[Users] Unable to login into console Spice VNC anyone?
Itamar Heim
iheim at redhat.com
Sat Jul 28 04:28:31 UTC 2012
On 07/27/2012 10:15 PM, Brent Bolin wrote:
> I have been seeing selinux denials. I'm not sure if it was for the
> allinone plugin.
>
> Should selinux be enabled or disabled?
enabled, but doesn't mean it doesn't have bugs:
- try with disabled
- report the denials
>
> On Fri, Jul 27, 2012 at 1:54 PM, Yaniv Kaul <ykaul at redhat.com> wrote:
>> Did you look for selinux denials?
>>
>> ----- Original Message -----
>>> I was not able to get this working using beta
>>> ovirt-engine-setup-plugin-allinone rpm
>>>
>>> Used answer file as recommended on the wiki. I didn't document the
>>> exact error, but the install failed.
>>>
>>> I did another install using F16 Installing VDSM from rpm
>>>
>>> [ovirt-engine-3.0]
>>> name=ovirt-engine-3.0
>>> baseurl=http://www.ovirt.org/releases/3.0/rpm/Fedora/16
>>> enabled=1
>>> gpgcheck=0
>>>
>>>
>>> And then doing engine-setup
>>>
>>> And then installing spice-xpi
>>>
>>> Can't explain it but it's working from the F16 desktop using FF :)
>>>
>>>
>>>
>>> On Thu, Jul 26, 2012 at 5:13 AM, Itamar Heim <iheim at redhat.com>
>>> wrote:
>>>> On 07/26/2012 01:10 PM, David Jaša wrote:
>>>>>
>>>>> Brent Bolin píše v St 25. 07. 2012 v 13:46 -0500:
>>>>>>
>>>>>> I have seen this. Can give it a try.
>>>>>>
>>>>>> At this point I'm not sure if it's a problem with my
>>>>>> configuration.
>>>>>> Or making console connections with either vnc or spice. The
>>>>>> ports are
>>>>>> clearly running -
>>>>>>
>>>>>> netstat -an|grep 590
>>>>>> tcp 0 0 0.0.0.0:5900 0.0.0.0:*
>>>>>> LISTEN
>>>>>> tcp 0 0 0.0.0.0:5901 0.0.0.0:*
>>>>>> LISTEN
>>>>>>
>>>>>>
>>>>>> When using plain old kvm, virt-manager I could just simply
>>>>>> connect
>>>>>> using any vnc or virt-viewer or x11 virtmanager.
>>>>>>
>>>>>> I'm not sure what ovirt is doing with tls etc...
>>>>>>
>>>>>
>>>>> As Itamar already said, it:
>>>>> * sets up TLS and enforces it.
>>>>> * sets up temporary ticket
>>>>>
>>>>> If you want to connect to the console manually, you have to set up
>>>>> the
>>>>> ticket - on the server, follow these steps in order to achieve it
>>>>> (from
>>>>> top of my head, can contain typos):
>>>>> VM_UUID="$(vdsClient -s 0 list table | grep $VM_NAME | awk '{print
>>>>> $1}')"
>>>>> vdsClient -s 0 setVmTicket $VM_UUID $PASSWORD $TIMEOUT
>>>>>
>>>>> For TLS, you'll need CA file and host subject in case of host name
>>>>> used
>>>>> on CLI not matching host name in server cert CN. Assuming you're
>>>>> connecting from some other computer:
>>>>> SUBJECT="$(ssh root@$HOST 'grep Subject:
>>>>> /etc/pki/vdsm/libvirt-spice/server-cert.pem' | sed -e 's/, /,/')"
>>>>> scp root@$HOST:/etc/pki/rhevm/ca.pem $CA_FILE
>>>>> remote-viewer --spice-ca-file=$CA_FILE
>>>>> --spice-host-subject=$SUBJECT
>>>>> spice://$HOST/?port=$PORT,tls-port=$SECURE_PORT
>>>>> # it will ask for password in pop-up window
>>>>> # OR you can use "good old" spicec:
>>>>> spicec --ca-file=$CA_FILE --host-subject=$SUBJECT -h $HOST -p
>>>>> $PORT -s
>>>>> $SECURE_PORT -w $PASSWORD
>>>>>
>>>>> David
>>>>>
>>>>> PS: given all the info, I guess you've run into some instance of
>>>>> this
>>>>> downstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=839548
>>>>
>>>>
>>>> brent - this only fails user portal. are you failing from webadmin
>>>> as well?
>>>>
>>>>
>>>>>
>>>>>
>>>>>> Not being able to get console access is a definite show stopper.
>>>>>> And
>>>>>> it shouldn't be rocket science to do it. And it should be
>>>>>> accessible
>>>>>> from either linux or windows clients. Does vSphere (windows
>>>>>> only)
>>>>>> ring a bell?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Jul 25, 2012 at 1:09 PM, Itamar Heim <iheim at redhat.com>
>>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>> would it be relevant for you to try the 3.1 beta?
>>>>>>> it has this which should cover your 'all in one' needs:
>>>>>>> http://www.ovirt.org/wiki/Feature/AllInOne
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 07/25/2012 06:52 PM, Brent Bolin wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks David for your reply -
>>>>>>>>
>>>>>>>> I have completely flushed all iptables rules 'iptables --flush"
>>>>>>>> -
>>>>>>>>
>>>>>>>> iptables -L -v -n
>>>>>>>> Chain INPUT (policy ACCEPT 1775K packets, 627M bytes)
>>>>>>>> pkts bytes target prot opt in out source
>>>>>>>> destination
>>>>>>>>
>>>>>>>> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>>>>>>>> pkts bytes target prot opt in out source
>>>>>>>> destination
>>>>>>>>
>>>>>>>> Chain OUTPUT (policy ACCEPT 1754K packets, 589M bytes)
>>>>>>>> pkts bytes target prot opt in out source
>>>>>>>> destination
>>>>>>>>
>>>>>>>>
>>>>>>>> The base host is Fedora 16 running with desktop
>>>>>>>>
>>>>>>>> First installed vdsm and then ovirt-engine
>>>>>>>>
>>>>>>>> Single network bridge installed, but there is another 1GB nic
>>>>>>>> that
>>>>>>>> isn't
>>>>>>>> being used -
>>>>>>>>
>>>>>>>> eth0 Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A
>>>>>>>> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link
>>>>>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>>>>>> RX packets:99656 errors:0 dropped:0 overruns:0
>>>>>>>> frame:0
>>>>>>>> TX packets:51508 errors:0 dropped:0 overruns:0
>>>>>>>> carrier:0
>>>>>>>> collisions:0 txqueuelen:1000
>>>>>>>> RX bytes:63007897 (60.0 MiB) TX bytes:18148736
>>>>>>>> (17.3 MiB)
>>>>>>>>
>>>>>>>> lo Link encap:Local Loopback
>>>>>>>> inet addr:127.0.0.1 Mask:255.0.0.0
>>>>>>>> inet6 addr: ::1/128 Scope:Host
>>>>>>>> UP LOOPBACK RUNNING MTU:16436 Metric:1
>>>>>>>> RX packets:1814674 errors:0 dropped:0 overruns:0
>>>>>>>> frame:0
>>>>>>>> TX packets:1814674 errors:0 dropped:0 overruns:0
>>>>>>>> carrier:0
>>>>>>>> collisions:0 txqueuelen:0
>>>>>>>> RX bytes:646274067 (616.3 MiB) TX bytes:646274067
>>>>>>>> (616.3
>>>>>>>> MiB)
>>>>>>>>
>>>>>>>> ovirtmgmt Link encap:Ethernet HWaddr 00:1B:21:7D:ED:4A
>>>>>>>> inet addr:192.168.0.118 Bcast:192.168.0.255
>>>>>>>> Mask:255.255.255.0
>>>>>>>> inet6 addr: fe80::21b:21ff:fe7d:ed4a/64 Scope:Link
>>>>>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>>>>>> RX packets:70706 errors:0 dropped:0 overruns:0
>>>>>>>> frame:0
>>>>>>>> TX packets:48717 errors:0 dropped:0 overruns:0
>>>>>>>> carrier:0
>>>>>>>> collisions:0 txqueuelen:0
>>>>>>>> RX bytes:52195637 (49.7 MiB) TX bytes:14942359
>>>>>>>> (14.2 MiB)
>>>>>>>>
>>>>>>>> vnet0 Link encap:Ethernet HWaddr FE:1A:4A:A8:00:00
>>>>>>>> inet6 addr: fe80::fc1a:4aff:fea8:0/64 Scope:Link
>>>>>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>>>>>> RX packets:3 errors:0 dropped:0 overruns:0 frame:0
>>>>>>>> TX packets:14 errors:0 dropped:0 overruns:1
>>>>>>>> carrier:0
>>>>>>>> collisions:0 txqueuelen:500
>>>>>>>> RX bytes:1299 (1.2 KiB) TX bytes:2760 (2.6 KiB)
>>>>>>>>
>>>>>>>> After ovirt engine is installed logged into the interface and
>>>>>>>> configured
>>>>>>>> the host using 127.0.0.1 . Host reboots. Host shows up in the
>>>>>>>> admin
>>>>>>>> interface only complaining about power management that isn't
>>>>>>>> configured.
>>>>>>>>
>>>>>>>>
>>>>>>>> Here
>>>>>>>>
>>>>>>>> <https://picasaweb.google.com/lh/photo/3vclaT_6d3uy2QODU6xp_zyLvDWH8k_pPWnP_LVb4fM?feat=directlink>
>>>>>>>>
>>>>>>>> is a screen shot of the web interface
>>>>>>>>
>>>>>>>> The only configuration settings I've changed are in the
>>>>>>>> qemu.conf to
>>>>>>>> either tls=0 or tls=1
>>>>>>>>
>>>>>>>> spice-gtk-0.11-4.fc16.x86_64
>>>>>>>> spice-client-0.10.1-1.fc16.x86_64
>>>>>>>> spice-glib-0.11-4.fc16.x86_64
>>>>>>>> spice-gtk3-0.11-4.fc16.x86_64
>>>>>>>> spice-xpi-2.7-3.fc16.x86_64
>>>>>>>> spice-gtk-tools-0.11-4.fc16.x86_64
>>>>>>>> spice-server-0.10.1-1.fc16.x86_64
>>>>>>>>
>>>>>>>> The link in the admin interface shows available(using FF).
>>>>>>>> When I
>>>>>>>> click
>>>>>>>> it opens a spicec:0 dialog and just closes
>>>>>>>>
>>>>>>>> If I try to open from a shell I get things like this -
>>>>>>>>
>>>>>>>> Brief window open and then error -
>>>>>>>>
>>>>>>>> spicec -h 127.0.0.1 -p 5900
>>>>>>>> Warning: connect error 5 - need secured connection
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Jul 25, 2012 at 10:04 AM, David Jaša <djasa at redhat.com
>>>>>>>> <mailto:djasa at redhat.com>> wrote:
>>>>>>>> > Hi Brent,
>>>>>>>> >
>>>>>>>> > first guess: have a look if your iptables setup allow
>>>>>>>> > connection to
>>>>>>>> the
>>>>>>>> > qemu processes. RHEV 3.0 documentation (publicly accesible)
>>>>>>>> > says
>>>>>>>> that a
>>>>>>>> > host needs these ports open:
>>>>>>>> > port 22 for SSH,
>>>>>>>> > ports 5634 to 6166 for guest console connections,
>>>>>>>> > port 16514 for libvirt virtual machine migration
>>>>>>>> > traffic,
>>>>>>>> > ports 49152 to 49216 for VDSM virtual machine
>>>>>>>> > migration
>>>>>>>> traffic,
>>>>>>>> > and
>>>>>>>> > port 54321 for the Red Hat Enterprise
>>>>>>>> > Virtualization
>>>>>>>> Manager.
>>>>>>>> >
>>>>>>>> > If you have ovirt-engine running onu the same machine as
>>>>>>>> > vdsm, most
>>>>>>>> of
>>>>>>>> > the ports don't need to be accessible from outside but
>>>>>>>> > "guest
>>>>>>>> console"
>>>>>>>> > ports do.
>>>>>>>> >
>>>>>>>> > If it isn't iptables, please share at least:
>>>>>>>> > * what your actual topology is (engine on the physical
>>>>>>>> > host?)
>>>>>>>> > * if you use some custom tls settings such as tls switched
>>>>>>>> > off
>>>>>>>> > * what spice client & xpi versions are you using
>>>>>>>> > * how exactly the client failed (showed error window? with
>>>>>>>> > what
>>>>>>>> error?
>>>>>>>> > just didn't launch?)
>>>>>>>> >
>>>>>>>> > In your email, you didn't write any debugging hints apart
>>>>>>>> > from the
>>>>>>>> setup
>>>>>>>> > being single-host one...
>>>>>>>> >
>>>>>>>> > David
>>>>>>>> >
>>>>>>>> >
>>>>>>>> > Brent Bolin píše v St 25. 07. 2012 v 09:00 -0500:
>>>>>>>> >> About 6 months ago I asked on this list if it was possible
>>>>>>>> >> to
>>>>>>>> install
>>>>>>>> >> ovirt on a single host. Thread got long and winded and
>>>>>>>> >> lost
>>>>>>>> interest.
>>>>>>>> >>
>>>>>>>> >> Started looking at the project again about two days ago.
>>>>>>>> >> What I
>>>>>>>> >> really didn't understand was using a base Fedora install.
>>>>>>>> Installing
>>>>>>>> >> vdsm and then installing ovirt engine.
>>>>>>>> >>
>>>>>>>> >> So everything is up. Created data center, storage,
>>>>>>>> >> cluster, host
>>>>>>>> and
>>>>>>>> >> virtual machine.
>>>>>>>> >>
>>>>>>>> >> But I can't get there from here. I can't get console
>>>>>>>> >> running to
>>>>>>>> >> configure the booted install.
>>>>>>>> >>
>>>>>>>> >> I've tried VNC, Spice, Firefox with spice-xpi plugin.
>>>>>>>> >>
>>>>>>>> >> Tried tweaking, turning, touching, swearing @
>>>>>>>> /etc/libvirt/qemu.conf
>>>>>>>> >> settings. tls settings. Not even sure if this is the
>>>>>>>> >> right place
>>>>>>>> to
>>>>>>>> >> be checking.
>>>>>>>> >>
>>>>>>>> >> This is a show stopper.
>>>>>>>> >>
>>>>>>>> >> LSB Version: :core-4.0-amd64:core-4.0-noarch
>>>>>>>> >> Distributor ID: Fedora
>>>>>>>> >> Description: Fedora release 16 (Verne)
>>>>>>>> >> Release: 16
>>>>>>>> >> Codename: Verne
>>>>>>>> >>
>>>>>>>> >> [root at ovirt # rpm -qa|grep ovirt-engine
>>>>>>>> >> ovirt-engine-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-log-collector-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-iso-uploader-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-backend-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-notification-service-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-jboss-deps-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-tools-common-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-dbscripts-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-setup-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-jbossas-1.2-2.fc16.x86_64
>>>>>>>> >> ovirt-engine-userportal-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-restapi-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-genericapi-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-config-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >> ovirt-engine-webadmin-portal-3.0.0_0001-1.6.fc16.x86_64
>>>>>>>> >>
>>>>>>>> >> Any input would be appreciated
>>>>>>>> >> _______________________________________________
>>>>>>>> >> Users mailing list
>>>>>>>> >> Users at ovirt.org <mailto:Users at ovirt.org>
>>>>>>>>
>>>>>>>> >> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>> >
>>>>>>>> > --
>>>>>>>> >
>>>>>>>> > David Jaša, RHCE
>>>>>>>> >
>>>>>>>> > SPICE QE based in Brno
>>>>>>>> > GPG Key: 22C33E24
>>>>>>>> > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3
>>>>>>>> > 3E24
>>>>>>>> >
>>>>>>>> >
>>>>>>>> >
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list
>>>>>>>> Users at ovirt.org
>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at ovirt.org
>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>
>>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
More information about the Users
mailing list