[Users] permanent vnc password and custom properties

David Elliott david.elliott at shazamteam.com
Tue Apr 3 17:56:09 UTC 2012


Hi

Fairly basic bash script below 
authenticates user and uses the api to retrieve some vm info - then creates
a secured spice connection to vm (or optionally list possible vms with -list
arg)


On windows, using cygwin to run and then call the spicec.exe to connect to
console



#!/bin/bash
UNAME=`uname`
if test ${UNAME} = "Linux"
then
        PLATFORM=linux
else
        PLATFORM=windows
fi

if test $PLATFORM = "windows"
then
        APP_DIR=/cygdrive/c/spice
        SPICE_BIN=${APP_DIR}/spicec.exe
	  # copied from ovirt node /etc/pki/vdsm/libvirt-spice/ca-cert.pem
        CERT_FILE="c:\spice\ca-cert-ovirt.pem"
        TMP_FILE=/tmp/curly.txt
        MGMT_SERVER=http://YOUR_ENGINE:8080
        # @internal for local auth... @as_applicable otherwise
        DOMAIN=@YOUR_DOMAIN
elif test $PLATFORM = "linux"
then
        APP_DIR=/root/spicer
        SPICE_BIN=spicec
	  # copied from ovirt node /etc/pki/vdsm/libvirt-spice/ca-cert.pem
        CERT_FILE=${APP_DIR}/ca-cert-ovirt.pem
        TMP_FILE=/tmp/curly.txt
        MGMT_SERVER=http://YOUR_ENGINE:8080
        # @internal for local auth... @as_applicable otherwise
        DOMAIN=@YOUR_DOMAIN
fi

trap "rm -f ${TMP_FILE}" EXIT

Usage () {
        echo "Requires an argument"
        echo -e "\t list : list possible virtual machine names"
        echo -e "\t vmname : name of virtual machine to connect to"
}

if test -z $1
then
        Usage
        exit 0
fi

#
echo "enter active directory username"
read -t 10 USERNAME
USER="${USERNAME}${DOMAIN}"

echo "enter active directory password"
read -t 10 PASSWORD

if test $1 = "list"
then
        curl -o  ${TMP_FILE} -sf -u ${USER}:${PASSWORD}
${MGMT_SERVER}/api/vms
        # note the below is a slight cludge - very lazy grep which should
really do a positional search for only the <name> value relating to the
hostname
        # right now we just exclude our DOMAIN name from the returned list
of vm names (which luckily aren't fully qualifed....)
        VMS=`grep "<name>" ${TMP_FILE} | cut -d '>' -f2| cut -d'<' -f1 |
grep -v ${DOMAIN}`
        echo
        echo "Possible VMS Are ...."
        echo ${VMS}
        exit 0
else
        VMNAME=$1
fi

for tickety in `curl -sf -u ${USER}:${PASSWORD}
${MGMT_SERVER}/api/vms?search=$VMNAME|grep ticket | cut -d'"' -f2`
do
        curl -sf -o ${TMP_FILE} -X POST -H "Accept: application/xml" -H
"Content-Type: application/xml" -u ${USER}:${PASSWORD} -d
"<action><ticket><expiry>900</expiry></ticket></action>"
${MGMT_SERVER}${tickety}
        SPICE_PASSWORD=`grep value ${TMP_FILE} | cut -d '>' -f2| cut -d'<'
-f1`
done

curl -sf -u ${USER}:${PASSWORD} ${MGMT_SERVER}/api/vms?search=$VMNAME|grep
-A 5 "<display>" > ${TMP_FILE}

SPICE_HOST=`grep address ${TMP_FILE} | cut -d '>' -f2| cut -d'<' -f1 | tr -d
[:blank:]`
SPICE_PORT=`grep "<port>" ${TMP_FILE} | cut -d '>' -f2| cut -d'<' -f1 | tr
-d [:blank:]`
SPICE_SEC_PORT=`grep secure_port ${TMP_FILE} | cut -d '>' -f2| cut -d'<' -f1
|tr -d [:blank:]`

# get the subject line from the server cert on the ovirt node - we replace
SPICE_HOST value as applicable depending on where our vm happens to be
running
#openssl x509 -noout -text -in
/config/etc/pki/vdsm/libvirt-spice/server-cert.pem | grep Subject: | cut -f
10- -d " "
SUBJECT="O=ovirt,CN=${SPICE_HOST}"

#echo "${SPICE_BIN} -h ${SPICE_HOST} -p ${SPICE_PORT} -s ${SPICE_SEC_PORT}
--secure-channels all --host-subject ${SUBJECT} -w ${SPICE_PASSWORD}
--ca-file ${CERT_FILE}"
#spicec -h ${SPICE_HOST} -p ${SPICE_PORT} -s ${SPICE_SEC_PORT}
--secure-channels all --host-subject ${SUBJECT} -w ${SPICE_PASSWORD}
--ca-file ${CERT_FILE}
echo "${SPICE_BIN} -h ${SPICE_HOST} -p ${SPICE_PORT} -s ${SPICE_SEC_PORT}
--secure-channels all --host-subject ${SUBJECT} -w ${SPICE_PASSWORD}
--ca-file ${CERT_FILE}"

${SPICE_BIN} -h ${SPICE_HOST} -p ${SPICE_PORT} -s ${SPICE_SEC_PORT}
--secure-channels all --host-subject ${SUBJECT} -w ${SPICE_PASSWORD}
--ca-file ${CERT_FILE}

-----Original Message-----
From: users-bounces at ovirt.org [mailto:users-bounces at ovirt.org] On Behalf Of
Michal Kopacki
Sent: 21 March 2012 08:01
To: Itamar Heim
Cc: users at ovirt.org
Subject: Re: [Users] permanent vnc password and custom properties

On Tue, 20 Mar 2012 18:17:19 +0200
Itamar Heim <iheim at redhat.com> wrote:

> On 03/20/2012 02:59 PM, Michal Kopacki wrote:
> > Any thoughts how to set vnc password permanently (without any
> > scripts outside ovirt). ?
> >
> > Now I use cli command such:
> >
> > vdsClient -s 0 setVmTicket 75c42e2e-ac28-45ae-9c78-2e4f68ee9c07
> > <pass> 3600 keep
> >
> > But it's not so convenient.
> >
> > Second question is how to use "Custom properties" box - how should
> > command/value looks like ?
> >
> 
> you can set vmticket from ovirt api/sdk/cli as well, no need to
> directly use the vdsm cli.
> to the ticket action, pass the expiry you want

  Could you present some example ?

-- 
Michal
_______________________________________________
Users mailing list
Users at ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________


______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________



More information about the Users mailing list