[Users] Userportal SPICE Woes

David Jaša djasa at redhat.com
Wed Mar 13 09:08:41 UTC 2013


Dead Horse píše v Út 12. 03. 2013 v 16:38 -0500:
> Remote console access IMHO is still a very weak point in ovirt/RHEV.
> SPICE is a very nice protocol but IMHO is in dire need of a platform
> independent client and tighter integration into the user and web
> portals. Something I have done to workaround issues like these is to
> disable spice certificate checking and SSL.
> 
> psql engine -U postgres -c "UPDATE vdc_options set option_value = 'false' where option_name = 'SSLEnabled'"
> psql engine -U postgres -c "UPDATE vdc_options set option_value = 'false' where option_name = 'UseSecureConnectionWithServers'"
> psql engine -U postgres -c "UPDATE vdc_options set option_value = 'false' where option_name ='EnableSpiceRootCertificateValidation'
> - DHC

use of empty SpiceSecureChannels in engine-config is a better thing to
do than direct DB modification...

David

PS: please keep me out of CC

>  
> 
> 
> On Fri, Mar 8, 2013 at 10:22 AM, Michal Skrivanek
> <michal.skrivanek at redhat.com> wrote:
>         
>         On 8 Mar 2013, at 15:51, Karli Sjöberg wrote:
>         
>         > tor 2013-03-07 klockan 13:52 +0100 skrev David Jaša: 
>         > > Hi,
>         > > 
>         > > Karli Sjöberg píše v Čt 07. 03. 2013 v 10:01 +0000:
>         > > > Hi, it me again,
>         > > > 
>         > > > the last time this was discussed, the problem seemed to be centred
>         > > > around Win/IE, but since patching to:
>         > > > # rpm -qa | grep ovirt
>         > > > ovirt-engine-config-3.1.0-4.fc17.noarch
>         > > > ovirt-engine-dbscripts-3.1.0-4.fc17.noarch
>         > > > ovirt-log-collector-3.1.0-0.git10d719.fc17.noarch
>         > > > ovirt-engine-restapi-3.1.0-4.fc17.noarch
>         > > > ovirt-image-uploader-3.1.0-0.git9c42c8.fc17.noarch
>         > > > ovirt-engine-genericapi-3.1.0-4.fc17.noarch
>         > > > ovirt-iso-uploader-3.1.0-0.git1841d9.fc17.noarch
>         > > > ovirt-engine-webadmin-portal-3.1.0-4.fc17.noarch
>         > > > ovirt-engine-setup-3.1.0-4.fc17.noarch
>         > > > ovirt-engine-sdk-3.2.0.2-1.fc17.noarch
>         > > > ovirt-engine-backend-3.1.0-4.fc17.noarch
>         > > > ovirt-engine-tools-common-3.1.0-4.fc17.noarch
>         > > > ovirt-engine-3.1.0-4.fc17.noarch
>         > > > ovirt-engine-userportal-3.1.0-4.fc17.noarch
>         > > > ovirt-engine-notification-service-3.1.0-4.fc17.noarch
>         > > > 
>         > > > No one is able to connect to a spice console though the Userportal at
>         > > > all. 
>         > > 
>         > > Looks like no one is getting host subject - again. Tomáš?
>         > 
>         > Come on guys, please tell me if there´s anything we can do
>         > to troubleshoot this issue, to help solve a real
>         > show-stopper for us!
>         > 
>         Would you be able to try it in 3.2?
>         It was known to be broken somewhere around 3.1 release….
>         
>         
>         Thanks,
>         michal
>         
>         > 
>         > In using oVirt, our organisation is so close to being able
>         > to ship out thin-client kiosks instead of buying expensive
>         > new HW on a yearly basis, and have our users access their
>         > desktops from practically anywhere, even from home if they´d
>         > wish. The rest of the entire system works flawlessly, just
>         > to fall flat on it´s face right on the finish line. I think
>         > that is so sad and silly, because I really love the rest of
>         > this product! We´ve set up oVirt-3.1, made a POC template,
>         > defined a pool and have been able to have them prestarted as
>         > well. But if our users aren´t able to access their console
>         > in a seamless, easy way, then what good is it? And knowing
>         > that the console works just fine from the adminportal in
>         > several different client systems (Fedora, CentOS, Win7)
>         > makes me hope that it´s just this small, yet important piece
>         > that needs to be corrected.
>         > 
>         > Anxiously awaiting your response
>         > Karli Sjöberg
>         > 
>         > 
>         > > David
>         > > 
>         > > > I´ve tried this from my workstation, running Fedora 17:
>         > > > ================================================================================
>         > > > $ SPICEC_DEBUG_LEVEL=0 firefox
>         > > > (plugin-container:18293): SpiceXPI-CRITICAL **: controller connect:
>         > > > Filen eller katalogen finns inte
>         > > > (plugin-container:18293): SpiceXPI-CRITICAL **: controller connect:
>         > > > Filen eller katalogen finns inte
>         > > > (plugin-container:18293): SpiceXPI-CRITICAL **: could not get browser
>         > > > window, when trying to call OnDisconnected
>         > > > ================================================================================
>         > > > 
>         > > > 
>         > > > Here´s a collegue of mine, running Win7/IE9:
>         > > > ================================================================================
>         > > > 1362648766 INFO [7196:5208] spicex_init_logger: started
>         > > > 1362648766 DEBUG [7196:5208] COSpiceX::put_DynamicMenu: DynamicMenu
>         > > > 1362648766 INFO [7196:5208] COSpiceX::put_FullScreen: New FullScreen
>         > > > request newVal=0xffffffff
>         > > > 1362648766 DEBUG [7196:5208] COSpiceX::Connect: Running spicec (C:
>         > > > \Users\jope\AppData\Local\virt-viewer\bin\remote-viewer.exe
>         > > > --spice-controller)
>         > > > 1362648766 INFO [7196:5208] COSpiceX::Connect: spicec pid 1640
>         > > > 1362648766 DEBUG [7196:5208] COSpiceX::Connect: connecting to spice
>         > > > client's pipe
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_init: sending init
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 1 :
>         > > > str 130.238.96.135 (1)
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_value: sending msg id 2
>         > > > value 5906
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_value: sending msg id 3
>         > > > value 5907
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending password
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 11 :
>         > > > str IT-Avdelningen-1:%d - Press SHIFT+F12 to Release Cursor (1)
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_value: sending msg id 10
>         > > > value 1
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 14 :
>         > > > str release-cursor=shift+f12,toggle-fullscreen=shift+f11 (1)
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 5 :
>         > > > str main,inputs,scursor,splayback,srecord,sdisplay (1)
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 7 :
>         > > > str DEFAULT (1)
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 8 :
>         > > > str C:\Users\jope\AppData\Local\Temp\truststore.pem (1)
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_msg: sending msg id 16
>         > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_msg: sending msg id 17
>         > > > 1362648767 INFO [7196:5208] COSpiceX::ExecuteUsbCtrl: USB sharing is
>         > > > not requested
>         > > > 1362648771 INFO [7196:7480] COSpiceX::event_thread: exit_code=0
>         > > > error_code=1
>         > > > ================================================================================
>         > > > 
>         > > > 
>         > > > And another collegue running CentOS-6.3/Firefox:
>         > > > ================================================================================
>         > > > 2013-03-07 09:42:41,651 DEBUG nsPluginInstance::SetHostIP:
>         > > > 130.238.96.132
>         > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetPort: 5900
>         > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetTitle:
>         > > > IT-Avdelningen-2:%d - Press SHIFT+F12 to Release Cursor
>         > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetDynamicMenu: 
>         > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetFullScreen: 1
>         > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetPassword: Password
>         > > > set
>         > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetNumberOfMonitors: 1
>         > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetUsbListenPort: 0
>         > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetAdminConsole: 1
>         > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetSecurePort: 5901
>         > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetSSLChannels:
>         > > > original channels: smain,sinputs,scursor,splayback,srecord,sdisplay
>         > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetSSLChannels:
>         > > > modified channels: main,inputs,cursor,playback,record,display
>         > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetGuestHostName:
>         > > > IT-Avdelningen-2
>         > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetCipherSuite:
>         > > > DEFAULT
>         > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetTrustStore:
>         > > > Certificate:
>         > > >     Data:
>         > > >         Version: 3 (0x2)
>         > > >         Serial Number: 15 (0xf)
>         > > >         Signature Algorithm: sha1WithRSAEncryption
>         > > >         Issuer: C=US, O=SLU, CN=CA-storm.slu.se.80985
>         > > >         Validity
>         > > >             Not Before: Sep 26 14:21:06 2012
>         > > >             Not After : Sep 25 12:21:06 2022 GMT
>         > > >         Subject: C=US, O=SLU, CN=CA-storm.slu.se.80985
>         > > >         Subject Public Key Info:
>         > > >             Public Key Algorithm: rsaEncryption
>         > > >                 Public-Key: (1024 bit)
>         > > >                 Modulus:
>         > > >                     00:a2:94:89:18:26:79:49:6b:c6:28:6c:f2:95:e9:
>         > > >                     a7:71:00:22:c6:79:c2:9e:10:63:ef:34:5c:ab:62:
>         > > >                     36:a0:7a:84:d0:79:77:4c:9d:3d:39:8f:97:93:c5:
>         > > >                     f6:fb:5b:0b:f8:9b:ad:d8:53:2d:a6:b6:03:45:d4:
>         > > >                     76:45:f1:af:99:42:74:07:4c:48:7d:28:96:31:9e:
>         > > >                     88:cf:90:d9:e7:d9:cf:55:a8:bd:37:a0:8f:f1:26:
>         > > >                     89:a9:ab:64:78:a4:02:60:9b:3a:a7:07:db:6e:75:
>         > > >                     32:e5:8f:51:7f:50:02:15:d8:c8:7b:68:c1:54:e1:
>         > > >                     9f:c2:d2:cf:53:c3:58:b3:15
>         > > >                 Exponent: 65537 (0x10001)
>         > > >         X509v3 extensions:
>         > > >             X509v3 Subject Key Identifier: 
>         > > > 
>         > > > FE:8F:57:F1:A0:AF:45:36:9F:AC:C9:6B:EE:F9:D1:3E:18:78:B9:EA
>         > > >             Authority Information Access: 
>         > > >                 CA Issuers - URI:http://storm.slu.se:80/ca.crt
>         > > > 
>         > > >             X509v3 Authority Key Identifier: 
>         > > > 
>         > > > keyid:FE:8F:57:F1:A0:AF:45:46:9F:NC:C9:6B:EE:F9:D1:3E:18:78:B9:EA
>         > > >                 DirName:/C=US/O=SLU/CN=CA-storm.slu.se.80985
>         > > >                 serial:0F
>         > > > 
>         > > >             X509v3 Basic Constraints: critical
>         > > >                 CA:TRUE
>         > > >             X509v3 Key Usage: critical
>         > > >                 Certificate Sign, CRL Sign
>         > > >     Signature Algorithm: sha1WithRSAEncryption
>         > > >         45:e4:15:23:fa:55:78:89:24:66:7c:e2:33:41:ea:98:00:12:
>         > > >         0c:25:e5:e6:3a:c7:f8:f9:4d:83:47:d3:80:9b:c0:78:bc:ab:
>         > > >         61:ae:6d:a1:cf:43:cb:cb:31:2c:94:72:21:b0:58:f0:8b:69:
>         > > >         0d:c4:73:f2:44:95:52:06:23:6c:71:7a:9b:fc:5f:98:21:35:
>         > > >         26:e1:a3:bb:65:bb:d2:81:bb:48:96:99:b7:04:e6:15:af:93:
>         > > >         a1:60:e4:bf:05:d3:b0:4b:e4:e2:4b:21:82:d7:2b:3d:19:ef:
>         > > >         a4:5a:23:58:74:ef:1a:80:14:8b:89:b2:a7:bd:c2:21:66:1f:
>         > > >         e0:7e
>         > > > -----BEGIN CERTIFICATE-----
>         > > > MIIC1DCCAj2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEM
>         > > > MAoGA1UEChMDU0xVMR4wHAYDVQQDExVDQS1zdG9ybS5zbHUuc2UuODA5ODUwIhcR
>         > > > MTIwOTI2MTQyMTA2LTAxMDAXDTIyMDkyNTEyMjEwNlowOzELMAkGA1UEBhMCVVMx
>         > > > DDAKBgNVBAoTA1NMVTEeMBwGA1UEAxMVQ0Etc3Rvcm0uc2x1LnNlLjgwOTg1MIGf
>         > > > MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCilIkYJnlJa8YobPKV6adxACLGecKe
>         > > > EGPvNFyrYjageoTQeXdMnT05j5eTxfb7Wwv4m63YUy2mtgNF1HZF8a+ZQnQHTEh9
>         > > > KJYxnojPkNnn2c9WqL03oI/xJompq2R4pAJgmzqnB9tudTLlj1F/UAIV2Mh7aMFU
>         > > > 4Z/C0s9Tw1izFQIDAQABo4HjMIHgMB0GA1UdDgQWBBT+j1fxoK9FRp+syWvu+dE+
>         > > > GHi56jA5BggrBgEFBQcBAQQtMCswKQYIKwYBBQUHMAKGHWh0dHA6Ly9zdG9ybS5z
>         > > > bHUuc2U6ODAvY2EuY3J0MGMGA1UdIRcMFqAFP6PV/Ggr0VGn6zJa+750T4YeLnq
>         > > > oT+kPTA7MQswCQYDVQQGEwJVUzEMMAoGA1UEChMDU0xVMR4wHAYDVQQDExVDQS1z
>         > > > dG9ybS5zbHUuc2UuODA5ODWCAQ8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
>         > > > BAMCAQYwDQYJKoZIhvcNAQEFBQADgYEAReQVI/pVeIkkZnziM0HqmAASDCXl5jrH
>         > > > +PlNg0fTgJvAeLyrYa5toc9Dy8sxLJRyIbBY8ItpDcRz8kSVUgYjbHF6m/xfmCE1
>         > > > JuGju2W70oG7SGaZtwTmFa+ToWDkvwXTsEvk4kshgtcrPRnvpFojWHTvGoAUi4my
>         > > > p73CIWYf4H4=
>         > > > -----END CERTIFICATE-----
>         > > > 
>         > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetHotKeys:
>         > > > release-cursor=shift+f12,toggle-fullscreen=shift+f11
>         > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetNoTaskMgrExecution:
>         > > > 0
>         > > > 2013-03-07 09:42:41,654 DEBUG nsPluginInstance::SetSendCtrlAltDelete:
>         > > > 0
>         > > > 2013-03-07 09:42:41,654 DEBUG nsPluginInstance::SetUsbAutoShare: 1
>         > > > 2013-03-07 09:42:41,654 DEBUG nsPluginInstance::SetUsbFilter:
>         > > > -1,60186,10000,256,1|-1,1118,245,-1,1|-1,1133,2245,-1,1|-1,1133,2242,5,1|8,-1,-1,-1,1|7,-1,-1,-1,1|-1,-1,-1,-1,0
>         > > > 2013-03-07 09:42:41,654 INFO  nsPluginInstance::Connect:
>         > > > SPICE_XPI_SOCKET: /tmp/spicec-scQYmJ/spice-xpi
>         > > > 2013-03-07 09:42:41,654 INFO  nsPluginInstance::Connect:
>         > > > SPICE_FOREIGN_MENU_SOCKET: /tmp/spicec-scQYmJ/spice-foreign
>         > > > 2013-03-07 09:42:41,655 DEBUG nsPluginInstance::Connect: Controller
>         > > > pid: 10340
>         > > > 2013-03-07 09:42:41,655 DEBUG QErrorHandler: Something went wrong:
>         > > > connect error, 2
>         > > > 2013-03-07 09:42:41,655 DEBUG SpiceController::Connect: Connect Error
>         > > > 2013-03-07 09:42:41,655 DEBUG QErrorHandler: Something went wrong:
>         > > > connect error, 2
>         > > > 2013-03-07 09:42:41,655 DEBUG SpiceController::Connect: Connect Error
>         > > > 2013-03-07 09:42:41,655 INFO  nsPluginInstance::Connect:
>         > > > Launching /usr/libexec/spice-xpi-client 
>         > > > 2013-03-07 09:42:42,655 DEBUG SpiceController::Connect: Connected!
>         > > > 2013-03-07 09:42:44,723 INFO  nsPluginInstance::Connect: Initiating
>         > > > connection with controller
>         > > > 2013-03-07 09:42:48,652 DEBUG nsPluginInstance::ControllerWaitHelper:
>         > > > Controller finished, pid: 10340, exit code: 0
>         > > > 2013-03-07 09:42:48,653 ERROR nsPluginInstance::CallOnDisconnected:
>         > > > could not get browser window, when trying to call OnDisconnected
>         > > > ================================================================================
>         > > > 
>         > > > 
>         > > > If there´s anything we can do to help resolve this issue once and for
>         > > > all, just name it! It so hurts to see this otherwise great product
>         > > > tripping over on it´s face so close to the finish line:(
>         > > > 
>         > > > Best Regards
>         > > > Karli Sjöberg 
>         > > > _______________________________________________
>         > > > Users mailing list
>         > > > Users at ovirt.org
>         > > > http://lists.ovirt.org/mailman/listinfo/users
>         > > 
>         > 
>         > 
>         > _______________________________________________
>         > Users mailing list
>         > Users at ovirt.org
>         > http://lists.ovirt.org/mailman/listinfo/users
>         
>         
>         
>         _______________________________________________
>         Users mailing list
>         Users at ovirt.org
>         http://lists.ovirt.org/mailman/listinfo/users
>         
> 
> 

-- 

David Jaša, RHCE

SPICE QE based in Brno
GPG Key:     22C33E24 
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24






More information about the Users mailing list