[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

Merlin Timm <merlin.timm(a)posteo.de&gt; writes: > actually I rather wanted to know how to generate a config with > Ovirt::Display. I didn't really understand what I have to do to > generate a config. I've never tried it but I think you should fetch the perl library and then run a perl script according to the example in Synopis section of https://metacpan.org/pod/Ovirt::Display > Am 30.07.2021 14:04 schrieb Milan Zamazal: >> Merlin Timm <merlin.timm(a)posteo.de&gt; writes: >> >>> Hey, >>> Thanks for the answers! >>> I want to try the perl solution. One, maybe stupid, question: how >>> do i run this perl module? >>> Do i run it on the Host or from my local machne? I am a litte bit >>> confused. >> As I understand it, you can run it from anywhere where Engine REST >> API >> is reachable from. >> Regards, >> Milan >> >>> Could someone explain it to me? >>> Best regarda >>> Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal >>> <mzamazal(a)redhat.com&gt;: >>>> Sandro Bonazzola <sbonazzo(a)redhat.com&gt; writes: >>>> >>>>> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola < >>>>> sbonazzo(a)redhat.com&gt; ha scritto: >>>>> >>>>>> +Milan Zamazal <mzamazal(a)redhat.com&gt; , +Arik Hadas >>>>>> <ahadas(a)redhat.com&gt; , +Michal >>>>>> Skrivanek <mskrivan(a)redhat.com&gt; any hint? >>>>>> >>>>> I found https://metacpan.org/pod/Ovirt::Display but I think there >>>>> should be >>>>> an easier way within the engine to configure this. >>>>> >>>>> >>>>>> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm >>>>>> <merlin.timm(a)posteo.de&gt; >>>>>> ha scritto: >>>>>> >>>>>>> Good day to all, >>>>>>> I have a question about the console configuration of the VMs: >>>>>>> By default, for each console connection to a VM, a password is >>>>>>> set for >>>>>>> 120 seconds, after that you can't use it again. We currently >>>>>>> have the >>>>>>> following concern: >>>>>>> We want to access and control the VMs via the VNC/Spice of the >>>>>>> Ovirt >>>>>>> host. We have already tried to use the password from the >>>>>>> console.vv for >>>>>>> the connection and that works so far. Unfortunately we have to >>>>>>> do this >>>>>>> every 2 minutes when we want to connect again. We are currently >>>>>>> building >>>>>>> an automatic test pipeline and for this we need to access the >>>>>>> VMs >>>>>>> remotely before OS start and we want to be independent of a VNC >>>>>>> server >>>>>>> on the guest. This is only possible if we could connect to the >>>>>>> VNC/Spice >>>>>>> server from the Ovirt host. >>>>>>> My question: would it be possible to fix the password or read >>>>>>> it out via >>>>>>> api every time you want to connect? >>>> A one time password is set every time the console is opened, for >>>> those >>>> 120 seconds.  Unfortunately, the 120 seconds limit seems to be >>>> hardwired >>>> in Engine sources.  So apparently the only chance would be to set >>>> the >>>> password directly on the host using VM.updateDevice VDSM API call. >>>> It >>>> looks like this normally: >>>>  VM.updateDevice(params={'deviceType': 'graphics', 'password': >>>> '********', 'disconnectAction': 'NONE', 'params': {'vncUsername': >>>> 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false', >>>> 'userName': 'admin', 'userId': >>>> 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120, >>>> 'graphicsType': >>>> 'spice'}) >>>> This way it's possible to set a password and its lifetime (`ttl' >>>> parameter).  Of course, it's needed to find out the host the VM >>>> runs on, >>>> a way to call the API (running vdsm-client directly on the host >>>> may be >>>> the easiest way), how to make/use the *.vv ticket (you can use the >>>> same >>>> password all the time) and to accept collisions with different >>>> settings >>>> if someone opens the console from the web UI. >>>> In the end result, using the Perl library mentioned by Sandro >>>> above may >>>> be an easier solution. >>>> Or another option is to submit a patch to Engine to make the >>>> timeout >>>> configurable (look for TICKET_VALIDITY_SECONDS in the sources). >>>> Regards, >>>> Milan >>>> >>>>>>> I would appreciate a reply very much! >>>>>>> Best regards >>>>>>> Merlin Timm >>>>>>> _______________________________________________ >>>>>>> Users mailing list -- users(a)ovirt.org >>>>>>> To unsubscribe send an email to users-leave(a)ovirt.org >>>>>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html >>>>>>> oVirt Code of Conduct: >>>>>>> https://www.ovirt.org/community/about/community-guidelines/ >>>>>>> List Archives: >>>>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE... >>>>>>> >>>>>> >>>>>> -- >>>>>> Sandro Bonazzola >>>>>> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV >>>>>> Red Hat EMEA <https://www.redhat.com/> >>>>>> sbonazzo(a)redhat.com >>>>>> <https://www.redhat.com/> >>>>>> *Red Hat respects your work life balance. Therefore there is no >>>>>> need to >>>>>> answer this email out of your office hours. >>>>>> <https://mojo.redhat.com/docs/DOC-1199578>* >>>>>> >>>>>> >>>>