8:59 p.m.
You can use Spice Proxy. The easiest way is to run proxy on Squid. I
recommend connect via VPN.
Here is a part of my Squid's configuration to connect Spice consoles from
VPN 10.25.0.0/16 and LAN 192.168.0.0/16 to oVirt's hosts on 192.168.2.0/24:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.0.0/16
acl localnet src 10.25.0.0/16
acl Safe_ports port 80 # http
acl CONNECT method CONNECT
http_access allow localnet
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
acl spice_servers dst 192.168.2.0/24
http_access allow spice_servers
http_access allow localnet
http_access allow localhost
http_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs /var/spool/squid 100 16 256
cache_mem 32 MB
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
You have to configure Spice Proxy on oVirt Engine by `engine-config -s
SpiceProxyDefault=someProxy`. Here is my solution:
root@host021:~ engine-config -a |grep SpiceProxyDefault
SpiceProxyDefault: http://10.25.2.21:3128/ version: general
You can use Proxy on your public IP if you don't like to use VPN, but
remember to make sure that your machines are secured enough.
2015-04-02 18:06 GMT+02:00 Jason Keltz <jas(a)cse.yorku.ca>:
I'm trying to figure out the most reasonable method for me to
access the
console on my ovirt installation.
Each node has ovirtmgmt, storage, and external network connectivity.
The standalone engine host has ovirtmgmt, and external network.
I connect to engine via the external network, right click on a VM and try
to access the console. If I use the "Remote Viewer" method, the connection
fails. This is because my client on the external network doesn't have
access to ovirtmgmt.
I can access the spice-html5 client, and that "basically" works, though
it's crashed more than once. I suspect that Remote Viewer will be more
stable.
So my question is - what is the best way for me to connect to the console
from the external network?
Either, I have to start up my client on a machine that has an IP on
ovirtmgmt (eg. remote login to engine, and run firefox there?)
or I have to route external packets from my host to say, the engine host,
and run IP forwarding there? probably not too secure...
or I have to figure out a way to make ovirt use the external network for
display traffic... that would probably be best (?) but I can't seem to
figure out whether it's possible.
In particular since the external network is a VM network (it's actually 2
x 1 G links bound via LACP), and not part of ovirt infrastructure, it's not
clear if I can use it for display and VM external connectivity as well.
Any thoughts would be much appreciated.
Jason.
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users