AGPL spice-web-client is a spice html5 library from eyeos with another fork from flexvdi. I have tested them with libvirt (no encryption/authentication) and they really work great. I want to use them with Ovirt since spice-html5 is under-performant. However with ovirt I have to deal with authentication and ssl encryption. Since the OVirt certificate is self signed I cannot really ask users to import it (anyway that didn't work when I tried as it is missing the root certificate from the download link on the OVirt web admin console). So far I am able to get a proxy setup using websockify and provide my own certificate and proxy it back to libvirt. I identified from the console.vv file the minimum fields remote-viewer needs to make a secure connection to OVirt. Now I need my websockyproxy to do the same Any help on getting this working will be appreciated. I haven't found any documentation on how this is working. I am ready to read remote-viewer code to try to figure out though Thanks On Fri, Mar 19, 2021 at 8:22 AM Michal Skrivanek < michal.skrivanek@redhat.com> wrote:
Hi,
On 19. 3. 2021, at 3:56, Pascal D <pascal@butterflyit.com> wrote:
Hi,
I am trying to get the spice-web-client working with ovirt.
what is spice-web-client?
One area where I am having difficulties is authentication.Looking at remote-viewer on linux I am able to see that the minimum fields to have a successful spice connection are the following:
[virt-viewer] type=spice host=70.xxx.176.xxx port=5914 password=WQJQWCo+s8tK tls-port=5915 tls-ciphers=DEFAULT host-subject=O=xxxx.com,CN=d1c1v5.xxx.net ca=-----BEGIN CERTIFICATE-----\nMIIDzDCCArSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM\nD2J1dHRlcmZseWl0LmNvbTEiMCAGA1UEAwwZb3YxLmJ1dHRlcmZseWl0LmNvbS40NTQ2NTAeFw0x\nOTA2MDQwMDMyMDVaFw0yOTA2MDIwMDMyMxxxxxxxxxxxxxxxxxxxxxxxxdXR0\nZXJmbHlpdC5jb20xIjAgBgNVBAMMGW92MS5idXR0ZXJmbHlpdC5jb20uNDU0NjUwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD218EJkIJewgmeDFcUM7vEQ3RQ4nL9ZNEg+zORlruLKON\neZRDfgXei3XTt+VFUNTrxBjepf+yN3WjhVP+lDeDveZU/3OYKj9dSewlz7Mj1XTKE8DXDMIGYc79\nXUrcSoiEjCRG1eB+w+uyP4WK0AlJwGKav3AZuU5awjvYAftkW0RhOgdjp80ofuoC3K9TUPPjemtw\n3EWb4bjRcWiDUj8owfhhAHnb4RfacUSMQmYpVJ5YfRunYrCOixlOeGx7PkvXLqWmu2Rnrnk7TNn6\nv74fHh3ruHmZHLk2i6/yNoOAiJC/M8piCGZ3tiOcnPcYF2ZoX+Ud6BV69Hp6SxnF/eCXAgMBAAGj\ngbkwgbYwHQYDVR0OBBYEFAlrTpLGY5Dq6gtA7d7CXc1QAFmOMHQGA1UdIwRtMGuAFAlrTpLGY5Dq\n6gtA7d7CXc1QAFmOoU+kTTBLMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPYnV0dGVyZmx5aXQuY29t\nMSIwIAYDVQQDDBlvdjEuYnV0dGVyZmx5aXQuY29tLjQ1NDY1ggIQADAPBgNVHRMBAf8EBTADAQH/\nMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCA
QEAoC8Nx/s4Uafgc3iyzxbLPb/chQ8U\n7+lULXTq+ZLOuMDdu6UKt7qKZpJZK8ZhjFh/1yVOnpzm7Np+oP7TQlOUkup8X4HsfAwrCgNK1IT1\nETdbdMYD8HYFjxz/0xbnMkJAHfPEh1vtqplw3YhVgiAZfZfT8HzVY/xGkjurvxSyVjBSbn+4uao1\n6W9URt2rWTHn+XxoT+j+cx8vv1WKsynlMBtUjCFy8eR7ZDngRcM/9iRkRCGHJvWJmi1CRrQeE5RZ\nvBH0zE64J3cOJj4BSlN3wOYWiRq28XLB9epDDyZaRpnsqLCOq/+/LscM7iPW1acdCoCu68nJUwTQ\nh1Jh7vQjCQ==\n-----END CERTIFICATE-----\n
with this I can successfully connect to a vm. Now I would like to do the
same from spice-web-client but websockify doesn't give me a tls-port.
a tls-port for what? the one in .vv file is the qemu/spice-server tls port
How to could I implement this? Is there a wrapper that exists that I can pass to websockify to do the authentication on the port + 1 (it seems it is always the next port)
the authentication in .vv file is for the SPICE protocol. it’s for the “spice-web-client” to implement that.
Thanks, michal
Thanks in advance for your help _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7MIZRV5PHVVVM...
Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YPZ5CFLOXUFBKO...