[Users] Cannot connect to VM via browser if engine was not in /etc/hosts

Michal Skrivanek mskrivan at redhat.com
Thu Aug 1 15:49:41 UTC 2013



On 24 Jun 2013, at 13:09, David Jaša <djasa at redhat.com> wrote:

> Hi,
> 
> So you're connecting via User Portal but then it doesn't work? If it
> doesn't, either you hit a bug or you've tweaked some value that affects
> things...
> 
> In general, TLS shouldn't pose a problem because:
> 1) ovirt sets up its own CA that issues certificates for the hosts
> 2) the CA certificate and respective host certificate subject are passed to the client
> 3) the client can verify the host using these information even in cases when connection IP/FQDN doesn't match CN in subject of server certificate
> 
> The only condition that indeed breaks it should be display network
> address override _when migrating the VM_ (because then the connection
> data are passed via the host and libvirt doesn't allow to pass the
> arbitrary IP/FQDN yet)
> 
> David
> 
> PS: Itamar, advice to disable SSL/TLS is IMO bad, bad thing. ;)

No no, you just do that right after setenforce 0 and iptables -F and then it's all fine:-D

> 
> 
> Itamar Heim píše v Po 24. 06. 2013 v 08:55 +0300:
>> On 06/24/2013 03:10 AM, lofyer wrote:
>>> 于 2013/6/24 1:47, Itamar Heim 写道:
>>>> On 06/06/2013 11:51 AM, lof yer wrote:
>>>>> I connect https://192.168.1.111 and connect to the VM, then the
>>>>> remote-viewer shows up, but failed to show the VM desktop.
>>>>> Is it the https problem?
>>>>> Can I connect to the VM without modify /etc/hosts?
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at ovirt.org
>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>> 
>>>> 
>>>> was this resolved? sounds like a certificate/dns issue?
>>> Yes, it's certificate/dns problem.
>>> But how can I connect via IP instead of FQDN without https?
>> 
>> i guess it depends if you can tell spice client to not validate the ssl 
>> certificate.
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
> 
> -- 
> 
> David Jaša, RHCE
> 
> SPICE QE based in Brno
> GPG Key:     22C33E24 
> Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
> 
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users


More information about the Users mailing list