[ovirt-users] Spice Client Connection Issues Using aSpice
Tomas Jelinek
tjelinek at redhat.com
Mon Feb 19 10:19:04 UTC 2018
On Sun, Feb 18, 2018 at 5:32 PM, Jeremy Tourville <
Jeremy_Tourville at hotmail.com> wrote:
> Hello,
>
> I am having trouble connecting to my guest vm (Kali Linux) which is
> running spice. My engine is running version: 4.2.1.7-1.el7.centos.
>
> I am using oVirt Node as my host running version: 4.2.1.1.
>
>
> I have taken the following steps to try and get everything running
> properly.
>
> 1. Download the root CA certificate https://
> ovirtengine.lan/ovirt-engine/services/pki-resource?
> resource=ca-certificate&format=X509-PEM-CA
> <https://ovirtengine.lan/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA>
> 2. Edit the vm and define the graphical console entries. Video type
> is set to QXL, Graphics protocol is spice, USB support is enabled.
> 3. Install the guest agent in Debian per the instructions here -
> https://www.ovirt.org/documentation/how-to/guest-
> agent/install-the-guest-agent-in-debian/
> <https://www.ovirt.org/documentation/how-to/guest-agent/install-the-guest-agent-in-debian/>
> It is my understanding that installing the guest agent will also install
> the virt IO device drivers.
> 4. Install the spice-vdagent per the instructions here -
> https://www.ovirt.org/documentation/how-to/guest-
> agent/install-the-spice-guest-agent/
> <https://www.ovirt.org/documentation/how-to/guest-agent/install-the-spice-guest-agent/>
> 5. On the aSpice client I have imported the CA certficate from step 1
> above. I defined the connection using the IP of my Node and TLS port 5901.
>
>
are you really using aSPICE client (e.g. the android SPICE client?). If
yes, maybe you want to try to open it using moVirt (
https://play.google.com/store/apps/details?id=org.ovirt.mobile.movirt&hl=en)
which delegates the console to aSPICE but configures everything including
the certificates on it. Should be much simpler than configuring it by hand..
>
> To troubleshoot my connection issues I confirmed the port being used to
> listen.
> virsh # domdisplay Kali
> spice://172.30.42.12?tls-port=5901
>
> I see the following when attempting to connect.
> tail -f /var/log/libvirt/qemu/Kali.log
>
> 140400191081600:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert
> internal error:s3_pkt.c:1493:SSL alert number 80
> ((null):27595): Spice-Warning **: reds_stream.c:379:reds_stream_ssl_accept:
> SSL_accept failed, error=1
>
> I came across some documentation that states in the caveat section "Certificate
> of spice SSL should be separate certificate."
> https://www.ovirt.org/develop/release-management/features/infra/pki/
>
> Is this still the case for version 4? The document references version 3.2
> and 3.3. If so, how do I generate a new certificate for use with spice?
> Please let me know if you require further info to troubleshoot, I am happy
> to provide it. Many thanks in advance.
> <https://www.ovirt.org/develop/release-management/features/infra/pki/>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180219/fb491e75/attachment.html>
More information about the Users
mailing list