[Users] Userportal SPICE Woes

Dead Horse deadhorseconsulting at gmail.com
Wed Mar 13 16:55:11 EDT 2013


The hosts are setup to use secure connection so they will definitely whack
out for sure. What you can do is to place the hosts into maintenance. Then
make the dbase changes then restart the engine and re-add the hosts so they
get configured properly with the new changes.
- DHC


On Wed, Mar 13, 2013 at 1:56 AM, Karli Sjöberg <Karli.Sjoberg at slu.se> wrote:

> **
> tis 2013-03-12 klockan 16:38 -0500 skrev Dead Horse:
>
> Remote console access IMHO is still a very weak point in ovirt/RHEV. SPICE
> is a very nice protocol but IMHO is in dire need of a platform independent
> client and tighter integration into the user and web portals. Something I
> have done to workaround issues like these is to disable spice certificate
> checking and SSL.
>
> psql engine -U postgres -c "UPDATE vdc_options set option_value = 'false' where option_name = 'SSLEnabled'"
> psql engine -U postgres -c "UPDATE vdc_options set option_value = 'false' where option_name = 'UseSecureConnectionWithServers'"
> psql engine -U postgres -c "UPDATE vdc_options set option_value = 'false' where option_name ='EnableSpiceRootCertificateValidation'
> - DHC
>
>  I tried those modifications to the database and restarted the engine
> which became very upset about it and couldn´t establish connections with
> any Hosts. I imagine I´d have to go around all config files on all machines
> involved so that no one tries to use any SSL for the changes to work, Since
> I just wanted to use it as a temporary solution until it was fixed for
> real, I didn´t want to make too much of a change from the standard config,
> and I think that encryption is a must on a network as open as ours any way.
> I reverted the database changes and restarted the engine again.
>
> The only solution presented this far has been trying 3.2 instead of our
> current 3.1, where "engine-upgrade" is the road-block hindering at this
> point.
>
> /Karli
>
>
>
>
>
>
>  On Fri, Mar 8, 2013 at 10:22 AM, Michal Skrivanek <
> michal.skrivanek at redhat.com> wrote:
>
>
>   On 8 Mar 2013, at 15:51, Karli Sjöberg wrote:
>
>
>   tor 2013-03-07 klockan 13:52 +0100 skrev David Jaša:
>
> Hi,
>
> Karli Sjöberg píše v Čt 07. 03. 2013 v 10:01 +0000:
> > Hi, it me again,
> >
> > the last time this was discussed, the problem seemed to be centred
> > around Win/IE, but since patching to:
> > # rpm -qa | grep ovirt
> > ovirt-engine-config-3.1.0-4.fc17.noarch
> > ovirt-engine-dbscripts-3.1.0-4.fc17.noarch
> > ovirt-log-collector-3.1.0-0.git10d719.fc17.noarch
> > ovirt-engine-restapi-3.1.0-4.fc17.noarch
> > ovirt-image-uploader-3.1.0-0.git9c42c8.fc17.noarch
> > ovirt-engine-genericapi-3.1.0-4.fc17.noarch
> > ovirt-iso-uploader-3.1.0-0.git1841d9.fc17.noarch
> > ovirt-engine-webadmin-portal-3.1.0-4.fc17.noarch
> > ovirt-engine-setup-3.1.0-4.fc17.noarch
> > ovirt-engine-sdk-3.2.0.2-1.fc17.noarch
> > ovirt-engine-backend-3.1.0-4.fc17.noarch
> > ovirt-engine-tools-common-3.1.0-4.fc17.noarch
> > ovirt-engine-3.1.0-4.fc17.noarch
> > ovirt-engine-userportal-3.1.0-4.fc17.noarch
> > ovirt-engine-notification-service-3.1.0-4.fc17.noarch
> >
> > No one is able to connect to a spice console though the Userportal at
> > all.
>
> Looks like no one is getting host subject - again. Tomáš?
>
>
> Come on guys, please tell me if there´s anything we can do to troubleshoot
> this issue, to help solve a real show-stopper for us!
>
>   Would you be able to try it in 3.2?
>
>  It was known to be broken somewhere around 3.1 release….
>
>
>
>   Thanks,
>
>  michal
>
>
>
> In using oVirt, our organisation is so close to being able to ship out
> thin-client kiosks instead of buying expensive new HW on a yearly basis,
> and have our users access their desktops from practically anywhere, even
> from home if they´d wish. The rest of the entire system works flawlessly,
> just to fall flat on it´s face right on the finish line. I think that is so
> sad and silly, because I really love the rest of this product! We´ve set up
> oVirt-3.1, made a POC template, defined a pool and have been able to have
> them prestarted as well. But if our users aren´t able to access their
> console in a seamless, easy way, then what good is it? And knowing that the
> console works just fine from the adminportal in several different client
> systems (Fedora, CentOS, Win7) makes me hope that it´s just this small, yet
> important piece that needs to be corrected.
>
> Anxiously awaiting your response
> Karli Sjöberg
>
>
>  David
>
> > I´ve tried this from my workstation, running Fedora 17:
> > ================================================================================
> > $ SPICEC_DEBUG_LEVEL=0 firefox
> > (plugin-container:18293): SpiceXPI-CRITICAL **: controller connect:
> > Filen eller katalogen finns inte
> > (plugin-container:18293): SpiceXPI-CRITICAL **: controller connect:
> > Filen eller katalogen finns inte
> > (plugin-container:18293): SpiceXPI-CRITICAL **: could not get browser
> > window, when trying to call OnDisconnected
> > ================================================================================
> >
> >
> > Here´s a collegue of mine, running Win7/IE9:
> > ================================================================================
> > 1362648766 INFO [7196:5208] spicex_init_logger: started
> > 1362648766 DEBUG [7196:5208] COSpiceX::put_DynamicMenu: DynamicMenu
> > 1362648766 INFO [7196:5208] COSpiceX::put_FullScreen: New FullScreen
> > request newVal=0xffffffff
> > 1362648766 DEBUG [7196:5208] COSpiceX::Connect: Running spicec (C:
> > \Users\jope\AppData\Local\virt-viewer\bin\remote-viewer.exe
> > --spice-controller)
> > 1362648766 INFO [7196:5208] COSpiceX::Connect: spicec pid 1640
> > 1362648766 DEBUG [7196:5208] COSpiceX::Connect: connecting to spice
> > client's pipe
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_init: sending init
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 1 :
> > str 130.238.96.135 (1)
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_value: sending msg id 2
> > value 5906
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_value: sending msg id 3
> > value 5907
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending password
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 11 :
> > str IT-Avdelningen-1:%d - Press SHIFT+F12 to Release Cursor (1)
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_value: sending msg id 10
> > value 1
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 14 :
> > str release-cursor=shift+f12,toggle-fullscreen=shift+f11 (1)
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 5 :
> > str main,inputs,scursor,splayback,srecord,sdisplay (1)
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 7 :
> > str DEFAULT (1)
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 8 :
> > str C:\Users\jope\AppData\Local\Temp\truststore.pem (1)
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_msg: sending msg id 16
> > 1362648767 DEBUG [7196:5208] COSpiceX::send_msg: sending msg id 17
> > 1362648767 INFO [7196:5208] COSpiceX::ExecuteUsbCtrl: USB sharing is
> > not requested
> > 1362648771 INFO [7196:7480] COSpiceX::event_thread: exit_code=0
> > error_code=1
> > ================================================================================
> >
> >
> > And another collegue running CentOS-6.3/Firefox:
> > ================================================================================
> > 2013-03-07 09:42:41,651 DEBUG nsPluginInstance::SetHostIP:
> > 130.238.96.132
> > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetPort: 5900
> > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetTitle:
> > IT-Avdelningen-2:%d - Press SHIFT+F12 to Release Cursor
> > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetDynamicMenu:
> > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetFullScreen: 1
> > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetPassword: Password
> > set
> > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetNumberOfMonitors: 1
> > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetUsbListenPort: 0
> > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetAdminConsole: 1
> > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetSecurePort: 5901
> > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetSSLChannels:
> > original channels: smain,sinputs,scursor,splayback,srecord,sdisplay
> > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetSSLChannels:
> > modified channels: main,inputs,cursor,playback,record,display
> > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetGuestHostName:
> > IT-Avdelningen-2
> > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetCipherSuite:
> > DEFAULT
> > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetTrustStore:
> > Certificate:
> >     Data:
> >         Version: 3 (0x2)
> >         Serial Number: 15 (0xf)
> >         Signature Algorithm: sha1WithRSAEncryption
> >         Issuer: C=US, O=SLU, CN=CA-storm.slu.se.80985
> >         Validity
> >             Not Before: Sep 26 14:21:06 2012
> >             Not After : Sep 25 12:21:06 2022 GMT
> >         Subject: C=US, O=SLU, CN=CA-storm.slu.se.80985
> >         Subject Public Key Info:
> >             Public Key Algorithm: rsaEncryption
> >                 Public-Key: (1024 bit)
> >                 Modulus:
> >                     00:a2:94:89:18:26:79:49:6b:c6:28:6c:f2:95:e9:
> >                     a7:71:00:22:c6:79:c2:9e:10:63:ef:34:5c:ab:62:
> >                     36:a0:7a:84:d0:79:77:4c:9d:3d:39:8f:97:93:c5:
> >                     f6:fb:5b:0b:f8:9b:ad:d8:53:2d:a6:b6:03:45:d4:
> >                     76:45:f1:af:99:42:74:07:4c:48:7d:28:96:31:9e:
> >                     88:cf:90:d9:e7:d9:cf:55:a8:bd:37:a0:8f:f1:26:
> >                     89:a9:ab:64:78:a4:02:60:9b:3a:a7:07:db:6e:75:
> >                     32:e5:8f:51:7f:50:02:15:d8:c8:7b:68:c1:54:e1:
> >                     9f:c2:d2:cf:53:c3:58:b3:15
> >                 Exponent: 65537 (0x10001)
> >         X509v3 extensions:
> >             X509v3 Subject Key Identifier:
> >
> > FE:8F:57:F1:A0:AF:45:36:9F:AC:C9:6B:EE:F9:D1:3E:18:78:B9:EA
> >             Authority Information Access:
> >                 CA Issuers - URI:http://storm.slu.se:80/ca.crt <http://storm.slu.se/ca.crt>
> >
> >             X509v3 Authority Key Identifier:
> >
> > keyid:FE:8F:57:F1:A0:AF:45:46:9F:NC:C9:6B:EE:F9:D1:3E:18:78:B9:EA
> >                 DirName:/C=US/O=SLU/CN=CA-storm.slu.se.80985
> >                 serial:0F
> >
> >             X509v3 Basic Constraints: critical
> >                 CA:TRUE
> >             X509v3 Key Usage: critical
> >                 Certificate Sign, CRL Sign
> >     Signature Algorithm: sha1WithRSAEncryption
> >         45:e4:15:23:fa:55:78:89:24:66:7c:e2:33:41:ea:98:00:12:
> >         0c:25:e5:e6:3a:c7:f8:f9:4d:83:47:d3:80:9b:c0:78:bc:ab:
> >         61:ae:6d:a1:cf:43:cb:cb:31:2c:94:72:21:b0:58:f0:8b:69:
> >         0d:c4:73:f2:44:95:52:06:23:6c:71:7a:9b:fc:5f:98:21:35:
> >         26:e1:a3:bb:65:bb:d2:81:bb:48:96:99:b7:04:e6:15:af:93:
> >         a1:60:e4:bf:05:d3:b0:4b:e4:e2:4b:21:82:d7:2b:3d:19:ef:
> >         a4:5a:23:58:74:ef:1a:80:14:8b:89:b2:a7:bd:c2:21:66:1f:
> >         e0:7e
> > -----BEGIN CERTIFICATE-----
> > MIIC1DCCAj2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEM
> > MAoGA1UEChMDU0xVMR4wHAYDVQQDExVDQS1zdG9ybS5zbHUuc2UuODA5ODUwIhcR
> > MTIwOTI2MTQyMTA2LTAxMDAXDTIyMDkyNTEyMjEwNlowOzELMAkGA1UEBhMCVVMx
> > DDAKBgNVBAoTA1NMVTEeMBwGA1UEAxMVQ0Etc3Rvcm0uc2x1LnNlLjgwOTg1MIGf
> > MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCilIkYJnlJa8YobPKV6adxACLGecKe
> > EGPvNFyrYjageoTQeXdMnT05j5eTxfb7Wwv4m63YUy2mtgNF1HZF8a+ZQnQHTEh9
> > KJYxnojPkNnn2c9WqL03oI/xJompq2R4pAJgmzqnB9tudTLlj1F/UAIV2Mh7aMFU
> > 4Z/C0s9Tw1izFQIDAQABo4HjMIHgMB0GA1UdDgQWBBT+j1fxoK9FRp+syWvu+dE+
> > GHi56jA5BggrBgEFBQcBAQQtMCswKQYIKwYBBQUHMAKGHWh0dHA6Ly9zdG9ybS5z
> > bHUuc2U6ODAvY2EuY3J0MGMGA1UdIRcMFqAFP6PV/Ggr0VGn6zJa+750T4YeLnq
> > oT+kPTA7MQswCQYDVQQGEwJVUzEMMAoGA1UEChMDU0xVMR4wHAYDVQQDExVDQS1z
> > dG9ybS5zbHUuc2UuODA5ODWCAQ8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
> > BAMCAQYwDQYJKoZIhvcNAQEFBQADgYEAReQVI/pVeIkkZnziM0HqmAASDCXl5jrH
> > +PlNg0fTgJvAeLyrYa5toc9Dy8sxLJRyIbBY8ItpDcRz8kSVUgYjbHF6m/xfmCE1
> > JuGju2W70oG7SGaZtwTmFa+ToWDkvwXTsEvk4kshgtcrPRnvpFojWHTvGoAUi4my
> > p73CIWYf4H4=
> > -----END CERTIFICATE-----
> >
> > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetHotKeys:
> > release-cursor=shift+f12,toggle-fullscreen=shift+f11
> > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetNoTaskMgrExecution:
> > 0
> > 2013-03-07 09:42:41,654 DEBUG nsPluginInstance::SetSendCtrlAltDelete:
> > 0
> > 2013-03-07 09:42:41,654 DEBUG nsPluginInstance::SetUsbAutoShare: 1
> > 2013-03-07 09:42:41,654 DEBUG nsPluginInstance::SetUsbFilter:
> > -1,60186,10000,256,1|-1,1118,245,-1,1|-1,1133,2245,-1,1|-1,1133,2242,5,1|8,-1,-1,-1,1|7,-1,-1,-1,1|-1,-1,-1,-1,0
> > 2013-03-07 09:42:41,654 INFO  nsPluginInstance::Connect:
> > SPICE_XPI_SOCKET: /tmp/spicec-scQYmJ/spice-xpi
> > 2013-03-07 09:42:41,654 INFO  nsPluginInstance::Connect:
> > SPICE_FOREIGN_MENU_SOCKET: /tmp/spicec-scQYmJ/spice-foreign
> > 2013-03-07 09:42:41,655 DEBUG nsPluginInstance::Connect: Controller
> > pid: 10340
> > 2013-03-07 09:42:41,655 DEBUG QErrorHandler: Something went wrong:
> > connect error, 2
> > 2013-03-07 09:42:41,655 DEBUG SpiceController::Connect: Connect Error
> > 2013-03-07 09:42:41,655 DEBUG QErrorHandler: Something went wrong:
> > connect error, 2
> > 2013-03-07 09:42:41,655 DEBUG SpiceController::Connect: Connect Error
> > 2013-03-07 09:42:41,655 INFO  nsPluginInstance::Connect:
> > Launching /usr/libexec/spice-xpi-client
> > 2013-03-07 09:42:42,655 DEBUG SpiceController::Connect: Connected!
> > 2013-03-07 09:42:44,723 INFO  nsPluginInstance::Connect: Initiating
> > connection with controller
> > 2013-03-07 09:42:48,652 DEBUG nsPluginInstance::ControllerWaitHelper:
> > Controller finished, pid: 10340, exit code: 0
> > 2013-03-07 09:42:48,653 ERROR nsPluginInstance::CallOnDisconnected:
> > could not get browser window, when trying to call OnDisconnected
> > ================================================================================
> >
> >
> > If there´s anything we can do to help resolve this issue once and for
> > all, just name it! It so hurts to see this otherwise great product
> > tripping over on it´s face so close to the finish line:(
> >
> > Best Regards
> > Karli Sjöberg
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
>
>
>
>    _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20130313/bc1d0f35/attachment-0001.html>


More information about the Users mailing list