On Sun, Feb 18, 2018 at 5:32 PM, Jeremy Tourville < [email protected]> wrote:
> Hello, > > I am having trouble connecting to my guest vm (Kali Linux) which is > running spice. My engine is running version: 4.2.1.7-1.el7.centos. > > I am using oVirt Node as my host running version: 4.2.1.1. > > > I have taken the following steps to try and get everything running > properly. > > 1. Download the root CA certificate https:// > ovirtengine.lan/ovirt-engine/services/pki-resource? > resource=ca-certificate&format=X509-PEM-CA > > <https://ovirtengine.lan/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA> > 2. Edit the vm and define the graphical console entries. Video type > is set to QXL, Graphics protocol is spice, USB support is enabled. > 3. Install the guest agent in Debian per the instructions here - > https://www.ovirt.org/documentation/how-to/guest- > agent/install-the-guest-agent-in-debian/ > > <https://www.ovirt.org/documentation/how-to/guest-agent/install-the-guest-agent-in-debian/> > It is my understanding that installing the guest agent will also install > the virt IO device drivers. > 4. Install the spice-vdagent per the instructions here - > https://www.ovirt.org/documentation/how-to/guest- > agent/install-the-spice-guest-agent/ > > <https://www.ovirt.org/documentation/how-to/guest-agent/install-the-spice-guest-agent/> > 5. On the aSpice client I have imported the CA certficate from step 1 > above. I defined the connection using the IP of my Node and TLS port 5901. > > are you really using aSPICE client (e.g. the android SPICE client?). If yes, maybe you want to try to open it using moVirt ( https://play.google.com/store/apps/details?id=org.ovirt.mobile.movirt&hl=en) which delegates the console to aSPICE but configures everything including the certificates on it. Should be much simpler than configuring it by hand.. > > To troubleshoot my connection issues I confirmed the port being used to > listen. > virsh # domdisplay Kali > spice://172.30.42.12?tls-port=5901 > > I see the following when attempting to connect. > tail -f /var/log/libvirt/qemu/Kali.log > > 140400191081600:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert > internal error:s3_pkt.c:1493:SSL alert number 80 > ((null):27595): Spice-Warning **: reds_stream.c:379:reds_stream_ssl_accept: > SSL_accept failed, error=1 > > I came across some documentation that states in the caveat section > "Certificate > of spice SSL should be separate certificate." > https://www.ovirt.org/develop/release-management/features/infra/pki/ > > Is this still the case for version 4? The document references version 3.2 > and 3.3. If so, how do I generate a new certificate for use with spice? > Please let me know if you require further info to troubleshoot, I am happy > to provide it. Many thanks in advance. > <https://www.ovirt.org/develop/release-management/features/infra/pki/> > > > > > > > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > >
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
