On Tue, 2018-02-20 at 08:59 +0100, Tomas Jelinek wrote: > > > On Mon, Feb 19, 2018 at 7:10 PM, Jeremy Tourville <Jeremy_Tourville@h > otmail.com> wrote: > > Hi Tomas, > > To answer your question, yes I am really trying to use aSpice. > > > > I appreciate your suggestion. I'm not sure if it meets my > > objective. Maybe our goals are different? It seems to me that > > movirt is built around portable management of the ovirt > > environment. I am attempting to provide a VDI type experience for > > running a vm. My goal is to run a lab environment with 30 > > chromebooks loaded with a spice clent. The spice client would of > > course connect to the 30 vms running Kali and each session would be > > independent of each other. > > > > yes, it looks like a different use case > > > I did a little further testing with a different client. (spice > > plugin for chrome). When I attempted to connect using that client > > I got a slightly different error message. The message still seemed > > to be of the same nature- i.e.: there is a problem with SSL > > protocol and communication. > > > > Are you suggesting that movirt can help set up the proper > > certficates and config the vms to use spice? Thanks! > > > > moVirt has been developed for quite some time and works pretty well, > this is why I recommended it. But anyway, you have a different use > case. > > What I think the issue is, is that oVirt can have different CAs set > for console communication and for API. And I think you are trying to > configure aSPICE to use the one for API. > > What moVirt does to make sure it is using the correct CA to put into > the aSPICE is that it downloads the .vv file of the VM (e.g. you can > just connect to console using webadmin and save the .vv file > somewhere), parse it and use the CA= part from it as a certificate. > This one is guaranteed to be the correct one. > > For more details about what else it takes from the .vv file you can > check here: > the parsing: https://github.com/oVirt/moVirt/blob/master/moVirt/src/m > ain/java/org/ovirt/mobile/movirt/rest/client/httpconverter/VvFileHttp > MessageConverter.java > configuration of aSPICE: https://github.com/oVirt/moVirt/blob/master/ > moVirt/src/main/java/org/ovirt/mobile/movirt/util/ConsoleHelper.java > > enjoy :)
Feels to me like OP should try to get it working _any_ "normal" way before trying to get the special use case application working? Like trying to run before learning to crawl, if that makes sense? I would suggest just logging in to webadmin with a regular PC and trying to get a SPICE console with remote-viewer to begin with. Then, once that works, try to get a SPICE console working through moVirt with aSPICE on an Android phone, or one of the Chromebooks you have to play with before going into production. Once that´s settled and you know it should work the way you normally access it, you can start playing with your special use case application. Hope it helps! /K > > > > > From: Tomas Jelinek <[email protected]> > > Sent: Monday, February 19, 2018 4:19 AM > > To: Jeremy Tourville > > Cc: [email protected] > > Subject: Re: [ovirt-users] Spice Client Connection Issues Using > > aSpice > > > > > > > > On Sun, Feb 18, 2018 at 5:32 PM, Jeremy Tourville <Jeremy_Tourville > > @hotmail.com> wrote: > > > Hello, > > > I am having trouble connecting to my guest vm (Kali Linux) which > > > is running spice. My engine is running version: 4.2.1.7- > > > 1.el7.centos. > > > I am using oVirt Node as my host running version: 4.2.1.1. > > > > > > I have taken the following steps to try and get everything > > > running properly. > > > Download the root CA certificate https://ovirtengine.lan/ovirt-en > > > gine/services/pki-resource?resource=ca-certificate&format=X509- > > > PEM-CA > > > Edit the vm and define the graphical console entries. Video type > > > is set to QXL, Graphics protocol is spice, USB support is > > > enabled. > > > Install the guest agent in Debian per the instructions here - htt > > > ps://www.ovirt.org/documentation/how-to/guest-agent/install-the- > > > guest-agent-in-debian/ It is my understanding that installing > > > the guest agent will also install the virt IO device drivers. > > > Install the spice-vdagent per the instructions here - https://www > > > .ovirt.org/documentation/how-to/guest-agent/install-the-spice- > > > guest-agent/ > > > On the aSpice client I have imported the CA certficate from step > > > 1 above. I defined the connection using the IP of my Node and > > > TLS port 5901. > > > > are you really using aSPICE client (e.g. the android SPICE > > client?). If yes, maybe you want to try to open it using moVirt (ht > > tps://play.google.com/store/apps/details?id=org.ovirt.mobile.movirt > > &hl=en) which delegates the console to aSPICE but configures > > everything including the certificates on it. Should be much simpler > > than configuring it by hand.. > > > > > To troubleshoot my connection issues I confirmed the port being > > > used to listen. > > > virsh # domdisplay Kali > > > spice://172.30.42.12?tls-port=5901 > > > > > > I see the following when attempting to connect. > > > tail -f /var/log/libvirt/qemu/Kali.log > > > > > > 140400191081600:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 > > > alert internal error:s3_pkt.c:1493:SSL alert number 80 > > > ((null):27595): Spice-Warning **: > > > reds_stream.c:379:reds_stream_ssl_accept: SSL_accept failed, > > > error=1 > > > > > > I came across some documentation that states in the caveat > > > section "Certificate of spice SSL should be separate > > > certificate." > > > https://www.ovirt.org/develop/release-management/features/infra/p > > > ki/ > > > > > > Is this still the case for version 4? The document references > > > version 3.2 and 3.3. If so, how do I generate a new certificate > > > for use with spice? Please let me know if you require further > > > info to troubleshoot, I am happy to provide it. Many thanks in > > > advance. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Users mailing list > > > [email protected] > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
