On Sun, Feb 18, 2018 at 5:32 PM, Jeremy Tourville <
jeremy_tourvi...@hotmail.com> wrote:

> Hello,
>
> I am having trouble connecting to my guest vm (Kali Linux) which is
> running spice. My engine is running version: 4.2.1.7-1.el7.centos.
>
> I am using oVirt Node as my host running version: 4.2.1.1.
>
>
> I have taken the following steps to try and get everything running
> properly.
>
>    1. Download the root CA certificate https://
>    ovirtengine.lan/ovirt-engine/services/pki-resource?
>    resource=ca-certificate&format=X509-PEM-CA
>    
> <https://ovirtengine.lan/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA>
>    2. Edit the vm and define the graphical console entries.  Video type
>    is set to QXL, Graphics protocol is spice, USB support is enabled.
>    3. Install the guest agent in Debian per the instructions here -
>    https://www.ovirt.org/documentation/how-to/guest-
>    agent/install-the-guest-agent-in-debian/
>    
> <https://www.ovirt.org/documentation/how-to/guest-agent/install-the-guest-agent-in-debian/>
>    It is my understanding that installing the guest agent will also install
>    the virt IO device drivers.
>    4. Install the spice-vdagent per the instructions here -
>    https://www.ovirt.org/documentation/how-to/guest-
>    agent/install-the-spice-guest-agent/
>    
> <https://www.ovirt.org/documentation/how-to/guest-agent/install-the-spice-guest-agent/>
>    5.  On the aSpice client I have imported the CA certficate from step 1
>    above.  I defined the connection using the IP of my Node and TLS port 5901.
>
>
are you really using aSPICE client (e.g. the android SPICE client?). If
yes, maybe you want to try to open it using moVirt (
https://play.google.com/store/apps/details?id=org.ovirt.mobile.movirt&hl=en)
which delegates the console to aSPICE but configures everything including
the certificates on it. Should be much simpler than configuring it by hand..


>
> To troubleshoot my connection issues I confirmed the port being used to
> listen.
> virsh # domdisplay Kali
> spice://172.30.42.12?tls-port=5901
>
> I see the following when attempting to connect.
> tail -f /var/log/libvirt/qemu/Kali.log
>
> 140400191081600:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert
> internal error:s3_pkt.c:1493:SSL alert number 80
> ((null):27595): Spice-Warning **: reds_stream.c:379:reds_stream_ssl_accept:
> SSL_accept failed, error=1
>
> I came across some documentation that states in the caveat section 
> "Certificate
> of spice SSL should be separate certificate."
> https://www.ovirt.org/develop/release-management/features/infra/pki/
>
> Is this still the case for version 4?  The document references version 3.2
> and 3.3.  If so, how do I generate a new certificate for use with spice?
> Please let me know if you require further info to troubleshoot, I am happy
> to provide it.  Many thanks in advance.
> <https://www.ovirt.org/develop/release-management/features/infra/pki/>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Reply via email to