subject:"\[Users\] Cannot connect to VM via browser if engine was not in \/etc\/hosts"

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

2013-08-01 Thread Michal Skrivanek



On 24 Jun 2013, at 13:09, David Jaša  wrote:

> Hi,
> 
> So you're connecting via User Portal but then it doesn't work? If it
> doesn't, either you hit a bug or you've tweaked some value that affects
> things...
> 
> In general, TLS shouldn't pose a problem because:
> 1) ovirt sets up its own CA that issues certificates for the hosts
> 2) the CA certificate and respective host certificate subject are passed to 
> the client
> 3) the client can verify the host using these information even in cases when 
> connection IP/FQDN doesn't match CN in subject of server certificate
> 
> The only condition that indeed breaks it should be display network
> address override _when migrating the VM_ (because then the connection
> data are passed via the host and libvirt doesn't allow to pass the
> arbitrary IP/FQDN yet)
> 
> David
> 
> PS: Itamar, advice to disable SSL/TLS is IMO bad, bad thing. ;)

No no, you just do that right after setenforce 0 and iptables -F and then it's 
all fine:-D

> 
> 
> Itamar Heim píše v Po 24. 06. 2013 v 08:55 +0300:
>> On 06/24/2013 03:10 AM, lofyer wrote:
>>> 于 2013/6/24 1:47, Itamar Heim 写道:
 On 06/06/2013 11:51 AM, lof yer wrote:
> I connect https://192.168.1.111 and connect to the VM, then the
> remote-viewer shows up, but failed to show the VM desktop.
> Is it the https problem?
> Can I connect to the VM without modify /etc/hosts?
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
 
 
 was this resolved? sounds like a certificate/dns issue?
>>> Yes, it's certificate/dns problem.
>>> But how can I connect via IP instead of FQDN without https?
>> 
>> i guess it depends if you can tell spice client to not validate the ssl 
>> certificate.
>> ___
>> Users mailing list
>> Users@ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/users
> 
> -- 
> 
> David Jaša, RHCE
> 
> SPICE QE based in Brno
> GPG Key: 22C33E24 
> Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
> 
> 
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

2013-06-24 Thread David Jaša

Hi,

So you're connecting via User Portal but then it doesn't work? If it
doesn't, either you hit a bug or you've tweaked some value that affects
things...

In general, TLS shouldn't pose a problem because:
1) ovirt sets up its own CA that issues certificates for the hosts
2) the CA certificate and respective host certificate subject are passed to the 
client
3) the client can verify the host using these information even in cases when 
connection IP/FQDN doesn't match CN in subject of server certificate

The only condition that indeed breaks it should be display network
address override _when migrating the VM_ (because then the connection
data are passed via the host and libvirt doesn't allow to pass the
arbitrary IP/FQDN yet)

David

PS: Itamar, advice to disable SSL/TLS is IMO bad, bad thing. ;)


Itamar Heim píše v Po 24. 06. 2013 v 08:55 +0300:
> On 06/24/2013 03:10 AM, lofyer wrote:
> > 于 2013/6/24 1:47, Itamar Heim 写道:
> >> On 06/06/2013 11:51 AM, lof yer wrote:
> >>> I connect https://192.168.1.111 and connect to the VM, then the
> >>> remote-viewer shows up, but failed to show the VM desktop.
> >>> Is it the https problem?
> >>> Can I connect to the VM without modify /etc/hosts?
> >>>
> >>>
> >>> ___
> >>> Users mailing list
> >>> Users@ovirt.org
> >>> http://lists.ovirt.org/mailman/listinfo/users
> >>>
> >>
> >>
> >> was this resolved? sounds like a certificate/dns issue?
> > Yes, it's certificate/dns problem.
> > But how can I connect via IP instead of FQDN without https?
> 
> i guess it depends if you can tell spice client to not validate the ssl 
> certificate.
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users

-- 

David Jaša, RHCE

SPICE QE based in Brno
GPG Key: 22C33E24 
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24




smime.p7s
Description: S/MIME cryptographic signature
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

2013-06-24 Thread Itamar Heim

On 06/24/2013 10:37 AM, lof yer wrote:
> Is 'engine-config -s SSLEnabled=false' or special spice parameter?

It should do the trick.

> 
> 
> 2013/6/24 Itamar Heim mailto:ih...@redhat.com>>
> 
> On 06/24/2013 03:10 AM, lofyer wrote:
> 
> 于 2013/6/24 1:47, Itamar Heim 写道:
> 
> On 06/06/2013 11:51 AM, lof yer wrote:
> 
> I connect https://192.168.1.111 and connect to the VM,
> then the
> remote-viewer shows up, but failed to show the VM desktop.
> Is it the https problem?
> Can I connect to the VM without modify /etc/hosts?
> 
> 
> _
> Users mailing list
> Users@ovirt.org 
> http://lists.ovirt.org/__mailman/listinfo/users
> 
> 
> 
> 
> was this resolved? sounds like a certificate/dns issue?
> 
> Yes, it's certificate/dns problem.
> But how can I connect via IP instead of FQDN without https?
> 
> 
> i guess it depends if you can tell spice client to not validate the
> ssl certificate.
> 
> 

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

2013-06-24 Thread lof yer

Is 'engine-config -s SSLEnabled=false' or special spice parameter?


2013/6/24 Itamar Heim 

> On 06/24/2013 03:10 AM, lofyer wrote:
>
>> 于 2013/6/24 1:47, Itamar Heim 写道:
>>
>>> On 06/06/2013 11:51 AM, lof yer wrote:
>>>
 I connect https://192.168.1.111 and connect to the VM, then the
 remote-viewer shows up, but failed to show the VM desktop.
 Is it the https problem?
 Can I connect to the VM without modify /etc/hosts?


 __**_
 Users mailing list
 Users@ovirt.org
 http://lists.ovirt.org/**mailman/listinfo/users


>>>
>>> was this resolved? sounds like a certificate/dns issue?
>>>
>> Yes, it's certificate/dns problem.
>> But how can I connect via IP instead of FQDN without https?
>>
>
> i guess it depends if you can tell spice client to not validate the ssl
> certificate.
>
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

2013-06-23 Thread Itamar Heim


On 06/24/2013 03:10 AM, lofyer wrote:

于 2013/6/24 1:47, Itamar Heim 写道:

On 06/06/2013 11:51 AM, lof yer wrote:

I connect https://192.168.1.111 and connect to the VM, then the
remote-viewer shows up, but failed to show the VM desktop.
Is it the https problem?
Can I connect to the VM without modify /etc/hosts?


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




was this resolved? sounds like a certificate/dns issue?

Yes, it's certificate/dns problem.
But how can I connect via IP instead of FQDN without https?


i guess it depends if you can tell spice client to not validate the ssl 
certificate.

___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

2013-06-23 Thread lofyer


于 2013/6/24 1:47, Itamar Heim 写道:

On 06/06/2013 11:51 AM, lof yer wrote:

I connect https://192.168.1.111 and connect to the VM, then the
remote-viewer shows up, but failed to show the VM desktop.
Is it the https problem?
Can I connect to the VM without modify /etc/hosts?


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




was this resolved? sounds like a certificate/dns issue?

Yes, it's certificate/dns problem.
But how can I connect via IP instead of FQDN without https?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

2013-06-23 Thread Itamar Heim


On 06/06/2013 11:51 AM, lof yer wrote:

I connect https://192.168.1.111 and connect to the VM, then the
remote-viewer shows up, but failed to show the VM desktop.
Is it the https problem?
Can I connect to the VM without modify /etc/hosts?


___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users




was this resolved? sounds like a certificate/dns issue?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[Users] Cannot connect to VM via browser if engine was not in /etc/hosts

2013-06-06 Thread lof yer

I connect https://192.168.1.111 and connect to the VM, then the
remote-viewer shows up, but failed to show the VM desktop.
Is it the https problem?
Can I connect to the VM without modify /etc/hosts?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

Re: [Users] Cannot connect to VM via browser if engine was not in /etc/hosts

[Users] Cannot connect to VM via browser if engine was not in /etc/hosts

8 matches

Site Navigation

Mail list logo

Footer information