[Users] Userportal SPICE Woes
David Jaša
djasa at redhat.com
Wed Mar 13 09:08:41 UTC 2013
Dead Horse píše v Út 12. 03. 2013 v 16:38 -0500:
> Remote console access IMHO is still a very weak point in ovirt/RHEV.
> SPICE is a very nice protocol but IMHO is in dire need of a platform
> independent client and tighter integration into the user and web
> portals. Something I have done to workaround issues like these is to
> disable spice certificate checking and SSL.
>
> psql engine -U postgres -c "UPDATE vdc_options set option_value = 'false' where option_name = 'SSLEnabled'"
> psql engine -U postgres -c "UPDATE vdc_options set option_value = 'false' where option_name = 'UseSecureConnectionWithServers'"
> psql engine -U postgres -c "UPDATE vdc_options set option_value = 'false' where option_name ='EnableSpiceRootCertificateValidation'
> - DHC
use of empty SpiceSecureChannels in engine-config is a better thing to
do than direct DB modification...
David
PS: please keep me out of CC
>
>
>
> On Fri, Mar 8, 2013 at 10:22 AM, Michal Skrivanek
> <michal.skrivanek at redhat.com> wrote:
>
> On 8 Mar 2013, at 15:51, Karli Sjöberg wrote:
>
> > tor 2013-03-07 klockan 13:52 +0100 skrev David Jaša:
> > > Hi,
> > >
> > > Karli Sjöberg píše v Čt 07. 03. 2013 v 10:01 +0000:
> > > > Hi, it me again,
> > > >
> > > > the last time this was discussed, the problem seemed to be centred
> > > > around Win/IE, but since patching to:
> > > > # rpm -qa | grep ovirt
> > > > ovirt-engine-config-3.1.0-4.fc17.noarch
> > > > ovirt-engine-dbscripts-3.1.0-4.fc17.noarch
> > > > ovirt-log-collector-3.1.0-0.git10d719.fc17.noarch
> > > > ovirt-engine-restapi-3.1.0-4.fc17.noarch
> > > > ovirt-image-uploader-3.1.0-0.git9c42c8.fc17.noarch
> > > > ovirt-engine-genericapi-3.1.0-4.fc17.noarch
> > > > ovirt-iso-uploader-3.1.0-0.git1841d9.fc17.noarch
> > > > ovirt-engine-webadmin-portal-3.1.0-4.fc17.noarch
> > > > ovirt-engine-setup-3.1.0-4.fc17.noarch
> > > > ovirt-engine-sdk-3.2.0.2-1.fc17.noarch
> > > > ovirt-engine-backend-3.1.0-4.fc17.noarch
> > > > ovirt-engine-tools-common-3.1.0-4.fc17.noarch
> > > > ovirt-engine-3.1.0-4.fc17.noarch
> > > > ovirt-engine-userportal-3.1.0-4.fc17.noarch
> > > > ovirt-engine-notification-service-3.1.0-4.fc17.noarch
> > > >
> > > > No one is able to connect to a spice console though the Userportal at
> > > > all.
> > >
> > > Looks like no one is getting host subject - again. Tomáš?
> >
> > Come on guys, please tell me if there´s anything we can do
> > to troubleshoot this issue, to help solve a real
> > show-stopper for us!
> >
> Would you be able to try it in 3.2?
> It was known to be broken somewhere around 3.1 release….
>
>
> Thanks,
> michal
>
> >
> > In using oVirt, our organisation is so close to being able
> > to ship out thin-client kiosks instead of buying expensive
> > new HW on a yearly basis, and have our users access their
> > desktops from practically anywhere, even from home if they´d
> > wish. The rest of the entire system works flawlessly, just
> > to fall flat on it´s face right on the finish line. I think
> > that is so sad and silly, because I really love the rest of
> > this product! We´ve set up oVirt-3.1, made a POC template,
> > defined a pool and have been able to have them prestarted as
> > well. But if our users aren´t able to access their console
> > in a seamless, easy way, then what good is it? And knowing
> > that the console works just fine from the adminportal in
> > several different client systems (Fedora, CentOS, Win7)
> > makes me hope that it´s just this small, yet important piece
> > that needs to be corrected.
> >
> > Anxiously awaiting your response
> > Karli Sjöberg
> >
> >
> > > David
> > >
> > > > I´ve tried this from my workstation, running Fedora 17:
> > > > ================================================================================
> > > > $ SPICEC_DEBUG_LEVEL=0 firefox
> > > > (plugin-container:18293): SpiceXPI-CRITICAL **: controller connect:
> > > > Filen eller katalogen finns inte
> > > > (plugin-container:18293): SpiceXPI-CRITICAL **: controller connect:
> > > > Filen eller katalogen finns inte
> > > > (plugin-container:18293): SpiceXPI-CRITICAL **: could not get browser
> > > > window, when trying to call OnDisconnected
> > > > ================================================================================
> > > >
> > > >
> > > > Here´s a collegue of mine, running Win7/IE9:
> > > > ================================================================================
> > > > 1362648766 INFO [7196:5208] spicex_init_logger: started
> > > > 1362648766 DEBUG [7196:5208] COSpiceX::put_DynamicMenu: DynamicMenu
> > > > 1362648766 INFO [7196:5208] COSpiceX::put_FullScreen: New FullScreen
> > > > request newVal=0xffffffff
> > > > 1362648766 DEBUG [7196:5208] COSpiceX::Connect: Running spicec (C:
> > > > \Users\jope\AppData\Local\virt-viewer\bin\remote-viewer.exe
> > > > --spice-controller)
> > > > 1362648766 INFO [7196:5208] COSpiceX::Connect: spicec pid 1640
> > > > 1362648766 DEBUG [7196:5208] COSpiceX::Connect: connecting to spice
> > > > client's pipe
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_init: sending init
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 1 :
> > > > str 130.238.96.135 (1)
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_value: sending msg id 2
> > > > value 5906
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_value: sending msg id 3
> > > > value 5907
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending password
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 11 :
> > > > str IT-Avdelningen-1:%d - Press SHIFT+F12 to Release Cursor (1)
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_value: sending msg id 10
> > > > value 1
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 14 :
> > > > str release-cursor=shift+f12,toggle-fullscreen=shift+f11 (1)
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 5 :
> > > > str main,inputs,scursor,splayback,srecord,sdisplay (1)
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 7 :
> > > > str DEFAULT (1)
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_wstr: sending msg id 8 :
> > > > str C:\Users\jope\AppData\Local\Temp\truststore.pem (1)
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_msg: sending msg id 16
> > > > 1362648767 DEBUG [7196:5208] COSpiceX::send_msg: sending msg id 17
> > > > 1362648767 INFO [7196:5208] COSpiceX::ExecuteUsbCtrl: USB sharing is
> > > > not requested
> > > > 1362648771 INFO [7196:7480] COSpiceX::event_thread: exit_code=0
> > > > error_code=1
> > > > ================================================================================
> > > >
> > > >
> > > > And another collegue running CentOS-6.3/Firefox:
> > > > ================================================================================
> > > > 2013-03-07 09:42:41,651 DEBUG nsPluginInstance::SetHostIP:
> > > > 130.238.96.132
> > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetPort: 5900
> > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetTitle:
> > > > IT-Avdelningen-2:%d - Press SHIFT+F12 to Release Cursor
> > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetDynamicMenu:
> > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetFullScreen: 1
> > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetPassword: Password
> > > > set
> > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetNumberOfMonitors: 1
> > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetUsbListenPort: 0
> > > > 2013-03-07 09:42:41,652 DEBUG nsPluginInstance::SetAdminConsole: 1
> > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetSecurePort: 5901
> > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetSSLChannels:
> > > > original channels: smain,sinputs,scursor,splayback,srecord,sdisplay
> > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetSSLChannels:
> > > > modified channels: main,inputs,cursor,playback,record,display
> > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetGuestHostName:
> > > > IT-Avdelningen-2
> > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetCipherSuite:
> > > > DEFAULT
> > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetTrustStore:
> > > > Certificate:
> > > > Data:
> > > > Version: 3 (0x2)
> > > > Serial Number: 15 (0xf)
> > > > Signature Algorithm: sha1WithRSAEncryption
> > > > Issuer: C=US, O=SLU, CN=CA-storm.slu.se.80985
> > > > Validity
> > > > Not Before: Sep 26 14:21:06 2012
> > > > Not After : Sep 25 12:21:06 2022 GMT
> > > > Subject: C=US, O=SLU, CN=CA-storm.slu.se.80985
> > > > Subject Public Key Info:
> > > > Public Key Algorithm: rsaEncryption
> > > > Public-Key: (1024 bit)
> > > > Modulus:
> > > > 00:a2:94:89:18:26:79:49:6b:c6:28:6c:f2:95:e9:
> > > > a7:71:00:22:c6:79:c2:9e:10:63:ef:34:5c:ab:62:
> > > > 36:a0:7a:84:d0:79:77:4c:9d:3d:39:8f:97:93:c5:
> > > > f6:fb:5b:0b:f8:9b:ad:d8:53:2d:a6:b6:03:45:d4:
> > > > 76:45:f1:af:99:42:74:07:4c:48:7d:28:96:31:9e:
> > > > 88:cf:90:d9:e7:d9:cf:55:a8:bd:37:a0:8f:f1:26:
> > > > 89:a9:ab:64:78:a4:02:60:9b:3a:a7:07:db:6e:75:
> > > > 32:e5:8f:51:7f:50:02:15:d8:c8:7b:68:c1:54:e1:
> > > > 9f:c2:d2:cf:53:c3:58:b3:15
> > > > Exponent: 65537 (0x10001)
> > > > X509v3 extensions:
> > > > X509v3 Subject Key Identifier:
> > > >
> > > > FE:8F:57:F1:A0:AF:45:36:9F:AC:C9:6B:EE:F9:D1:3E:18:78:B9:EA
> > > > Authority Information Access:
> > > > CA Issuers - URI:http://storm.slu.se:80/ca.crt
> > > >
> > > > X509v3 Authority Key Identifier:
> > > >
> > > > keyid:FE:8F:57:F1:A0:AF:45:46:9F:NC:C9:6B:EE:F9:D1:3E:18:78:B9:EA
> > > > DirName:/C=US/O=SLU/CN=CA-storm.slu.se.80985
> > > > serial:0F
> > > >
> > > > X509v3 Basic Constraints: critical
> > > > CA:TRUE
> > > > X509v3 Key Usage: critical
> > > > Certificate Sign, CRL Sign
> > > > Signature Algorithm: sha1WithRSAEncryption
> > > > 45:e4:15:23:fa:55:78:89:24:66:7c:e2:33:41:ea:98:00:12:
> > > > 0c:25:e5:e6:3a:c7:f8:f9:4d:83:47:d3:80:9b:c0:78:bc:ab:
> > > > 61:ae:6d:a1:cf:43:cb:cb:31:2c:94:72:21:b0:58:f0:8b:69:
> > > > 0d:c4:73:f2:44:95:52:06:23:6c:71:7a:9b:fc:5f:98:21:35:
> > > > 26:e1:a3:bb:65:bb:d2:81:bb:48:96:99:b7:04:e6:15:af:93:
> > > > a1:60:e4:bf:05:d3:b0:4b:e4:e2:4b:21:82:d7:2b:3d:19:ef:
> > > > a4:5a:23:58:74:ef:1a:80:14:8b:89:b2:a7:bd:c2:21:66:1f:
> > > > e0:7e
> > > > -----BEGIN CERTIFICATE-----
> > > > MIIC1DCCAj2gAwIBAgIBDzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJVUzEM
> > > > MAoGA1UEChMDU0xVMR4wHAYDVQQDExVDQS1zdG9ybS5zbHUuc2UuODA5ODUwIhcR
> > > > MTIwOTI2MTQyMTA2LTAxMDAXDTIyMDkyNTEyMjEwNlowOzELMAkGA1UEBhMCVVMx
> > > > DDAKBgNVBAoTA1NMVTEeMBwGA1UEAxMVQ0Etc3Rvcm0uc2x1LnNlLjgwOTg1MIGf
> > > > MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCilIkYJnlJa8YobPKV6adxACLGecKe
> > > > EGPvNFyrYjageoTQeXdMnT05j5eTxfb7Wwv4m63YUy2mtgNF1HZF8a+ZQnQHTEh9
> > > > KJYxnojPkNnn2c9WqL03oI/xJompq2R4pAJgmzqnB9tudTLlj1F/UAIV2Mh7aMFU
> > > > 4Z/C0s9Tw1izFQIDAQABo4HjMIHgMB0GA1UdDgQWBBT+j1fxoK9FRp+syWvu+dE+
> > > > GHi56jA5BggrBgEFBQcBAQQtMCswKQYIKwYBBQUHMAKGHWh0dHA6Ly9zdG9ybS5z
> > > > bHUuc2U6ODAvY2EuY3J0MGMGA1UdIRcMFqAFP6PV/Ggr0VGn6zJa+750T4YeLnq
> > > > oT+kPTA7MQswCQYDVQQGEwJVUzEMMAoGA1UEChMDU0xVMR4wHAYDVQQDExVDQS1z
> > > > dG9ybS5zbHUuc2UuODA5ODWCAQ8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
> > > > BAMCAQYwDQYJKoZIhvcNAQEFBQADgYEAReQVI/pVeIkkZnziM0HqmAASDCXl5jrH
> > > > +PlNg0fTgJvAeLyrYa5toc9Dy8sxLJRyIbBY8ItpDcRz8kSVUgYjbHF6m/xfmCE1
> > > > JuGju2W70oG7SGaZtwTmFa+ToWDkvwXTsEvk4kshgtcrPRnvpFojWHTvGoAUi4my
> > > > p73CIWYf4H4=
> > > > -----END CERTIFICATE-----
> > > >
> > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetHotKeys:
> > > > release-cursor=shift+f12,toggle-fullscreen=shift+f11
> > > > 2013-03-07 09:42:41,653 DEBUG nsPluginInstance::SetNoTaskMgrExecution:
> > > > 0
> > > > 2013-03-07 09:42:41,654 DEBUG nsPluginInstance::SetSendCtrlAltDelete:
> > > > 0
> > > > 2013-03-07 09:42:41,654 DEBUG nsPluginInstance::SetUsbAutoShare: 1
> > > > 2013-03-07 09:42:41,654 DEBUG nsPluginInstance::SetUsbFilter:
> > > > -1,60186,10000,256,1|-1,1118,245,-1,1|-1,1133,2245,-1,1|-1,1133,2242,5,1|8,-1,-1,-1,1|7,-1,-1,-1,1|-1,-1,-1,-1,0
> > > > 2013-03-07 09:42:41,654 INFO nsPluginInstance::Connect:
> > > > SPICE_XPI_SOCKET: /tmp/spicec-scQYmJ/spice-xpi
> > > > 2013-03-07 09:42:41,654 INFO nsPluginInstance::Connect:
> > > > SPICE_FOREIGN_MENU_SOCKET: /tmp/spicec-scQYmJ/spice-foreign
> > > > 2013-03-07 09:42:41,655 DEBUG nsPluginInstance::Connect: Controller
> > > > pid: 10340
> > > > 2013-03-07 09:42:41,655 DEBUG QErrorHandler: Something went wrong:
> > > > connect error, 2
> > > > 2013-03-07 09:42:41,655 DEBUG SpiceController::Connect: Connect Error
> > > > 2013-03-07 09:42:41,655 DEBUG QErrorHandler: Something went wrong:
> > > > connect error, 2
> > > > 2013-03-07 09:42:41,655 DEBUG SpiceController::Connect: Connect Error
> > > > 2013-03-07 09:42:41,655 INFO nsPluginInstance::Connect:
> > > > Launching /usr/libexec/spice-xpi-client
> > > > 2013-03-07 09:42:42,655 DEBUG SpiceController::Connect: Connected!
> > > > 2013-03-07 09:42:44,723 INFO nsPluginInstance::Connect: Initiating
> > > > connection with controller
> > > > 2013-03-07 09:42:48,652 DEBUG nsPluginInstance::ControllerWaitHelper:
> > > > Controller finished, pid: 10340, exit code: 0
> > > > 2013-03-07 09:42:48,653 ERROR nsPluginInstance::CallOnDisconnected:
> > > > could not get browser window, when trying to call OnDisconnected
> > > > ================================================================================
> > > >
> > > >
> > > > If there´s anything we can do to help resolve this issue once and for
> > > > all, just name it! It so hurts to see this otherwise great product
> > > > tripping over on it´s face so close to the finish line:(
> > > >
> > > > Best Regards
> > > > Karli Sjöberg
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at ovirt.org
> > > > http://lists.ovirt.org/mailman/listinfo/users
> > >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
>
--
David Jaša, RHCE
SPICE QE based in Brno
GPG Key: 22C33E24
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
More information about the Users
mailing list