[Users] Cannot connect to VM via browser if engine was not in /etc/hosts
David Jaša
djasa at redhat.com
Mon Jun 24 11:08:49 UTC 2013
Hi,
So you're connecting via User Portal but then it doesn't work? If it
doesn't, either you hit a bug or you've tweaked some value that affects
things...
In general, TLS shouldn't pose a problem because:
1) ovirt sets up its own CA that issues certificates for the hosts
2) the CA certificate and respective host certificate subject are passed to the client
3) the client can verify the host using these information even in cases when connection IP/FQDN doesn't match CN in subject of server certificate
The only condition that indeed breaks it should be display network
address override _when migrating the VM_ (because then the connection
data are passed via the host and libvirt doesn't allow to pass the
arbitrary IP/FQDN yet)
David
PS: Itamar, advice to disable SSL/TLS is IMO bad, bad thing. ;)
Itamar Heim píše v Po 24. 06. 2013 v 08:55 +0300:
> On 06/24/2013 03:10 AM, lofyer wrote:
> > 于 2013/6/24 1:47, Itamar Heim 写道:
> >> On 06/06/2013 11:51 AM, lof yer wrote:
> >>> I connect https://192.168.1.111 and connect to the VM, then the
> >>> remote-viewer shows up, but failed to show the VM desktop.
> >>> Is it the https problem?
> >>> Can I connect to the VM without modify /etc/hosts?
> >>>
> >>>
> >>> _______________________________________________
> >>> Users mailing list
> >>> Users at ovirt.org
> >>> http://lists.ovirt.org/mailman/listinfo/users
> >>>
> >>
> >>
> >> was this resolved? sounds like a certificate/dns issue?
> > Yes, it's certificate/dns problem.
> > But how can I connect via IP instead of FQDN without https?
>
> i guess it depends if you can tell spice client to not validate the ssl
> certificate.
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5727 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20130624/b1e86054/attachment-0001.bin>
More information about the Users
mailing list