[ovirt-users] Guest VM Console Creation/Access using REST API and noVNC

Punit Dambiwal hypunit at gmail.com
Mon Jul 28 06:40:05 UTC 2014


Hi,

Is there any one have the clue to resolve this problem....it seems no one
did this before ??

Thanks,
Punit


On Fri, Jul 25, 2014 at 1:13 PM, Shanil S <xielesshanil at gmail.com> wrote:

> Hi Bob,
>
> We require the VM control through our portal and our requirement is to
> give access to the console from our portal. Our portal is also will be
> doing some other vm functions like listing vm,start vm,stop vm etc and
> other operations using the REST Api that you provided.
>
> --
> Regards
> Shanil
>
>
> On Fri, Jul 25, 2014 at 10:15 AM, Bob Doolittle <bob at doolittle.us.com>
> wrote:
>
>> You have only mentioned console access. Do you really need the
>> Administrative Portal or could you live with the User Portal? Do you need
>> VM control through your portal, or only consoles? What is your use scenario?
>>
>> -Bob
>> On Jul 25, 2014 12:33 AM, "Punit Dambiwal" <hypunit at gmail.com> wrote:
>>
>>> Hi Dan,
>>>
>>> We require the VM console which provide html5 console...please let me
>>> know can we achieve html5 with the spice..if yes how to integrate it with
>>> API and our own portal...??
>>>
>>>
>>> On Fri, Jul 25, 2014 at 6:31 AM, Itamar Heim <iheim at redhat.com> wrote:
>>>
>>>> On 07/24/2014 02:43 PM, Frantisek Kobzik wrote:
>>>>
>>>>> Hello Punit,
>>>>>
>>>>> this wouldn't be so straightforward. The data that goes from noVNC
>>>>> client to websocket proxy must be digitally signed. In engine, we use
>>>>> SignString query for that. There are 2 possibilities to create such
>>>>> signatures:
>>>>> 1, Expose SignString via rest api, or
>>>>>
>>>>
>>>> this means its a gap we need to close in any case to allow moving the
>>>> portals to work over the REST API?
>>>>
>>>>
>>>>  2, implement this signing mechanism from scratch (for that the
>>>>> "signing machine" would have to posses private key for signing
>>>>> ovirt-websocket-proxy tickets, which I don't like).
>>>>>
>>>>> This is just first idea on how we could do it. Let me think about it a
>>>>> little bit longer, I'll try to ask around and maybe we'll come up with
>>>>> something better.
>>>>>
>>>>> Thanks,
>>>>> Franta.
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Punit Dambiwal" <hypunit at gmail.com>
>>>>> To: "Shanil S" <xielesshanil at gmail.com>, "Dan Kenigsberg" <
>>>>> danken at redhat.com>, ahadas at redhat.com, "Sven Kieske" <
>>>>> S.Kieske at mittwald.de>, "Antoni Segura Puimedon" <asegurap at redhat.com>,
>>>>> "Itamar Heim" <iheim at redhat.com>
>>>>> Cc: "Michal Skrivanek" <michal.skrivanek at redhat.com>, "Frantisek
>>>>> Kobzik" <fkobzik at redhat.com>, users at ovirt.org
>>>>> Sent: Thursday, July 24, 2014 6:50:02 AM
>>>>> Subject: Re: [ovirt-users] Guest VM Console Creation/Access using REST
>>>>> API and noVNC
>>>>>
>>>>> Hi All,
>>>>>
>>>>> Is there any body in the community...who can help us to resolve this
>>>>> issue...
>>>>>
>>>>> 1. We are using Ovirt 3.4.3 and we are able to access the console from
>>>>> the
>>>>> ovirt panel.
>>>>> 2. We don't want to use the ovirt engine portal for the webUI, we want
>>>>> to
>>>>> use our own portal for user interface.
>>>>> 3. Webbsocket proxy Installed on the same sever where ovirt engine
>>>>> installed.
>>>>> 4. We want to access the VM console from our portal,which is different
>>>>> from
>>>>> this Ovirt cluster.
>>>>> 5. We already allowed our portal server Ip address in the engine as
>>>>> well as
>>>>> all the hypervisior servers.....also selinux on all the servers are
>>>>> disabled mode.
>>>>> 6. Display network is on the ovirtmgmt network and the same network we
>>>>> are
>>>>> using to get the VM console....
>>>>> 7. We are able to create the ticket and with the help of the ticket
>>>>> details,when we try to access the VM console through our portal it
>>>>> failed
>>>>> with the following error (Failed to connect to server (code: 1006)).
>>>>> 8. Same time we can access the console from any vnc client,which is
>>>>> installed on my local system,but through browser with novnc it through
>>>>> error.
>>>>> 9. We found that there is no direct api function to create console, so
>>>>> how
>>>>> we can create console using our own portal and how we can achieve this
>>>>> ??
>>>>> 10. If it's not possible then is there any workaround for the same...
>>>>>
>>>>> Our whole project just stuck because of this issue...please help us so
>>>>> we
>>>>> can go ahead with Ovirt....
>>>>>
>>>>> Thanks,
>>>>> Punit
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Jul 23, 2014 at 1:00 PM, Shanil S <xielesshanil at gmail.com>
>>>>> wrote:
>>>>>
>>>>>  Hi Michal,
>>>>>>
>>>>>> We are using 3.4.3 and we are able to access the console from the
>>>>>> ovirt
>>>>>> panel. We don't want to use the ovirt engine portal for the webUI, we
>>>>>> want
>>>>>> to use our own portal for user interface. We have installed websocket
>>>>>> proxy
>>>>>> on the ovirt engine server and now we want to access the VM console
>>>>>> from
>>>>>> our portal. How we can achieve this ? it is found that there is no
>>>>>> direct
>>>>>> api function to create console, so how we can create console using
>>>>>> our own
>>>>>> portal ?
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards
>>>>>> Shanil
>>>>>>
>>>>>>
>>>>>> On Tue, Jul 22, 2014 at 7:15 PM, Michal Skrivanek <
>>>>>> michal.skrivanek at redhat.com> wrote:
>>>>>>
>>>>>>
>>>>>>> On Jul 22, 2014, at 13:34 , Shanil S <xielesshanil at gmail.com> wrote:
>>>>>>>
>>>>>>>  Hi Michal,
>>>>>>>>
>>>>>>>> Thanks for your updates.
>>>>>>>>
>>>>>>>> I am unable to view the above post
>>>>>>>>
>>>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=838468 and getting an
>>>>>>> access
>>>>>>> denied error. I don't have the login to this, could you please paste
>>>>>>> the
>>>>>>> content here ?
>>>>>>>
>>>>>>> should be fixed now, sorry. try again
>>>>>>> NoVncImpl.java in review 13931 should explain some things… (or Franta
>>>>>>> can, if something's not clear:-)
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Regards
>>>>>>>> Shanil
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Jul 22, 2014 at 12:53 PM, Michal Skrivanek <
>>>>>>>>
>>>>>>> michal.skrivanek at redhat.com> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>> On 22 Jul 2014, at 09:02, Punit Dambiwal wrote:
>>>>>>>>
>>>>>>>>  Hi Michal,
>>>>>>>>>
>>>>>>>>> We want to access vm console by using noVNC and Rest api. We are
>>>>>>>>> using
>>>>>>>>>
>>>>>>>> websocket proxy on the same machine where engine runs and we try to
>>>>>>> get the
>>>>>>> console access from the another server that is outside from this
>>>>>>> cluster.
>>>>>>>
>>>>>>>>
>>>>>>>>> But when we try to connect the vnc_auto.html from the server using
>>>>>>>>>
>>>>>>>> host ip, port and the password which we get from the ticket
>>>>>>> creation… it
>>>>>>> shows a Failed to connect to server (code: 1006).
>>>>>>>
>>>>>>>>
>>>>>>>> Hi Punit,
>>>>>>>> did you read about the modification we did for the noVNC package?
>>>>>>>>
>>>>>>> http://www.ovirt.org/Features/noVNC_console
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> The following are the codes which we use to create the ticket…
>>>>>>>>>
>>>>>>>> host,port and the password will get from the ticket and with the
>>>>>>> same
>>>>>>> details (host,port & password) we are able to connect the console
>>>>>>> using the
>>>>>>> vnc clients(TigerVNC etc.)
>>>>>>>
>>>>>>>>
>>>>>>>> you mean the "ticket" call? that returns you the direct connection
>>>>>>>>
>>>>>>> information
>>>>>>>
>>>>>>>> but you want to connect to websocket proxy(to engine:6100 indeed)
>>>>>>>> and
>>>>>>>>
>>>>>>> pass the above information as an signed encoded url path (where to
>>>>>>> connect
>>>>>>> to from proxy)
>>>>>>>
>>>>>>>> check https://bugzilla.redhat.com/show_bug.cgi?id=838468 and
>>>>>>>>
>>>>>>> associated patches to see how it is being encoded
>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> michal
>>>>>>>>
>>>>>>>>
>>>>>>>>> try {
>>>>>>>>>                  var host = WebUtil.getQueryVar('host', '<?php echo
>>>>>>>>>
>>>>>>>> $host?>');
>>>>>>>
>>>>>>>>                  var port = WebUtil.getQueryVar('port', '<?php echo
>>>>>>>>>
>>>>>>>> $port?>');
>>>>>>>
>>>>>>>>    var path = WebUtil.getQueryVar('path', 'websockify');
>>>>>>>>>
>>>>>>>>>    var password = '<?php echo $password?>';
>>>>>>>>>
>>>>>>>>>          if ((!host) || (!port)) {
>>>>>>>>>                      updateState('failed',
>>>>>>>>>                          "Must specify host and port in URL");
>>>>>>>>>                      return;
>>>>>>>>>                  }
>>>>>>>>>
>>>>>>>>>                  rfb = new RFB({'target':       $D('noVNC_canvas'),
>>>>>>>>>                             'encrypt':
>>>>>>>>>
>>>>>>>>   WebUtil.getQueryVar('encrypt',
>>>>>>>
>>>>>>>>
>>>>>>>>>       (window.location.protocol === "https:")),
>>>>>>>>>                             'true_color':
>>>>>>>>>
>>>>>>>> WebUtil.getQueryVar('true_color', true),
>>>>>>>
>>>>>>>>                             'local_cursor':
>>>>>>>>>
>>>>>>>> WebUtil.getQueryVar('cursor', true),
>>>>>>>
>>>>>>>>                             'shared':
>>>>>>>>>
>>>>>>>> WebUtil.getQueryVar('shared', true),
>>>>>>>
>>>>>>>>                             'view_only':
>>>>>>>>>
>>>>>>>>   WebUtil.getQueryVar('view_only', false),
>>>>>>>
>>>>>>>>                             'updateState':  updateState,
>>>>>>>>>                             'onPasswordRequired':
>>>>>>>>>  passwordRequired});
>>>>>>>>>                             rfb.connect(host, port, password,
>>>>>>>>> path);
>>>>>>>>>              }catch(e) {alert(e);
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Could you please check if there any issues with it and guide me
>>>>>>>>> how to
>>>>>>>>>
>>>>>>>> get rid of this failed to connect error?
>>>>>>>
>>>>>>>>
>>>>>>>>> I have attached the screen shots for further reference…
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Punit
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Jul 22, 2014 at 2:54 PM, Shanil S <xielesshanil at gmail.com>
>>>>>>>>>
>>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi All,
>>>>>>>>>
>>>>>>>>> We already updated with the logs and the clear picture about the
>>>>>>>>> issue.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Regards
>>>>>>>>> Shanil
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Jul 21, 2014 at 5:54 PM, Michal Skrivanek <
>>>>>>>>>
>>>>>>>> michal.skrivanek at redhat.com> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>> On Jul 21, 2014, at 04:33 , Punit Dambiwal <hypunit at gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>  Hi All,
>>>>>>>>>>
>>>>>>>>>> I am still waiting for the updates...is there any one have the
>>>>>>>>>> clue
>>>>>>>>>>
>>>>>>>>> to solve this problem.... ???
>>>>>>>
>>>>>>>>
>>>>>>>>> Hi Punit,
>>>>>>>>> I'm afraid no one can help you  debug connectivity issues remotely,
>>>>>>>>>
>>>>>>>> without describing precisely what are you doing and how, and
>>>>>>> include all
>>>>>>> the logs
>>>>>>>
>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> michal
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Punit
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, Jul 18, 2014 at 12:37 PM, Punit Dambiwal <
>>>>>>>>>> hypunit at gmail.com>
>>>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi All,
>>>>>>>>>>
>>>>>>>>>> We are also struggling with the same problem....can anybody mind
>>>>>>>>>> to
>>>>>>>>>>
>>>>>>>>> update here the resolution or suggest us the way to get rid of
>>>>>>> this "Failed
>>>>>>> to connect to server (code: 1006" error.
>>>>>>>
>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Punit
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Jul 17, 2014 at 5:20 PM, Shanil S <xielesshanil at gmail.com
>>>>>>>>>> >
>>>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> We are waiting for the updates, it will be great if anyone can
>>>>>>>>>> give
>>>>>>>>>>
>>>>>>>>> the helpful details.. :)
>>>>>>>
>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards
>>>>>>>>>> Shanil
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Jul 17, 2014 at 10:23 AM, Shanil S <
>>>>>>>>>> xielesshanil at gmail.com>
>>>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> we have enabled our portal ip address on the engine and hosts
>>>>>>>>>>
>>>>>>>>> firewall but still the connection failed. so there should be no
>>>>>>> firewall
>>>>>>> issues.
>>>>>>>
>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards
>>>>>>>>>> Shanil
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Jul 16, 2014 at 3:26 PM, Shanil S <xielesshanil at gmail.com
>>>>>>>>>> >
>>>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Sven,
>>>>>>>>>>
>>>>>>>>>> Regarding the ticket "path", Is it the direct combination of host
>>>>>>>>>>
>>>>>>>>> and port ? suppose if the host is 1.2.3.4 and the port is 5100
>>>>>>> then what
>>>>>>> should be the "path" value ? Is there encryption needs here ?
>>>>>>>
>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>  so you have access from the browser to the websocket-proxy,
>>>>>>>>>>>> network
>>>>>>>>>>>>
>>>>>>>>>>> wise? can you ping the proxy?
>>>>>>>>>> and the websocket proxy can reach the host where the vm runs?
>>>>>>>>>>
>>>>>>>>>>   yes.. there should be no firewall issue as we can access the
>>>>>>>>>>
>>>>>>>>> console from ovirt engine portal
>>>>>>>
>>>>>>>>
>>>>>>>>>>   Do we need to allow our own portal ip address in the ovirt
>>>>>>>>>> engine
>>>>>>>>>>
>>>>>>>>> and hypervisiors also ???
>>>>>>>
>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Regards
>>>>>>>>>> Shanil
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Jul 16, 2014 at 3:13 PM, Sven Kieske <
>>>>>>>>>> S.Kieske at mittwald.de>
>>>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Am 16.07.2014 11:30, schrieb Shanil S:
>>>>>>>>>>
>>>>>>>>>>> We will get the ticket details like host,port and password from
>>>>>>>>>>>
>>>>>>>>>> the ticket
>>>>>>>
>>>>>>>>  api funcion call but didn't get the "path" value. Will it get it
>>>>>>>>>>>
>>>>>>>>>> from the
>>>>>>>
>>>>>>>>  ticket details ? i couldn't find out any from the ticket details.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> the "path" is the combination of host and port.
>>>>>>>>>>
>>>>>>>>>> so you have access from the browser to the websocket-proxy,
>>>>>>>>>> network
>>>>>>>>>> wise? can you ping the proxy?
>>>>>>>>>> and the websocket proxy can reach the host where the vm runs?
>>>>>>>>>> are you sure there are no firewalls in between?
>>>>>>>>>> also you should pay attention on how long your ticket
>>>>>>>>>> is valid, you can specify the duration in minutes in your api
>>>>>>>>>> call.
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Mit freundlichen Grüßen / Regards
>>>>>>>>>>
>>>>>>>>>> Sven Kieske
>>>>>>>>>>
>>>>>>>>>> Systemadministrator
>>>>>>>>>> Mittwald CM Service GmbH & Co. KG
>>>>>>>>>> Königsberger Straße 6
>>>>>>>>>> 32339 Espelkamp
>>>>>>>>>> T: +49-5772-293-100
>>>>>>>>>> F: +49-5772-293-333
>>>>>>>>>> https://www.mittwald.de
>>>>>>>>>> Geschäftsführer: Robert Meyer
>>>>>>>>>> St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad
>>>>>>>>>>
>>>>>>>>> Oeynhausen
>>>>>>>
>>>>>>>> Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad
>>>>>>>>>>
>>>>>>>>> Oeynhausen
>>>>>>>
>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Users mailing list
>>>>>>>>>> Users at ovirt.org
>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Users mailing list
>>>>>>>>>> Users at ovirt.org
>>>>>>>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> <screen3 Jul. 15.1.jpg>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at ovirt.org
>>> http://lists.ovirt.org/mailman/listinfo/users
>>>
>>>
>> _______________________________________________
>> Users mailing list
>> Users at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20140728/e72ffb67/attachment-0001.html>


More information about the Users mailing list