[Users] Notes on setting up spice-proxy console option

Marian Krcmarik mkrcmari at redhat.com
Wed Jan 29 13:51:53 UTC 2014 


----- Original Message -----
> From: "David Li" <david_li at sbcglobal.net>
> To: "Marian Krcmarik" <mkrcmari at redhat.com>
> Cc: users at ovirt.org
> Sent: Tuesday, January 28, 2014 10:37:18 PM
> Subject: Re: [Users] Notes on setting up spice-proxy console option
> 
> Hi Marian,
> 
> Thanks a lot for the clarification!
> 
> Another question: In my spice-xpi console window, I can't get out of it by
> SHIFT+F12.  Should I use something else?

It should work, You mentioned you used RHEL/CentOS 6.5 as the client (what you call Browser) machine, In that case Can you edit /etc/spice/logger.ini file and change in the line "log4j.rootCategory=INFO, R" INFO to DEBUG? Restart Firefox, make connection to the VM and check ~/.spicec/spice-xpi.log file for line "DEBUG nsPluginInstance::SetHotKeys: release-cursor=shift+f12,toggle-fullscreen=shift+f11" (looking for value of "release-cursor"). If the value is not shift+f12, can you check value of "SpiceReleaseCursorKeys" on the engine with using ovirt-config tool? If the value is shift-f12, can you run on the VM, xev tool and check what keys It can see pressed when pressing shift-f12 combo?

> 
> David
> 
> 
> 
> ----- Original Message -----
> > From: Marian Krcmarik <mkrcmari at redhat.com>
> > To: David Li <david_li at sbcglobal.net>
> > Cc: users at ovirt.org
> > Sent: Tuesday, January 28, 2014 11:14 AM
> > Subject: Re: [Users] Notes on setting spice-proxy console option
> > 
> > 
> > 
> > ----- Original Message -----
> >>  From: "David Li" <david_li at sbcglobal.net>
> >>  To: users at ovirt.org
> >>  Cc: "david li" <david_li at sbcglobal.net>
> >>  Sent: Tuesday, January 28, 2014 7:41:26 PM
> >>  Subject: [Users] Notes on setting spice-proxy console option
> >> 
> >>  Hi,
> >> 
> >>  I have struggled quite a bit to get it up and running. Over the time, I
> > have
> >>  accumulated some notes on various things I did so to share with everyone
> > who
> >>  is interested in doing this. This complements the online doc in a way
> >>  that
> >>  might give me a complete picture in one place. However I need some
> >>  clarifications as I might have forgotten to document certain steps or
> >>  certain steps I did turn out to be not necessary in the end. It will be
> >>  great if experts here can help me get the things straight.
> >> 
> >> 
> >>  My setup is like:
> >> 
> >>  Browser (firefox 24.2 on RHEL6) ------------ ovirt-engine (3.3.2)
> >>  ------------ ovirt-node (3.0.3)
> >> 
> >>  No direct network connectivity from the browser machine to the node
> > machine.
> >> 
> >>  These are the major things I installed for spice-proxy to work:
> >> 
> >>      * On ovirt-engine:
> >>         yum install spice-gtk, virt-viewer, spice-xpi
> > These components are client components (what you call Browser machine).
> >>         yum-install squid
> >>        /etc/squid/squid.conf updates:
> >>      acl localhost src <browser IP addr>
> >>          #http_access deny CONNECT !SSL_ports
> > I would rather allow CONNECT to specific Spice ports only 5634-6166:
> > acl Spice_ports port 5634-6166
> > http_access denny CONNECT !Spice_ports
> >>          http_access deny !Safe_ports
> >>          http_port 3128
> >>      
> >>         service squid restart
> >>         make sure iptables allow 3128
> >> 
> >>         engine-config -s SpiceProxyDefault=
> > http://<ovirt-engine-IP>:3128
> >>         service ovirt-engine restart
> >>     
> >>     *  On browser machine running firefox 24.2.0 on RHEL6 for running
> > browser
> >>     console plugin client
> >>        yum install spice-xpi.
> > spice-xpi should bring its dependencies virt-viewer -> spice-gtk -> etc.
> > but If you do not wish to use the plugin launch type, you may install only
> > virt-viewer (without spice-xpi) and use what I guess is called "Native
> > client" launch type.
> >>        make sure VM's console option is set to SPICE
> >>        
> >>  Are the above steps reasonable? any missing or redundant?
> > Seems fine, just no need the client packages on the engine.
> >> 
> >>  Additional questions:
> >> 
> >>  1. Will spice-proxy work with the Spice HTML5 client in the browser?
> > Probably, but you would need to set the websocket proxy which is part of
> > installation steps for engine as well (I believe).
> >>  2. Is the spice-proxy architecture diagram like:  browser --------- squid
> >>  proxy - spice-proxy ---------------------- VM
> > Browser plugin spice-xpi invokes start of Spice client (virt-viewer) which
> > makes
> > CONNECT to Host machine (where the VM is hosted) through the HTTP proxy (in
> > your
> > case squid).
> > Client machine ---> Squid ---> Host (where the VM is hosted).
> >>  3. I didn't explicitly install any certs for the squid proxy. Is it
> >>  automatically taken care of?
> > No, no authentication to Squid is supported with Spice now. So If It is
> > publicly
> > visible proxy It's important to set careful proxy rules.
> >> 
> >> 
> >>  References:
> >> 
> >>  http://www.ovirt.org/Console_Client_Resources
> >> 
> >>  http://www.ovirt.org/Features/Spice_Proxy
> >> 
> >> 
> > https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/pdf/Installation_Guide/Red_Hat_Enterprise_Virtualization-3.3-Installation_Guide-en-US.pdf
> >> 
> >> 
> >>  Thanks.
> >> 
> >>  David
> >> 
> >>  _______________________________________________
> >>  Users mailing list
> >>  Users at ovirt.org
> >>  http://lists.ovirt.org/mailman/listinfo/users
> >> 
> >
>

More information about the Users mailing list