Hi, I am trying to get the spice-web-client working with ovirt. One area where I am having difficulties is authentication.Looking at remote-viewer on linux I am able to see that the minimum fields to have a successful spice connection are the following: [virt-viewer] type=spice host=70.xxx.176.xxx port=5914 password=WQJQWCo+s8tK tls-port=5915 tls-ciphers=DEFAULT host-subject=O=xxxx.com,CN=d1c1v5.xxx.net ca=-----BEGIN CERTIFICATE-----\nMIIDzDCCArSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM\nD2J1dHRlcmZseWl0LmNvbTEiMCAGA1UEAwwZb3YxLmJ1dHRlcmZseWl0LmNvbS40NTQ2NTAeFw0x\nOTA2MDQwMDMyMDVaFw0yOTA2MDIwMDMyMxxxxxxxxxxxxxxxxxxxxxxxxdXR0\nZXJmbHlpdC5jb20xIjAgBgNVBAMMGW92MS5idXR0ZXJmbHlpdC5jb20uNDU0NjUwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD218EJkIJewgmeDFcUM7vEQ3RQ4nL9ZNEg+zORlruLKON\neZRDfgXei3XTt+VFUNTrxBjepf+yN3WjhVP+lDeDveZU/3OYKj9dSewlz7Mj1XTKE8DXDMIGYc79\nXUrcSoiEjCRG1eB+w+uyP4WK0AlJwGKav3AZuU5awjvYAftkW0RhOgdjp80ofuoC3K9TUPPjemtw\n3EWb4bjRcWiDUj8owfhhAHnb4RfacUSMQmYpVJ5YfRunYrCOixlOeGx7PkvXLqWmu2Rnrnk7TNn6\nv74fHh3ruHmZHLk2i6/yNoOAiJC/M8piCGZ3tiOcnPcYF2ZoX+Ud6BV69Hp6SxnF/eCXAgMBAAGj\ngbkwgbYwHQYDVR0OBBYEFAlrTpLGY5Dq6gtA7d7CXc1QAFmOMHQGA1UdIwRtMGuAFAlrTpLGY5Dq\n6gtA7d7CXc1QAFmOoU+kTTBLMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPYnV0dGVyZmx5aXQuY29t\nMSIwIAYDVQQDDBlvdjEuYnV0dGVyZmx5aXQuY29tLjQ1NDY1ggIQADAPBgNVHRMBAf8EBTADAQH/\nMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCA QEAoC8Nx/s4Uafgc3iyzxbLPb/chQ8U\n7+lULXTq+ZLOuMDdu6UKt7qKZpJZK8ZhjFh/1yVOnpzm7Np+oP7TQlOUkup8X4HsfAwrCgNK1IT1\nETdbdMYD8HYFjxz/0xbnMkJAHfPEh1vtqplw3YhVgiAZfZfT8HzVY/xGkjurvxSyVjBSbn+4uao1\n6W9URt2rWTHn+XxoT+j+cx8vv1WKsynlMBtUjCFy8eR7ZDngRcM/9iRkRCGHJvWJmi1CRrQeE5RZ\nvBH0zE64J3cOJj4BSlN3wOYWiRq28XLB9epDDyZaRpnsqLCOq/+/LscM7iPW1acdCoCu68nJUwTQ\nh1Jh7vQjCQ==\n-----END CERTIFICATE-----\n with this I can successfully connect to a vm. Now I would like to do the same from spice-web-client but websockify doesn't give me a tls-port. How to could I implement this? Is there a wrapper that exists that I can pass to websockify to do the authentication on the port + 1 (it seems it is always the next port) Thanks in advance for your help
Hi,
On 19. 3. 2021, at 3:56, Pascal D <pascal@butterflyit.com> wrote:
Hi,
I am trying to get the spice-web-client working with ovirt.
what is spice-web-client?
One area where I am having difficulties is authentication.Looking at remote-viewer on linux I am able to see that the minimum fields to have a successful spice connection are the following:
[virt-viewer] type=spice host=70.xxx.176.xxx port=5914 password=WQJQWCo+s8tK tls-port=5915 tls-ciphers=DEFAULT host-subject=O=xxxx.com,CN=d1c1v5.xxx.net ca=-----BEGIN CERTIFICATE-----\nMIIDzDCCArSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM\nD2J1dHRlcmZseWl0LmNvbTEiMCAGA1UEAwwZb3YxLmJ1dHRlcmZseWl0LmNvbS40NTQ2NTAeFw0x\nOTA2MDQwMDMyMDVaFw0yOTA2MDIwMDMyMxxxxxxxxxxxxxxxxxxxxxxxxdXR0\nZXJmbHlpdC5jb20xIjAgBgNVBAMMGW92MS5idXR0ZXJmbHlpdC5jb20uNDU0NjUwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD218EJkIJewgmeDFcUM7vEQ3RQ4nL9ZNEg+zORlruLKON\neZRDfgXei3XTt+VFUNTrxBjepf+yN3WjhVP+lDeDveZU/3OYKj9dSewlz7Mj1XTKE8DXDMIGYc79\nXUrcSoiEjCRG1eB+w+uyP4WK0AlJwGKav3AZuU5awjvYAftkW0RhOgdjp80ofuoC3K9TUPPjemtw\n3EWb4bjRcWiDUj8owfhhAHnb4RfacUSMQmYpVJ5YfRunYrCOixlOeGx7PkvXLqWmu2Rnrnk7TNn6\nv74fHh3ruHmZHLk2i6/yNoOAiJC/M8piCGZ3tiOcnPcYF2ZoX+Ud6BV69Hp6SxnF/eCXAgMBAAGj\ngbkwgbYwHQYDVR0OBBYEFAlrTpLGY5Dq6gtA7d7CXc1QAFmOMHQGA1UdIwRtMGuAFAlrTpLGY5Dq\n6gtA7d7CXc1QAFmOoU+kTTBLMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPYnV0dGVyZmx5aXQuY29t\nMSIwIAYDVQQDDBlvdjEuYnV0dGVyZmx5aXQuY29tLjQ1NDY1ggIQADAPBgNVHRMBAf8EBTADAQH/\nMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCA QEAoC8Nx/s4Uafgc3iyzxbLPb/chQ8U\n7+lULXTq+ZLOuMDdu6UKt7qKZpJZK8ZhjFh/1yVOnpzm7Np+oP7TQlOUkup8X4HsfAwrCgNK1IT1\nETdbdMYD8HYFjxz/0xbnMkJAHfPEh1vtqplw3YhVgiAZfZfT8HzVY/xGkjurvxSyVjBSbn+4uao1\n6W9URt2rWTHn+XxoT+j+cx8vv1WKsynlMBtUjCFy8eR7ZDngRcM/9iRkRCGHJvWJmi1CRrQeE5RZ\nvBH0zE64J3cOJj4BSlN3wOYWiRq28XLB9epDDyZaRpnsqLCOq/+/LscM7iPW1acdCoCu68nJUwTQ\nh1Jh7vQjCQ==\n-----END CERTIFICATE-----\n
with this I can successfully connect to a vm. Now I would like to do the same from spice-web-client but websockify doesn't give me a tls-port.
a tls-port for what? the one in .vv file is the qemu/spice-server tls port
How to could I implement this? Is there a wrapper that exists that I can pass to websockify to do the authentication on the port + 1 (it seems it is always the next port)
the authentication in .vv file is for the SPICE protocol. it’s for the “spice-web-client” to implement that. Thanks, michal
Thanks in advance for your help _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7MIZRV5PHVVVM...
AGPL spice-web-client is a spice html5 library from eyeos with another fork from flexvdi. I have tested them with libvirt (no encryption/authentication) and they really work great. I want to use them with Ovirt since spice-html5 is under-performant. However with ovirt I have to deal with authentication and ssl encryption. Since the OVirt certificate is self signed I cannot really ask users to import it (anyway that didn't work when I tried as it is missing the root certificate from the download link on the OVirt web admin console). So far I am able to get a proxy setup using websockify and provide my own certificate and proxy it back to libvirt. I identified from the console.vv file the minimum fields remote-viewer needs to make a secure connection to OVirt. Now I need my websockyproxy to do the same Any help on getting this working will be appreciated. I haven't found any documentation on how this is working. I am ready to read remote-viewer code to try to figure out though Thanks On Fri, Mar 19, 2021 at 8:22 AM Michal Skrivanek < michal.skrivanek@redhat.com> wrote:
Hi,
On 19. 3. 2021, at 3:56, Pascal D <pascal@butterflyit.com> wrote:
Hi,
I am trying to get the spice-web-client working with ovirt.
what is spice-web-client?
One area where I am having difficulties is authentication.Looking at remote-viewer on linux I am able to see that the minimum fields to have a successful spice connection are the following:
[virt-viewer] type=spice host=70.xxx.176.xxx port=5914 password=WQJQWCo+s8tK tls-port=5915 tls-ciphers=DEFAULT host-subject=O=xxxx.com,CN=d1c1v5.xxx.net ca=-----BEGIN CERTIFICATE-----\nMIIDzDCCArSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM\nD2J1dHRlcmZseWl0LmNvbTEiMCAGA1UEAwwZb3YxLmJ1dHRlcmZseWl0LmNvbS40NTQ2NTAeFw0x\nOTA2MDQwMDMyMDVaFw0yOTA2MDIwMDMyMxxxxxxxxxxxxxxxxxxxxxxxxdXR0\nZXJmbHlpdC5jb20xIjAgBgNVBAMMGW92MS5idXR0ZXJmbHlpdC5jb20uNDU0NjUwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD218EJkIJewgmeDFcUM7vEQ3RQ4nL9ZNEg+zORlruLKON\neZRDfgXei3XTt+VFUNTrxBjepf+yN3WjhVP+lDeDveZU/3OYKj9dSewlz7Mj1XTKE8DXDMIGYc79\nXUrcSoiEjCRG1eB+w+uyP4WK0AlJwGKav3AZuU5awjvYAftkW0RhOgdjp80ofuoC3K9TUPPjemtw\n3EWb4bjRcWiDUj8owfhhAHnb4RfacUSMQmYpVJ5YfRunYrCOixlOeGx7PkvXLqWmu2Rnrnk7TNn6\nv74fHh3ruHmZHLk2i6/yNoOAiJC/M8piCGZ3tiOcnPcYF2ZoX+Ud6BV69Hp6SxnF/eCXAgMBAAGj\ngbkwgbYwHQYDVR0OBBYEFAlrTpLGY5Dq6gtA7d7CXc1QAFmOMHQGA1UdIwRtMGuAFAlrTpLGY5Dq\n6gtA7d7CXc1QAFmOoU+kTTBLMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPYnV0dGVyZmx5aXQuY29t\nMSIwIAYDVQQDDBlvdjEuYnV0dGVyZmx5aXQuY29tLjQ1NDY1ggIQADAPBgNVHRMBAf8EBTADAQH/\nMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCA
QEAoC8Nx/s4Uafgc3iyzxbLPb/chQ8U\n7+lULXTq+ZLOuMDdu6UKt7qKZpJZK8ZhjFh/1yVOnpzm7Np+oP7TQlOUkup8X4HsfAwrCgNK1IT1\nETdbdMYD8HYFjxz/0xbnMkJAHfPEh1vtqplw3YhVgiAZfZfT8HzVY/xGkjurvxSyVjBSbn+4uao1\n6W9URt2rWTHn+XxoT+j+cx8vv1WKsynlMBtUjCFy8eR7ZDngRcM/9iRkRCGHJvWJmi1CRrQeE5RZ\nvBH0zE64J3cOJj4BSlN3wOYWiRq28XLB9epDDyZaRpnsqLCOq/+/LscM7iPW1acdCoCu68nJUwTQ\nh1Jh7vQjCQ==\n-----END CERTIFICATE-----\n
with this I can successfully connect to a vm. Now I would like to do the
same from spice-web-client but websockify doesn't give me a tls-port.
a tls-port for what? the one in .vv file is the qemu/spice-server tls port
How to could I implement this? Is there a wrapper that exists that I can pass to websockify to do the authentication on the port + 1 (it seems it is always the next port)
the authentication in .vv file is for the SPICE protocol. it’s for the “spice-web-client” to implement that.
Thanks, michal
Thanks in advance for your help _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7MIZRV5PHVVVM...
Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YPZ5CFLOXUFBKO...
Thanks for your response. From it I deduct that the authentication must happen from the client not the proxy. however I am not finding any code in spice-html5 which would confirm this. So my thinking is that the authentication must happen on the websockify side. From the websockify docs I can see some parameters that could help but wonder how to use them with ovirt. --cafile=FILE file of concatenated certificates of authorities trusted for validating clients (only effective with --verify-client). If omitted, system default list of CAs is used. --auth-plugin=CLASS use a Python class, usually one from websockify.auth_plugins, such as BasicHTTPAuth, to determine if a connection is allowed --auth-source=ARG an argument to be passed to the auth plugin on instantiation Obviously I am assuming spice-html5 works with ovirt. Maybe it doesn't. I was never able to make it work except with direct libvirt over spice.
Obviously I am assuming spice-html5 works with ovirt. Maybe it doesn't. I was never able to make it work except with direct libvirt over spice.
I could never get the html5 implementation working. If you get this new spice-web-client working, please post your config to the list!
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/W3TBF4XPURKRVI...
I will. I wish there was more documentation on how all of this works. My current test sniffing the network show that actually the traffic is not on the port as defined in the console file but on the tls-port of that file. so I am a little confused how all of this works. And since everything is SSLed it is quite difficult to know what is happening On Fri, Mar 19, 2021 at 11:28 AM Vincent Royer <vincent@epicenergy.ca> wrote:
Obviously I am assuming spice-html5 works with ovirt. Maybe it doesn't. I
was never able to make it work except with direct libvirt over spice.
I could never get the html5 implementation working. If you get this new spice-web-client working, please post your config to the list!
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/W3TBF4XPURKRVI...
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJIOIEM5XXYZRA...
On 19. 3. 2021, at 20:26, Pascal DeMilly <pascal@mantra-soft.com> wrote:
I will. I wish there was more documentation on how all of this works. My current test sniffing the network show that actually the traffic is not on the port as defined in the console file but on the tls-port of that file. so I am a little confused how all of this works. And since everything is SSLed it is quite difficult to know what is happening
Hi, I don’t entirely follow your steps, but let me try to describe the ovirt specific implementation. spice-html5 used to work, but we removed it couple releases back since it’s not performing well and it’s not maintained much. It worked the same way as novnc. We need to secure the communication between the client and the proxy(which is done by wss) and also make sure that only authorized targets are being proxied, and not any random request. In oVirt we add one more layer to the stock novnc-websockify communication. It could be that websockify added these options later on but when we integrated these consoles it had nothing. We modified the client to sign the request for proxy that is verified by the (also modified) proxy. There are small changes but they would need to be done for any other client you’re trying to use (and for the proxy if you’d want to use a non-ovirt websockify) HTH. michal
On Fri, Mar 19, 2021 at 11:28 AM Vincent Royer <vincent@epicenergy.ca <mailto:vincent@epicenergy.ca>> wrote: Obviously I am assuming spice-html5 works with ovirt. Maybe it doesn't. I was never able to make it work except with direct libvirt over spice.
I could never get the html5 implementation working. If you get this new spice-web-client working, please post your config to the list!
_______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/W3TBF4XPURKRVI... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/W3TBF4XPURKRVI2J3AWUDCTRCTYYHXGZ/> _______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-leave@ovirt.org <mailto:users-leave@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJIOIEM5XXYZRA... <https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJIOIEM5XXYZRAXQQJCS6MWPP3POBPMY/> _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6XTZH5LS63MEL6...
Michal, Thank you for your response. I know I am all over the place as I am trying to figure what works and what doesn't. What I know so far is this. spice-web-client from eyeos https://github.com/eyeos/spice-web-client and the forked version from flex-vdi https://github.com/flexVDI/spice-web-client work great with an unmodified websockify proxy and a spice enabled libvirt VM. I have tested it, and the only few things missing are USB support, multi-monitors and file xfer. But the performance are great and can play sound and videos. All in all those guys did an amazing work. So I am trying to take it further and have it working with ovirt. My first step was to try to understand how remote-viewer was connecting to ovirt. I was able to find out that out of the console.vv file only host, port, password, tls-port and host-subject and ca. I then tried to understand where in remote-viewer the authentication happened and in what form. So far I have track it down to spice-gtk. I am still looking there. I also tried to understand how ovirt websockify version was working but not knowing for sure that it is indeed working make it challenging. Again I don't quite understand the steps it does to start the proxying. It seems to me that it trap the authentication and do its own but since I don't have a client working I can't really tell. the websockify guys say the authentication should happen on the client but when I look at the websocket-proxy code from ovirt it seems it is happening on the proxy. So what am I looking for is an example of a client (in whatever language) that authenticate against ovirt so that I can test it and adapt it to spice-web-client. Any help would be appreciated. Here are some questions I have: why is there a port and a tls-port? what the purpose of port? When I filter it out of console.vv, remote-viewer is still able to work with ovirt. What's the purpose of host-subject? How is it used? How is it sent to ovirt. Same for password? What the protocol there?
Michal, Could you explain in details this part of your email?
We modified the client to sign the request for proxy that is verified by the (also modified) proxy. There are small changes but they would need to be done for any other client you’re trying to use (and for the proxy if you’d want to use a non-ovirt websockify)
Where can i find this information? Right now, using the stock websockify and using my version of flexVDI (which works BTW perfectly with libvirt qxl protected by password) and a valid SSL certificates between browser and proxy, I am getting this error when trying to connect to ovirt: ``` + exec python3 -m websockify 5959 --verbose --record /tmp/websockify.log --cert=/etc/letsencrypt/live/ws1.xxxx.net/cert.pem --key=/etc/letsencrypt/live/ws1.xxx.net/privkey.pem --ssl-target --ssl-only --verify-client --cafile=/tmp/cafile-143249.crt '--ssl-ciphers=HIGH:!aNULL' xx.xxx.xxx.xxx:5915 WebSocket server settings: - Listen on :5959 - SSL/TLS support - Deny non-SSL/TLS connections - Recording to '/tmp/websockify.log.*' - proxying from :5959 to xx.xxx.xxx.xxx:5915 (using SSL) 70.182.176.222: new handler Process handler exception: [Errno 0] Error exception Traceback (most recent call last): File "/var/www/websockify/websockify/websockifyserver.py", line 662, in top_new_client client = self.do_handshake(startsock, address) File "/var/www/websockify/websockify/websockifyserver.py", line 565, in do_handshake retsock = context.wrap_socket( File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "/usr/lib/python3.8/ssl.py", line 1040, in _create self.do_handshake() File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() OSError: [Errno 0] Error ``` so it seems my main problem is SSL between the webproxy and ovirt. I am just not sure how to debug this. Is the connection between the proxy and the host encrypted? If yes, what role does the cafile received in the console.vv plays and what about the host-subject. this is the part I am missing
I think part of my misunderstanding is that ovirt-websocket-proxy does a few things behind the scene as it is not the source of the initial connection to ovirt. I am going another route. My proxy are servers which get the console.vv file from ovirt when they are alerted someone wants to make a webview to a particular Vm. at that point it requests the console.vv file from ovirt using rest api and then create the websockify process with a random port which they send back to the requesting app via another secure channel. The receiving app then launches a browser tab connecting the web-spice-client to the address of the webproxy and the port. the http connection is encrypted using a letsencrypt certificate and that is working fine. The part I am having difficulties is the connection part between the web proxy and the ovirt host. Ovirt expect it to be encapsulated in TLS/1.2 if I am not mistaken, but can't figure out how to make websockify to use the cafile, ssl-cyphers and the host-subject to do so. I am missing a part which I think should be simple for someone understanding ssl better than I do Thanks
finally got it. I needed to force --ssl-version=tls1.2 I will write a summary of my findings fot anyone interested.
This is currently what I got: CONSOLE is the path to the console.vv file just downloaded. I have tested that logic with remote-viewer. So I know this is working at least. Now my goal is to get spice-web-client to work as well. However I am not understanding yet everything about the expectation of ovirt in regards to certificates, and authentication. Any insight is welcome awk 'NR == 19 ' $CONSOLE | sed 's/ca=//;s/\\n/\n/g' >$CAFILE port=$(grep '^tls-port=' $CONSOLE | cut -f2 -d=) host=$(head -10 $CONSOLE | grep '^host=' | cut -f2 -d=) user=$(grep '^host-subject=' $CONSOLE | cut -f2- -d=) password=$(grep '^password=' $CONSOLE | cut -f2- -d=) /var/www/websockify/run 5959 --cert=/etc/letsencrypt/live/xxx.xxxx.net/cert.pem --key=/etc/letsencrypt/live/xxx.xxxx.net/privkey.pem --ssl-only --verify-client --record /tmp/websockify.log --cafile=${CAFILE} --auth-plugin=ClientCertCNAuth --auth-source="${user} ${password}" ${host}:${port}
Has someone able to get spice-html5 or any other web client working with ovirt? I am using 4.3 and trying to get it working but so far no luck?
participants (4)
-
Michal Skrivanek -
Pascal D -
Pascal DeMilly -
Vincent Royer