On 31. 7. 2021, at 9:19, Strahil Nikolov <hunter86_bg@yahoo.com> wrote:
You need to (all Hypervisors that will be running this script): - download the engine's CA from https://<your-engine>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA - put it at : /etc/pki/ca-trust/source/anchors/ - make it trousted by running: update-ca-trust extract
Best Regards, Strahil Nikolov
On Fri, Jul 30, 2021 at 18:05, Merlin Timm <merlin.timm@posteo.de> wrote: Ah okay, i figured it out.
root@mypc <mailto:root@mypc>:/home/merlin/Documents/Ovirt-0.06# perl set_ovirt_vnc_pw.pl LWP Status line : 500 Can't connect to my.ovirt.manager.com:443 (certificate verify failed) at /usr/local/share/perl/5.26.1/Ovirt/VM.pm line 195.
it seems to work but it cant connect to the ovirt manager :/
Am 30.07.2021 14:54 schrieb Milan Zamazal:
Merlin Timm <merlin.timm@posteo.de <mailto:merlin.timm@posteo.de>> writes:
actually I rather wanted to know how to generate a config with Ovirt::Display. I didn't really understand what I have to do to generate a config.
I've never tried it but I think you should fetch the perl library and then run a perl script according to the example in Synopis section of https://metacpan.org/pod/Ovirt::Display <https://metacpan.org/pod/Ovirt::Display>
Am 30.07.2021 14:04 schrieb Milan Zamazal:
Merlin Timm <merlin.timm@posteo.de <mailto:merlin.timm@posteo.de>> writes:
Hey, Thanks for the answers! I want to try the perl solution. One, maybe stupid, question: how do i run this perl module? Do i run it on the Host or from my local machne? I am a litte bit confused. As I understand it, you can run it from anywhere where Engine REST API is reachable from. Regards, Milan
Could someone explain it to me? Best regarda Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal <mzamazal@redhat.com <mailto:mzamazal@redhat.com>>:
Sandro Bonazzola <sbonazzo@redhat.com <mailto:sbonazzo@redhat.com>> writes:
> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola < > sbonazzo@redhat.com <mailto:sbonazzo@redhat.com>> ha scritto: > >> +Milan Zamazal <mzamazal@redhat.com <mailto:mzamazal@redhat.com>> , +Arik Hadas >> <ahadas@redhat.com <mailto:ahadas@redhat.com>> , +Michal >> Skrivanek <mskrivan@redhat.com <mailto:mskrivan@redhat.com>> any hint? >> > I found https://metacpan.org/pod/Ovirt::Display <https://metacpan.org/pod/Ovirt::Display>but I think there > should be > an easier way within the engine to configure this. > > >> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm >> <merlin.timm@posteo.de <mailto:merlin.timm@posteo.de>> >> ha scritto: >> >>> Good day to all, >>> I have a question about the console configuration of the VMs: >>> By default, for each console connection to a VM, a password is >>> set for >>> 120 seconds, after that you can't use it again. We currently >>> have the >>> following concern: >>> We want to access and control the VMs via the VNC/Spice of the >>> Ovirt >>> host. We have already tried to use the password from the >>> console.vv for >>> the connection and that works so far. Unfortunately we have to >>> do this >>> every 2 minutes when we want to connect again. if you connect again you get a new concole.vv…why is that a problem? We are currently >>> building >>> an automatic test pipeline and for this we need to access the >>> VMs >>> remotely before OS start and we want to be independent of a VNC >>> server >>> on the guest. This is only possible if we could connect to the >>> VNC/Spice >>> server from the Ovirt host. >>> My question: would it be possible to fix the password or read >>> it out via >>> api every time you want to connect? A one time password is set every time the console is opened, for those 120 seconds. Unfortunately, the 120 seconds limit seems to be hardwired in Engine sources. So apparently the only chance would be to set the password directly on the host using VM.updateDevice VDSM API call. It looks like this normally: VM.updateDevice(params={'deviceType': 'graphics', 'password': '********', 'disconnectAction': 'NONE', 'params': {'vncUsername': 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false', 'userName': 'admin', 'userId': 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120, 'graphicsType': 'spice'}) This way it's possible to set a password and its lifetime (`ttl' parameter). Of course, it's needed to find out the host the VM runs on, a way to call the API (running vdsm-client directly on the host may be the easiest way), how to make/use the *.vv ticket (you can use the same password all the time) and to accept collisions with different settings if someone opens the console from the web UI. In the end result, using the Perl library mentioned by Sandro above may be an easier solution. Or another option is to submit a patch to Engine to make the timeout configurable (look for TICKET_VALIDITY_SECONDS in the sources). Regards, Milan
>>> I would appreciate a reply very much! >>> Best regards >>> Merlin Timm >>> _______________________________________________ >>> Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> >>> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> >>> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> >>> oVirt Code of Conduct: >>> https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> >>> List Archives: >>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64N... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/> >>> >> >> -- >> Sandro Bonazzola >> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV >> Red Hat EMEA <https://www.redhat.com/ <https://www.redhat.com/>> >> sbonazzo@redhat.com <mailto:sbonazzo@redhat.com> >> <https://www.redhat.com/ <https://www.redhat.com/>> >> *Red Hat respects your work life balance. Therefore there is no >> need to >> answer this email out of your office hours. >> <https://mojo.redhat.com/docs/DOC-1199578 <https://mojo.redhat.com/docs/DOC-1199578>>* >> >>
Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/GYNC72W3P5TEN3... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/GYNC72W3P5TEN3EOQSYPPKCQZ4TGIRDC/>