Sandro Bonazzola <sbonazzo(a)redhat.com> writes:
Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
sbonazzo(a)redhat.com> ha scritto:
> +Milan Zamazal <mzamazal(a)redhat.com> , +Arik Hadas <ahadas(a)redhat.com> ,
+Michal
> Skrivanek <mskrivan(a)redhat.com> any hint?
>
I found
https://metacpan.org/pod/Ovirt::Display but I think there should be
an easier way within the engine to configure this.
>
> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm <merlin.timm(a)posteo.de>
> ha scritto:
>
>> Good day to all,
>>
>> I have a question about the console configuration of the VMs:
>>
>> By default, for each console connection to a VM, a password is set for
>> 120 seconds, after that you can't use it again. We currently have the
>> following concern:
>>
>> We want to access and control the VMs via the VNC/Spice of the Ovirt
>> host. We have already tried to use the password from the console.vv for
>> the connection and that works so far. Unfortunately we have to do this
>> every 2 minutes when we want to connect again. We are currently building
>> an automatic test pipeline and for this we need to access the VMs
>> remotely before OS start and we want to be independent of a VNC server
>> on the guest. This is only possible if we could connect to the VNC/Spice
>> server from the Ovirt host.
>>
>> My question: would it be possible to fix the password or read it out via
>> api every time you want to connect?
A one time password is set every time the console is opened, for those
120 seconds. Unfortunately, the 120 seconds limit seems to be hardwired
in Engine sources. So apparently the only chance would be to set the
password directly on the host using VM.updateDevice VDSM API call. It
looks like this normally:
VM.updateDevice(params={'deviceType': 'graphics', 'password':
'********', 'disconnectAction': 'NONE', 'params':
{'vncUsername': 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d',
'fips': 'false', 'userName': 'admin', 'userId':
'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120,
'graphicsType': 'spice'})
This way it's possible to set a password and its lifetime (`ttl'
parameter). Of course, it's needed to find out the host the VM runs on,
a way to call the API (running vdsm-client directly on the host may be
the easiest way), how to make/use the *.vv ticket (you can use the same
password all the time) and to accept collisions with different settings
if someone opens the console from the web UI.
In the end result, using the Perl library mentioned by Sandro above may
be an easier solution.
Or another option is to submit a patch to Engine to make the timeout
configurable (look for TICKET_VALIDITY_SECONDS in the sources).
Regards,
Milan
>> I would appreciate a reply very much!
>>
>> Best regards
>> Merlin Timm
>> _______________________________________________
>> Users mailing list -- users(a)ovirt.org
>> To unsubscribe send an email to users-leave(a)ovirt.org
>> Privacy Statement:
https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>>
https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE...
>>
>
>
> --
>
> Sandro Bonazzola
>
> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
>
> Red Hat EMEA <
https://www.redhat.com/>
>
> sbonazzo(a)redhat.com
> <
https://www.redhat.com/>
>
> *Red Hat respects your work life balance. Therefore there is no need to
> answer this email out of your office hours.
> <
https://mojo.redhat.com/docs/DOC-1199578>*
>
>
>