[Users] Cannot connect to VM via browser if engine was not in /etc/hosts - Users - Ovirt List Archives

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[Users] Cannot connect to VM via browser if engine was not in /etc/hosts

[Users] oVirt 3.3 SPICE console...

[Users] vdsm v4.12.0 dependencies...

lof yer

Thursday, 6 June 2013 Thu, 6 Jun '13

11:51 a.m.

I connect https://192.168.1.111 and connect to the VM, then the remote-viewer shows up, but failed to show the VM desktop. Is it the https problem? Can I connect to the VM without modify /etc/hosts?

Attachments:

attachment.html (text/html — 289 bytes)

Reply

Show replies by date

Itamar Heim

Sunday, 23 June Sun, 23 Jun

8:47 p.m.

On 06/06/2013 11:51 AM, lof yer wrote:

I connect https://192.168.1.111 and connect to the VM, then the remote-viewer shows up, but failed to show the VM desktop. Is it the https problem? Can I connect to the VM without modify /etc/hosts? _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users

was this resolved? sounds like a certificate/dns issue?

Reply

lofyer

Monday, 24 June Mon, 24 Jun

3:10 a.m.

于 2013/6/24 1:47, Itamar Heim 写道:

On 06/06/2013 11:51 AM, lof yer wrote: > I connect https://192.168.1.111 and connect to the VM, then the > remote-viewer shows up, but failed to show the VM desktop. > Is it the https problem? > Can I connect to the VM without modify /etc/hosts? > > > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > was this resolved? sounds like a certificate/dns issue?

Yes, it's certificate/dns problem. But how can I connect via IP instead of FQDN without https?

Reply

Itamar Heim

8:55 a.m.

On 06/24/2013 03:10 AM, lofyer wrote:

于 2013/6/24 1:47, Itamar Heim 写道: > On 06/06/2013 11:51 AM, lof yer wrote: >> I connect https://192.168.1.111 and connect to the VM, then the >> remote-viewer shows up, but failed to show the VM desktop. >> Is it the https problem? >> Can I connect to the VM without modify /etc/hosts? >> >> >> _______________________________________________ >> Users mailing list >> Users(a)ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> > > > was this resolved? sounds like a certificate/dns issue? Yes, it's certificate/dns problem. But how can I connect via IP instead of FQDN without https?

i guess it depends if you can tell spice client to not validate the ssl certificate.

Reply

lof yer

10:37 a.m.

Is 'engine-config -s SSLEnabled=false' or special spice parameter? 2013/6/24 Itamar Heim <iheim(a)redhat.com>

On 06/24/2013 03:10 AM, lofyer wrote: > 于 2013/6/24 1:47, Itamar Heim 写道: > >> On 06/06/2013 11:51 AM, lof yer wrote: >> >>> I connect https://192.168.1.111 and connect to the VM, then the >>> remote-viewer shows up, but failed to show the VM desktop. >>> Is it the https problem? >>> Can I connect to the VM without modify /etc/hosts? >>> >>> >>> ______________________________**_________________ >>> Users mailing list >>> Users(a)ovirt.org >>> http://lists.ovirt.org/**mailman/listinfo/users<http://lists.ovirt.org... >>> >>> >> >> was this resolved? sounds like a certificate/dns issue? >> > Yes, it's certificate/dns problem. > But how can I connect via IP instead of FQDN without https? > i guess it depends if you can tell spice client to not validate the ssl certificate.

Reply

Itamar Heim

10:42 a.m.

On 06/24/2013 10:37 AM, lof yer wrote:

Is 'engine-config -s SSLEnabled=false' or special spice parameter?

It should do the trick.

2013/6/24 Itamar Heim <iheim(a)redhat.com <mailto:iheim@redhat.com>> On 06/24/2013 03:10 AM, lofyer wrote: 于 2013/6/24 1:47, Itamar Heim 写道: On 06/06/2013 11:51 AM, lof yer wrote: I connect https://192.168.1.111 and connect to the VM, then the remote-viewer shows up, but failed to show the VM desktop. Is it the https problem? Can I connect to the VM without modify /etc/hosts? _________________________________________________ Users mailing list Users(a)ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/__mailman/listinfo/users <http://lists.ovirt.org/mailman/listinfo/users> was this resolved? sounds like a certificate/dns issue? Yes, it's certificate/dns problem. But how can I connect via IP instead of FQDN without https? i guess it depends if you can tell spice client to not validate the ssl certificate.

Reply

David Jaša

2:08 p.m.

--=-2EWunWH4HN1JjTi0g/4E Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, So you're connecting via User Portal but then it doesn't work? If it doesn't, either you hit a bug or you've tweaked some value that affects things... In general, TLS shouldn't pose a problem because: 1) ovirt sets up its own CA that issues certificates for the hosts 2) the CA certificate and respective host certificate subject are passed to= the client 3) the client can verify the host using these information even in cases whe= n connection IP/FQDN doesn't match CN in subject of server certificate The only condition that indeed breaks it should be display network address override _when migrating the VM_ (because then the connection data are passed via the host and libvirt doesn't allow to pass the arbitrary IP/FQDN yet) David PS: Itamar, advice to disable SSL/TLS is IMO bad, bad thing. ;) Itamar Heim p=C3=AD=C5=A1e v Po 24. 06. 2013 v 08:55 +0300:

On 06/24/2013 03:10 AM, lofyer wrote: > =E4=BA=8E 2013/6/24 1:47, Itamar Heim =E5=86=99=E9=81=93: >> On 06/06/2013 11:51 AM, lof yer wrote: >>> I connect https://192.168.1.111 and connect to the VM, then the >>> remote-viewer shows up, but failed to show the VM desktop. >>> Is it the https problem? >>> Can I connect to the VM without modify /etc/hosts? >>> >>> >>> _______________________________________________ >>> Users mailing list >>> Users(a)ovirt.org >>> http://lists.ovirt.org/mailman/listinfo/users >>> >> >> >> was this resolved? sounds like a certificate/dns issue? > Yes, it's certificate/dns problem. > But how can I connect via IP instead of FQDN without https? =20 i guess it depends if you can tell spice client to not validate the ssl=

=20

certificate. _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users

--=20 David Ja=C5=A1a, RHCE SPICE QE based in Brno GPG Key: 22C33E24=20 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24 --=-2EWunWH4HN1JjTi0g/4E Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIISsjCCBjQw ggQcoAMCAQICAR4wDQYJKoZIhvcNAQEFBQAwfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAn BgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA3MTAyNDIxMDE1NVoX DTE3MTAyNDIxMDE1NVowgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSsw KQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFy dENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMcJg8zOLdgasSmkLhOrlr6KMoOMpohBllVHrdRvEg/q6r8jR+EK 75xCGhR8ToREoqe7zM9/UnC6TS2y9UKTpT1v7RSMzR0t6ndl0TWBuUr/UXBhPk+Kmy7bI4yW4urC +y7P3/1/X7U8ocb8VpH/Clt+4iq7nirMcNh6qJR+xjOhV+VHzQMALuGYn5KZmc1NbJQYclsGkDxD z2UbFqE2+6vIZoL+jb9x4Pa5gNf1TwSDkOkikZB1xtB4ZqtXThaABSONdfmv/Z1pua3FYxnCFmdr /+N2JLKutIxMYqQOJebr/f/h5t95m4JgrM3Y/w7YX9d7YAL9jvN4SydHsU6n65cCAwEAAaOCAa0w ggGpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRTcu2SnODaywFc fH6WNU7y1LhRgjAfBgNVHSMEGDAWgBROC+8apEBbpRdphzDKNGhD0EGu8jBmBggrBgEFBQcBAQRa MFgwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9jYTAtBggrBgEFBQcwAoYh aHR0cDovL3d3dy5zdGFydHNzbC5jb20vc2ZzY2EuY3J0MFsGA1UdHwRUMFIwJ6AloCOGIWh0dHA6 Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDAnoCWgI4YhaHR0cDovL2NybC5zdGFydHNzbC5j b20vc2ZzY2EuY3JsMIGABgNVHSAEeTB3MHUGCysGAQQBgbU3AQIBMGYwLgYIKwYBBQUHAgEWImh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwDQYJKoZIhvcNAQEFBQADggIBAAqDCH14qywG XLhjjF6uHLkjd02hcdh9hrw+VUsv+q1eeQWB21jWj3kJ96AUlPCoEGZ/ynJNScWy6QMVQjbbMXlt UfO4n4bGGdKo3awPWp61tjAFgraLJgDk+DsSvUD6EowjMTNx25GQgyYJ5RPIzKKR9tQW8gGK+2+R HxkUCTbYFnL6kl8Ch507rUdPPipJ9CgJFws3kDS3gOS5WFMxcjO5DwKfKSETEPrHh7p5shuuNktv sv6hxHTLhiMKX893gxdT3XLS9OKmCv87vkINQcNEcIIoFWbP9HORz9v3vQwR4e3ksLc2JZOAFK+s sS5XMEoznzpihEP0PLc4dCBYjbvSD7kxgDwZ+Aj8Q9PkbvE9sIPP7ON0fz095HdThKjiVJe6vofq +n6b1NBc8XdrQvBmunwxD5nvtTW4vtN6VY7mUCmxsCieuoBJ9OlqmsVWQvifIYf40dJPZkk9YgGT zWLpXDSfLSplbY2LL9C9U0ptvjcDjefLTvqSFc7tw1sEhF0n/qpA2r0GpvkLRDmcSwVyPvmjFBGq Up/pNy8ZuPGQmHwFi2/14+xeSUDG2bwnsYJQG2EdJCB6luQ57GEnTA/yKZSTKI8dDQa8Sd3zfXb1 9mOgSF0bBdXbuKhEpuP9wirslFe6fQ1t5j5R0xi72MZ8ikMu1RQZKCyDbMwazlHiMIIGOTCCBSGg AwIBAgIDBl1jMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRD b20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG A1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0EwHhcN MTMwNDEwMTE0ODI4WhcNMTQwNDEwMTM1MDM0WjBXMRkwFwYDVQQNExAxUktWVnliSEdDZnRMWjY3 MRkwFwYDVQQDDBBkamFzYUByZWRoYXQuY29tMR8wHQYJKoZIhvcNAQkBFhBkamFzYUByZWRoYXQu Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8unM64NLnlRZujXHb0ilCaqc7KB r1MwlyCtOWAyH4M/24zvfyRQyTz4ZkHd1sMeewJ5ap1/128hLSqMY/6So5yhL6UlK3nM1r9H9PTz CiPEMZmDazIzMb/Mt/4N3kkJBLpWPFRB5aB+COcex7a4dlmnUJASVWkVwvHRmfa06anME7DTccV5 cV95FKqoRUXawopdu5W2NhailCtbQJAbMIGf9FpH+J98swAsVHdvjZkSDnZcoQIPHzoPrEBawb7C vsmCe8p7pv5Dxtx3T47FdAXJiO9u+QJkaBFjfiA9ywN8fFo3Q/Jr4vl6WqEr1SyQjgL9/dWeQSYI 8LzByChnXQIDAQABo4IC1jCCAtIwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYI KwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBQ5AqZ3fyU5HOme+iF4KA3f8RxHPjAfBgNVHSME GDAWgBRTcu2SnODaywFcfH6WNU7y1LhRgjAbBgNVHREEFDASgRBkamFzYUByZWRoYXQuY29tMIIB TAYDVR0gBIIBQzCCAT8wggE7BgsrBgEEAYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93 d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdhcyBpc3N1ZWQg YWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAxIFZhbGlkYXRpb24gcmVxdWlyZW1lbnRzIG9mIHRoZSBT dGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9ubHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3Nl IGluIGNvbXBsaWFuY2Ugb2YgdGhlIHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDYGA1UdHwQv MC0wK6ApoCeGJWh0dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUxLWNybC5jcmwwgY4GCCsGAQUF BwEBBIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIvY2xhc3Mx L2NsaWVudC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNzbC5jb20vY2VydHMvc3Vi LmNsYXNzMS5jbGllbnQuY2EuY3J0MCMGA1UdEgQcMBqGGGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t LzANBgkqhkiG9w0BAQUFAAOCAQEArlvH1bAdnpLvyeMQzPtJYs65ur7cpYnrxrIZ3P/r0F7juzIU fb1S+M9sYBhalmBoZQMySlVveDYHUHPDsNJQtqUzYAJMbVTdRtviCSq3wmYtG/VJOOif11gM25u4 HcgXVuhF3di5G0CHwAIx0mjUi7fPJ3WMeFKWp550ZqpbFK/i9A5fJGfHk3MfXOhAu7vkEEjJY+gA BpFqvk134+30mP4KoXfNGZpekWvj6lS/tfaxuuSTusPcY0yIGGtJqqFtL1tRlTIoaDGiok5O0k6W pMFPtm+dGnOyKT4HQMFCaAgBOVCQFDYthuGlnUlJOP/BheuvaMfwgIqM4ir+DIqOyjCCBjkwggUh oAMCAQICAwZdYzANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0 Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2 BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBMB4X DTEzMDQxMDExNDgyOFoXDTE0MDQxMDEzNTAzNFowVzEZMBcGA1UEDRMQMVJLVlZ5YkhHQ2Z0TFo2 NzEZMBcGA1UEAwwQZGphc2FAcmVkaGF0LmNvbTEfMB0GCSqGSIb3DQEJARYQZGphc2FAcmVkaGF0 LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfLpzOuDS55UWbo1x29IpQmqnOy ga9TMJcgrTlgMh+DP9uM738kUMk8+GZB3dbDHnsCeWqdf9dvIS0qjGP+kqOcoS+lJSt5zNa/R/T0 8wojxDGZg2syMzG/zLf+Dd5JCQS6VjxUQeWgfgjnHse2uHZZp1CQElVpFcLx0Zn2tOmpzBOw03HF eXFfeRSqqEVF2sKKXbuVtjYWopQrW0CQGzCBn/RaR/iffLMALFR3b42ZEg52XKECDx86D6xAWsG+ wr7JgnvKe6b+Q8bcd0+OxXQFyYjvbvkCZGgRY34gPcsDfHxaN0Pya+L5elqhK9UskI4C/f3VnkEm CPC8wcgoZ10CAwEAAaOCAtYwggLSMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdJQQWMBQG CCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUOQKmd38lORzpnvoheCgN3/EcRz4wHwYDVR0j BBgwFoAUU3Ltkpzg2ssBXHx+ljVO8tS4UYIwGwYDVR0RBBQwEoEQZGphc2FAcmVkaGF0LmNvbTCC AUwGA1UdIASCAUMwggE/MIIBOwYLKwYBBAGBtTcBAgMwggEqMC4GCCsGAQUFBwIBFiJodHRwOi8v d3d3LnN0YXJ0c3NsLmNvbS9wb2xpY3kucGRmMIH3BggrBgEFBQcCAjCB6jAnFiBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTADAgEBGoG+VGhpcyBjZXJ0aWZpY2F0ZSB3YXMgaXNzdWVk IGFjY29yZGluZyB0byB0aGUgQ2xhc3MgMSBWYWxpZGF0aW9uIHJlcXVpcmVtZW50cyBvZiB0aGUg U3RhcnRDb20gQ0EgcG9saWN5LCByZWxpYW5jZSBvbmx5IGZvciB0aGUgaW50ZW5kZWQgcHVycG9z ZSBpbiBjb21wbGlhbmNlIG9mIHRoZSByZWx5aW5nIHBhcnR5IG9ibGlnYXRpb25zLjA2BgNVHR8E LzAtMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0c3NsLmNvbS9jcnR1MS1jcmwuY3JsMIGOBggrBgEF BQcBAQSBgTB/MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcC5zdGFydHNzbC5jb20vc3ViL2NsYXNz MS9jbGllbnQvY2EwQgYIKwYBBQUHMAKGNmh0dHA6Ly9haWEuc3RhcnRzc2wuY29tL2NlcnRzL3N1 Yi5jbGFzczEuY2xpZW50LmNhLmNydDAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNv bS8wDQYJKoZIhvcNAQEFBQADggEBAK5bx9WwHZ6S78njEMz7SWLOubq+3KWJ68ayGdz/69Be47sy FH29UvjPbGAYWpZgaGUDMkpVb3g2B1Bzw7DSULalM2ACTG1U3Ubb4gkqt8JmLRv1STjon9dYDNub uB3IF1boRd3YuRtAh8ACMdJo1Iu3zyd1jHhSlqeedGaqWxSv4vQOXyRnx5NzH1zoQLu75BBIyWPo AAaRar5Nd+Pt9Jj+CqF3zRmaXpFr4+pUv7X2sbrkk7rD3GNMiBhrSaqhbS9bUZUyKGgxoqJOTtJO lqTBT7ZvnRpzsik+B0DBQmgIATlQkBQ2LYbhpZ1JSTj/wYXrr2jH8ICKjOIq/gyKjsoxggNvMIID awIBATCBlDCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsT IlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENs YXNzIDEgUHJpbWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMGXWMwCQYFKw4DAhoFAKCCAa8w GAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTMwNjI0MTEwODQ5WjAj BgkqhkiG9w0BCQQxFgQUw+eELrEpNQ+d6uX2TB/XyfuP4u0wgaUGCSsGAQQBgjcQBDGBlzCBlDCB jDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNlY3VyZSBE aWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMTL1N0YXJ0Q29tIENsYXNzIDEgUHJp bWFyeSBJbnRlcm1lZGlhdGUgQ2xpZW50IENBAgMGXWMwgacGCyqGSIb3DQEJEAILMYGXoIGUMIGM MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERp Z2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMvU3RhcnRDb20gQ2xhc3MgMSBQcmlt YXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0ECAwZdYzANBgkqhkiG9w0BAQEFAASCAQCcohMFLvhq spHG/fEKL+gI79W77e3Y6OuOnGLSYseXY/U/zzJ0ejZWOaiF7JBTa/AsHbaucDYerp9LAxbk6zLN XXLtM01Wjyd9IWriMzB06ag0zp1R/QrPzQXttOGrgeu0BHHBqGSVARm1AkOYXdcezXK+PNI4Mb+0 eD3VIxWqdTJixegRFAmYOkCUPlOWwt7TyO9AkNgm1mAvHQGR65/d4FG7PBDmvzddkQikRt6VYX1t 8t0Hxkw+p+0ypp1SsZbB1jpP2IM5DpQ+7wiY5PxUzIp6hH8EAFtiN3Pl7zQqUyktaUERn4X3Rn+i Wu9PkdKLI50SqBuMJnHHSXaBK8C9AAAAAAAA --=-2EWunWH4HN1JjTi0g/4E--

Reply

Michal Skrivanek

Thursday, 1 August Thu, 1 Aug

6:49 p.m.

On 24 Jun 2013, at 13:09, David Jaša <djasa(a)redhat.com> wrote:

Hi, So you're connecting via User Portal but then it doesn't work? If it doesn't, either you hit a bug or you've tweaked some value that affects things... In general, TLS shouldn't pose a problem because: 1) ovirt sets up its own CA that issues certificates for the hosts 2) the CA certificate and respective host certificate subject are passed to the client 3) the client can verify the host using these information even in cases when connection IP/FQDN doesn't match CN in subject of server certificate The only condition that indeed breaks it should be display network address override _when migrating the VM_ (because then the connection data are passed via the host and libvirt doesn't allow to pass the arbitrary IP/FQDN yet) David PS: Itamar, advice to disable SSL/TLS is IMO bad, bad thing. ;)

No no, you just do that right after setenforce 0 and iptables -F and then it's all fine:-D

Itamar Heim píše v Po 24. 06. 2013 v 08:55 +0300: > On 06/24/2013 03:10 AM, lofyer wrote: >> 于 2013/6/24 1:47, Itamar Heim 写道: >>> On 06/06/2013 11:51 AM, lof yer wrote: >>>> I connect https://192.168.1.111 and connect to the VM, then the >>>> remote-viewer shows up, but failed to show the VM desktop. >>>> Is it the https problem? >>>> Can I connect to the VM without modify /etc/hosts? >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> Users(a)ovirt.org >>>> http://lists.ovirt.org/mailman/listinfo/users >>> >>> >>> was this resolved? sounds like a certificate/dns issue? >> Yes, it's certificate/dns problem. >> But how can I connect via IP instead of FQDN without https? > > i guess it depends if you can tell spice client to not validate the ssl > certificate. > _______________________________________________ > Users mailing list > Users(a)ovirt.org > http://lists.ovirt.org/mailman/listinfo/users -- David Jaša, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24 _______________________________________________ Users mailing list Users(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/users

Reply

4143

days inactive

4199

days old

users@ovirt.org

Manage subscription

7 comments

5 participants

tags (0)

participants (5)

David Jaša
Itamar Heim
lof yer
lofyer
Michal Skrivanek