[Users] permanent vnc password and custom properties
David Elliott
david.elliott at shazamteam.com
Tue Apr 3 17:56:09 UTC 2012
Hi
Fairly basic bash script below
authenticates user and uses the api to retrieve some vm info - then creates
a secured spice connection to vm (or optionally list possible vms with -list
arg)
On windows, using cygwin to run and then call the spicec.exe to connect to
console
#!/bin/bash
UNAME=`uname`
if test ${UNAME} = "Linux"
then
PLATFORM=linux
else
PLATFORM=windows
fi
if test $PLATFORM = "windows"
then
APP_DIR=/cygdrive/c/spice
SPICE_BIN=${APP_DIR}/spicec.exe
# copied from ovirt node /etc/pki/vdsm/libvirt-spice/ca-cert.pem
CERT_FILE="c:\spice\ca-cert-ovirt.pem"
TMP_FILE=/tmp/curly.txt
MGMT_SERVER=http://YOUR_ENGINE:8080
# @internal for local auth... @as_applicable otherwise
DOMAIN=@YOUR_DOMAIN
elif test $PLATFORM = "linux"
then
APP_DIR=/root/spicer
SPICE_BIN=spicec
# copied from ovirt node /etc/pki/vdsm/libvirt-spice/ca-cert.pem
CERT_FILE=${APP_DIR}/ca-cert-ovirt.pem
TMP_FILE=/tmp/curly.txt
MGMT_SERVER=http://YOUR_ENGINE:8080
# @internal for local auth... @as_applicable otherwise
DOMAIN=@YOUR_DOMAIN
fi
trap "rm -f ${TMP_FILE}" EXIT
Usage () {
echo "Requires an argument"
echo -e "\t list : list possible virtual machine names"
echo -e "\t vmname : name of virtual machine to connect to"
}
if test -z $1
then
Usage
exit 0
fi
#
echo "enter active directory username"
read -t 10 USERNAME
USER="${USERNAME}${DOMAIN}"
echo "enter active directory password"
read -t 10 PASSWORD
if test $1 = "list"
then
curl -o ${TMP_FILE} -sf -u ${USER}:${PASSWORD}
${MGMT_SERVER}/api/vms
# note the below is a slight cludge - very lazy grep which should
really do a positional search for only the <name> value relating to the
hostname
# right now we just exclude our DOMAIN name from the returned list
of vm names (which luckily aren't fully qualifed....)
VMS=`grep "<name>" ${TMP_FILE} | cut -d '>' -f2| cut -d'<' -f1 |
grep -v ${DOMAIN}`
echo
echo "Possible VMS Are ...."
echo ${VMS}
exit 0
else
VMNAME=$1
fi
for tickety in `curl -sf -u ${USER}:${PASSWORD}
${MGMT_SERVER}/api/vms?search=$VMNAME|grep ticket | cut -d'"' -f2`
do
curl -sf -o ${TMP_FILE} -X POST -H "Accept: application/xml" -H
"Content-Type: application/xml" -u ${USER}:${PASSWORD} -d
"<action><ticket><expiry>900</expiry></ticket></action>"
${MGMT_SERVER}${tickety}
SPICE_PASSWORD=`grep value ${TMP_FILE} | cut -d '>' -f2| cut -d'<'
-f1`
done
curl -sf -u ${USER}:${PASSWORD} ${MGMT_SERVER}/api/vms?search=$VMNAME|grep
-A 5 "<display>" > ${TMP_FILE}
SPICE_HOST=`grep address ${TMP_FILE} | cut -d '>' -f2| cut -d'<' -f1 | tr -d
[:blank:]`
SPICE_PORT=`grep "<port>" ${TMP_FILE} | cut -d '>' -f2| cut -d'<' -f1 | tr
-d [:blank:]`
SPICE_SEC_PORT=`grep secure_port ${TMP_FILE} | cut -d '>' -f2| cut -d'<' -f1
|tr -d [:blank:]`
# get the subject line from the server cert on the ovirt node - we replace
SPICE_HOST value as applicable depending on where our vm happens to be
running
#openssl x509 -noout -text -in
/config/etc/pki/vdsm/libvirt-spice/server-cert.pem | grep Subject: | cut -f
10- -d " "
SUBJECT="O=ovirt,CN=${SPICE_HOST}"
#echo "${SPICE_BIN} -h ${SPICE_HOST} -p ${SPICE_PORT} -s ${SPICE_SEC_PORT}
--secure-channels all --host-subject ${SUBJECT} -w ${SPICE_PASSWORD}
--ca-file ${CERT_FILE}"
#spicec -h ${SPICE_HOST} -p ${SPICE_PORT} -s ${SPICE_SEC_PORT}
--secure-channels all --host-subject ${SUBJECT} -w ${SPICE_PASSWORD}
--ca-file ${CERT_FILE}
echo "${SPICE_BIN} -h ${SPICE_HOST} -p ${SPICE_PORT} -s ${SPICE_SEC_PORT}
--secure-channels all --host-subject ${SUBJECT} -w ${SPICE_PASSWORD}
--ca-file ${CERT_FILE}"
${SPICE_BIN} -h ${SPICE_HOST} -p ${SPICE_PORT} -s ${SPICE_SEC_PORT}
--secure-channels all --host-subject ${SUBJECT} -w ${SPICE_PASSWORD}
--ca-file ${CERT_FILE}
-----Original Message-----
From: users-bounces at ovirt.org [mailto:users-bounces at ovirt.org] On Behalf Of
Michal Kopacki
Sent: 21 March 2012 08:01
To: Itamar Heim
Cc: users at ovirt.org
Subject: Re: [Users] permanent vnc password and custom properties
On Tue, 20 Mar 2012 18:17:19 +0200
Itamar Heim <iheim at redhat.com> wrote:
> On 03/20/2012 02:59 PM, Michal Kopacki wrote:
> > Any thoughts how to set vnc password permanently (without any
> > scripts outside ovirt). ?
> >
> > Now I use cli command such:
> >
> > vdsClient -s 0 setVmTicket 75c42e2e-ac28-45ae-9c78-2e4f68ee9c07
> > <pass> 3600 keep
> >
> > But it's not so convenient.
> >
> > Second question is how to use "Custom properties" box - how should
> > command/value looks like ?
> >
>
> you can set vmticket from ovirt api/sdk/cli as well, no need to
> directly use the vdsm cli.
> to the ticket action, pass the expiry you want
Could you present some example ?
--
Michal
_______________________________________________
Users mailing list
Users at ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
More information about the Users
mailing list