The problem is this: I need to be able to connect to the systems automatically via a script. Even if the VMs are restarted. If the PW changes every time, my script doesn't work anymore. Am 02.08.21 um 09:32 schrieb Michal Skrivanek:
On 31. 7. 2021, at 9:19, Strahil Nikolov <hunter86_bg@yahoo.com <mailto:hunter86_bg@yahoo.com>> wrote:
You need to (all Hypervisors that will be running this script): - download the engine's CA from https://<your-engine>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA - put it at : /etc/pki/ca-trust/source/anchors/ - make it trousted by running: update-ca-trust extract
Best Regards, Strahil Nikolov
On Fri, Jul 30, 2021 at 18:05, Merlin Timm <merlin.timm@posteo.de <mailto:merlin.timm@posteo.de>> wrote: Ah okay, i figured it out.
root@mypc <mailto:root@mypc>:/home/merlin/Documents/Ovirt-0.06# perl set_ovirt_vnc_pw.pl LWP Status line : 500 Can't connect to my.ovirt.manager.com:443 <http://my.ovirt.manager.com:443> (certificate verify failed) at /usr/local/share/perl/5.26.1/Ovirt/VM.pm line 195.
it seems to work but it cant connect to the ovirt manager :/
Am 30.07.2021 14:54 schrieb Milan Zamazal: > Merlin Timm <merlin.timm@posteo.de <mailto:merlin.timm@posteo.de>> writes: > >> actually I rather wanted to know how to generate a config with >> Ovirt::Display. I didn't really understand what I have to do to >> generate a config. > > I've never tried it but I think you should fetch the perl library and > then run a perl script according to the example in Synopis section of > https://metacpan.org/pod/Ovirt::Display <https://metacpan.org/pod/Ovirt::Display> > >> Am 30.07.2021 14:04 schrieb Milan Zamazal: >>> Merlin Timm <merlin.timm@posteo.de <mailto:merlin.timm@posteo.de>> writes: >>> >>>> Hey, >>>> Thanks for the answers! >>>> I want to try the perl solution. One, maybe stupid, question: how >>>> do i run this perl module? >>>> Do i run it on the Host or from my local machne? I am a litte bit >>>> confused. >>> As I understand it, you can run it from anywhere where Engine REST >>> API >>> is reachable from. >>> Regards, >>> Milan >>> >>>> Could someone explain it to me? >>>> Best regarda >>>> Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal >>>> <mzamazal@redhat.com <mailto:mzamazal@redhat.com>>: >>>>> Sandro Bonazzola <sbonazzo@redhat.com <mailto:sbonazzo@redhat.com>> writes: >>>>> >>>>>> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola < >>>>>> sbonazzo@redhat.com <mailto:sbonazzo@redhat.com>> ha scritto: >>>>>> >>>>>>> +Milan Zamazal <mzamazal@redhat.com <mailto:mzamazal@redhat.com>> , +Arik Hadas >>>>>>> <ahadas@redhat.com <mailto:ahadas@redhat.com>> , +Michal >>>>>>> Skrivanek <mskrivan@redhat.com <mailto:mskrivan@redhat.com>> any hint? >>>>>>> >>>>>> I found https://metacpan.org/pod/Ovirt::Display <https://metacpan.org/pod/Ovirt::Display>but I think there >>>>>> should be >>>>>> an easier way within the engine to configure this. >>>>>> >>>>>> >>>>>>> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm >>>>>>> <merlin.timm@posteo.de <mailto:merlin.timm@posteo.de>> >>>>>>> ha scritto: >>>>>>> >>>>>>>> Good day to all, >>>>>>>> I have a question about the console configuration of the VMs: >>>>>>>> By default, for each console connection to a VM, a password is >>>>>>>> set for >>>>>>>> 120 seconds, after that you can't use it again. We currently >>>>>>>> have the >>>>>>>> following concern: >>>>>>>> We want to access and control the VMs via the VNC/Spice of the >>>>>>>> Ovirt >>>>>>>> host. We have already tried to use the password from the >>>>>>>> console.vv for >>>>>>>> the connection and that works so far. Unfortunately we have to >>>>>>>> do this >>>>>>>> every 2 minutes when we want to connect again.
if you connect again you get a new concole.vv…why is that a problem?
We are currently >>>>>>>> building >>>>>>>> an automatic test pipeline and for this we need to access the >>>>>>>> VMs >>>>>>>> remotely before OS start and we want to be independent of a VNC >>>>>>>> server >>>>>>>> on the guest. This is only possible if we could connect to the >>>>>>>> VNC/Spice >>>>>>>> server from the Ovirt host. >>>>>>>> My question: would it be possible to fix the password or read >>>>>>>> it out via >>>>>>>> api every time you want to connect? >>>>> A one time password is set every time the console is opened, for >>>>> those >>>>> 120 seconds. Unfortunately, the 120 seconds limit seems to be >>>>> hardwired >>>>> in Engine sources. So apparently the only chance would be to set >>>>> the >>>>> password directly on the host using VM.updateDevice VDSM API call. >>>>> It >>>>> looks like this normally: >>>>> VM.updateDevice(params={'deviceType': 'graphics', 'password': >>>>> '********', 'disconnectAction': 'NONE', 'params': {'vncUsername': >>>>> 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false', >>>>> 'userName': 'admin', 'userId': >>>>> 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120, >>>>> 'graphicsType': >>>>> 'spice'}) >>>>> This way it's possible to set a password and its lifetime (`ttl' >>>>> parameter). Of course, it's needed to find out the host the VM >>>>> runs on, >>>>> a way to call the API (running vdsm-client directly on the host >>>>> may be >>>>> the easiest way), how to make/use the *.vv ticket (you can use the >>>>> same >>>>> password all the time) and to accept collisions with different >>>>> settings >>>>> if someone opens the console from the web UI. >>>>> In the end result, using the Perl library mentioned by Sandro >>>>> above may >>>>> be an easier solution. >>>>> Or another option is to submit a patch to Engine to make the >>>>> timeout >>>>> configurable (look for TICKET_VALIDITY_SECONDS in the sources). >>>>> Regards, >>>>> Milan >>>>> >>>>>>>> I would appreciate a reply very much! >>>>>>>> Best regards >>>>>>>> Merlin Timm >>>>>>>> _______________________________________________ >>>>>>>> Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> >>>>>>>> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> >>>>>>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> >>>>>>>> oVirt Code of Conduct: >>>>>>>> https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> >>>>>>>> List Archives: >>>>>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64N... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Sandro Bonazzola >>>>>>> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV >>>>>>> Red Hat EMEA <https://www.redhat.com/ <https://www.redhat.com/>> >>>>>>> sbonazzo@redhat.com <mailto:sbonazzo@redhat.com> >>>>>>> <https://www.redhat.com/ <https://www.redhat.com/>> >>>>>>> *Red Hat respects your work life balance. Therefore there is no >>>>>>> need to >>>>>>> answer this email out of your office hours. >>>>>>> <https://mojo.redhat.com/docs/DOC-1199578 <https://mojo.redhat.com/docs/DOC-1199578>>* >>>>>>> >>>>>>> >>>>> _______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/GYNC72W3P5TEN3... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/GYNC72W3P5TEN3EOQSYPPKCQZ4TGIRDC/>