The problem is this: I need to be able to connect to the systems automatically via a script. Even if the VMs are restarted. If the PW changes every time, my script doesn't work anymore.

Am 02.08.21 um 09:32 schrieb Michal Skrivanek:


On 31. 7. 2021, at 9:19, Strahil Nikolov <hunter86_bg@yahoo.com> wrote:

You need to (all Hypervisors that will be running this script):
- download the engine's CA from https://<your-engine>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
- put it at :
/etc/pki/ca-trust/source/anchors/
- make it trousted by running:
 update-ca-trust extract

Best Regards,
Strahil Nikolov

On Fri, Jul 30, 2021 at 18:05, Merlin Timm
Ah okay, i figured it out.

root@mypc:/home/merlin/Documents/Ovirt-0.06# perl set_ovirt_vnc_pw.pl
LWP Status line : 500 Can't connect to my.ovirt.manager.com:443
(certificate verify failed) at /usr/local/share/perl/5.26.1/Ovirt/VM.pm
line 195.

it seems to work but it cant connect to the ovirt manager :/

Am 30.07.2021 14:54 schrieb Milan Zamazal:
> Merlin Timm <merlin.timm@posteo.de> writes:
>
>> actually I rather wanted to know how to generate a config with
>> Ovirt::Display. I didn't really understand what I have to do to
>> generate a config.
>
> I've never tried it but I think you should fetch the perl library and
> then run a perl script according to the example in Synopis section of
> https://metacpan.org/pod/Ovirt::Display
>
>> Am 30.07.2021 14:04 schrieb Milan Zamazal:
>>> Merlin Timm <merlin.timm@posteo.de> writes:
>>>
>>>> Hey,
>>>> Thanks for the answers!
>>>> I want to try the perl solution. One, maybe stupid, question: how
>>>> do i run this perl module?
>>>> Do i run it on the Host or from my local machne? I am a litte bit
>>>> confused.
>>> As I understand it, you can run it from anywhere where Engine REST
>>> API
>>> is reachable from.
>>> Regards,
>>> Milan
>>>
>>>> Could someone explain it to me?
>>>> Best regarda
>>>> Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal
>>>> <mzamazal@redhat.com>:
>>>>> Sandro Bonazzola <sbonazzo@redhat.com> writes:
>>>>>
>>>>>> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
>>>>>> sbonazzo@redhat.com> ha scritto:
>>>>>>
>>>>>>> +Milan Zamazal <mzamazal@redhat.com> , +Arik Hadas
>>>>>>> <ahadas@redhat.com> , +Michal
>>>>>>> Skrivanek <mskrivan@redhat.com> any hint?
>>>>>>>
>>>>>> I found https://metacpan.org/pod/Ovirt::Display but I think there
>>>>>> should be
>>>>>> an easier way within the engine to configure this.
>>>>>>
>>>>>>
>>>>>>> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm
>>>>>>> <merlin.timm@posteo.de>
>>>>>>> ha scritto:
>>>>>>>
>>>>>>>> Good day to all,
>>>>>>>> I have a question about the console configuration of the VMs:
>>>>>>>> By default, for each console connection to a VM, a password is
>>>>>>>> set for
>>>>>>>> 120 seconds, after that you can't use it again. We currently
>>>>>>>> have the
>>>>>>>> following concern:
>>>>>>>> We want to access and control the VMs via the VNC/Spice of the
>>>>>>>> Ovirt
>>>>>>>> host. We have already tried to use the password from the
>>>>>>>> console.vv for
>>>>>>>> the connection and that works so far. Unfortunately we have to
>>>>>>>> do this
>>>>>>>> every 2 minutes when we want to connect again.
if you connect again you get a new concole.vv…why is that a problem?
We are currently
>>>>>>>> building
>>>>>>>> an automatic test pipeline and for this we need to access the
>>>>>>>> VMs
>>>>>>>> remotely before OS start and we want to be independent of a VNC
>>>>>>>> server
>>>>>>>> on the guest. This is only possible if we could connect to the
>>>>>>>> VNC/Spice
>>>>>>>> server from the Ovirt host.
>>>>>>>> My question: would it be possible to fix the password or read
>>>>>>>> it out via
>>>>>>>> api every time you want to connect?
>>>>> A one time password is set every time the console is opened, for
>>>>> those
>>>>> 120 seconds.  Unfortunately, the 120 seconds limit seems to be
>>>>> hardwired
>>>>> in Engine sources.  So apparently the only chance would be to set
>>>>> the
>>>>> password directly on the host using VM.updateDevice VDSM API call.
>>>>> It
>>>>> looks like this normally:
>>>>>  VM.updateDevice(params={'deviceType': 'graphics', 'password':
>>>>> '********', 'disconnectAction': 'NONE', 'params': {'vncUsername':
>>>>> 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false',
>>>>> 'userName': 'admin', 'userId':
>>>>> 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120,
>>>>> 'graphicsType':
>>>>> 'spice'})
>>>>> This way it's possible to set a password and its lifetime (`ttl'
>>>>> parameter).  Of course, it's needed to find out the host the VM
>>>>> runs on,
>>>>> a way to call the API (running vdsm-client directly on the host
>>>>> may be
>>>>> the easiest way), how to make/use the *.vv ticket (you can use the
>>>>> same
>>>>> password all the time) and to accept collisions with different
>>>>> settings
>>>>> if someone opens the console from the web UI.
>>>>> In the end result, using the Perl library mentioned by Sandro
>>>>> above may
>>>>> be an easier solution.
>>>>> Or another option is to submit a patch to Engine to make the
>>>>> timeout
>>>>> configurable (look for TICKET_VALIDITY_SECONDS in the sources).
>>>>> Regards,
>>>>> Milan
>>>>>
>>>>>>>> I would appreciate a reply very much!
>>>>>>>> Best regards
>>>>>>>> Merlin Timm
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list -- users@ovirt.org
>>>>>>>> To unsubscribe send an email to users-leave@ovirt.org
>>>>>>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>>>>>>> oVirt Code of Conduct:
>>>>>>>> https://www.ovirt.org/community/about/community-guidelines/
>>>>>>>> List Archives:
>>>>>>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Sandro Bonazzola
>>>>>>> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
>>>>>>> Red Hat EMEA <https://www.redhat.com/>
>>>>>>> sbonazzo@redhat.com
>>>>>>> <https://www.redhat.com/>
>>>>>>> *Red Hat respects your work life balance. Therefore there is no
>>>>>>> need to
>>>>>>> answer this email out of your office hours.
>>>>>>> <https://mojo.redhat.com/docs/DOC-1199578>*
>>>>>>>
>>>>>>>
>>>>>
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GYNC72W3P5TEN3EOQSYPPKCQZ4TGIRDC/