You can use Spice Proxy. The easiest way is to run proxy on Squid. I recommend connect via VPN. Here is a part of my Squid's configuration to connect Spice consoles from VPN 10.25.0.0/16 and LAN 192.168.0.0/16 to oVirt's hosts on 192.168.2.0/24: acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 192.168.0.0/16 acl localnet src 10.25.0.0/16 acl Safe_ports port 80 # http acl CONNECT method CONNECT http_access allow localnet http_access allow manager localhost http_access deny manager http_access deny !Safe_ports acl spice_servers dst 192.168.2.0/24 http_access allow spice_servers http_access allow localnet http_access allow localhost http_access allow all http_port 3128 hierarchy_stoplist cgi-bin ? cache_dir ufs /var/spool/squid 100 16 256 cache_mem 32 MB coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_effective_user squid cache_effective_group squid You have to configure Spice Proxy on oVirt Engine by `engine-config -s SpiceProxyDefault=someProxy`. Here is my solution: root@host021:~ engine-config -a |grep SpiceProxyDefault SpiceProxyDefault: http://10.25.2.21:3128/ version: general You can use Proxy on your public IP if you don't like to use VPN, but remember to make sure that your machines are secured enough. 2015-04-02 18:06 GMT+02:00 Jason Keltz <jas@cse.yorku.ca>:
I'm trying to figure out the most reasonable method for me to access the console on my ovirt installation. Each node has ovirtmgmt, storage, and external network connectivity. The standalone engine host has ovirtmgmt, and external network. I connect to engine via the external network, right click on a VM and try to access the console. If I use the "Remote Viewer" method, the connection fails. This is because my client on the external network doesn't have access to ovirtmgmt. I can access the spice-html5 client, and that "basically" works, though it's crashed more than once. I suspect that Remote Viewer will be more stable. So my question is - what is the best way for me to connect to the console from the external network? Either, I have to start up my client on a machine that has an IP on ovirtmgmt (eg. remote login to engine, and run firefox there?) or I have to route external packets from my host to say, the engine host, and run IP forwarding there? probably not too secure... or I have to figure out a way to make ovirt use the external network for display traffic... that would probably be best (?) but I can't seem to figure out whether it's possible. In particular since the external network is a VM network (it's actually 2 x 1 G links bound via LACP), and not part of ovirt infrastructure, it's not clear if I can use it for display and VM external connectivity as well.
Any thoughts would be much appreciated.
Jason.
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users