.0.1/32">127.0.0.1/32</a>
::1<br>
acl to_localhost dst <a moz-do-not-send="true"
href="http://127.0.0.0/8">127.0.0.0/8</a> <a
moz-do-not-send="true"
href="http://0.0.0.0/32">0.0.0.0/32</a>
::1<br>
acl localnet src <a moz-do-not-send="true"
href="http://192.168.0.0/16">192.168.0.0/16</a><br>
acl localnet src <a moz-do-not-send="true"
href="http://10.25.0.0/16">10.25.0.0/16</a><br>
acl Safe_ports port 80 # http<br>
acl CONNECT method CONNECT<br>
http_access allow localnet<br>
http_access allow manager localhost<br>
http_access deny manager<br>
http_access deny !Safe_ports<br>
acl spice_servers dst <a moz-do-not-send="true"
href="http://192.168.2.0/24">192.168.2.0/24</a><br>
http_access allow spice_servers<br>
http_access allow localnet<br>
http_access allow localhost<br>
http_access allow all<br>
http_port 3128<br>
hierarchy_stoplist cgi-bin ?<br>
cache_dir ufs /var/spool/squid 100 16 256<br>
cache_mem 32 MB<br>
coredump_dir /var/spool/squid<br>
refresh_pattern ^ftp: 1440 20% 10080<br>
refresh_pattern ^gopher: 1440 0% 1440<br>
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0<br>
refresh_pattern . 0 20% 4320<br>
cache_effective_user squid<br>
cache_effective_group squid<br>
<br>
</div>
You have to configure Spice Proxy on oVirt Engine by
`engine-config -s SpiceProxyDefault=someProxy`. Here is my
solution:<br>
<br>
root@host021:~ engine-config -a |grep SpiceProxyDefault<br>
SpiceProxyDefault: <a moz-do-not-send="true"
href="http://10.25.2.21:3128/">http://10.25.2.21:3128/</a>
version: general<br>
<br>
</div>
You can use Proxy on your public IP if you don't like to use
VPN, but remember to make sure that your machines are secured
enough.<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2015-04-02 18:06 GMT+02:00 Jason Keltz
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:jas@cse.yorku.ca"
target="_blank">jas@cse.yorku.ca</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">I'm trying
to figure out the most reasonable method for me to access
the console on my ovirt installation.<br>
Each node has ovirtmgmt, storage, and external network
connectivity.<br>
The standalone engine host has ovirtmgmt, and external
network.<br>
I connect to engine via the external network, right click on
a VM and try to access the console. If I use the "Remote
Viewer" method, the connection fails. This is because my
client on the external network doesn't have access to
ovirtmgmt.<br>
I can access the spice-html5 client, and that "basically"
works, though it's crashed more than once. I suspect that
Remote Viewer will be more stable.<br>
So my question is - what is the best way for me to connect
to the console from the external network?<br>
Either, I have to start up my client on a machine that has
an IP on ovirtmgmt (eg. remote login to engine, and run
firefox there?)<br>
or I have to route external packets from my host to say, the
engine host, and run IP forwarding there? probably not too
secure...<br>
or I have to figure out a way to make ovirt use the external
network for display traffic... that would probably be best
(?) but I can't seem to figure out whether it's possible.<br>
In particular since the external network is a VM network
(it's actually 2 x 1 G links bound via LACP), and not part
of ovirt infrastructure, it's not clear if I can use it for
display and VM external connectivity as well.<br>
<br>
Any thoughts would be much appreciated.<br>
<br>
Jason.<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Users@ovirt.org"
target="_blank">Users(a)ovirt.org</a><br>
<a moz-do-not-send="true"
href="http://lists.ovirt.org/mailman/listinfo/users"
target="_blank">http://lists.ovirt.org/mailman/listinfo/user...
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated"
href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<a class="moz-txt-link-freetext"
href="http://lists.ovirt.org/mailman/listinfo/users">http://...
</pre>
</blockquote>
<br>
</body>
</html>
--------------030406020907050309060406--