Re: [ovirt-users] [Spice-devel] USB redirection
- Original Message - From: René Koch rk...@linuxland.at To: Christophe Fergeau cferg...@redhat.com Cc: spice-devel spice-de...@lists.freedesktop.org, Users@ovirt.org Sent: Tuesday, June 3, 2014 12:10:42 PM Subject: Re: [Spice-devel] [ovirt-users] USB redirection On 06/03/2014 11:53 AM, Christophe Fergeau wrote: On Tue, Jun 03, 2014 at 10:58:55AM +0200, René Koch wrote: Btw, I also figured out that Fedora 20 (the client) blocks USB redirection if you have SELinux on enforcing - setting it to permissive works. I don't think this is intentional. Can you report it on bugzilla.redhat.com if this is happening on an up-to-date f20? Done: https://bugzilla.redhat.com/show_bug.cgi?id=1104110 Rene, What's the value of mozilla_plugin_use_spice sebool - getsebool mozilla_plugin_use_spice? Make it on if it's off - setsebool -P mozilla_plugin_use_spice on If This is the problem It should be solved in selinux-policy-3.12.1-116.fc20 (https://bugzilla.redhat.com/show_bug.cgi?id=1049491) Christophe ___ Spice-devel mailing list spice-de...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] [Spice-devel] USB redirection
- Original Message - From: René Koch rk...@linuxland.at To: Marian Krcmarik mkrcm...@redhat.com Cc: Christophe Fergeau cferg...@redhat.com, spice-devel spice-de...@lists.freedesktop.org, Users@ovirt.org Sent: Tuesday, June 3, 2014 1:56:36 PM Subject: Re: [Spice-devel] [ovirt-users] USB redirection On 06/03/2014 12:47 PM, Marian Krcmarik wrote: - Original Message - From: René Koch rk...@linuxland.at To: Christophe Fergeau cferg...@redhat.com Cc: spice-devel spice-de...@lists.freedesktop.org, Users@ovirt.org Sent: Tuesday, June 3, 2014 12:10:42 PM Subject: Re: [Spice-devel] [ovirt-users] USB redirection On 06/03/2014 11:53 AM, Christophe Fergeau wrote: On Tue, Jun 03, 2014 at 10:58:55AM +0200, René Koch wrote: Btw, I also figured out that Fedora 20 (the client) blocks USB redirection if you have SELinux on enforcing - setting it to permissive works. I don't think this is intentional. Can you report it on bugzilla.redhat.com if this is happening on an up-to-date f20? Done: https://bugzilla.redhat.com/show_bug.cgi?id=1104110 Rene, What's the value of mozilla_plugin_use_spice sebool - getsebool mozilla_plugin_use_spice? Make it on if it's off - setsebool -P mozilla_plugin_use_spice on If This is the problem It should be solved in selinux-policy-3.12.1-116.fc20 (https://bugzilla.redhat.com/show_bug.cgi?id=1049491) It's off. Setting it to on did solve the issue. I have selinux-policy-3.12.1-166.fc20.noarch installed. Is it intended that the boolean is still off? I'm not aware of the SELinux update policy if activating booleans is allowed or not. For this issue it would be good, but on the other hand if I change it manually (for whatever reason) I wouldn't want it to be changed by the package... The policy is to keep the currently set value - the value is not being reset to the new default when updating the selinux policy (as you assumed). So if you did update It should be still off. Christophe ___ Spice-devel mailing list spice-de...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] Notes on setting up spice-proxy console option
- Original Message - From: David Li david...@sbcglobal.net To: Marian Krcmarik mkrcm...@redhat.com Cc: users@ovirt.org Sent: Tuesday, January 28, 2014 10:37:18 PM Subject: Re: [Users] Notes on setting up spice-proxy console option Hi Marian, Thanks a lot for the clarification! Another question: In my spice-xpi console window, I can't get out of it by SHIFT+F12. Should I use something else? It should work, You mentioned you used RHEL/CentOS 6.5 as the client (what you call Browser) machine, In that case Can you edit /etc/spice/logger.ini file and change in the line log4j.rootCategory=INFO, R INFO to DEBUG? Restart Firefox, make connection to the VM and check ~/.spicec/spice-xpi.log file for line DEBUG nsPluginInstance::SetHotKeys: release-cursor=shift+f12,toggle-fullscreen=shift+f11 (looking for value of release-cursor). If the value is not shift+f12, can you check value of SpiceReleaseCursorKeys on the engine with using ovirt-config tool? If the value is shift-f12, can you run on the VM, xev tool and check what keys It can see pressed when pressing shift-f12 combo? David - Original Message - From: Marian Krcmarik mkrcm...@redhat.com To: David Li david...@sbcglobal.net Cc: users@ovirt.org Sent: Tuesday, January 28, 2014 11:14 AM Subject: Re: [Users] Notes on setting spice-proxy console option - Original Message - From: David Li david...@sbcglobal.net To: users@ovirt.org Cc: david li david...@sbcglobal.net Sent: Tuesday, January 28, 2014 7:41:26 PM Subject: [Users] Notes on setting spice-proxy console option Hi, I have struggled quite a bit to get it up and running. Over the time, I have accumulated some notes on various things I did so to share with everyone who is interested in doing this. This complements the online doc in a way that might give me a complete picture in one place. However I need some clarifications as I might have forgotten to document certain steps or certain steps I did turn out to be not necessary in the end. It will be great if experts here can help me get the things straight. My setup is like: Browser (firefox 24.2 on RHEL6) ovirt-engine (3.3.2) ovirt-node (3.0.3) No direct network connectivity from the browser machine to the node machine. These are the major things I installed for spice-proxy to work: * On ovirt-engine: yum install spice-gtk, virt-viewer, spice-xpi These components are client components (what you call Browser machine). yum-install squid /etc/squid/squid.conf updates: acl localhost src browser IP addr #http_access deny CONNECT !SSL_ports I would rather allow CONNECT to specific Spice ports only 5634-6166: acl Spice_ports port 5634-6166 http_access denny CONNECT !Spice_ports http_access deny !Safe_ports http_port 3128 service squid restart make sure iptables allow 3128 engine-config -s SpiceProxyDefault= http://ovirt-engine-IP:3128 service ovirt-engine restart * On browser machine running firefox 24.2.0 on RHEL6 for running browser console plugin client yum install spice-xpi. spice-xpi should bring its dependencies virt-viewer - spice-gtk - etc. but If you do not wish to use the plugin launch type, you may install only virt-viewer (without spice-xpi) and use what I guess is called Native client launch type. make sure VM's console option is set to SPICE Are the above steps reasonable? any missing or redundant? Seems fine, just no need the client packages on the engine. Additional questions: 1. Will spice-proxy work with the Spice HTML5 client in the browser? Probably, but you would need to set the websocket proxy which is part of installation steps for engine as well (I believe). 2. Is the spice-proxy architecture diagram like: browser - squid proxy - spice-proxy -- VM Browser plugin spice-xpi invokes start of Spice client (virt-viewer) which makes CONNECT to Host machine (where the VM is hosted) through the HTTP proxy (in your case squid). Client machine --- Squid --- Host (where the VM is hosted). 3. I didn't explicitly install any certs for the squid proxy. Is it automatically taken care of? No, no authentication to Squid is supported with Spice now. So If It is publicly visible proxy It's important to set careful proxy rules. References: http://www.ovirt.org/Console_Client_Resources http://www.ovirt.org/Features/Spice_Proxy https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/pdf/Installation_Guide/Red_Hat_Enterprise_Virtualization-3.3-Installation_Guide-en-US.pdf Thanks. David
Re: [Users] Notes on setting spice-proxy console option
- Original Message - From: David Li david...@sbcglobal.net To: users@ovirt.org Cc: david li david...@sbcglobal.net Sent: Tuesday, January 28, 2014 7:41:26 PM Subject: [Users] Notes on setting spice-proxy console option Hi, I have struggled quite a bit to get it up and running. Over the time, I have accumulated some notes on various things I did so to share with everyone who is interested in doing this. This complements the online doc in a way that might give me a complete picture in one place. However I need some clarifications as I might have forgotten to document certain steps or certain steps I did turn out to be not necessary in the end. It will be great if experts here can help me get the things straight. My setup is like: Browser (firefox 24.2 on RHEL6) ovirt-engine (3.3.2) ovirt-node (3.0.3) No direct network connectivity from the browser machine to the node machine. These are the major things I installed for spice-proxy to work: * On ovirt-engine: yum install spice-gtk, virt-viewer, spice-xpi These components are client components (what you call Browser machine). yum-install squid /etc/squid/squid.conf updates: acl localhost src browser IP addr #http_access deny CONNECT !SSL_ports I would rather allow CONNECT to specific Spice ports only 5634-6166: acl Spice_ports port 5634-6166 http_access denny CONNECT !Spice_ports http_access deny !Safe_ports http_port 3128 service squid restart make sure iptables allow 3128 engine-config -s SpiceProxyDefault= http://ovirt-engine-IP:3128 service ovirt-engine restart * On browser machine running firefox 24.2.0 on RHEL6 for running browser console plugin client yum install spice-xpi. spice-xpi should bring its dependencies virt-viewer - spice-gtk - etc. but If you do not wish to use the plugin launch type, you may install only virt-viewer (without spice-xpi) and use what I guess is called Native client launch type. make sure VM's console option is set to SPICE Are the above steps reasonable? any missing or redundant? Seems fine, just no need the client packages on the engine. Additional questions: 1. Will spice-proxy work with the Spice HTML5 client in the browser? Probably, but you would need to set the websocket proxy which is part of installation steps for engine as well (I believe). 2. Is the spice-proxy architecture diagram like: browser - squid proxy - spice-proxy -- VM Browser plugin spice-xpi invokes start of Spice client (virt-viewer) which makes CONNECT to Host machine (where the VM is hosted) through the HTTP proxy (in your case squid). Client machine --- Squid --- Host (where the VM is hosted). 3. I didn't explicitly install any certs for the squid proxy. Is it automatically taken care of? No, no authentication to Squid is supported with Spice now. So If It is publicly visible proxy It's important to set careful proxy rules. References: http://www.ovirt.org/Console_Client_Resources http://www.ovirt.org/Features/Spice_Proxy https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/pdf/Installation_Guide/Red_Hat_Enterprise_Virtualization-3.3-Installation_Guide-en-US.pdf Thanks. David ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [Users] spice: Warning: failed to connect: Connection refused (111)
- Original Message - From: Eric Yao e...@erickate.idv.tw To: Andrew Cathrow acath...@redhat.com Cc: Eric Yao e...@erickate.idv.tw, Alon Levy al...@redhat.com, users@ovirt.org, Arnon Gilboa agil...@redhat.com Sent: Wednesday, June 6, 2012 2:18:07 AM Subject: Re: [Users] spice: Warning: failed to connect: Connection refused (111) Hi All Thanks for your help, I found the issues, looks I have to reboot my ovirt-node after setup completed and disabled /etc/selinux/config, as I remember onde should restart with automatically once node got approve from ovirt-mamange, not sure why my PC doesn't, thanks for your time. Assuming this bug https://bugzilla.redhat.com/show_bug.cgi?id=827864 was reported by you and was related to this issue, can you close it then? Thanks. 1. Install VDSM and bridge Interface 2. wget http://ovirt.org/releases/stable/ovirt-engine.repo -O /etc/yum.repos.d/ovirtengine.repo 3. yum remove classpathx-jaf 4. yum upgrade 5. yum install ovirt-engine 6. install ovirt-node and connected to ovirt-manage 7. disabled /etc/selinux/config reboot ovirt-node 8. Data Center / Cluster / VM are running on NFS and brough up. 引文 誰=Andrew Cathrow Bugzilla isn't a support tool, and even if it was there is NO information in the BZ - logs, etc. Eric, please can you answer my questions below. - Original Message - From: Doron Fediuck dfedi...@redhat.com To: Andrew Cathrow acath...@redhat.com Cc: Haim Ateya hat...@redhat.com, Alon Levy al...@redhat.com, users@ovirt.org, Arnon Gilboa agil...@redhat.com, Eric Yao e...@erickate.idv.tw Sent: Tuesday, June 5, 2012 1:59:41 AM Subject: Re: [Users] spice: Warning: failed to connect: Connection refused (111) Seems like this is already reported: https://bugzilla.redhat.com/show_bug.cgi?id=827864 On 05/06/12 06:33, Andrew Cathrow wrote: Are we sure that the client can resolve the hostname of the hypervisor that's running the VM and that the hypervisor has the right ports open? - Original Message - From: Haim Ateya hat...@redhat.com To: Eric Yao e...@erickate.idv.tw, Alon Levy al...@redhat.com, Arnon Gilboa agil...@redhat.com Cc: users@ovirt.org Sent: Monday, June 4, 2012 11:08:10 PM Subject: Re: [Users] spice: Warning: failed to connect: Connection refused (111) Arnon\Alon, How shall we proceed with debugging this issue? Haim On Jun 5, 2012, at 4:06, Eric Yao e...@erickate.idv.tw wrote: Hi There I got error same as subject when I lunch console on ovirt-webpage. even I follow the below documentation but still not workable. http://www.ovirt.org/w/images/a/a9/OVirt-3.0-Installation_Guide-en-US.pdf and I checked the /var/log/messages got below log, could you help to check and advise? becuase I really interesting in Linux virtualization. Jun 4 11:11:55 rhevm spice: starting spicec --controller ... Jun 4 11:11:55 rhevm spice: XDG_VTNR=2 Jun 4 11:11:55 rhevm spice: ORBIT_SOCKETDIR=/tmp/orbit-eric Jun 4 11:11:55 rhevm spice: XSUNTRANSPORT=shmem Jun 4 11:11:55 rhevm spice: XDG_SESSION_ID=3 Jun 4 11:11:55 rhevm spice: HOSTNAME=rhevm.erickate.idv.tw Jun 4 11:11:55 rhevm spice: GIO_LAUNCHED_DESKTOP_FILE_PID=32603 Jun 4 11:11:55 rhevm spice: IMSETTINGS_INTEGRATE_DESKTOP=yes Jun 4 11:11:55 rhevm spice: GPG_AGENT_INFO=/tmp/keyring-NFMZzQ/gpg:0:1 Jun 4 11:11:55 rhevm spice: TERM=dumb Jun 4 11:11:55 rhevm spice: SHELL=/bin/bash Jun 4 11:11:55 rhevm spice: XDG_SESSION_COOKIE=f523a941917cf33b7a6a4c39000a-1338814582.742987-427970052 Jun 4 11:11:55 rhevm spice: HISTSIZE=1000 Jun 4 11:11:55 rhevm spice: XRE_PROFILE_NAME= Jun 4 11:11:55 rhevm spice: GJS_DEBUG_OUTPUT=stderr Jun 4 11:11:55 rhevm spice: GNOME_KEYRING_CONTROL=/tmp/keyring-NFMZzQ Jun 4 11:11:55 rhevm spice: GJS_DEBUG_TOPICS=JS ERROR;JS LOG Jun 4 11:11:55 rhevm spice: MOZILLA_FIVE_HOME=/usr/lib64/firefox Jun 4 11:11:55 rhevm spice: IMSETTINGS_MODULE=none Jun 4 11:11:55 rhevm spice: XRE_PROFILE_LOCAL_PATH= Jun 4 11:11:55 rhevm spice: USER=eric Jun 4 11:11:55 rhevm spice: XRE_START_OFFLINE= Jun 4 11:11:55 rhevm spice: LD_LIBRARY_PATH=/usr/lib64/xulrunner-2:/usr/lib64/firefox:/usr/lib64/firefox/plugins:/usr/lib64/firefox Jun 4 11:11:55 rhevm spice: SSH_AUTH_SOCK=/tmp/keyring-NFMZzQ/ssh Jun 4 11:11:55 rhevm spice: GNOME_DISABLE_CRASH_DIALOG=1 Jun 4 11:11:55 rhevm spice: SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1434,unix/unix:/tmp/.ICE-unix/1434 Jun 4 11:11:55 rhevm spice: USERNAME=eric Jun 4 11:11:55 rhevm spice: LIBPATH=/usr/lib64/firefox:/usr/lib64/firefox Jun 4 11:11:55 rhevm spice: MOZ_APP_LAUNCHER=/usr/bin/firefox Jun 4 11:11:55 rhevm spice: MOZ_PLUGIN_PATH=/usr/lib64/mozilla/plugins:/usr/lib64/firefox/plugins Jun 4 11:11:55 rhevm spice: