[ovirt-users] Guest VM Console Creation/Access using REST API and noVNC

Shanil S xielesshanil at gmail.com
Fri Jul 25 05:13:10 UTC 2014


Hi Bob,

We require the VM control through our portal and our requirement is to give
access to the console from our portal. Our portal is also will be doing
some other vm functions like listing vm,start vm,stop vm etc and other
operations using the REST Api that you provided.

-- 
Regards
Shanil


On Fri, Jul 25, 2014 at 10:15 AM, Bob Doolittle <bob at doolittle.us.com>
wrote:

> You have only mentioned console access. Do you really need the
> Administrative Portal or could you live with the User Portal? Do you need
> VM control through your portal, or only consoles? What is your use scenario?
>
> -Bob
> On Jul 25, 2014 12:33 AM, "Punit Dambiwal" <hypunit at gmail.com> wrote:
>
>> Hi Dan,
>>
>> We require the VM console which provide html5 console...please let me
>> know can we achieve html5 with the spice..if yes how to integrate it with
>> API and our own portal...??
>>
>>
>> On Fri, Jul 25, 2014 at 6:31 AM, Itamar Heim <iheim at redhat.com> wrote:
>>
>>> On 07/24/2014 02:43 PM, Frantisek Kobzik wrote:
>>>
>>>> Hello Punit,
>>>>
>>>> this wouldn't be so straightforward. The data that goes from noVNC
>>>> client to websocket proxy must be digitally signed. In engine, we use
>>>> SignString query for that. There are 2 possibilities to create such
>>>> signatures:
>>>> 1, Expose SignString via rest api, or
>>>>
>>>
>>> this means its a gap we need to close in any case to allow moving the
>>> portals to work over the REST API?
>>>
>>>
>>>  2, implement this signing mechanism from scratch (for that the "signing
>>>> machine" would have to posses private key for signing ovirt-websocket-proxy
>>>> tickets, which I don't like).
>>>>
>>>> This is just first idea on how we could do it. Let me think about it a
>>>> little bit longer, I'll try to ask around and maybe we'll come up with
>>>> something better.
>>>>
>>>> Thanks,
>>>> Franta.
>>>>
>>>> ----- Original Message -----
>>>> From: "Punit Dambiwal" <hypunit at gmail.com>
>>>> To: "Shanil S" <xielesshanil at gmail.com>, "Dan Kenigsberg" <
>>>> danken at redhat.com>, ahadas at redhat.com, "Sven Kieske" <
>>>> S.Kieske at mittwald.de>, "Antoni Segura Puimedon" <asegurap at redhat.com>,
>>>> "Itamar Heim" <iheim at redhat.com>
>>>> Cc: "Michal Skrivanek" <michal.skrivanek at redhat.com>, "Frantisek
>>>> Kobzik" <fkobzik at redhat.com>, users at ovirt.org
>>>> Sent: Thursday, July 24, 2014 6:50:02 AM
>>>> Subject: Re: [ovirt-users] Guest VM Console Creation/Access using REST
>>>> API and noVNC
>>>>
>>>> Hi All,
>>>>
>>>> Is there any body in the community...who can help us to resolve this
>>>> issue...
>>>>
>>>> 1. We are using Ovirt 3.4.3 and we are able to access the console from
>>>> the
>>>> ovirt panel.
>>>> 2. We don't want to use the ovirt engine portal for the webUI, we want
>>>> to
>>>> use our own portal for user interface.
>>>> 3. Webbsocket proxy Installed on the same sever where ovirt engine
>>>> installed.
>>>> 4. We want to access the VM console from our portal,which is different
>>>> from
>>>> this Ovirt cluster.
>>>> 5. We already allowed our portal server Ip address in the engine as
>>>> well as
>>>> all the hypervisior servers.....also selinux on all the servers are
>>>> disabled mode.
>>>> 6. Display network is on the ovirtmgmt network and the same network we
>>>> are
>>>> using to get the VM console....
>>>> 7. We are able to create the ticket and with the help of the ticket
>>>> details,when we try to access the VM console through our portal it
>>>> failed
>>>> with the following error (Failed to connect to server (code: 1006)).
>>>> 8. Same time we can access the console from any vnc client,which is
>>>> installed on my local system,but through browser with novnc it through
>>>> error.
>>>> 9. We found that there is no direct api function to create console, so
>>>> how
>>>> we can create console using our own portal and how we can achieve this
>>>> ??
>>>> 10. If it's not possible then is there any workaround for the same...
>>>>
>>>> Our whole project just stuck because of this issue...please help us so
>>>> we
>>>> can go ahead with Ovirt....
>>>>
>>>> Thanks,
>>>> Punit
>>>>
>>>>
>>>>
>>>> On Wed, Jul 23, 2014 at 1:00 PM, Shanil S <xielesshanil at gmail.com>
>>>> wrote:
>>>>
>>>>  Hi Michal,
>>>>>
>>>>> We are using 3.4.3 and we are able to access the console from the ovirt
>>>>> panel. We don't want to use the ovirt engine portal for the webUI, we
>>>>> want
>>>>> to use our own portal for user interface. We have installed websocket
>>>>> proxy
>>>>> on the ovirt engine server and now we want to access the VM console
>>>>> from
>>>>> our portal. How we can achieve this ? it is found that there is no
>>>>> direct
>>>>> api function to create console, so how we can create console using our
>>>>> own
>>>>> portal ?
>>>>>
>>>>>
>>>>> --
>>>>> Regards
>>>>> Shanil
>>>>>
>>>>>
>>>>> On Tue, Jul 22, 2014 at 7:15 PM, Michal Skrivanek <
>>>>> michal.skrivanek at redhat.com> wrote:
>>>>>
>>>>>
>>>>>> On Jul 22, 2014, at 13:34 , Shanil S <xielesshanil at gmail.com> wrote:
>>>>>>
>>>>>>  Hi Michal,
>>>>>>>
>>>>>>> Thanks for your updates.
>>>>>>>
>>>>>>> I am unable to view the above post
>>>>>>>
>>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=838468 and getting an
>>>>>> access
>>>>>> denied error. I don't have the login to this, could you please paste
>>>>>> the
>>>>>> content here ?
>>>>>>
>>>>>> should be fixed now, sorry. try again
>>>>>> NoVncImpl.java in review 13931 should explain some things… (or Franta
>>>>>> can, if something's not clear:-)
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards
>>>>>>> Shanil
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 22, 2014 at 12:53 PM, Michal Skrivanek <
>>>>>>>
>>>>>> michal.skrivanek at redhat.com> wrote:
>>>>>>
>>>>>>>
>>>>>>> On 22 Jul 2014, at 09:02, Punit Dambiwal wrote:
>>>>>>>
>>>>>>>  Hi Michal,
>>>>>>>>
>>>>>>>> We want to access vm console by using noVNC and Rest api. We are
>>>>>>>> using
>>>>>>>>
>>>>>>> websocket proxy on the same machine where engine runs and we try to
>>>>>> get the
>>>>>> console access from the another server that is outside from this
>>>>>> cluster.
>>>>>>
>>>>>>>
>>>>>>>> But when we try to connect the vnc_auto.html from the server using
>>>>>>>>
>>>>>>> host ip, port and the password which we get from the ticket
>>>>>> creation… it
>>>>>> shows a Failed to connect to server (code: 1006).
>>>>>>
>>>>>>>
>>>>>>> Hi Punit,
>>>>>>> did you read about the modification we did for the noVNC package?
>>>>>>>
>>>>>> http://www.ovirt.org/Features/noVNC_console
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> The following are the codes which we use to create the ticket…
>>>>>>>>
>>>>>>> host,port and the password will get from the ticket and with the same
>>>>>> details (host,port & password) we are able to connect the console
>>>>>> using the
>>>>>> vnc clients(TigerVNC etc.)
>>>>>>
>>>>>>>
>>>>>>> you mean the "ticket" call? that returns you the direct connection
>>>>>>>
>>>>>> information
>>>>>>
>>>>>>> but you want to connect to websocket proxy(to engine:6100 indeed) and
>>>>>>>
>>>>>> pass the above information as an signed encoded url path (where to
>>>>>> connect
>>>>>> to from proxy)
>>>>>>
>>>>>>> check https://bugzilla.redhat.com/show_bug.cgi?id=838468 and
>>>>>>>
>>>>>> associated patches to see how it is being encoded
>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> michal
>>>>>>>
>>>>>>>
>>>>>>>> try {
>>>>>>>>                  var host = WebUtil.getQueryVar('host', '<?php echo
>>>>>>>>
>>>>>>> $host?>');
>>>>>>
>>>>>>>                  var port = WebUtil.getQueryVar('port', '<?php echo
>>>>>>>>
>>>>>>> $port?>');
>>>>>>
>>>>>>>    var path = WebUtil.getQueryVar('path', 'websockify');
>>>>>>>>
>>>>>>>>    var password = '<?php echo $password?>';
>>>>>>>>
>>>>>>>>          if ((!host) || (!port)) {
>>>>>>>>                      updateState('failed',
>>>>>>>>                          "Must specify host and port in URL");
>>>>>>>>                      return;
>>>>>>>>                  }
>>>>>>>>
>>>>>>>>                  rfb = new RFB({'target':       $D('noVNC_canvas'),
>>>>>>>>                             'encrypt':
>>>>>>>>
>>>>>>>   WebUtil.getQueryVar('encrypt',
>>>>>>
>>>>>>>
>>>>>>>>       (window.location.protocol === "https:")),
>>>>>>>>                             'true_color':
>>>>>>>>
>>>>>>> WebUtil.getQueryVar('true_color', true),
>>>>>>
>>>>>>>                             'local_cursor':
>>>>>>>>
>>>>>>> WebUtil.getQueryVar('cursor', true),
>>>>>>
>>>>>>>                             'shared':
>>>>>>>>
>>>>>>> WebUtil.getQueryVar('shared', true),
>>>>>>
>>>>>>>                             'view_only':
>>>>>>>>
>>>>>>>   WebUtil.getQueryVar('view_only', false),
>>>>>>
>>>>>>>                             'updateState':  updateState,
>>>>>>>>                             'onPasswordRequired':
>>>>>>>>  passwordRequired});
>>>>>>>>                             rfb.connect(host, port, password, path);
>>>>>>>>              }catch(e) {alert(e);
>>>>>>>>
>>>>>>>>
>>>>>>>> Could you please check if there any issues with it and guide me how
>>>>>>>> to
>>>>>>>>
>>>>>>> get rid of this failed to connect error?
>>>>>>
>>>>>>>
>>>>>>>> I have attached the screen shots for further reference…
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Punit
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Jul 22, 2014 at 2:54 PM, Shanil S <xielesshanil at gmail.com>
>>>>>>>>
>>>>>>> wrote:
>>>>>>
>>>>>>> Hi All,
>>>>>>>>
>>>>>>>> We already updated with the logs and the clear picture about the
>>>>>>>> issue.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards
>>>>>>>> Shanil
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Jul 21, 2014 at 5:54 PM, Michal Skrivanek <
>>>>>>>>
>>>>>>> michal.skrivanek at redhat.com> wrote:
>>>>>>
>>>>>>>
>>>>>>>> On Jul 21, 2014, at 04:33 , Punit Dambiwal <hypunit at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>  Hi All,
>>>>>>>>>
>>>>>>>>> I am still waiting for the updates...is there any one have the clue
>>>>>>>>>
>>>>>>>> to solve this problem.... ???
>>>>>>
>>>>>>>
>>>>>>>> Hi Punit,
>>>>>>>> I'm afraid no one can help you  debug connectivity issues remotely,
>>>>>>>>
>>>>>>> without describing precisely what are you doing and how, and include
>>>>>> all
>>>>>> the logs
>>>>>>
>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> michal
>>>>>>>>
>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Punit
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, Jul 18, 2014 at 12:37 PM, Punit Dambiwal <
>>>>>>>>> hypunit at gmail.com>
>>>>>>>>>
>>>>>>>> wrote:
>>>>>>
>>>>>>> Hi All,
>>>>>>>>>
>>>>>>>>> We are also struggling with the same problem....can anybody mind to
>>>>>>>>>
>>>>>>>> update here the resolution or suggest us the way to get rid of this
>>>>>> "Failed
>>>>>> to connect to server (code: 1006" error.
>>>>>>
>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Punit
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Jul 17, 2014 at 5:20 PM, Shanil S <xielesshanil at gmail.com>
>>>>>>>>>
>>>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> We are waiting for the updates, it will be great if anyone can give
>>>>>>>>>
>>>>>>>> the helpful details.. :)
>>>>>>
>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards
>>>>>>>>> Shanil
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Jul 17, 2014 at 10:23 AM, Shanil S <xielesshanil at gmail.com
>>>>>>>>> >
>>>>>>>>>
>>>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> we have enabled our portal ip address on the engine and hosts
>>>>>>>>>
>>>>>>>> firewall but still the connection failed. so there should be no
>>>>>> firewall
>>>>>> issues.
>>>>>>
>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards
>>>>>>>>> Shanil
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Jul 16, 2014 at 3:26 PM, Shanil S <xielesshanil at gmail.com>
>>>>>>>>>
>>>>>>>> wrote:
>>>>>>
>>>>>>> Hi Sven,
>>>>>>>>>
>>>>>>>>> Regarding the ticket "path", Is it the direct combination of host
>>>>>>>>>
>>>>>>>> and port ? suppose if the host is 1.2.3.4 and the port is 5100 then
>>>>>> what
>>>>>> should be the "path" value ? Is there encryption needs here ?
>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>>>  so you have access from the browser to the websocket-proxy,
>>>>>>>>>>> network
>>>>>>>>>>>
>>>>>>>>>> wise? can you ping the proxy?
>>>>>>>>> and the websocket proxy can reach the host where the vm runs?
>>>>>>>>>
>>>>>>>>>   yes.. there should be no firewall issue as we can access the
>>>>>>>>>
>>>>>>>> console from ovirt engine portal
>>>>>>
>>>>>>>
>>>>>>>>>   Do we need to allow our own portal ip address in the ovirt engine
>>>>>>>>>
>>>>>>>> and hypervisiors also ???
>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards
>>>>>>>>> Shanil
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Jul 16, 2014 at 3:13 PM, Sven Kieske <S.Kieske at mittwald.de
>>>>>>>>> >
>>>>>>>>>
>>>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>>> Am 16.07.2014 11:30, schrieb Shanil S:
>>>>>>>>>
>>>>>>>>>> We will get the ticket details like host,port and password from
>>>>>>>>>>
>>>>>>>>> the ticket
>>>>>>
>>>>>>>  api funcion call but didn't get the "path" value. Will it get it
>>>>>>>>>>
>>>>>>>>> from the
>>>>>>
>>>>>>>  ticket details ? i couldn't find out any from the ticket details.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> the "path" is the combination of host and port.
>>>>>>>>>
>>>>>>>>> so you have access from the browser to the websocket-proxy, network
>>>>>>>>> wise? can you ping the proxy?
>>>>>>>>> and the websocket proxy can reach the host where the vm runs?
>>>>>>>>> are you sure there are no firewalls in between?
>>>>>>>>> also you should pay attention on how long your ticket
>>>>>>>>> is valid, you can specify the duration in minutes in your api call.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Mit freundlichen Grüßen / Regards
>>>>>>>>>
>>>>>>>>> Sven Kieske
>>>>>>>>>
>>>>>>>>> Systemadministrator
>>>>>>>>> Mittwald CM Service GmbH & Co. KG
>>>>>>>>> Königsberger Straße 6
>>>>>>>>> 32339 Espelkamp
>>>>>>>>> T: +49-5772-293-100
>>>>>>>>> F: +49-5772-293-333
>>>>>>>>> https://www.mittwald.de
>>>>>>>>> Geschäftsführer: Robert Meyer
>>>>>>>>> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad
>>>>>>>>>
>>>>>>>> Oeynhausen
>>>>>>
>>>>>>> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad
>>>>>>>>>
>>>>>>>> Oeynhausen
>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Users mailing list
>>>>>>>>> Users at ovirt.org
>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Users mailing list
>>>>>>>>> Users at ovirt.org
>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> <screen3 Jul. 15.1.jpg>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140725/f69cbd44/attachment-0001.html>


More information about the Users mailing list