[Users] Unable to login into console Spice VNC anyone?
About 6 months ago I asked on this list if it was possible to install ovirt on a single host. Thread got long and winded and lost interest. Started looking at the project again about two days ago. What I really didn't understand was using a base Fedora install. Installing vdsm and then installing ovirt engine. So everything is up. Created data center, storage, cluster, host and virtual machine. But I can't get there from here. I can't get console running to configure the booted install. I've tried VNC, Spice, Firefox with spice-xpi plugin. Tried tweaking, turning, touching, swearing @ /etc/libvirt/qemu.conf settings. tls settings. Not even sure if this is the right place to be checking. This is a show stopper. LSB Version: :core-4.0-amd64:core-4.0-noarch Distributor ID: Fedora Description: Fedora release 16 (Verne) Release: 16 Codename: Verne [root@ovirt # rpm -qa|grep ovirt-engine ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64 Any input would be appreciated
Hi Brent, first guess: have a look if your iptables setup allow connection to the qemu processes. RHEV 3.0 documentation (publicly accesible) says that a host needs these ports open: port 22 for SSH, ports 5634 to 6166 for guest console connections, port 16514 for libvirt virtual machine migration traffic, ports 49152 to 49216 for VDSM virtual machine migration traffic, and port 54321 for the Red Hat Enterprise Virtualization Manager. If you have ovirt-engine running onu the same machine as vdsm, most of the ports don't need to be accessible from outside but "guest console" ports do. If it isn't iptables, please share at least: * what your actual topology is (engine on the physical host?) * if you use some custom tls settings such as tls switched off * what spice client & xpi versions are you using * how exactly the client failed (showed error window? with what error? just didn't launch?) In your email, you didn't write any debugging hints apart from the setup being single-host one... David Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
About 6 months ago I asked on this list if it was possible to install ovirt on a single host. Thread got long and winded and lost interest.
Started looking at the project again about two days ago. What I really didn't understand was using a base Fedora install. Installing vdsm and then installing ovirt engine.
So everything is up. Created data center, storage, cluster, host and virtual machine.
But I can't get there from here. I can't get console running to configure the booted install.
I've tried VNC, Spice, Firefox with spice-xpi plugin.
Tried tweaking, turning, touching, swearing @ /etc/libvirt/qemu.conf settings. tls settings. Not even sure if this is the right place to be checking.
This is a show stopper.
LSB Version: :core-4.0-amd64:core-4.0-noarch Distributor ID: Fedora Description: Fedora release 16 (Verne) Release: 16 Codename: Verne
[root@ovirt # rpm -qa|grep ovirt-engine ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
Any input would be appreciated _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- David Jaša, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
Thanks David for your reply - I have completely flushed all iptables rules 'iptables --flush" - iptables -L -v -n Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) pkts bytes target prot opt in out source destination The base host is Fedora 16 running with desktop First installed vdsm and then ovirt-engine Single network bridge installed, but there is another 1GB nic that isn't being used - eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:99656 errors:0 dropped:0 overruns:0 frame:0 TX packets:51508 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:63007897 (60.0 MiB) TX bytes:18148736 (17.3 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1814674 errors:0 dropped:0 overruns:0 frame:0 TX packets:1814674 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:646274067 (616.3 MiB) TX bytes:646274067 (616.3 MiB) ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet addr:192.168.0.118 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:70706 errors:0 dropped:0 overruns:0 frame:0 TX packets:48717 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:52195637 (49.7 MiB) TX bytes:14942359 (14.2 MiB) vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:1 carrier:0 collisions:0 txqueuelen:500 RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB) After ovirt engine is installed logged into the interface and configured the host using 127.0.0.1 . Host reboots. Host shows up in the admin interface only complaining about power management that isn't configured. Here<https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>is a screen shot of the web interface The only configuration settings I've changed are in the qemu.conf to either tls=0 or tls=1 spice-gtk-0.11-4.fc16.x86_64 spice-client-0.10.1-1.fc16.x86_64 spice-glib-0.11-4.fc16.x86_64 spice-gtk3-0.11-4.fc16.x86_64 spice-xpi-2.7-3.fc16.x86_64 spice-gtk-tools-0.11-4.fc16.x86_64 spice-server-0.10.1-1.fc16.x86_64 The link in the admin interface shows available(using FF). When I click it opens a spicec:0 dialog and just closes If I try to open from a shell I get things like this - Brief window open and then error - spicec -h 127.0.0.1 -p 5900 Warning: connect error 5 - need secured connection On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com> wrote:
Hi Brent,
first guess: have a look if your iptables setup allow connection to the qemu processes. RHEV 3.0 documentation (publicly accesible) says that a host needs these ports open: port 22 for SSH, ports 5634 to 6166 for guest console connections, port 16514 for libvirt virtual machine migration traffic, ports 49152 to 49216 for VDSM virtual machine migration traffic, and port 54321 for the Red Hat Enterprise Virtualization Manager.
If you have ovirt-engine running onu the same machine as vdsm, most of the ports don't need to be accessible from outside but "guest console" ports do.
If it isn't iptables, please share at least: * what your actual topology is (engine on the physical host?) * if you use some custom tls settings such as tls switched off * what spice client & xpi versions are you using * how exactly the client failed (showed error window? with what error? just didn't launch?)
In your email, you didn't write any debugging hints apart from the setup being single-host one...
David
Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
About 6 months ago I asked on this list if it was possible to install ovirt on a single host. Thread got long and winded and lost interest.
Started looking at the project again about two days ago. What I really didn't understand was using a base Fedora install. Installing vdsm and then installing ovirt engine.
So everything is up. Created data center, storage, cluster, host and virtual machine.
But I can't get there from here. I can't get console running to configure the booted install.
I've tried VNC, Spice, Firefox with spice-xpi plugin.
Tried tweaking, turning, touching, swearing @ /etc/libvirt/qemu.conf settings. tls settings. Not even sure if this is the right place to be checking.
This is a show stopper.
LSB Version: :core-4.0-amd64:core-4.0-noarch Distributor ID: Fedora Description: Fedora release 16 (Verne) Release: 16 Codename: Verne
[root@ovirt # rpm -qa|grep ovirt-engine ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
Any input would be appreciated _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--
David Jaša, RHCE
SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
would it be relevant for you to try the 3.1 beta? it has this which should cover your 'all in one' needs: http://www.ovirt.org/wiki/Feature/AllInOne On 07/25/2012 06:52 PM, Brent Bolin wrote:
Thanks David for your reply -
I have completely flushed all iptables rules 'iptables --flush" -
iptables -L -v -n Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) pkts bytes target prot opt in out source destination
The base host is Fedora 16 running with desktop
First installed vdsm and then ovirt-engine
Single network bridge installed, but there is another 1GB nic that isn't being used -
eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:99656 errors:0 dropped:0 overruns:0 frame:0 TX packets:51508 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:63007897 (60.0 MiB) TX bytes:18148736 (17.3 MiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1814674 errors:0 dropped:0 overruns:0 frame:0 TX packets:1814674 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:646274067 (616.3 MiB) TX bytes:646274067 (616.3 MiB)
ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet addr:192.168.0.118 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:70706 errors:0 dropped:0 overruns:0 frame:0 TX packets:48717 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:52195637 (49.7 MiB) TX bytes:14942359 (14.2 MiB)
vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:1 carrier:0 collisions:0 txqueuelen:500 RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
After ovirt engine is installed logged into the interface and configured the host using 127.0.0.1 . Host reboots. Host shows up in the admin interface only complaining about power management that isn't configured.
Here <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink> is a screen shot of the web interface
The only configuration settings I've changed are in the qemu.conf to either tls=0 or tls=1
spice-gtk-0.11-4.fc16.x86_64 spice-client-0.10.1-1.fc16.x86_64 spice-glib-0.11-4.fc16.x86_64 spice-gtk3-0.11-4.fc16.x86_64 spice-xpi-2.7-3.fc16.x86_64 spice-gtk-tools-0.11-4.fc16.x86_64 spice-server-0.10.1-1.fc16.x86_64
The link in the admin interface shows available(using FF). When I click it opens a spicec:0 dialog and just closes
If I try to open from a shell I get things like this -
Brief window open and then error -
spicec -h 127.0.0.1 -p 5900 Warning: connect error 5 - need secured connection
On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com <mailto:djasa@redhat.com>> wrote:
Hi Brent,
first guess: have a look if your iptables setup allow connection to the qemu processes. RHEV 3.0 documentation (publicly accesible) says that a host needs these ports open: port 22 for SSH, ports 5634 to 6166 for guest console connections, port 16514 for libvirt virtual machine migration traffic, ports 49152 to 49216 for VDSM virtual machine migration traffic, and port 54321 for the Red Hat Enterprise Virtualization Manager.
If you have ovirt-engine running onu the same machine as vdsm, most of the ports don't need to be accessible from outside but "guest console" ports do.
If it isn't iptables, please share at least: * what your actual topology is (engine on the physical host?) * if you use some custom tls settings such as tls switched off * what spice client & xpi versions are you using * how exactly the client failed (showed error window? with what error? just didn't launch?)
In your email, you didn't write any debugging hints apart from the setup being single-host one...
David
Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
About 6 months ago I asked on this list if it was possible to install ovirt on a single host. Thread got long and winded and lost interest.
Started looking at the project again about two days ago. What I really didn't understand was using a base Fedora install. Installing vdsm and then installing ovirt engine.
So everything is up. Created data center, storage, cluster, host and virtual machine.
But I can't get there from here. I can't get console running to configure the booted install.
I've tried VNC, Spice, Firefox with spice-xpi plugin.
Tried tweaking, turning, touching, swearing @ /etc/libvirt/qemu.conf settings. tls settings. Not even sure if this is the right place to be checking.
This is a show stopper.
LSB Version: :core-4.0-amd64:core-4.0-noarch Distributor ID: Fedora Description: Fedora release 16 (Verne) Release: 16 Codename: Verne
[root@ovirt # rpm -qa|grep ovirt-engine ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
Any input would be appreciated _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org> http://lists.ovirt.org/mailman/listinfo/users
--
David Jaša, RHCE
SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I have seen this. Can give it a try. At this point I'm not sure if it's a problem with my configuration. Or making console connections with either vnc or spice. The ports are clearly running - netstat -an|grep 590 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN When using plain old kvm, virt-manager I could just simply connect using any vnc or virt-viewer or x11 virtmanager. I'm not sure what ovirt is doing with tls etc... Not being able to get console access is a definite show stopper. And it shouldn't be rocket science to do it. And it should be accessible from either linux or windows clients. Does vSphere (windows only) ring a bell? On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim@redhat.com> wrote:
would it be relevant for you to try the 3.1 beta? it has this which should cover your 'all in one' needs: http://www.ovirt.org/wiki/Feature/AllInOne
On 07/25/2012 06:52 PM, Brent Bolin wrote:
Thanks David for your reply -
I have completely flushed all iptables rules 'iptables --flush" -
iptables -L -v -n Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) pkts bytes target prot opt in out source destination
The base host is Fedora 16 running with desktop
First installed vdsm and then ovirt-engine
Single network bridge installed, but there is another 1GB nic that isn't being used -
eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:99656 errors:0 dropped:0 overruns:0 frame:0 TX packets:51508 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:63007897 (60.0 MiB) TX bytes:18148736 (17.3 MiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1814674 errors:0 dropped:0 overruns:0 frame:0 TX packets:1814674 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:646274067 (616.3 MiB) TX bytes:646274067 (616.3 MiB)
ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet addr:192.168.0.118 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:70706 errors:0 dropped:0 overruns:0 frame:0 TX packets:48717 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:52195637 (49.7 MiB) TX bytes:14942359 (14.2 MiB)
vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:1 carrier:0 collisions:0 txqueuelen:500 RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
After ovirt engine is installed logged into the interface and configured the host using 127.0.0.1 . Host reboots. Host shows up in the admin interface only complaining about power management that isn't configured.
Here <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>
is a screen shot of the web interface
The only configuration settings I've changed are in the qemu.conf to either tls=0 or tls=1
spice-gtk-0.11-4.fc16.x86_64 spice-client-0.10.1-1.fc16.x86_64 spice-glib-0.11-4.fc16.x86_64 spice-gtk3-0.11-4.fc16.x86_64 spice-xpi-2.7-3.fc16.x86_64 spice-gtk-tools-0.11-4.fc16.x86_64 spice-server-0.10.1-1.fc16.x86_64
The link in the admin interface shows available(using FF). When I click it opens a spicec:0 dialog and just closes
If I try to open from a shell I get things like this -
Brief window open and then error -
spicec -h 127.0.0.1 -p 5900 Warning: connect error 5 - need secured connection
On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com <mailto:djasa@redhat.com>> wrote:
Hi Brent,
first guess: have a look if your iptables setup allow connection to the qemu processes. RHEV 3.0 documentation (publicly accesible) says that a host needs these ports open: port 22 for SSH, ports 5634 to 6166 for guest console connections, port 16514 for libvirt virtual machine migration traffic, ports 49152 to 49216 for VDSM virtual machine migration traffic, and port 54321 for the Red Hat Enterprise Virtualization Manager.
If you have ovirt-engine running onu the same machine as vdsm, most of the ports don't need to be accessible from outside but "guest console" ports do.
If it isn't iptables, please share at least: * what your actual topology is (engine on the physical host?) * if you use some custom tls settings such as tls switched off * what spice client & xpi versions are you using * how exactly the client failed (showed error window? with what error? just didn't launch?)
In your email, you didn't write any debugging hints apart from the setup being single-host one...
David
Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
About 6 months ago I asked on this list if it was possible to install ovirt on a single host. Thread got long and winded and lost interest.
Started looking at the project again about two days ago. What I really didn't understand was using a base Fedora install. Installing vdsm and then installing ovirt engine.
So everything is up. Created data center, storage, cluster, host and virtual machine.
But I can't get there from here. I can't get console running to configure the booted install.
I've tried VNC, Spice, Firefox with spice-xpi plugin.
Tried tweaking, turning, touching, swearing @ /etc/libvirt/qemu.conf settings. tls settings. Not even sure if this is the right place to be checking.
This is a show stopper.
LSB Version: :core-4.0-amd64:core-4.0-noarch Distributor ID: Fedora Description: Fedora release 16 (Verne) Release: 16 Codename: Verne
[root@ovirt # rpm -qa|grep ovirt-engine ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
Any input would be appreciated _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org>
--
David Jaša, RHCE
SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On 07/25/2012 09:46 PM, Brent Bolin wrote:
I have seen this. Can give it a try.
At this point I'm not sure if it's a problem with my configuration. Or making console connections with either vnc or spice. The ports are clearly running -
netstat -an|grep 590 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
When using plain old kvm, virt-manager I could just simply connect using any vnc or virt-viewer or x11 virtmanager.
I'm not sure what ovirt is doing with tls etc...
Not being able to get console access is a definite show stopper. And it shouldn't be rocket science to do it. And it should be accessible from either linux or windows clients. Does vSphere (windows only) ring a bell?
yes, it should just work once you install spice on your client and open it from the user portal or webadmin (you can't connect directly unless you disable the ticketing system). (you can connect from CLI using the ovirt cli for example, since it takes care of setting the ticket for you to connect. ticket == temporary password for the vnc/spice session.
On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim@redhat.com> wrote:
would it be relevant for you to try the 3.1 beta? it has this which should cover your 'all in one' needs: http://www.ovirt.org/wiki/Feature/AllInOne
On 07/25/2012 06:52 PM, Brent Bolin wrote:
Thanks David for your reply -
I have completely flushed all iptables rules 'iptables --flush" -
iptables -L -v -n Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) pkts bytes target prot opt in out source destination
The base host is Fedora 16 running with desktop
First installed vdsm and then ovirt-engine
Single network bridge installed, but there is another 1GB nic that isn't being used -
eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:99656 errors:0 dropped:0 overruns:0 frame:0 TX packets:51508 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:63007897 (60.0 MiB) TX bytes:18148736 (17.3 MiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1814674 errors:0 dropped:0 overruns:0 frame:0 TX packets:1814674 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:646274067 (616.3 MiB) TX bytes:646274067 (616.3 MiB)
ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet addr:192.168.0.118 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:70706 errors:0 dropped:0 overruns:0 frame:0 TX packets:48717 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:52195637 (49.7 MiB) TX bytes:14942359 (14.2 MiB)
vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:1 carrier:0 collisions:0 txqueuelen:500 RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
After ovirt engine is installed logged into the interface and configured the host using 127.0.0.1 . Host reboots. Host shows up in the admin interface only complaining about power management that isn't configured.
Here <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>
is a screen shot of the web interface
The only configuration settings I've changed are in the qemu.conf to either tls=0 or tls=1
spice-gtk-0.11-4.fc16.x86_64 spice-client-0.10.1-1.fc16.x86_64 spice-glib-0.11-4.fc16.x86_64 spice-gtk3-0.11-4.fc16.x86_64 spice-xpi-2.7-3.fc16.x86_64 spice-gtk-tools-0.11-4.fc16.x86_64 spice-server-0.10.1-1.fc16.x86_64
The link in the admin interface shows available(using FF). When I click it opens a spicec:0 dialog and just closes
If I try to open from a shell I get things like this -
Brief window open and then error -
spicec -h 127.0.0.1 -p 5900 Warning: connect error 5 - need secured connection
On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com <mailto:djasa@redhat.com>> wrote:
Hi Brent,
first guess: have a look if your iptables setup allow connection to the qemu processes. RHEV 3.0 documentation (publicly accesible) says that a host needs these ports open: port 22 for SSH, ports 5634 to 6166 for guest console connections, port 16514 for libvirt virtual machine migration traffic, ports 49152 to 49216 for VDSM virtual machine migration traffic, and port 54321 for the Red Hat Enterprise Virtualization Manager.
If you have ovirt-engine running onu the same machine as vdsm, most of the ports don't need to be accessible from outside but "guest console" ports do.
If it isn't iptables, please share at least: * what your actual topology is (engine on the physical host?) * if you use some custom tls settings such as tls switched off * what spice client & xpi versions are you using * how exactly the client failed (showed error window? with what error? just didn't launch?)
In your email, you didn't write any debugging hints apart from the setup being single-host one...
David
Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
About 6 months ago I asked on this list if it was possible to install ovirt on a single host. Thread got long and winded and lost interest.
Started looking at the project again about two days ago. What I really didn't understand was using a base Fedora install. Installing vdsm and then installing ovirt engine.
So everything is up. Created data center, storage, cluster, host and virtual machine.
But I can't get there from here. I can't get console running to configure the booted install.
I've tried VNC, Spice, Firefox with spice-xpi plugin.
Tried tweaking, turning, touching, swearing @ /etc/libvirt/qemu.conf settings. tls settings. Not even sure if this is the right place to be checking.
This is a show stopper.
LSB Version: :core-4.0-amd64:core-4.0-noarch Distributor ID: Fedora Description: Fedora release 16 (Verne) Release: 16 Codename: Verne
[root@ovirt # rpm -qa|grep ovirt-engine ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
Any input would be appreciated _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org>
--
David Jaša, RHCE
SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On Wed, Jul 25, 2012 at 01:46:40PM -0500, Brent Bolin wrote:
I have seen this. Can give it a try.
At this point I'm not sure if it's a problem with my configuration. Or making console connections with either vnc or spice. The ports are clearly running -
FWIW, I was unable to make console connections with oVirt 3.0, too. Lately I've tried oVirt 3.1 BETA and VNC works like a charm, although I couldn't get SPICE to work. Please note that I've used a fresh Fedora 17 installation for both the engine and the node. (Since the ovirt node ISO image seemed buggy at that time.) - Frank
Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
I have seen this. Can give it a try.
At this point I'm not sure if it's a problem with my configuration. Or making console connections with either vnc or spice. The ports are clearly running -
netstat -an|grep 590 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
When using plain old kvm, virt-manager I could just simply connect using any vnc or virt-viewer or x11 virtmanager.
I'm not sure what ovirt is doing with tls etc...
As Itamar already said, it: * sets up TLS and enforces it. * sets up temporary ticket If you want to connect to the console manually, you have to set up the ticket - on the server, follow these steps in order to achieve it (from top of my head, can contain typos): VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print $1}')" vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT For TLS, you'll need CA file and host subject in case of host name used on CLI not matching host name in server cert CN. Assuming you're connecting from some other computer: SUBJECT="$(ssh root@$HOST 'grep Subject: /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')" scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE remote-viewer --spice-ca-file=$CA_FILE --spice-host-subject=$SUBJECT spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT # it will ask for password in pop-up window # OR you can use "good old" spicec: spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p $PORT -s $SECURE_PORT -w $PASSWORD David PS: given all the info, I guess you've run into some instance of this downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
Not being able to get console access is a definite show stopper. And it shouldn't be rocket science to do it. And it should be accessible from either linux or windows clients. Does vSphere (windows only) ring a bell?
On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim@redhat.com> wrote:
would it be relevant for you to try the 3.1 beta? it has this which should cover your 'all in one' needs: http://www.ovirt.org/wiki/Feature/AllInOne
On 07/25/2012 06:52 PM, Brent Bolin wrote:
Thanks David for your reply -
I have completely flushed all iptables rules 'iptables --flush" -
iptables -L -v -n Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) pkts bytes target prot opt in out source destination
The base host is Fedora 16 running with desktop
First installed vdsm and then ovirt-engine
Single network bridge installed, but there is another 1GB nic that isn't being used -
eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:99656 errors:0 dropped:0 overruns:0 frame:0 TX packets:51508 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:63007897 (60.0 MiB) TX bytes:18148736 (17.3 MiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1814674 errors:0 dropped:0 overruns:0 frame:0 TX packets:1814674 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:646274067 (616.3 MiB) TX bytes:646274067 (616.3 MiB)
ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet addr:192.168.0.118 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:70706 errors:0 dropped:0 overruns:0 frame:0 TX packets:48717 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:52195637 (49.7 MiB) TX bytes:14942359 (14.2 MiB)
vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:1 carrier:0 collisions:0 txqueuelen:500 RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
After ovirt engine is installed logged into the interface and configured the host using 127.0.0.1 . Host reboots. Host shows up in the admin interface only complaining about power management that isn't configured.
Here <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>
is a screen shot of the web interface
The only configuration settings I've changed are in the qemu.conf to either tls=0 or tls=1
spice-gtk-0.11-4.fc16.x86_64 spice-client-0.10.1-1.fc16.x86_64 spice-glib-0.11-4.fc16.x86_64 spice-gtk3-0.11-4.fc16.x86_64 spice-xpi-2.7-3.fc16.x86_64 spice-gtk-tools-0.11-4.fc16.x86_64 spice-server-0.10.1-1.fc16.x86_64
The link in the admin interface shows available(using FF). When I click it opens a spicec:0 dialog and just closes
If I try to open from a shell I get things like this -
Brief window open and then error -
spicec -h 127.0.0.1 -p 5900 Warning: connect error 5 - need secured connection
On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com <mailto:djasa@redhat.com>> wrote:
Hi Brent,
first guess: have a look if your iptables setup allow connection to the qemu processes. RHEV 3.0 documentation (publicly accesible) says that a host needs these ports open: port 22 for SSH, ports 5634 to 6166 for guest console connections, port 16514 for libvirt virtual machine migration traffic, ports 49152 to 49216 for VDSM virtual machine migration traffic, and port 54321 for the Red Hat Enterprise Virtualization Manager.
If you have ovirt-engine running onu the same machine as vdsm, most of the ports don't need to be accessible from outside but "guest console" ports do.
If it isn't iptables, please share at least: * what your actual topology is (engine on the physical host?) * if you use some custom tls settings such as tls switched off * what spice client & xpi versions are you using * how exactly the client failed (showed error window? with what error? just didn't launch?)
In your email, you didn't write any debugging hints apart from the setup being single-host one...
David
Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
About 6 months ago I asked on this list if it was possible to install ovirt on a single host. Thread got long and winded and lost interest.
Started looking at the project again about two days ago. What I really didn't understand was using a base Fedora install. Installing vdsm and then installing ovirt engine.
So everything is up. Created data center, storage, cluster, host and virtual machine.
But I can't get there from here. I can't get console running to configure the booted install.
I've tried VNC, Spice, Firefox with spice-xpi plugin.
Tried tweaking, turning, touching, swearing @ /etc/libvirt/qemu.conf settings. tls settings. Not even sure if this is the right place to be checking.
This is a show stopper.
LSB Version: :core-4.0-amd64:core-4.0-noarch Distributor ID: Fedora Description: Fedora release 16 (Verne) Release: 16 Codename: Verne
[root@ovirt # rpm -qa|grep ovirt-engine ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
Any input would be appreciated _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org>
--
David Jaša, RHCE
SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- David Jaša, RHCE SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
On 07/26/2012 01:10 PM, David Jaša wrote:
Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
I have seen this. Can give it a try.
At this point I'm not sure if it's a problem with my configuration. Or making console connections with either vnc or spice. The ports are clearly running -
netstat -an|grep 590 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
When using plain old kvm, virt-manager I could just simply connect using any vnc or virt-viewer or x11 virtmanager.
I'm not sure what ovirt is doing with tls etc...
As Itamar already said, it: * sets up TLS and enforces it. * sets up temporary ticket
If you want to connect to the console manually, you have to set up the ticket - on the server, follow these steps in order to achieve it (from top of my head, can contain typos): VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print $1}')" vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
For TLS, you'll need CA file and host subject in case of host name used on CLI not matching host name in server cert CN. Assuming you're connecting from some other computer: SUBJECT="$(ssh root@$HOST 'grep Subject: /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')" scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE remote-viewer --spice-ca-file=$CA_FILE --spice-host-subject=$SUBJECT spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT # it will ask for password in pop-up window # OR you can use "good old" spicec: spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p $PORT -s $SECURE_PORT -w $PASSWORD
David
PS: given all the info, I guess you've run into some instance of this downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
brent - this only fails user portal. are you failing from webadmin as well?
Not being able to get console access is a definite show stopper. And it shouldn't be rocket science to do it. And it should be accessible from either linux or windows clients. Does vSphere (windows only) ring a bell?
On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim@redhat.com> wrote:
would it be relevant for you to try the 3.1 beta? it has this which should cover your 'all in one' needs: http://www.ovirt.org/wiki/Feature/AllInOne
On 07/25/2012 06:52 PM, Brent Bolin wrote:
Thanks David for your reply -
I have completely flushed all iptables rules 'iptables --flush" -
iptables -L -v -n Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) pkts bytes target prot opt in out source destination
The base host is Fedora 16 running with desktop
First installed vdsm and then ovirt-engine
Single network bridge installed, but there is another 1GB nic that isn't being used -
eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:99656 errors:0 dropped:0 overruns:0 frame:0 TX packets:51508 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:63007897 (60.0 MiB) TX bytes:18148736 (17.3 MiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1814674 errors:0 dropped:0 overruns:0 frame:0 TX packets:1814674 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:646274067 (616.3 MiB) TX bytes:646274067 (616.3 MiB)
ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet addr:192.168.0.118 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:70706 errors:0 dropped:0 overruns:0 frame:0 TX packets:48717 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:52195637 (49.7 MiB) TX bytes:14942359 (14.2 MiB)
vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:1 carrier:0 collisions:0 txqueuelen:500 RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
After ovirt engine is installed logged into the interface and configured the host using 127.0.0.1 . Host reboots. Host shows up in the admin interface only complaining about power management that isn't configured.
Here <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>
is a screen shot of the web interface
The only configuration settings I've changed are in the qemu.conf to either tls=0 or tls=1
spice-gtk-0.11-4.fc16.x86_64 spice-client-0.10.1-1.fc16.x86_64 spice-glib-0.11-4.fc16.x86_64 spice-gtk3-0.11-4.fc16.x86_64 spice-xpi-2.7-3.fc16.x86_64 spice-gtk-tools-0.11-4.fc16.x86_64 spice-server-0.10.1-1.fc16.x86_64
The link in the admin interface shows available(using FF). When I click it opens a spicec:0 dialog and just closes
If I try to open from a shell I get things like this -
Brief window open and then error -
spicec -h 127.0.0.1 -p 5900 Warning: connect error 5 - need secured connection
On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com <mailto:djasa@redhat.com>> wrote:
Hi Brent,
first guess: have a look if your iptables setup allow connection to the qemu processes. RHEV 3.0 documentation (publicly accesible) says that a host needs these ports open: port 22 for SSH, ports 5634 to 6166 for guest console connections, port 16514 for libvirt virtual machine migration traffic, ports 49152 to 49216 for VDSM virtual machine migration traffic, and port 54321 for the Red Hat Enterprise Virtualization Manager.
If you have ovirt-engine running onu the same machine as vdsm, most of the ports don't need to be accessible from outside but "guest console" ports do.
If it isn't iptables, please share at least: * what your actual topology is (engine on the physical host?) * if you use some custom tls settings such as tls switched off * what spice client & xpi versions are you using * how exactly the client failed (showed error window? with what error? just didn't launch?)
In your email, you didn't write any debugging hints apart from the setup being single-host one...
David
Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
About 6 months ago I asked on this list if it was possible to install ovirt on a single host. Thread got long and winded and lost interest.
Started looking at the project again about two days ago. What I really didn't understand was using a base Fedora install. Installing vdsm and then installing ovirt engine.
So everything is up. Created data center, storage, cluster, host and virtual machine.
But I can't get there from here. I can't get console running to configure the booted install.
I've tried VNC, Spice, Firefox with spice-xpi plugin.
Tried tweaking, turning, touching, swearing @ /etc/libvirt/qemu.conf settings. tls settings. Not even sure if this is the right place to be checking.
This is a show stopper.
LSB Version: :core-4.0-amd64:core-4.0-noarch Distributor ID: Fedora Description: Fedora release 16 (Verne) Release: 16 Codename: Verne
[root@ovirt # rpm -qa|grep ovirt-engine ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-jbossas-1.2-2.fc16.x86_64 ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
Any input would be appreciated _______________________________________________ Users mailing list Users@ovirt.org <mailto:Users@ovirt.org>
--
David Jaša, RHCE
SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I was not able to get this working using beta ovirt-engine-setup-plugin-allinone rpm Used answer file as recommended on the wiki. I didn't document the exact error, but the install failed. I did another install using F16 Installing VDSM from rpm [ovirt-engine-3.0] name=ovirt-engine-3.0 baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16 enabled=1 gpgcheck=0 And then doing engine-setup And then installing spice-xpi Can't explain it but it's working from the F16 desktop using FF :) On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <iheim@redhat.com> wrote:
On 07/26/2012 01:10 PM, David Jaša wrote:
Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
I have seen this. Can give it a try.
At this point I'm not sure if it's a problem with my configuration. Or making console connections with either vnc or spice. The ports are clearly running -
netstat -an|grep 590 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
When using plain old kvm, virt-manager I could just simply connect using any vnc or virt-viewer or x11 virtmanager.
I'm not sure what ovirt is doing with tls etc...
As Itamar already said, it: * sets up TLS and enforces it. * sets up temporary ticket
If you want to connect to the console manually, you have to set up the ticket - on the server, follow these steps in order to achieve it (from top of my head, can contain typos): VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print $1}')" vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
For TLS, you'll need CA file and host subject in case of host name used on CLI not matching host name in server cert CN. Assuming you're connecting from some other computer: SUBJECT="$(ssh root@$HOST 'grep Subject: /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')" scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE remote-viewer --spice-ca-file=$CA_FILE --spice-host-subject=$SUBJECT spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT # it will ask for password in pop-up window # OR you can use "good old" spicec: spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p $PORT -s $SECURE_PORT -w $PASSWORD
David
PS: given all the info, I guess you've run into some instance of this downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
brent - this only fails user portal. are you failing from webadmin as well?
Not being able to get console access is a definite show stopper. And it shouldn't be rocket science to do it. And it should be accessible from either linux or windows clients. Does vSphere (windows only) ring a bell?
On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim@redhat.com> wrote:
would it be relevant for you to try the 3.1 beta? it has this which should cover your 'all in one' needs: http://www.ovirt.org/wiki/Feature/AllInOne
On 07/25/2012 06:52 PM, Brent Bolin wrote:
Thanks David for your reply -
I have completely flushed all iptables rules 'iptables --flush" -
iptables -L -v -n Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) pkts bytes target prot opt in out source destination
The base host is Fedora 16 running with desktop
First installed vdsm and then ovirt-engine
Single network bridge installed, but there is another 1GB nic that isn't being used -
eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:99656 errors:0 dropped:0 overruns:0 frame:0 TX packets:51508 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:63007897 (60.0 MiB) TX bytes:18148736 (17.3 MiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1814674 errors:0 dropped:0 overruns:0 frame:0 TX packets:1814674 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:646274067 (616.3 MiB) TX bytes:646274067 (616.3 MiB)
ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet addr:192.168.0.118 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:70706 errors:0 dropped:0 overruns:0 frame:0 TX packets:48717 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:52195637 (49.7 MiB) TX bytes:14942359 (14.2 MiB)
vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:1 carrier:0 collisions:0 txqueuelen:500 RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
After ovirt engine is installed logged into the interface and configured the host using 127.0.0.1 . Host reboots. Host shows up in the admin interface only complaining about power management that isn't configured.
Here
<https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>
is a screen shot of the web interface
The only configuration settings I've changed are in the qemu.conf to either tls=0 or tls=1
spice-gtk-0.11-4.fc16.x86_64 spice-client-0.10.1-1.fc16.x86_64 spice-glib-0.11-4.fc16.x86_64 spice-gtk3-0.11-4.fc16.x86_64 spice-xpi-2.7-3.fc16.x86_64 spice-gtk-tools-0.11-4.fc16.x86_64 spice-server-0.10.1-1.fc16.x86_64
The link in the admin interface shows available(using FF). When I click it opens a spicec:0 dialog and just closes
If I try to open from a shell I get things like this -
Brief window open and then error -
spicec -h 127.0.0.1 -p 5900 Warning: connect error 5 - need secured connection
Hi Brent,
first guess: have a look if your iptables setup allow connection to
qemu processes. RHEV 3.0 documentation (publicly accesible) says
host needs these ports open: port 22 for SSH, ports 5634 to 6166 for guest console connections, port 16514 for libvirt virtual machine migration traffic, ports 49152 to 49216 for VDSM virtual machine migration
On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com <mailto:djasa@redhat.com>> wrote: the that a traffic,
and port 54321 for the Red Hat Enterprise Virtualization
Manager.
If you have ovirt-engine running onu the same machine as vdsm, most
of
the ports don't need to be accessible from outside but "guest console" ports do.
If it isn't iptables, please share at least: * what your actual topology is (engine on the physical host?) * if you use some custom tls settings such as tls switched off * what spice client & xpi versions are you using * how exactly the client failed (showed error window? with what error? just didn't launch?)
In your email, you didn't write any debugging hints apart from the setup being single-host one...
David
Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500: > About 6 months ago I asked on this list if it was possible to install > ovirt on a single host. Thread got long and winded and lost interest. > > Started looking at the project again about two days ago. What I > really didn't understand was using a base Fedora install. Installing > vdsm and then installing ovirt engine. > > So everything is up. Created data center, storage, cluster, host and > virtual machine. > > But I can't get there from here. I can't get console running to > configure the booted install. > > I've tried VNC, Spice, Firefox with spice-xpi plugin. > > Tried tweaking, turning, touching, swearing @ /etc/libvirt/qemu.conf > settings. tls settings. Not even sure if this is the right place to > be checking. > > This is a show stopper. > > LSB Version: :core-4.0-amd64:core-4.0-noarch > Distributor ID: Fedora > Description: Fedora release 16 (Verne) > Release: 16 > Codename: Verne > > [root@ovirt # rpm -qa|grep ovirt-engine > ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-jbossas-1.2-2.fc16.x86_64 > ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 > ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64 > > Any input would be appreciated > _______________________________________________ > Users mailing list > Users@ovirt.org <mailto:Users@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/users
--
David Jaša, RHCE
SPICE QE based in Brno GPG Key: 22C33E24 Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Did you look for selinux denials? ----- Original Message -----
I was not able to get this working using beta ovirt-engine-setup-plugin-allinone rpm
Used answer file as recommended on the wiki. I didn't document the exact error, but the install failed.
I did another install using F16 Installing VDSM from rpm
[ovirt-engine-3.0] name=ovirt-engine-3.0 baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16 enabled=1 gpgcheck=0
And then doing engine-setup
And then installing spice-xpi
Can't explain it but it's working from the F16 desktop using FF :)
On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <iheim@redhat.com> wrote:
On 07/26/2012 01:10 PM, David Jaša wrote:
Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
I have seen this. Can give it a try.
At this point I'm not sure if it's a problem with my configuration. Or making console connections with either vnc or spice. The ports are clearly running -
netstat -an|grep 590 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
When using plain old kvm, virt-manager I could just simply connect using any vnc or virt-viewer or x11 virtmanager.
I'm not sure what ovirt is doing with tls etc...
As Itamar already said, it: * sets up TLS and enforces it. * sets up temporary ticket
If you want to connect to the console manually, you have to set up the ticket - on the server, follow these steps in order to achieve it (from top of my head, can contain typos): VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print $1}')" vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
For TLS, you'll need CA file and host subject in case of host name used on CLI not matching host name in server cert CN. Assuming you're connecting from some other computer: SUBJECT="$(ssh root@$HOST 'grep Subject: /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')" scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE remote-viewer --spice-ca-file=$CA_FILE --spice-host-subject=$SUBJECT spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT # it will ask for password in pop-up window # OR you can use "good old" spicec: spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p $PORT -s $SECURE_PORT -w $PASSWORD
David
PS: given all the info, I guess you've run into some instance of this downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
brent - this only fails user portal. are you failing from webadmin as well?
Not being able to get console access is a definite show stopper. And it shouldn't be rocket science to do it. And it should be accessible from either linux or windows clients. Does vSphere (windows only) ring a bell?
On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim@redhat.com> wrote:
would it be relevant for you to try the 3.1 beta? it has this which should cover your 'all in one' needs: http://www.ovirt.org/wiki/Feature/AllInOne
On 07/25/2012 06:52 PM, Brent Bolin wrote:
Thanks David for your reply -
I have completely flushed all iptables rules 'iptables --flush" -
iptables -L -v -n Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) pkts bytes target prot opt in out source destination
The base host is Fedora 16 running with desktop
First installed vdsm and then ovirt-engine
Single network bridge installed, but there is another 1GB nic that isn't being used -
eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:99656 errors:0 dropped:0 overruns:0 frame:0 TX packets:51508 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:63007897 (60.0 MiB) TX bytes:18148736 (17.3 MiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1814674 errors:0 dropped:0 overruns:0 frame:0 TX packets:1814674 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:646274067 (616.3 MiB) TX bytes:646274067 (616.3 MiB)
ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A inet addr:192.168.0.118 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:70706 errors:0 dropped:0 overruns:0 frame:0 TX packets:48717 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:52195637 (49.7 MiB) TX bytes:14942359 (14.2 MiB)
vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:1 carrier:0 collisions:0 txqueuelen:500 RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
After ovirt engine is installed logged into the interface and configured the host using 127.0.0.1 . Host reboots. Host shows up in the admin interface only complaining about power management that isn't configured.
Here
<https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>
is a screen shot of the web interface
The only configuration settings I've changed are in the qemu.conf to either tls=0 or tls=1
spice-gtk-0.11-4.fc16.x86_64 spice-client-0.10.1-1.fc16.x86_64 spice-glib-0.11-4.fc16.x86_64 spice-gtk3-0.11-4.fc16.x86_64 spice-xpi-2.7-3.fc16.x86_64 spice-gtk-tools-0.11-4.fc16.x86_64 spice-server-0.10.1-1.fc16.x86_64
The link in the admin interface shows available(using FF). When I click it opens a spicec:0 dialog and just closes
If I try to open from a shell I get things like this -
Brief window open and then error -
spicec -h 127.0.0.1 -p 5900 Warning: connect error 5 - need secured connection
On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com <mailto:djasa@redhat.com>> wrote: > Hi Brent, > > first guess: have a look if your iptables setup allow > connection to the > qemu processes. RHEV 3.0 documentation (publicly accesible) > says that a > host needs these ports open: > port 22 for SSH, > ports 5634 to 6166 for guest console connections, > port 16514 for libvirt virtual machine migration > traffic, > ports 49152 to 49216 for VDSM virtual machine > migration traffic, > and > port 54321 for the Red Hat Enterprise > Virtualization Manager. > > If you have ovirt-engine running onu the same machine as > vdsm, most of > the ports don't need to be accessible from outside but > "guest console" > ports do. > > If it isn't iptables, please share at least: > * what your actual topology is (engine on the physical > host?) > * if you use some custom tls settings such as tls switched > off > * what spice client & xpi versions are you using > * how exactly the client failed (showed error window? with > what error? > just didn't launch?) > > In your email, you didn't write any debugging hints apart > from the setup > being single-host one... > > David > > > Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500: >> About 6 months ago I asked on this list if it was possible >> to install >> ovirt on a single host. Thread got long and winded and >> lost interest. >> >> Started looking at the project again about two days ago. >> What I >> really didn't understand was using a base Fedora install. Installing >> vdsm and then installing ovirt engine. >> >> So everything is up. Created data center, storage, >> cluster, host and >> virtual machine. >> >> But I can't get there from here. I can't get console >> running to >> configure the booted install. >> >> I've tried VNC, Spice, Firefox with spice-xpi plugin. >> >> Tried tweaking, turning, touching, swearing @ /etc/libvirt/qemu.conf >> settings. tls settings. Not even sure if this is the >> right place to >> be checking. >> >> This is a show stopper. >> >> LSB Version: :core-4.0-amd64:core-4.0-noarch >> Distributor ID: Fedora >> Description: Fedora release 16 (Verne) >> Release: 16 >> Codename: Verne >> >> [root@ovirt # rpm -qa|grep ovirt-engine >> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-jbossas-1.2-2.fc16.x86_64 >> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 >> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64 >> >> Any input would be appreciated >> _______________________________________________ >> Users mailing list >> Users@ovirt.org <mailto:Users@ovirt.org>
>> http://lists.ovirt.org/mailman/listinfo/users > > -- > > David Jaša, RHCE > > SPICE QE based in Brno > GPG Key: 22C33E24 > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 > 3E24 > > >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I have been seeing selinux denials. I'm not sure if it was for the allinone plugin. Should selinux be enabled or disabled? On Fri, Jul 27, 2012 at 1:54 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
Did you look for selinux denials?
----- Original Message -----
I was not able to get this working using beta ovirt-engine-setup-plugin-allinone rpm
Used answer file as recommended on the wiki. I didn't document the exact error, but the install failed.
I did another install using F16 Installing VDSM from rpm
[ovirt-engine-3.0] name=ovirt-engine-3.0 baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16 enabled=1 gpgcheck=0
And then doing engine-setup
And then installing spice-xpi
Can't explain it but it's working from the F16 desktop using FF :)
On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <iheim@redhat.com> wrote:
On 07/26/2012 01:10 PM, David Jaša wrote:
Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
I have seen this. Can give it a try.
At this point I'm not sure if it's a problem with my configuration. Or making console connections with either vnc or spice. The ports are clearly running -
netstat -an|grep 590 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
When using plain old kvm, virt-manager I could just simply connect using any vnc or virt-viewer or x11 virtmanager.
I'm not sure what ovirt is doing with tls etc...
As Itamar already said, it: * sets up TLS and enforces it. * sets up temporary ticket
If you want to connect to the console manually, you have to set up the ticket - on the server, follow these steps in order to achieve it (from top of my head, can contain typos): VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print $1}')" vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
For TLS, you'll need CA file and host subject in case of host name used on CLI not matching host name in server cert CN. Assuming you're connecting from some other computer: SUBJECT="$(ssh root@$HOST 'grep Subject: /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')" scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE remote-viewer --spice-ca-file=$CA_FILE --spice-host-subject=$SUBJECT spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT # it will ask for password in pop-up window # OR you can use "good old" spicec: spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p $PORT -s $SECURE_PORT -w $PASSWORD
David
PS: given all the info, I guess you've run into some instance of this downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
brent - this only fails user portal. are you failing from webadmin as well?
Not being able to get console access is a definite show stopper. And it shouldn't be rocket science to do it. And it should be accessible from either linux or windows clients. Does vSphere (windows only) ring a bell?
On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim@redhat.com> wrote:
would it be relevant for you to try the 3.1 beta? it has this which should cover your 'all in one' needs: http://www.ovirt.org/wiki/Feature/AllInOne
On 07/25/2012 06:52 PM, Brent Bolin wrote: > > > Thanks David for your reply - > > I have completely flushed all iptables rules 'iptables --flush" > - > > iptables -L -v -n > Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) > pkts bytes target prot opt in out source > destination > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) > pkts bytes target prot opt in out source > destination > > > The base host is Fedora 16 running with desktop > > First installed vdsm and then ovirt-engine > > Single network bridge installed, but there is another 1GB nic > that > isn't > being used - > > eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A > inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:99656 errors:0 dropped:0 overruns:0 > frame:0 > TX packets:51508 errors:0 dropped:0 overruns:0 > carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:63007897 (60.0 MiB) TX bytes:18148736 > (17.3 MiB) > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:1814674 errors:0 dropped:0 overruns:0 > frame:0 > TX packets:1814674 errors:0 dropped:0 overruns:0 > carrier:0 > collisions:0 txqueuelen:0 > RX bytes:646274067 (616.3 MiB) TX bytes:646274067 > (616.3 > MiB) > > ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A > inet addr:192.168.0.118 Bcast:192.168.0.255 > Mask:255.255.255.0 > inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:70706 errors:0 dropped:0 overruns:0 > frame:0 > TX packets:48717 errors:0 dropped:0 overruns:0 > carrier:0 > collisions:0 txqueuelen:0 > RX bytes:52195637 (49.7 MiB) TX bytes:14942359 > (14.2 MiB) > > vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 > inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:3 errors:0 dropped:0 overruns:0 frame:0 > TX packets:14 errors:0 dropped:0 overruns:1 > carrier:0 > collisions:0 txqueuelen:500 > RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB) > > After ovirt engine is installed logged into the interface and > configured > the host using 127.0.0.1 . Host reboots. Host shows up in the > admin > interface only complaining about power management that isn't > configured. > > > Here > > <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink> > > is a screen shot of the web interface > > The only configuration settings I've changed are in the > qemu.conf to > either tls=0 or tls=1 > > spice-gtk-0.11-4.fc16.x86_64 > spice-client-0.10.1-1.fc16.x86_64 > spice-glib-0.11-4.fc16.x86_64 > spice-gtk3-0.11-4.fc16.x86_64 > spice-xpi-2.7-3.fc16.x86_64 > spice-gtk-tools-0.11-4.fc16.x86_64 > spice-server-0.10.1-1.fc16.x86_64 > > The link in the admin interface shows available(using FF). > When I > click > it opens a spicec:0 dialog and just closes > > If I try to open from a shell I get things like this - > > Brief window open and then error - > > spicec -h 127.0.0.1 -p 5900 > Warning: connect error 5 - need secured connection > > > > > > > > On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com > <mailto:djasa@redhat.com>> wrote: > > Hi Brent, > > > > first guess: have a look if your iptables setup allow > > connection to > the > > qemu processes. RHEV 3.0 documentation (publicly accesible) > > says > that a > > host needs these ports open: > > port 22 for SSH, > > ports 5634 to 6166 for guest console connections, > > port 16514 for libvirt virtual machine migration > > traffic, > > ports 49152 to 49216 for VDSM virtual machine > > migration > traffic, > > and > > port 54321 for the Red Hat Enterprise > > Virtualization > Manager. > > > > If you have ovirt-engine running onu the same machine as > > vdsm, most > of > > the ports don't need to be accessible from outside but > > "guest > console" > > ports do. > > > > If it isn't iptables, please share at least: > > * what your actual topology is (engine on the physical > > host?) > > * if you use some custom tls settings such as tls switched > > off > > * what spice client & xpi versions are you using > > * how exactly the client failed (showed error window? with > > what > error? > > just didn't launch?) > > > > In your email, you didn't write any debugging hints apart > > from the > setup > > being single-host one... > > > > David > > > > > > Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500: > >> About 6 months ago I asked on this list if it was possible > >> to > install > >> ovirt on a single host. Thread got long and winded and > >> lost > interest. > >> > >> Started looking at the project again about two days ago. > >> What I > >> really didn't understand was using a base Fedora install. > Installing > >> vdsm and then installing ovirt engine. > >> > >> So everything is up. Created data center, storage, > >> cluster, host > and > >> virtual machine. > >> > >> But I can't get there from here. I can't get console > >> running to > >> configure the booted install. > >> > >> I've tried VNC, Spice, Firefox with spice-xpi plugin. > >> > >> Tried tweaking, turning, touching, swearing @ > /etc/libvirt/qemu.conf > >> settings. tls settings. Not even sure if this is the > >> right place > to > >> be checking. > >> > >> This is a show stopper. > >> > >> LSB Version: :core-4.0-amd64:core-4.0-noarch > >> Distributor ID: Fedora > >> Description: Fedora release 16 (Verne) > >> Release: 16 > >> Codename: Verne > >> > >> [root@ovirt # rpm -qa|grep ovirt-engine > >> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-jbossas-1.2-2.fc16.x86_64 > >> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 > >> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64 > >> > >> Any input would be appreciated > >> _______________________________________________ > >> Users mailing list > >> Users@ovirt.org <mailto:Users@ovirt.org> > > >> http://lists.ovirt.org/mailman/listinfo/users > > > > -- > > > > David Jaša, RHCE > > > > SPICE QE based in Brno > > GPG Key: 22C33E24 > > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 > > 3E24 > > > > > > > > > _______________________________________________ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
On 07/27/2012 10:15 PM, Brent Bolin wrote:
I have been seeing selinux denials. I'm not sure if it was for the allinone plugin.
Should selinux be enabled or disabled?
enabled, but doesn't mean it doesn't have bugs: - try with disabled - report the denials
On Fri, Jul 27, 2012 at 1:54 PM, Yaniv Kaul <ykaul@redhat.com> wrote:
Did you look for selinux denials?
----- Original Message -----
I was not able to get this working using beta ovirt-engine-setup-plugin-allinone rpm
Used answer file as recommended on the wiki. I didn't document the exact error, but the install failed.
I did another install using F16 Installing VDSM from rpm
[ovirt-engine-3.0] name=ovirt-engine-3.0 baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16 enabled=1 gpgcheck=0
And then doing engine-setup
And then installing spice-xpi
Can't explain it but it's working from the F16 desktop using FF :)
On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <iheim@redhat.com> wrote:
On 07/26/2012 01:10 PM, David Jaša wrote:
Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
I have seen this. Can give it a try.
At this point I'm not sure if it's a problem with my configuration. Or making console connections with either vnc or spice. The ports are clearly running -
netstat -an|grep 590 tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN
When using plain old kvm, virt-manager I could just simply connect using any vnc or virt-viewer or x11 virtmanager.
I'm not sure what ovirt is doing with tls etc...
As Itamar already said, it: * sets up TLS and enforces it. * sets up temporary ticket
If you want to connect to the console manually, you have to set up the ticket - on the server, follow these steps in order to achieve it (from top of my head, can contain typos): VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print $1}')" vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
For TLS, you'll need CA file and host subject in case of host name used on CLI not matching host name in server cert CN. Assuming you're connecting from some other computer: SUBJECT="$(ssh root@$HOST 'grep Subject: /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')" scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE remote-viewer --spice-ca-file=$CA_FILE --spice-host-subject=$SUBJECT spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT # it will ask for password in pop-up window # OR you can use "good old" spicec: spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p $PORT -s $SECURE_PORT -w $PASSWORD
David
PS: given all the info, I guess you've run into some instance of this downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
brent - this only fails user portal. are you failing from webadmin as well?
Not being able to get console access is a definite show stopper. And it shouldn't be rocket science to do it. And it should be accessible from either linux or windows clients. Does vSphere (windows only) ring a bell?
On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim@redhat.com> wrote: > > > would it be relevant for you to try the 3.1 beta? > it has this which should cover your 'all in one' needs: > http://www.ovirt.org/wiki/Feature/AllInOne > > > > On 07/25/2012 06:52 PM, Brent Bolin wrote: >> >> >> Thanks David for your reply - >> >> I have completely flushed all iptables rules 'iptables --flush" >> - >> >> iptables -L -v -n >> Chain INPUT (policy ACCEPT 1775K packets, 627M bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt in out source >> destination >> >> Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes) >> pkts bytes target prot opt in out source >> destination >> >> >> The base host is Fedora 16 running with desktop >> >> First installed vdsm and then ovirt-engine >> >> Single network bridge installed, but there is another 1GB nic >> that >> isn't >> being used - >> >> eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A >> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:99656 errors:0 dropped:0 overruns:0 >> frame:0 >> TX packets:51508 errors:0 dropped:0 overruns:0 >> carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:63007897 (60.0 MiB) TX bytes:18148736 >> (17.3 MiB) >> >> lo Link encap:Local Loopback >> inet addr:127.0.0.1 Mask:255.0.0.0 >> inet6 addr: ::1/128 Scope:Host >> UP LOOPBACK RUNNING MTU:16436 Metric:1 >> RX packets:1814674 errors:0 dropped:0 overruns:0 >> frame:0 >> TX packets:1814674 errors:0 dropped:0 overruns:0 >> carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:646274067 (616.3 MiB) TX bytes:646274067 >> (616.3 >> MiB) >> >> ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A >> inet addr:192.168.0.118 Bcast:192.168.0.255 >> Mask:255.255.255.0 >> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:70706 errors:0 dropped:0 overruns:0 >> frame:0 >> TX packets:48717 errors:0 dropped:0 overruns:0 >> carrier:0 >> collisions:0 txqueuelen:0 >> RX bytes:52195637 (49.7 MiB) TX bytes:14942359 >> (14.2 MiB) >> >> vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00 >> inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >> RX packets:3 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:14 errors:0 dropped:0 overruns:1 >> carrier:0 >> collisions:0 txqueuelen:500 >> RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB) >> >> After ovirt engine is installed logged into the interface and >> configured >> the host using 127.0.0.1 . Host reboots. Host shows up in the >> admin >> interface only complaining about power management that isn't >> configured. >> >> >> Here >> >> <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink> >> >> is a screen shot of the web interface >> >> The only configuration settings I've changed are in the >> qemu.conf to >> either tls=0 or tls=1 >> >> spice-gtk-0.11-4.fc16.x86_64 >> spice-client-0.10.1-1.fc16.x86_64 >> spice-glib-0.11-4.fc16.x86_64 >> spice-gtk3-0.11-4.fc16.x86_64 >> spice-xpi-2.7-3.fc16.x86_64 >> spice-gtk-tools-0.11-4.fc16.x86_64 >> spice-server-0.10.1-1.fc16.x86_64 >> >> The link in the admin interface shows available(using FF). >> When I >> click >> it opens a spicec:0 dialog and just closes >> >> If I try to open from a shell I get things like this - >> >> Brief window open and then error - >> >> spicec -h 127.0.0.1 -p 5900 >> Warning: connect error 5 - need secured connection >> >> >> >> >> >> >> >> On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa@redhat.com >> <mailto:djasa@redhat.com>> wrote: >> > Hi Brent, >> > >> > first guess: have a look if your iptables setup allow >> > connection to >> the >> > qemu processes. RHEV 3.0 documentation (publicly accesible) >> > says >> that a >> > host needs these ports open: >> > port 22 for SSH, >> > ports 5634 to 6166 for guest console connections, >> > port 16514 for libvirt virtual machine migration >> > traffic, >> > ports 49152 to 49216 for VDSM virtual machine >> > migration >> traffic, >> > and >> > port 54321 for the Red Hat Enterprise >> > Virtualization >> Manager. >> > >> > If you have ovirt-engine running onu the same machine as >> > vdsm, most >> of >> > the ports don't need to be accessible from outside but >> > "guest >> console" >> > ports do. >> > >> > If it isn't iptables, please share at least: >> > * what your actual topology is (engine on the physical >> > host?) >> > * if you use some custom tls settings such as tls switched >> > off >> > * what spice client & xpi versions are you using >> > * how exactly the client failed (showed error window? with >> > what >> error? >> > just didn't launch?) >> > >> > In your email, you didn't write any debugging hints apart >> > from the >> setup >> > being single-host one... >> > >> > David >> > >> > >> > Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500: >> >> About 6 months ago I asked on this list if it was possible >> >> to >> install >> >> ovirt on a single host. Thread got long and winded and >> >> lost >> interest. >> >> >> >> Started looking at the project again about two days ago. >> >> What I >> >> really didn't understand was using a base Fedora install. >> Installing >> >> vdsm and then installing ovirt engine. >> >> >> >> So everything is up. Created data center, storage, >> >> cluster, host >> and >> >> virtual machine. >> >> >> >> But I can't get there from here. I can't get console >> >> running to >> >> configure the booted install. >> >> >> >> I've tried VNC, Spice, Firefox with spice-xpi plugin. >> >> >> >> Tried tweaking, turning, touching, swearing @ >> /etc/libvirt/qemu.conf >> >> settings. tls settings. Not even sure if this is the >> >> right place >> to >> >> be checking. >> >> >> >> This is a show stopper. >> >> >> >> LSB Version: :core-4.0-amd64:core-4.0-noarch >> >> Distributor ID: Fedora >> >> Description: Fedora release 16 (Verne) >> >> Release: 16 >> >> Codename: Verne >> >> >> >> [root@ovirt # rpm -qa|grep ovirt-engine >> >> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-jbossas-1.2-2.fc16.x86_64 >> >> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64 >> >> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64 >> >> >> >> Any input would be appreciated >> >> _______________________________________________ >> >> Users mailing list >> >> Users@ovirt.org <mailto:Users@ovirt.org> >> >> >> http://lists.ovirt.org/mailman/listinfo/users >> > >> > -- >> > >> > David Jaša, RHCE >> > >> > SPICE QE based in Brno >> > GPG Key: 22C33E24 >> > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 >> > 3E24 >> > >> > >> > >> >> >> _______________________________________________ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> > > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (5)
-
Brent Bolin -
David Jaša -
Frank Wall -
Itamar Heim -
Yaniv Kaul