[Users] Unable to login into console Spice VNC anyone?
Brent Bolin
brent.bolin at gmail.com
Fri Jul 27 19:15:27 UTC 2012
I have been seeing selinux denials. I'm not sure if it was for the
allinone plugin.
Should selinux be enabled or disabled?
On Fri, Jul 27, 2012 at 1:54 PM, Yaniv Kaul <ykaul at redhat.com> wrote:
> Did you look for selinux denials?
>
> ----- Original Message -----
>> I was not able to get this working using beta
>> ovirt-engine-setup-plugin-allinone rpm
>>
>> Used answer file as recommended on the wiki. I didn't document the
>> exact error, but the install failed.
>>
>> I did another install using F16 Installing VDSM from rpm
>>
>> [ovirt-engine-3.0]
>> name=ovirt-engine-3.0
>> baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16
>> enabled=1
>> gpgcheck=0
>>
>>
>> And then doing engine-setup
>>
>> And then installing spice-xpi
>>
>> Can't explain it but it's working from the F16 desktop using FF :)
>>
>>
>>
>> On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <iheim at redhat.com>
>> wrote:
>> > On 07/26/2012 01:10 PM, David Jaša wrote:
>> >>
>> >> Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
>> >>>
>> >>> I have seen this. Can give it a try.
>> >>>
>> >>> At this point I'm not sure if it's a problem with my
>> >>> configuration.
>> >>> Or making console connections with either vnc or spice. The
>> >>> ports are
>> >>> clearly running -
>> >>>
>> >>> netstat -an|grep 590
>> >>> tcp 0 0 0.0.0.0:5900 0.0.0.0:*
>> >>> LISTEN
>> >>> tcp 0 0 0.0.0.0:5901 0.0.0.0:*
>> >>> LISTEN
>> >>>
>> >>>
>> >>> When using plain old kvm, virt-manager I could just simply
>> >>> connect
>> >>> using any vnc or virt-viewer or x11 virtmanager.
>> >>>
>> >>> I'm not sure what ovirt is doing with tls etc...
>> >>>
>> >>
>> >> As Itamar already said, it:
>> >> * sets up TLS and enforces it.
>> >> * sets up temporary ticket
>> >>
>> >> If you want to connect to the console manually, you have to set up
>> >> the
>> >> ticket - on the server, follow these steps in order to achieve it
>> >> (from
>> >> top of my head, can contain typos):
>> >> VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print
>> >> $1}')"
>> >> vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
>> >>
>> >> For TLS, you'll need CA file and host subject in case of host name
>> >> used
>> >> on CLI not matching host name in server cert CN. Assuming you're
>> >> connecting from some other computer:
>> >> SUBJECT="$(ssh root@$HOST 'grep Subject:
>> >> /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')"
>> >> scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE
>> >> remote-viewer --spice-ca-file=$CA_FILE
>> >> --spice-host-subject=$SUBJECT
>> >> spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT
>> >> # it will ask for password in pop-up window
>> >> # OR you can use "good old" spicec:
>> >> spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p
>> >> $PORT -s
>> >> $SECURE_PORT -w $PASSWORD
>> >>
>> >> David
>> >>
>> >> PS: given all the info, I guess you've run into some instance of
>> >> this
>> >> downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
>> >
>> >
>> > brent - this only fails user portal. are you failing from webadmin
>> > as well?
>> >
>> >
>> >>
>> >>
>> >>> Not being able to get console access is a definite show stopper.
>> >>> And
>> >>> it shouldn't be rocket science to do it. And it should be
>> >>> accessible
>> >>> from either linux or windows clients. Does vSphere (windows
>> >>> only)
>> >>> ring a bell?
>> >>>
>> >>>
>> >>>
>> >>>
>> >>>
>> >>> On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim at redhat.com>
>> >>> wrote:
>> >>>>
>> >>>>
>> >>>> would it be relevant for you to try the 3.1 beta?
>> >>>> it has this which should cover your 'all in one' needs:
>> >>>> http://www.ovirt.org/wiki/Feature/AllInOne
>> >>>>
>> >>>>
>> >>>>
>> >>>> On 07/25/2012 06:52 PM, Brent Bolin wrote:
>> >>>>>
>> >>>>>
>> >>>>> Thanks David for your reply -
>> >>>>>
>> >>>>> I have completely flushed all iptables rules 'iptables --flush"
>> >>>>> -
>> >>>>>
>> >>>>> iptables -L -v -n
>> >>>>> Chain INPUT (policy ACCEPT 1775K packets, 627M bytes)
>> >>>>> pkts bytes target prot opt in out source
>> >>>>> destination
>> >>>>>
>> >>>>> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>> >>>>> pkts bytes target prot opt in out source
>> >>>>> destination
>> >>>>>
>> >>>>> Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes)
>> >>>>> pkts bytes target prot opt in out source
>> >>>>> destination
>> >>>>>
>> >>>>>
>> >>>>> The base host is Fedora 16 running with desktop
>> >>>>>
>> >>>>> First installed vdsm and then ovirt-engine
>> >>>>>
>> >>>>> Single network bridge installed, but there is another 1GB nic
>> >>>>> that
>> >>>>> isn't
>> >>>>> being used -
>> >>>>>
>> >>>>> eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A
>> >>>>> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link
>> >>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> >>>>> RX packets:99656 errors:0 dropped:0 overruns:0
>> >>>>> frame:0
>> >>>>> TX packets:51508 errors:0 dropped:0 overruns:0
>> >>>>> carrier:0
>> >>>>> collisions:0 txqueuelen:1000
>> >>>>> RX bytes:63007897 (60.0 MiB) TX bytes:18148736
>> >>>>> (17.3 MiB)
>> >>>>>
>> >>>>> lo Link encap:Local Loopback
>> >>>>> inet addr:127.0.0.1 Mask:255.0.0.0
>> >>>>> inet6 addr: ::1/128 Scope:Host
>> >>>>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>> >>>>> RX packets:1814674 errors:0 dropped:0 overruns:0
>> >>>>> frame:0
>> >>>>> TX packets:1814674 errors:0 dropped:0 overruns:0
>> >>>>> carrier:0
>> >>>>> collisions:0 txqueuelen:0
>> >>>>> RX bytes:646274067 (616.3 MiB) TX bytes:646274067
>> >>>>> (616.3
>> >>>>> MiB)
>> >>>>>
>> >>>>> ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A
>> >>>>> inet addr:192.168.0.118 Bcast:192.168.0.255
>> >>>>> Mask:255.255.255.0
>> >>>>> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link
>> >>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> >>>>> RX packets:70706 errors:0 dropped:0 overruns:0
>> >>>>> frame:0
>> >>>>> TX packets:48717 errors:0 dropped:0 overruns:0
>> >>>>> carrier:0
>> >>>>> collisions:0 txqueuelen:0
>> >>>>> RX bytes:52195637 (49.7 MiB) TX bytes:14942359
>> >>>>> (14.2 MiB)
>> >>>>>
>> >>>>> vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00
>> >>>>> inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link
>> >>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> >>>>> RX packets:3 errors:0 dropped:0 overruns:0 frame:0
>> >>>>> TX packets:14 errors:0 dropped:0 overruns:1
>> >>>>> carrier:0
>> >>>>> collisions:0 txqueuelen:500
>> >>>>> RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
>> >>>>>
>> >>>>> After ovirt engine is installed logged into the interface and
>> >>>>> configured
>> >>>>> the host using 127.0.0.1 . Host reboots. Host shows up in the
>> >>>>> admin
>> >>>>> interface only complaining about power management that isn't
>> >>>>> configured.
>> >>>>>
>> >>>>>
>> >>>>> Here
>> >>>>>
>> >>>>> <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>
>> >>>>>
>> >>>>> is a screen shot of the web interface
>> >>>>>
>> >>>>> The only configuration settings I've changed are in the
>> >>>>> qemu.conf to
>> >>>>> either tls=0 or tls=1
>> >>>>>
>> >>>>> spice-gtk-0.11-4.fc16.x86_64
>> >>>>> spice-client-0.10.1-1.fc16.x86_64
>> >>>>> spice-glib-0.11-4.fc16.x86_64
>> >>>>> spice-gtk3-0.11-4.fc16.x86_64
>> >>>>> spice-xpi-2.7-3.fc16.x86_64
>> >>>>> spice-gtk-tools-0.11-4.fc16.x86_64
>> >>>>> spice-server-0.10.1-1.fc16.x86_64
>> >>>>>
>> >>>>> The link in the admin interface shows available(using FF).
>> >>>>> When I
>> >>>>> click
>> >>>>> it opens a spicec:0 dialog and just closes
>> >>>>>
>> >>>>> If I try to open from a shell I get things like this -
>> >>>>>
>> >>>>> Brief window open and then error -
>> >>>>>
>> >>>>> spicec -h 127.0.0.1 -p 5900
>> >>>>> Warning: connect error 5 - need secured connection
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa at redhat.com
>> >>>>> <mailto:djasa at redhat.com>> wrote:
>> >>>>> > Hi Brent,
>> >>>>> >
>> >>>>> > first guess: have a look if your iptables setup allow
>> >>>>> > connection to
>> >>>>> the
>> >>>>> > qemu processes. RHEV 3.0 documentation (publicly accesible)
>> >>>>> > says
>> >>>>> that a
>> >>>>> > host needs these ports open:
>> >>>>> > port 22 for SSH,
>> >>>>> > ports 5634 to 6166 for guest console connections,
>> >>>>> > port 16514 for libvirt virtual machine migration
>> >>>>> > traffic,
>> >>>>> > ports 49152 to 49216 for VDSM virtual machine
>> >>>>> > migration
>> >>>>> traffic,
>> >>>>> > and
>> >>>>> > port 54321 for the Red Hat Enterprise
>> >>>>> > Virtualization
>> >>>>> Manager.
>> >>>>> >
>> >>>>> > If you have ovirt-engine running onu the same machine as
>> >>>>> > vdsm, most
>> >>>>> of
>> >>>>> > the ports don't need to be accessible from outside but
>> >>>>> > "guest
>> >>>>> console"
>> >>>>> > ports do.
>> >>>>> >
>> >>>>> > If it isn't iptables, please share at least:
>> >>>>> > * what your actual topology is (engine on the physical
>> >>>>> > host?)
>> >>>>> > * if you use some custom tls settings such as tls switched
>> >>>>> > off
>> >>>>> > * what spice client & xpi versions are you using
>> >>>>> > * how exactly the client failed (showed error window? with
>> >>>>> > what
>> >>>>> error?
>> >>>>> > just didn't launch?)
>> >>>>> >
>> >>>>> > In your email, you didn't write any debugging hints apart
>> >>>>> > from the
>> >>>>> setup
>> >>>>> > being single-host one...
>> >>>>> >
>> >>>>> > David
>> >>>>> >
>> >>>>> >
>> >>>>> > Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
>> >>>>> >> About 6 months ago I asked on this list if it was possible
>> >>>>> >> to
>> >>>>> install
>> >>>>> >> ovirt on a single host. Thread got long and winded and
>> >>>>> >> lost
>> >>>>> interest.
>> >>>>> >>
>> >>>>> >> Started looking at the project again about two days ago.
>> >>>>> >> What I
>> >>>>> >> really didn't understand was using a base Fedora install.
>> >>>>> Installing
>> >>>>> >> vdsm and then installing ovirt engine.
>> >>>>> >>
>> >>>>> >> So everything is up. Created data center, storage,
>> >>>>> >> cluster, host
>> >>>>> and
>> >>>>> >> virtual machine.
>> >>>>> >>
>> >>>>> >> But I can't get there from here. I can't get console
>> >>>>> >> running to
>> >>>>> >> configure the booted install.
>> >>>>> >>
>> >>>>> >> I've tried VNC, Spice, Firefox with spice-xpi plugin.
>> >>>>> >>
>> >>>>> >> Tried tweaking, turning, touching, swearing @
>> >>>>> /etc/libvirt/qemu.conf
>> >>>>> >> settings. tls settings. Not even sure if this is the
>> >>>>> >> right place
>> >>>>> to
>> >>>>> >> be checking.
>> >>>>> >>
>> >>>>> >> This is a show stopper.
>> >>>>> >>
>> >>>>> >> LSB Version: :core-4.0-amd64:core-4.0-noarch
>> >>>>> >> Distributor ID: Fedora
>> >>>>> >> Description: Fedora release 16 (Verne)
>> >>>>> >> Release: 16
>> >>>>> >> Codename: Verne
>> >>>>> >>
>> >>>>> >> [root at ovirt # rpm -qa|grep ovirt-engine
>> >>>>> >> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-jbossas-1.2-2.fc16.x86_64
>> >>>>> >> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
>> >>>>> >>
>> >>>>> >> Any input would be appreciated
>> >>>>> >> _______________________________________________
>> >>>>> >> Users mailing list
>> >>>>> >> Users at ovirt.org <mailto:Users at ovirt.org>
>> >>>>>
>> >>>>> >> http://lists.ovirt.org/mailman/listinfo/users
>> >>>>> >
>> >>>>> > --
>> >>>>> >
>> >>>>> > David Jaša, RHCE
>> >>>>> >
>> >>>>> > SPICE QE based in Brno
>> >>>>> > GPG Key: 22C33E24
>> >>>>> > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3
>> >>>>> > 3E24
>> >>>>> >
>> >>>>> >
>> >>>>> >
>> >>>>>
>> >>>>>
>> >>>>> _______________________________________________
>> >>>>> Users mailing list
>> >>>>> Users at ovirt.org
>> >>>>> http://lists.ovirt.org/mailman/listinfo/users
>> >>>>>
>> >>>>
>> >>>>
>> >>> _______________________________________________
>> >>> Users mailing list
>> >>> Users at ovirt.org
>> >>> http://lists.ovirt.org/mailman/listinfo/users
>> >>
>> >>
>> >
>> >
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
More information about the Users
mailing list