[Users] Unable to login into console Spice VNC anyone?
Brent Bolin
brent.bolin at gmail.com
Fri Jul 27 13:49:43 UTC 2012
I was not able to get this working using beta
ovirt-engine-setup-plugin-allinone rpm
Used answer file as recommended on the wiki. I didn't document the
exact error, but the install failed.
I did another install using F16 Installing VDSM from rpm
[ovirt-engine-3.0]
name=ovirt-engine-3.0
baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16
enabled=1
gpgcheck=0
And then doing engine-setup
And then installing spice-xpi
Can't explain it but it's working from the F16 desktop using FF :)
On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <iheim at redhat.com> wrote:
> On 07/26/2012 01:10 PM, David Jaša wrote:
>>
>> Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
>>>
>>> I have seen this. Can give it a try.
>>>
>>> At this point I'm not sure if it's a problem with my configuration.
>>> Or making console connections with either vnc or spice. The ports are
>>> clearly running -
>>>
>>> netstat -an|grep 590
>>> tcp 0 0 0.0.0.0:5900 0.0.0.0:*
>>> LISTEN
>>> tcp 0 0 0.0.0.0:5901 0.0.0.0:*
>>> LISTEN
>>>
>>>
>>> When using plain old kvm, virt-manager I could just simply connect
>>> using any vnc or virt-viewer or x11 virtmanager.
>>>
>>> I'm not sure what ovirt is doing with tls etc...
>>>
>>
>> As Itamar already said, it:
>> * sets up TLS and enforces it.
>> * sets up temporary ticket
>>
>> If you want to connect to the console manually, you have to set up the
>> ticket - on the server, follow these steps in order to achieve it (from
>> top of my head, can contain typos):
>> VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print $1}')"
>> vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
>>
>> For TLS, you'll need CA file and host subject in case of host name used
>> on CLI not matching host name in server cert CN. Assuming you're
>> connecting from some other computer:
>> SUBJECT="$(ssh root@$HOST 'grep Subject:
>> /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')"
>> scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE
>> remote-viewer --spice-ca-file=$CA_FILE --spice-host-subject=$SUBJECT
>> spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT
>> # it will ask for password in pop-up window
>> # OR you can use "good old" spicec:
>> spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p $PORT -s
>> $SECURE_PORT -w $PASSWORD
>>
>> David
>>
>> PS: given all the info, I guess you've run into some instance of this
>> downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
>
>
> brent - this only fails user portal. are you failing from webadmin as well?
>
>
>>
>>
>>> Not being able to get console access is a definite show stopper. And
>>> it shouldn't be rocket science to do it. And it should be accessible
>>> from either linux or windows clients. Does vSphere (windows only)
>>> ring a bell?
>>>
>>>
>>>
>>>
>>>
>>> On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim at redhat.com> wrote:
>>>>
>>>>
>>>> would it be relevant for you to try the 3.1 beta?
>>>> it has this which should cover your 'all in one' needs:
>>>> http://www.ovirt.org/wiki/Feature/AllInOne
>>>>
>>>>
>>>>
>>>> On 07/25/2012 06:52 PM, Brent Bolin wrote:
>>>>>
>>>>>
>>>>> Thanks David for your reply -
>>>>>
>>>>> I have completely flushed all iptables rules 'iptables --flush" -
>>>>>
>>>>> iptables -L -v -n
>>>>> Chain INPUT (policy ACCEPT 1775K packets, 627M bytes)
>>>>> pkts bytes target prot opt in out source
>>>>> destination
>>>>>
>>>>> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>>>>> pkts bytes target prot opt in out source
>>>>> destination
>>>>>
>>>>> Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes)
>>>>> pkts bytes target prot opt in out source
>>>>> destination
>>>>>
>>>>>
>>>>> The base host is Fedora 16 running with desktop
>>>>>
>>>>> First installed vdsm and then ovirt-engine
>>>>>
>>>>> Single network bridge installed, but there is another 1GB nic that
>>>>> isn't
>>>>> being used -
>>>>>
>>>>> eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A
>>>>> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link
>>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>>> RX packets:99656 errors:0 dropped:0 overruns:0 frame:0
>>>>> TX packets:51508 errors:0 dropped:0 overruns:0 carrier:0
>>>>> collisions:0 txqueuelen:1000
>>>>> RX bytes:63007897 (60.0 MiB) TX bytes:18148736 (17.3 MiB)
>>>>>
>>>>> lo Link encap:Local Loopback
>>>>> inet addr:127.0.0.1 Mask:255.0.0.0
>>>>> inet6 addr: ::1/128 Scope:Host
>>>>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>>>>> RX packets:1814674 errors:0 dropped:0 overruns:0 frame:0
>>>>> TX packets:1814674 errors:0 dropped:0 overruns:0 carrier:0
>>>>> collisions:0 txqueuelen:0
>>>>> RX bytes:646274067 (616.3 MiB) TX bytes:646274067 (616.3
>>>>> MiB)
>>>>>
>>>>> ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A
>>>>> inet addr:192.168.0.118 Bcast:192.168.0.255
>>>>> Mask:255.255.255.0
>>>>> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link
>>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>>> RX packets:70706 errors:0 dropped:0 overruns:0 frame:0
>>>>> TX packets:48717 errors:0 dropped:0 overruns:0 carrier:0
>>>>> collisions:0 txqueuelen:0
>>>>> RX bytes:52195637 (49.7 MiB) TX bytes:14942359 (14.2 MiB)
>>>>>
>>>>> vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00
>>>>> inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link
>>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>>> RX packets:3 errors:0 dropped:0 overruns:0 frame:0
>>>>> TX packets:14 errors:0 dropped:0 overruns:1 carrier:0
>>>>> collisions:0 txqueuelen:500
>>>>> RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
>>>>>
>>>>> After ovirt engine is installed logged into the interface and
>>>>> configured
>>>>> the host using 127.0.0.1 . Host reboots. Host shows up in the admin
>>>>> interface only complaining about power management that isn't
>>>>> configured.
>>>>>
>>>>>
>>>>> Here
>>>>>
>>>>> <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>
>>>>>
>>>>> is a screen shot of the web interface
>>>>>
>>>>> The only configuration settings I've changed are in the qemu.conf to
>>>>> either tls=0 or tls=1
>>>>>
>>>>> spice-gtk-0.11-4.fc16.x86_64
>>>>> spice-client-0.10.1-1.fc16.x86_64
>>>>> spice-glib-0.11-4.fc16.x86_64
>>>>> spice-gtk3-0.11-4.fc16.x86_64
>>>>> spice-xpi-2.7-3.fc16.x86_64
>>>>> spice-gtk-tools-0.11-4.fc16.x86_64
>>>>> spice-server-0.10.1-1.fc16.x86_64
>>>>>
>>>>> The link in the admin interface shows available(using FF). When I
>>>>> click
>>>>> it opens a spicec:0 dialog and just closes
>>>>>
>>>>> If I try to open from a shell I get things like this -
>>>>>
>>>>> Brief window open and then error -
>>>>>
>>>>> spicec -h 127.0.0.1 -p 5900
>>>>> Warning: connect error 5 - need secured connection
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa at redhat.com
>>>>> <mailto:djasa at redhat.com>> wrote:
>>>>> > Hi Brent,
>>>>> >
>>>>> > first guess: have a look if your iptables setup allow connection to
>>>>> the
>>>>> > qemu processes. RHEV 3.0 documentation (publicly accesible) says
>>>>> that a
>>>>> > host needs these ports open:
>>>>> > port 22 for SSH,
>>>>> > ports 5634 to 6166 for guest console connections,
>>>>> > port 16514 for libvirt virtual machine migration traffic,
>>>>> > ports 49152 to 49216 for VDSM virtual machine migration
>>>>> traffic,
>>>>> > and
>>>>> > port 54321 for the Red Hat Enterprise Virtualization
>>>>> Manager.
>>>>> >
>>>>> > If you have ovirt-engine running onu the same machine as vdsm, most
>>>>> of
>>>>> > the ports don't need to be accessible from outside but "guest
>>>>> console"
>>>>> > ports do.
>>>>> >
>>>>> > If it isn't iptables, please share at least:
>>>>> > * what your actual topology is (engine on the physical host?)
>>>>> > * if you use some custom tls settings such as tls switched off
>>>>> > * what spice client & xpi versions are you using
>>>>> > * how exactly the client failed (showed error window? with what
>>>>> error?
>>>>> > just didn't launch?)
>>>>> >
>>>>> > In your email, you didn't write any debugging hints apart from the
>>>>> setup
>>>>> > being single-host one...
>>>>> >
>>>>> > David
>>>>> >
>>>>> >
>>>>> > Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
>>>>> >> About 6 months ago I asked on this list if it was possible to
>>>>> install
>>>>> >> ovirt on a single host. Thread got long and winded and lost
>>>>> interest.
>>>>> >>
>>>>> >> Started looking at the project again about two days ago. What I
>>>>> >> really didn't understand was using a base Fedora install.
>>>>> Installing
>>>>> >> vdsm and then installing ovirt engine.
>>>>> >>
>>>>> >> So everything is up. Created data center, storage, cluster, host
>>>>> and
>>>>> >> virtual machine.
>>>>> >>
>>>>> >> But I can't get there from here. I can't get console running to
>>>>> >> configure the booted install.
>>>>> >>
>>>>> >> I've tried VNC, Spice, Firefox with spice-xpi plugin.
>>>>> >>
>>>>> >> Tried tweaking, turning, touching, swearing @
>>>>> /etc/libvirt/qemu.conf
>>>>> >> settings. tls settings. Not even sure if this is the right place
>>>>> to
>>>>> >> be checking.
>>>>> >>
>>>>> >> This is a show stopper.
>>>>> >>
>>>>> >> LSB Version: :core-4.0-amd64:core-4.0-noarch
>>>>> >> Distributor ID: Fedora
>>>>> >> Description: Fedora release 16 (Verne)
>>>>> >> Release: 16
>>>>> >> Codename: Verne
>>>>> >>
>>>>> >> [root at ovirt # rpm -qa|grep ovirt-engine
>>>>> >> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-jbossas-1.2-2.fc16.x86_64
>>>>> >> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64
>>>>> >> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
>>>>> >>
>>>>> >> Any input would be appreciated
>>>>> >> _______________________________________________
>>>>> >> Users mailing list
>>>>> >> Users at ovirt.org <mailto:Users at ovirt.org>
>>>>>
>>>>> >> http://lists.ovirt.org/mailman/listinfo/users
>>>>> >
>>>>> > --
>>>>> >
>>>>> > David Jaša, RHCE
>>>>> >
>>>>> > SPICE QE based in Brno
>>>>> > GPG Key: 22C33E24
>>>>> > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
>>>>> >
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
>
More information about the Users
mailing list