subject:"\[ovirt\-users\] Re\: Set fixed VNC\/Spice Password for VMs."

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-08-02 Thread Merlin Timm

The problem is this: I need to be able to connect to the systems 
automatically via a script. Even if the VMs are restarted. If the PW 
changes every time, my script doesn't work anymore.


Am 02.08.21 um 09:32 schrieb Michal Skrivanek:



On 31. 7. 2021, at 9:19, Strahil Nikolov > wrote:


You need to (all Hypervisors that will be running this script):
- download the engine's CA 
from https:///ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA

- put it at :
/etc/pki/ca-trust/source/anchors/
- make it trousted by running:
 update-ca-trust extract

Best Regards,
Strahil Nikolov

On Fri, Jul 30, 2021 at 18:05, Merlin Timm
mailto:merlin.t...@posteo.de>> wrote:
Ah okay, i figured it out.

root@mypc :/home/merlin/Documents/Ovirt-0.06#
perl set_ovirt_vnc_pw.pl
LWP Status line : 500 Can't connect to my.ovirt.manager.com:443

(certificate verify failed) at
/usr/local/share/perl/5.26.1/Ovirt/VM.pm
line 195.

it seems to work but it cant connect to the ovirt manager :/

Am 30.07.2021 14:54 schrieb Milan Zamazal:
> Merlin Timm mailto:merlin.t...@posteo.de>> writes:
>
>> actually I rather wanted to know how to generate a config with
>> Ovirt::Display. I didn't really understand what I have to do to
>> generate a config.
>
> I've never tried it but I think you should fetch the perl
library and
> then run a perl script according to the example in Synopis
section of
> https://metacpan.org/pod/Ovirt::Display

>
>> Am 30.07.2021 14:04 schrieb Milan Zamazal:
>>> Merlin Timm mailto:merlin.t...@posteo.de>> writes:
>>>
 Hey,
 Thanks for the answers!
 I want to try the perl solution. One, maybe stupid,
question: how
 do i run this perl module?
 Do i run it on the Host or from my local machne? I am a
litte bit
 confused.
>>> As I understand it, you can run it from anywhere where Engine
REST
>>> API
>>> is reachable from.
>>> Regards,
>>> Milan
>>>
 Could someone explain it to me?
 Best regarda
 Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal
 mailto:mzama...@redhat.com>>:
> Sandro Bonazzola mailto:sbona...@redhat.com>> writes:
>
>> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
>> sbona...@redhat.com > ha scritto:
>>
>>> +Milan Zamazal mailto:mzama...@redhat.com>> , +Arik Hadas
>>> mailto:aha...@redhat.com>> , +Michal
>>> Skrivanek mailto:mskri...@redhat.com>> any hint?
>>>
>> I found https://metacpan.org/pod/Ovirt::Display
but I think there
>> should be
>> an easier way within the engine to configure this.
>>
>>
>>> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm
>>> mailto:merlin.t...@posteo.de>>
>>> ha scritto:
>>>
 Good day to all,
 I have a question about the console configuration of the
VMs:
 By default, for each console connection to a VM, a
password is
 set for
 120 seconds, after that you can't use it again. We currently
 have the
 following concern:
 We want to access and control the VMs via the VNC/Spice
of the
 Ovirt
 host. We have already tried to use the password from the
 console.vv for
 the connection and that works so far. Unfortunately we
have to
 do this
 every 2 minutes when we want to connect again.


if you connect again you get a new concole.vv…why is that a problem?


We are currently
 building
 an automatic test pipeline and for this we need to
access the
 VMs
 remotely before OS start and we want to be independent
of a VNC
 server
 on the guest. This is only possible if we could connect
to the
 VNC/Spice
 server from the Ovirt host.
 My question: would it be possible to fix the password or
read
 it out via
 api every time you want to connect?
> A one time password is set every time the console is
opened, for
> those
> 120 seconds.  Unfortunately, the 120 seconds limit seems to be
> hardwired
> in Engine sources.  So apparently the only chance would be
to set
> the
> password directly on the host using VM.updateDevice VDSM
API call.
> It
> looks like this normally:
> VM.updateDevice(params={'deviceType': 'graphics', 'password':
> '', 'disconnectAction': 'NONE', 'params':

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-08-02 Thread Michal Skrivanek



> On 31. 7. 2021, at 9:19, Strahil Nikolov  wrote:
> 
> You need to (all Hypervisors that will be running this script):
> - download the engine's CA from 
> https:///ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA
> - put it at :
> /etc/pki/ca-trust/source/anchors/
> - make it trousted by running:
>  update-ca-trust extract
> 
> Best Regards,
> Strahil Nikolov
> 
> On Fri, Jul 30, 2021 at 18:05, Merlin Timm
>  wrote:
> Ah okay, i figured it out.
> 
> root@mypc :/home/merlin/Documents/Ovirt-0.06# perl 
> set_ovirt_vnc_pw.pl
> LWP Status line : 500 Can't connect to my.ovirt.manager.com:443 
> (certificate verify failed) at /usr/local/share/perl/5.26.1/Ovirt/VM.pm 
> line 195.
> 
> it seems to work but it cant connect to the ovirt manager :/
> 
> Am 30.07.2021 14:54 schrieb Milan Zamazal:
> > Merlin Timm mailto:merlin.t...@posteo.de>> writes:
> > 
> >> actually I rather wanted to know how to generate a config with
> >> Ovirt::Display. I didn't really understand what I have to do to
> >> generate a config.
> > 
> > I've never tried it but I think you should fetch the perl library and
> > then run a perl script according to the example in Synopis section of
> > https://metacpan.org/pod/Ovirt::Display 
> > 
> > 
> >> Am 30.07.2021 14:04 schrieb Milan Zamazal:
> >>> Merlin Timm mailto:merlin.t...@posteo.de>> writes:
> >>> 
>  Hey,
>  Thanks for the answers!
>  I want to try the perl solution. One, maybe stupid, question: how
>  do i run this perl module?
>  Do i run it on the Host or from my local machne? I am a litte bit
>  confused.
> >>> As I understand it, you can run it from anywhere where Engine REST
> >>> API
> >>> is reachable from.
> >>> Regards,
> >>> Milan
> >>> 
>  Could someone explain it to me?
>  Best regarda
>  Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal
>  mailto:mzama...@redhat.com>>:
> > Sandro Bonazzola mailto:sbona...@redhat.com>> 
> > writes:
> > 
> >> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
> >> sbona...@redhat.com > ha scritto:
> >> 
> >>> +Milan Zamazal mailto:mzama...@redhat.com>> , 
> >>> +Arik Hadas
> >>> mailto:aha...@redhat.com>> , +Michal
> >>> Skrivanek mailto:mskri...@redhat.com>> any hint?
> >>> 
> >> I found https://metacpan.org/pod/Ovirt::Display  
> >> but I think there
> >> should be
> >> an easier way within the engine to configure this.
> >> 
> >> 
> >>> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm
> >>> mailto:merlin.t...@posteo.de>>
> >>> ha scritto:
> >>> 
>  Good day to all,
>  I have a question about the console configuration of the VMs:
>  By default, for each console connection to a VM, a password is
>  set for
>  120 seconds, after that you can't use it again. We currently
>  have the
>  following concern:
>  We want to access and control the VMs via the VNC/Spice of the
>  Ovirt
>  host. We have already tried to use the password from the
>  console.vv for
>  the connection and that works so far. Unfortunately we have to
>  do this
>  every 2 minutes when we want to connect again.
if you connect again you get a new concole.vv…why is that a problem?
> We are currently
>  building
>  an automatic test pipeline and for this we need to access the 
>  VMs
>  remotely before OS start and we want to be independent of a VNC
>  server
>  on the guest. This is only possible if we could connect to the
>  VNC/Spice
>  server from the Ovirt host.
>  My question: would it be possible to fix the password or read
>  it out via
>  api every time you want to connect?
> > A one time password is set every time the console is opened, for
> > those
> > 120 seconds.  Unfortunately, the 120 seconds limit seems to be
> > hardwired
> > in Engine sources.  So apparently the only chance would be to set 
> > the
> > password directly on the host using VM.updateDevice VDSM API call.
> > It
> > looks like this normally:
> >  VM.updateDevice(params={'deviceType': 'graphics', 'password':
> > '', 'disconnectAction': 'NONE', 'params': {'vncUsername':
> > 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false',
> > 'userName': 'admin', 'userId':
> > 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120, 
> > 'graphicsType':
> > 'spice'})
> > This way it's possible to set a password and its lifetime (`ttl'
> > parameter).  Of course, it's needed to find out the host the VM
> > runs on,
> > a way to call the API (running vdsm-client directly on the host
> > may be
> > the easiest way), how to make/use the

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-07-31 Thread Strahil Nikolov via Users

You need to (all Hypervisors that will be running this script):- download the 
engine's CA from 
https:///ovirt-engine/services/pki-resource?resource=ca-certificate=X509-PEM-CA
- put it at :/etc/pki/ca-trust/source/anchors/- make it trousted by running: 
update-ca-trust extract
Best Regards,Strahil Nikolov
 
  On Fri, Jul 30, 2021 at 18:05, Merlin Timm wrote:   Ah 
okay, i figured it out.

root@mypc:/home/merlin/Documents/Ovirt-0.06# perl set_ovirt_vnc_pw.pl
LWP Status line : 500 Can't connect to my.ovirt.manager.com:443 
(certificate verify failed) at /usr/local/share/perl/5.26.1/Ovirt/VM.pm 
line 195.

it seems to work but it cant connect to the ovirt manager :/

Am 30.07.2021 14:54 schrieb Milan Zamazal:
> Merlin Timm  writes:
> 
>> actually I rather wanted to know how to generate a config with
>> Ovirt::Display. I didn't really understand what I have to do to
>> generate a config.
> 
> I've never tried it but I think you should fetch the perl library and
> then run a perl script according to the example in Synopis section of
> https://metacpan.org/pod/Ovirt::Display
> 
>> Am 30.07.2021 14:04 schrieb Milan Zamazal:
>>> Merlin Timm  writes:
>>> 
 Hey,
 Thanks for the answers!
 I want to try the perl solution. One, maybe stupid, question: how
 do i run this perl module?
 Do i run it on the Host or from my local machne? I am a litte bit
 confused.
>>> As I understand it, you can run it from anywhere where Engine REST
>>> API
>>> is reachable from.
>>> Regards,
>>> Milan
>>> 
 Could someone explain it to me?
 Best regarda
 Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal
 :
> Sandro Bonazzola  writes:
> 
>> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
>> sbona...@redhat.com> ha scritto:
>> 
>>> +Milan Zamazal  , +Arik Hadas
>>>  , +Michal
>>> Skrivanek  any hint?
>>> 
>> I found https://metacpan.org/pod/Ovirt::Display but I think there
>> should be
>> an easier way within the engine to configure this.
>> 
>> 
>>> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm
>>> 
>>> ha scritto:
>>> 
 Good day to all,
 I have a question about the console configuration of the VMs:
 By default, for each console connection to a VM, a password is
 set for
 120 seconds, after that you can't use it again. We currently
 have the
 following concern:
 We want to access and control the VMs via the VNC/Spice of the
 Ovirt
 host. We have already tried to use the password from the
 console.vv for
 the connection and that works so far. Unfortunately we have to
 do this
 every 2 minutes when we want to connect again. We are currently
 building
 an automatic test pipeline and for this we need to access the 
 VMs
 remotely before OS start and we want to be independent of a VNC
 server
 on the guest. This is only possible if we could connect to the
 VNC/Spice
 server from the Ovirt host.
 My question: would it be possible to fix the password or read
 it out via
 api every time you want to connect?
> A one time password is set every time the console is opened, for
> those
> 120 seconds.  Unfortunately, the 120 seconds limit seems to be
> hardwired
> in Engine sources.  So apparently the only chance would be to set 
> the
> password directly on the host using VM.updateDevice VDSM API call.
> It
> looks like this normally:
>  VM.updateDevice(params={'deviceType': 'graphics', 'password':
> '', 'disconnectAction': 'NONE', 'params': {'vncUsername':
> 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false',
> 'userName': 'admin', 'userId':
> 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120, 
> 'graphicsType':
> 'spice'})
> This way it's possible to set a password and its lifetime (`ttl'
> parameter).  Of course, it's needed to find out the host the VM
> runs on,
> a way to call the API (running vdsm-client directly on the host
> may be
> the easiest way), how to make/use the *.vv ticket (you can use the
> same
> password all the time) and to accept collisions with different
> settings
> if someone opens the console from the web UI.
> In the end result, using the Perl library mentioned by Sandro
> above may
> be an easier solution.
> Or another option is to submit a patch to Engine to make the
> timeout
> configurable (look for TICKET_VALIDITY_SECONDS in the sources).
> Regards,
> Milan
> 
 I would appreciate a reply very much!
 Best regards
 Merlin Timm
 ___
 Users mailing list -- users@ovirt.org
 To unsubscribe send an email to users-le...@ovirt.org
 Privacy

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-07-30 Thread Merlin Timm

Ah okay, i figured it out.

root@mypc:/home/merlin/Documents/Ovirt-0.06# perl set_ovirt_vnc_pw.pl
LWP Status line : 500 Can't connect to my.ovirt.manager.com:443
(certificate verify failed) at /usr/local/share/perl/5.26.1/Ovirt/VM.pm
line 195.

it seems to work but it cant connect to the ovirt manager :/

Am 30.07.2021 14:54 schrieb Milan Zamazal:

Merlin Timm writes:

actually I rather wanted to know how to generate a config with
Ovirt::Display. I didn't really understand what I have to do to
generate a config.

I've never tried it but I think you should fetch the perl library and
then run a perl script according to the example in Synopis section of
https://metacpan.org/pod/Ovirt::Display

Am 30.07.2021 14:04 schrieb Milan Zamazal:

Merlin Timm writes:

Hey,
Thanks for the answers!
I want to try the perl solution. One, maybe stupid, question: how
do i run this perl module?
Do i run it on the Host or from my local machne? I am a litte bit
confused.

As I understand it, you can run it from anywhere where Engine REST
API
is reachable from.
Regards,
Milan

Could someone explain it to me?
Best regarda
Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal
:

Sandro Bonazzola writes:

Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
sbona...@redhat.com> ha scritto:

+Milan Zamazal , +Arik Hadas
, +Michal
Skrivanek any hint?

I found https://metacpan.org/pod/Ovirt::Display but I think there
should be
an easier way within the engine to configure this.

Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm

ha scritto:

Good day to all,
I have a question about the console configuration of the VMs:
By default, for each console connection to a VM, a password is
set for
120 seconds, after that you can't use it again. We currently
have the
following concern:
We want to access and control the VMs via the VNC/Spice of the
Ovirt
host. We have already tried to use the password from the
console.vv for
the connection and that works so far. Unfortunately we have to
do this
every 2 minutes when we want to connect again. We are currently
building
an automatic test pipeline and for this we need to access the
VMs

remotely before OS start and we want to be independent of a VNC
server
on the guest. This is only possible if we could connect to the
VNC/Spice
server from the Ovirt host.
My question: would it be possible to fix the password or read
it out via
api every time you want to connect?

A one time password is set every time the console is opened, for
those
120 seconds. Unfortunately, the 120 seconds limit seems to be
hardwired
in Engine sources. So apparently the only chance would be to set
the

password directly on the host using VM.updateDevice VDSM API call.
It
looks like this normally:
VM.updateDevice(params={'deviceType': 'graphics', 'password':
'', 'disconnectAction': 'NONE', 'params': {'vncUsername':
'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false',
'userName': 'admin', 'userId':
'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120,
'graphicsType':

'spice'})
This way it's possible to set a password and its lifetime (`ttl'
parameter). Of course, it's needed to find out the host the VM
runs on,
a way to call the API (running vdsm-client directly on the host
may be
the easiest way), how to make/use the *.vv ticket (you can use the
same
password all the time) and to accept collisions with different
settings
if someone opens the console from the web UI.
In the end result, using the Perl library mentioned by Sandro
above may
be an easier solution.
Or another option is to submit a patch to Engine to make the
timeout
configurable (look for TICKET_VALIDITY_SECONDS in the sources).
Regards,
Milan

I would appreciate a reply very much!
Best regards
Merlin Timm
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/

--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
Red Hat EMEA
sbona...@redhat.com

*Red Hat respects your work life balance. Therefore there is no
need to
answer this email out of your office hours.
*

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GYNC72W3P5TEN3EOQSYPPKCQZ4TGIRDC/

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-07-30 Thread Merlin Timm

actually I rather wanted to know how to generate a config with
Ovirt::Display. I didn't really understand what I have to do to generate
a config.

Am 30.07.2021 14:04 schrieb Milan Zamazal:

Merlin Timm writes:

Hey,

Thanks for the answers!

I want to try the perl solution. One, maybe stupid, question: how do i
run this perl module?

Do i run it on the Host or from my local machne? I am a litte bit
confused.

As I understand it, you can run it from anywhere where Engine REST API
is reachable from.

Regards,
Milan

Could someone explain it to me?

Best regarda

Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal
:

Sandro Bonazzola writes:

Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
sbona...@redhat.com> ha scritto:

+Milan Zamazal , +Arik Hadas
, +Michal

Skrivanek any hint?

I found https://metacpan.org/pod/Ovirt::Display but I think there
should be

an easier way within the engine to configure this.

Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm

ha scritto:

Good day to all,

I have a question about the console configuration of the VMs:

By default, for each console connection to a VM, a password is set
for
120 seconds, after that you can't use it again. We currently have
the

following concern:

We want to access and control the VMs via the VNC/Spice of the
Ovirt
host. We have already tried to use the password from the
console.vv for
the connection and that works so far. Unfortunately we have to do
this
every 2 minutes when we want to connect again. We are currently
building

an automatic test pipeline and for this we need to access the VMs
remotely before OS start and we want to be independent of a VNC
server
on the guest. This is only possible if we could connect to the
VNC/Spice

server from the Ovirt host.

My question: would it be possible to fix the password or read it
out via

api every time you want to connect?

A one time password is set every time the console is opened, for
those
120 seconds. Unfortunately, the 120 seconds limit seems to be
hardwired

in Engine sources. So apparently the only chance would be to set the
password directly on the host using VM.updateDevice VDSM API call.
It

looks like this normally:

VM.updateDevice(params={'deviceType': 'graphics', 'password':
'', 'disconnectAction': 'NONE', 'params': {'vncUsername':
'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false',
'userName': 'admin', 'userId':
'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120, 'graphicsType':
'spice'})

This way it's possible to set a password and its lifetime (`ttl'
parameter). Of course, it's needed to find out the host the VM runs
on,
a way to call the API (running vdsm-client directly on the host may
be
the easiest way), how to make/use the *.vv ticket (you can use the
same
password all the time) and to accept collisions with different
settings

if someone opens the console from the web UI.

In the end result, using the Perl library mentioned by Sandro above
may

be an easier solution.

Or another option is to submit a patch to Engine to make the timeout
configurable (look for TICKET_VALIDITY_SECONDS in the sources).

Regards,
Milan

I would appreciate a reply very much!

Best regards
Merlin Timm
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/

Sandro Bonazzola

MANAGER, SOFTWARE ENGINEERING, EMEA R RHV

Red Hat EMEA

sbona...@redhat.com

*Red Hat respects your work life balance. Therefore there is no
need to

answer this email out of your office hours.
*

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-07-30 Thread Milan Zamazal

Merlin Timm  writes:

> actually I rather wanted to know how to generate a config with
> Ovirt::Display. I didn't really understand what I have to do to
> generate a config.

I've never tried it but I think you should fetch the perl library and
then run a perl script according to the example in Synopis section of
https://metacpan.org/pod/Ovirt::Display

> Am 30.07.2021 14:04 schrieb Milan Zamazal:
>> Merlin Timm  writes:
>> 
>>> Hey,
>>> Thanks for the answers!
>>> I want to try the perl solution. One, maybe stupid, question: how
>>> do i run this perl module?
>>> Do i run it on the Host or from my local machne? I am a litte bit 
>>> confused.
>> As I understand it, you can run it from anywhere where Engine REST
>> API
>> is reachable from.
>> Regards,
>> Milan
>> 
>>> Could someone explain it to me?
>>> Best regarda
>>> Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal 
>>> :
 Sandro Bonazzola  writes:
 
> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
> sbona...@redhat.com> ha scritto:
> 
>> +Milan Zamazal  , +Arik Hadas
>>  , +Michal
>> Skrivanek  any hint?
>> 
> I found https://metacpan.org/pod/Ovirt::Display but I think there 
> should be
> an easier way within the engine to configure this.
> 
> 
>> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm 
>> 
>> ha scritto:
>> 
>>> Good day to all,
>>> I have a question about the console configuration of the VMs:
>>> By default, for each console connection to a VM, a password is
>>> set for
>>> 120 seconds, after that you can't use it again. We currently
>>> have the
>>> following concern:
>>> We want to access and control the VMs via the VNC/Spice of the 
>>> Ovirt
>>> host. We have already tried to use the password from the
>>> console.vv for
>>> the connection and that works so far. Unfortunately we have to
>>> do this
>>> every 2 minutes when we want to connect again. We are currently
>>> building
>>> an automatic test pipeline and for this we need to access the VMs
>>> remotely before OS start and we want to be independent of a VNC
>>> server
>>> on the guest. This is only possible if we could connect to the
>>> VNC/Spice
>>> server from the Ovirt host.
>>> My question: would it be possible to fix the password or read
>>> it out via
>>> api every time you want to connect?
 A one time password is set every time the console is opened, for 
 those
 120 seconds.  Unfortunately, the 120 seconds limit seems to be
 hardwired
 in Engine sources.  So apparently the only chance would be to set the
 password directly on the host using VM.updateDevice VDSM API call.
 It
 looks like this normally:
  VM.updateDevice(params={'deviceType': 'graphics', 'password':
 '', 'disconnectAction': 'NONE', 'params': {'vncUsername':
 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false',
 'userName': 'admin', 'userId':
 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120, 'graphicsType':
 'spice'})
 This way it's possible to set a password and its lifetime (`ttl'
 parameter).  Of course, it's needed to find out the host the VM
 runs on,
 a way to call the API (running vdsm-client directly on the host
 may be
 the easiest way), how to make/use the *.vv ticket (you can use the
 same
 password all the time) and to accept collisions with different
 settings
 if someone opens the console from the web UI.
 In the end result, using the Perl library mentioned by Sandro
 above may
 be an easier solution.
 Or another option is to submit a patch to Engine to make the
 timeout
 configurable (look for TICKET_VALIDITY_SECONDS in the sources).
 Regards,
 Milan
 
>>> I would appreciate a reply very much!
>>> Best regards
>>> Merlin Timm
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/
>>> 
>> 
>> --
>> Sandro Bonazzola
>> MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
>> Red Hat EMEA 
>> sbona...@redhat.com
>> 
>> *Red Hat respects your work life balance. Therefore there is no 
>> need to
>> answer this email out of your office hours.
>> *
>> 
>> 
 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement:

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-07-30 Thread Strahil Nikolov via Users

I'm not sure, but you can create your own vdsm hook that can alter the VM's xml 
before powering up.
Best Regards,Strahil Nikolov
 
 
  On Fri, Jul 30, 2021 at 15:23, Merlin Timm wrote:   
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/V67PVYR54J7PVP44UMV3MURUEQKLF3CM/
  
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives:

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-07-30 Thread Merlin Timm

Hey, 

Thanks for the answers! 

I want to try the perl solution. One, maybe stupid, question: how do i run this 
perl module?

Do i run it on the Host or from my local machne? I am a litte bit confused.

Could someone explain it to me?

Best regarda

Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal :
>Sandro Bonazzola  writes:
>
>> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
>> sbona...@redhat.com> ha scritto:
>>
>>> +Milan Zamazal  , +Arik Hadas  , 
>>> +Michal
>>> Skrivanek  any hint?
>>>
>>
>> I found https://metacpan.org/pod/Ovirt::Display but I think there should be
>> an easier way within the engine to configure this.
>>
>>
>>
>>>
>>> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm 
>>> ha scritto:
>>>
 Good day to all,

 I have a question about the console configuration of the VMs:

 By default, for each console connection to a VM, a password is set for
 120 seconds, after that you can't use it again. We currently have the
 following concern:

 We want to access and control the VMs via the VNC/Spice of the Ovirt
 host. We have already tried to use the password from the console.vv for
 the connection and that works so far. Unfortunately we have to do this
 every 2 minutes when we want to connect again. We are currently building
 an automatic test pipeline and for this we need to access the VMs
 remotely before OS start and we want to be independent of a VNC server
 on the guest. This is only possible if we could connect to the VNC/Spice
 server from the Ovirt host.

 My question: would it be possible to fix the password or read it out via
 api every time you want to connect?
>
>A one time password is set every time the console is opened, for those
>120 seconds.  Unfortunately, the 120 seconds limit seems to be hardwired
>in Engine sources.  So apparently the only chance would be to set the
>password directly on the host using VM.updateDevice VDSM API call.  It
>looks like this normally:
>
>  VM.updateDevice(params={'deviceType': 'graphics', 'password': '', 
> 'disconnectAction': 'NONE', 'params': {'vncUsername': 
> 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false', 'userName': 
> 'admin', 'userId': 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120, 
> 'graphicsType': 'spice'})
>
>This way it's possible to set a password and its lifetime (`ttl'
>parameter).  Of course, it's needed to find out the host the VM runs on,
>a way to call the API (running vdsm-client directly on the host may be
>the easiest way), how to make/use the *.vv ticket (you can use the same
>password all the time) and to accept collisions with different settings
>if someone opens the console from the web UI.
>
>In the end result, using the Perl library mentioned by Sandro above may
>be an easier solution.
>
>Or another option is to submit a patch to Engine to make the timeout
>configurable (look for TICKET_VALIDITY_SECONDS in the sources).
>
>Regards,
>Milan
>
 I would appreciate a reply very much!

 Best regards
 Merlin Timm
 ___
 Users mailing list -- users@ovirt.org
 To unsubscribe send an email to users-le...@ovirt.org
 Privacy Statement: https://www.ovirt.org/privacy-policy.html
 oVirt Code of Conduct:
 https://www.ovirt.org/community/about/community-guidelines/
 List Archives:
 https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/

>>>
>>>
>>> --
>>>
>>> Sandro Bonazzola
>>>
>>> MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
>>>
>>> Red Hat EMEA 
>>>
>>> sbona...@redhat.com
>>> 
>>>
>>> *Red Hat respects your work life balance. Therefore there is no need to
>>> answer this email out of your office hours.
>>> *
>>>
>>>
>>>
>

-- 
Merlin Timm___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/V67PVYR54J7PVP44UMV3MURUEQKLF3CM/

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-07-30 Thread Milan Zamazal

Merlin Timm  writes:

> Hey, 
>
> Thanks for the answers! 
>
> I want to try the perl solution. One, maybe stupid, question: how do i run 
> this perl module?
>
> Do i run it on the Host or from my local machne? I am a litte bit confused.

As I understand it, you can run it from anywhere where Engine REST API
is reachable from.

Regards,
Milan

> Could someone explain it to me?
>
> Best regarda
>
> Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal :
>>Sandro Bonazzola  writes:
>>
>>> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
>>> sbona...@redhat.com> ha scritto:
>>>
 +Milan Zamazal  , +Arik Hadas  , 
 +Michal
 Skrivanek  any hint?

>>>
>>> I found https://metacpan.org/pod/Ovirt::Display but I think there should be
>>> an easier way within the engine to configure this.
>>>
>>>
>>>

 Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm 
 ha scritto:

> Good day to all,
>
> I have a question about the console configuration of the VMs:
>
> By default, for each console connection to a VM, a password is set for
> 120 seconds, after that you can't use it again. We currently have the
> following concern:
>
> We want to access and control the VMs via the VNC/Spice of the Ovirt
> host. We have already tried to use the password from the console.vv for
> the connection and that works so far. Unfortunately we have to do this
> every 2 minutes when we want to connect again. We are currently building
> an automatic test pipeline and for this we need to access the VMs
> remotely before OS start and we want to be independent of a VNC server
> on the guest. This is only possible if we could connect to the VNC/Spice
> server from the Ovirt host.
>
> My question: would it be possible to fix the password or read it out via
> api every time you want to connect?
>>
>>A one time password is set every time the console is opened, for those
>>120 seconds.  Unfortunately, the 120 seconds limit seems to be hardwired
>>in Engine sources.  So apparently the only chance would be to set the
>>password directly on the host using VM.updateDevice VDSM API call.  It
>>looks like this normally:
>>
>>  VM.updateDevice(params={'deviceType': 'graphics', 'password':
>> '', 'disconnectAction': 'NONE', 'params': {'vncUsername':
>> 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false',
>> 'userName': 'admin', 'userId':
>> 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120, 'graphicsType':
>> 'spice'})
>>
>>This way it's possible to set a password and its lifetime (`ttl'
>>parameter).  Of course, it's needed to find out the host the VM runs on,
>>a way to call the API (running vdsm-client directly on the host may be
>>the easiest way), how to make/use the *.vv ticket (you can use the same
>>password all the time) and to accept collisions with different settings
>>if someone opens the console from the web UI.
>>
>>In the end result, using the Perl library mentioned by Sandro above may
>>be an easier solution.
>>
>>Or another option is to submit a patch to Engine to make the timeout
>>configurable (look for TICKET_VALIDITY_SECONDS in the sources).
>>
>>Regards,
>>Milan
>>
> I would appreciate a reply very much!
>
> Best regards
> Merlin Timm
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/
>


 --

 Sandro Bonazzola

 MANAGER, SOFTWARE ENGINEERING, EMEA R RHV

 Red Hat EMEA 

 sbona...@redhat.com
 

 *Red Hat respects your work life balance. Therefore there is no need to
 answer this email out of your office hours.
 *



>>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/AJYHDJBZCPHMHVM3ZDYINMYE5HKQ4WES/

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-07-08 Thread Milan Zamazal

Sandro Bonazzola  writes:

> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
> sbona...@redhat.com> ha scritto:
>
>> +Milan Zamazal  , +Arik Hadas  , 
>> +Michal
>> Skrivanek  any hint?
>>
>
> I found https://metacpan.org/pod/Ovirt::Display but I think there should be
> an easier way within the engine to configure this.
>
>
>
>>
>> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm 
>> ha scritto:
>>
>>> Good day to all,
>>>
>>> I have a question about the console configuration of the VMs:
>>>
>>> By default, for each console connection to a VM, a password is set for
>>> 120 seconds, after that you can't use it again. We currently have the
>>> following concern:
>>>
>>> We want to access and control the VMs via the VNC/Spice of the Ovirt
>>> host. We have already tried to use the password from the console.vv for
>>> the connection and that works so far. Unfortunately we have to do this
>>> every 2 minutes when we want to connect again. We are currently building
>>> an automatic test pipeline and for this we need to access the VMs
>>> remotely before OS start and we want to be independent of a VNC server
>>> on the guest. This is only possible if we could connect to the VNC/Spice
>>> server from the Ovirt host.
>>>
>>> My question: would it be possible to fix the password or read it out via
>>> api every time you want to connect?

A one time password is set every time the console is opened, for those
120 seconds.  Unfortunately, the 120 seconds limit seems to be hardwired
in Engine sources.  So apparently the only chance would be to set the
password directly on the host using VM.updateDevice VDSM API call.  It
looks like this normally:

  VM.updateDevice(params={'deviceType': 'graphics', 'password': '', 
'disconnectAction': 'NONE', 'params': {'vncUsername': 
'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false', 'userName': 
'admin', 'userId': 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120, 
'graphicsType': 'spice'})

This way it's possible to set a password and its lifetime (`ttl'
parameter).  Of course, it's needed to find out the host the VM runs on,
a way to call the API (running vdsm-client directly on the host may be
the easiest way), how to make/use the *.vv ticket (you can use the same
password all the time) and to accept collisions with different settings
if someone opens the console from the web UI.

In the end result, using the Perl library mentioned by Sandro above may
be an easier solution.

Or another option is to submit a patch to Engine to make the timeout
configurable (look for TICKET_VALIDITY_SECONDS in the sources).

Regards,
Milan

>>> I would appreciate a reply very much!
>>>
>>> Best regards
>>> Merlin Timm
>>> ___
>>> Users mailing list -- users@ovirt.org
>>> To unsubscribe send an email to users-le...@ovirt.org
>>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>>> oVirt Code of Conduct:
>>> https://www.ovirt.org/community/about/community-guidelines/
>>> List Archives:
>>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/
>>>
>>
>>
>> --
>>
>> Sandro Bonazzola
>>
>> MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
>>
>> Red Hat EMEA 
>>
>> sbona...@redhat.com
>> 
>>
>> *Red Hat respects your work life balance. Therefore there is no need to
>> answer this email out of your office hours.
>> *
>>
>>
>>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PYSQ6UWTTUZBZBE3TNOGVU674M3PC55S/

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-07-08 Thread Sandro Bonazzola

Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
sbona...@redhat.com> ha scritto:

> +Milan Zamazal  , +Arik Hadas  , 
> +Michal
> Skrivanek  any hint?
>

I found https://metacpan.org/pod/Ovirt::Display but I think there should be
an easier way within the engine to configure this.



>
> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm 
> ha scritto:
>
>> Good day to all,
>>
>> I have a question about the console configuration of the VMs:
>>
>> By default, for each console connection to a VM, a password is set for
>> 120 seconds, after that you can't use it again. We currently have the
>> following concern:
>>
>> We want to access and control the VMs via the VNC/Spice of the Ovirt
>> host. We have already tried to use the password from the console.vv for
>> the connection and that works so far. Unfortunately we have to do this
>> every 2 minutes when we want to connect again. We are currently building
>> an automatic test pipeline and for this we need to access the VMs
>> remotely before OS start and we want to be independent of a VNC server
>> on the guest. This is only possible if we could connect to the VNC/Spice
>> server from the Ovirt host.
>>
>> My question: would it be possible to fix the password or read it out via
>> api every time you want to connect?
>>
>> I would appreciate a reply very much!
>>
>> Best regards
>> Merlin Timm
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/
>>
>
>
> --
>
> Sandro Bonazzola
>
> MANAGER, SOFTWARE ENGINEERING, EMEA R RHV
>
> Red Hat EMEA 
>
> sbona...@redhat.com
> 
>
> *Red Hat respects your work life balance. Therefore there is no need to
> answer this email out of your office hours.
> *
>
>
>

-- 

Sandro Bonazzola

MANAGER, SOFTWARE ENGINEERING, EMEA R RHV

Red Hat EMEA 

sbona...@redhat.com


*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.
*
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/IGVALKUVDLA32JG3RC4KAW33EWMG2BUM/

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

2021-07-08 Thread Sandro Bonazzola

+Milan Zamazal  , +Arik Hadas 
, +Michal
Skrivanek  any hint?

Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm 
ha scritto:

> Good day to all,
>
> I have a question about the console configuration of the VMs:
>
> By default, for each console connection to a VM, a password is set for
> 120 seconds, after that you can't use it again. We currently have the
> following concern:
>
> We want to access and control the VMs via the VNC/Spice of the Ovirt
> host. We have already tried to use the password from the console.vv for
> the connection and that works so far. Unfortunately we have to do this
> every 2 minutes when we want to connect again. We are currently building
> an automatic test pipeline and for this we need to access the VMs
> remotely before OS start and we want to be independent of a VNC server
> on the guest. This is only possible if we could connect to the VNC/Spice
> server from the Ovirt host.
>
> My question: would it be possible to fix the password or read it out via
> api every time you want to connect?
>
> I would appreciate a reply very much!
>
> Best regards
> Merlin Timm
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/
>


-- 

Sandro Bonazzola

MANAGER, SOFTWARE ENGINEERING, EMEA R RHV

Red Hat EMEA 

sbona...@redhat.com


*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.
*
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/ZGXNZ2EN445REVD4YW7WXOXIEO2MPCGJ/

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

[ovirt-users] Re: Set fixed VNC/Spice Password for VMs.

12 matches

Site Navigation

Mail list logo

Footer information