The problem is this: I need to be able to connect to the systems
automatically via a script. Even if the VMs are restarted. If the PW
changes every time, my script doesn't work anymore.
Am 02.08.21 um 09:32 schrieb Michal Skrivanek:
On 31. 7. 2021, at 9:19, Strahil Nikolov <hunter86...@yahoo.com
<mailto:hunter86...@yahoo.com>> wrote:
You need to (all Hypervisors that will be running this script):
- download the engine's CA
from https://<your-engine>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
- put it at :
/etc/pki/ca-trust/source/anchors/
- make it trousted by running:
update-ca-trust extract
Best Regards,
Strahil Nikolov
On Fri, Jul 30, 2021 at 18:05, Merlin Timm
<merlin.t...@posteo.de <mailto:merlin.t...@posteo.de>> wrote:
Ah okay, i figured it out.
root@mypc <mailto:root@mypc>:/home/merlin/Documents/Ovirt-0.06#
perl set_ovirt_vnc_pw.pl
LWP Status line : 500 Can't connect to my.ovirt.manager.com:443
<http://my.ovirt.manager.com:443>
(certificate verify failed) at
/usr/local/share/perl/5.26.1/Ovirt/VM.pm
line 195.
it seems to work but it cant connect to the ovirt manager :/
Am 30.07.2021 14:54 schrieb Milan Zamazal:
> Merlin Timm <merlin.t...@posteo.de
<mailto:merlin.t...@posteo.de>> writes:
>
>> actually I rather wanted to know how to generate a config with
>> Ovirt::Display. I didn't really understand what I have to do to
>> generate a config.
>
> I've never tried it but I think you should fetch the perl
library and
> then run a perl script according to the example in Synopis
section of
> https://metacpan.org/pod/Ovirt::Display
<https://metacpan.org/pod/Ovirt::Display>
>
>> Am 30.07.2021 14:04 schrieb Milan Zamazal:
>>> Merlin Timm <merlin.t...@posteo.de
<mailto:merlin.t...@posteo.de>> writes:
>>>
>>>> Hey,
>>>> Thanks for the answers!
>>>> I want to try the perl solution. One, maybe stupid,
question: how
>>>> do i run this perl module?
>>>> Do i run it on the Host or from my local machne? I am a
litte bit
>>>> confused.
>>> As I understand it, you can run it from anywhere where Engine
REST
>>> API
>>> is reachable from.
>>> Regards,
>>> Milan
>>>
>>>> Could someone explain it to me?
>>>> Best regarda
>>>> Am 8. Juli 2021 16:05:42 MESZ schrieb Milan Zamazal
>>>> <mzama...@redhat.com <mailto:mzama...@redhat.com>>:
>>>>> Sandro Bonazzola <sbona...@redhat.com
<mailto:sbona...@redhat.com>> writes:
>>>>>
>>>>>> Il giorno gio 8 lug 2021 alle ore 13:38 Sandro Bonazzola <
>>>>>> sbona...@redhat.com <mailto:sbona...@redhat.com>> ha scritto:
>>>>>>
>>>>>>> +Milan Zamazal <mzama...@redhat.com
<mailto:mzama...@redhat.com>> , +Arik Hadas
>>>>>>> <aha...@redhat.com <mailto:aha...@redhat.com>> , +Michal
>>>>>>> Skrivanek <mskri...@redhat.com
<mailto:mskri...@redhat.com>> any hint?
>>>>>>>
>>>>>> I found https://metacpan.org/pod/Ovirt::Display
<https://metacpan.org/pod/Ovirt::Display>but I think there
>>>>>> should be
>>>>>> an easier way within the engine to configure this.
>>>>>>
>>>>>>
>>>>>>> Il giorno mar 6 lug 2021 alle ore 14:01 Merlin Timm
>>>>>>> <merlin.t...@posteo.de <mailto:merlin.t...@posteo.de>>
>>>>>>> ha scritto:
>>>>>>>
>>>>>>>> Good day to all,
>>>>>>>> I have a question about the console configuration of the
VMs:
>>>>>>>> By default, for each console connection to a VM, a
password is
>>>>>>>> set for
>>>>>>>> 120 seconds, after that you can't use it again. We currently
>>>>>>>> have the
>>>>>>>> following concern:
>>>>>>>> We want to access and control the VMs via the VNC/Spice
of the
>>>>>>>> Ovirt
>>>>>>>> host. We have already tried to use the password from the
>>>>>>>> console.vv for
>>>>>>>> the connection and that works so far. Unfortunately we
have to
>>>>>>>> do this
>>>>>>>> every 2 minutes when we want to connect again.
if you connect again you get a new concole.vv…why is that a problem?
We are currently
>>>>>>>> building
>>>>>>>> an automatic test pipeline and for this we need to
access the
>>>>>>>> VMs
>>>>>>>> remotely before OS start and we want to be independent
of a VNC
>>>>>>>> server
>>>>>>>> on the guest. This is only possible if we could connect
to the
>>>>>>>> VNC/Spice
>>>>>>>> server from the Ovirt host.
>>>>>>>> My question: would it be possible to fix the password or
read
>>>>>>>> it out via
>>>>>>>> api every time you want to connect?
>>>>> A one time password is set every time the console is
opened, for
>>>>> those
>>>>> 120 seconds. Unfortunately, the 120 seconds limit seems to be
>>>>> hardwired
>>>>> in Engine sources. So apparently the only chance would be
to set
>>>>> the
>>>>> password directly on the host using VM.updateDevice VDSM
API call.
>>>>> It
>>>>> looks like this normally:
>>>>> VM.updateDevice(params={'deviceType': 'graphics', 'password':
>>>>> '********', 'disconnectAction': 'NONE', 'params':
{'vncUsername':
>>>>> 'vnc-630b9cae-a983-4ab0-a9ac-6b8728f8014d', 'fips': 'false',
>>>>> 'userName': 'admin', 'userId':
>>>>> 'fd2c5e14-a8c3-11eb-951c-2a9574de53b6'}, 'ttl': 120,
>>>>> 'graphicsType':
>>>>> 'spice'})
>>>>> This way it's possible to set a password and its lifetime
(`ttl'
>>>>> parameter). Of course, it's needed to find out the host the VM
>>>>> runs on,
>>>>> a way to call the API (running vdsm-client directly on the host
>>>>> may be
>>>>> the easiest way), how to make/use the *.vv ticket (you can
use the
>>>>> same
>>>>> password all the time) and to accept collisions with different
>>>>> settings
>>>>> if someone opens the console from the web UI.
>>>>> In the end result, using the Perl library mentioned by Sandro
>>>>> above may
>>>>> be an easier solution.
>>>>> Or another option is to submit a patch to Engine to make the
>>>>> timeout
>>>>> configurable (look for TICKET_VALIDITY_SECONDS in the sources).
>>>>> Regards,
>>>>> Milan
>>>>>
>>>>>>>> I would appreciate a reply very much!
>>>>>>>> Best regards
>>>>>>>> Merlin Timm
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list -- users@ovirt.org
<mailto:users@ovirt.org>
>>>>>>>> To unsubscribe send an email to users-le...@ovirt.org
<mailto:users-le...@ovirt.org>
>>>>>>>> Privacy Statement:
https://www.ovirt.org/privacy-policy.html
<https://www.ovirt.org/privacy-policy.html>
>>>>>>>> oVirt Code of Conduct:
>>>>>>>>
https://www.ovirt.org/community/about/community-guidelines/
<https://www.ovirt.org/community/about/community-guidelines/>
>>>>>>>> List Archives:
>>>>>>>>
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/
<https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDPGLBQ4DWE64NATDDFDUB2TZLAHS6SV/>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Sandro Bonazzola
>>>>>>> MANAGER, SOFTWARE ENGINEERING, EMEA R&D RHV
>>>>>>> Red Hat EMEA <https://www.redhat.com/
<https://www.redhat.com/>>
>>>>>>> sbona...@redhat.com <mailto:sbona...@redhat.com>
>>>>>>> <https://www.redhat.com/ <https://www.redhat.com/>>
>>>>>>> *Red Hat respects your work life balance. Therefore there
is no
>>>>>>> need to
>>>>>>> answer this email out of your office hours.
>>>>>>> <https://mojo.redhat.com/docs/DOC-1199578
<https://mojo.redhat.com/docs/DOC-1199578>>*
>>>>>>>
>>>>>>>
>>>>>
_______________________________________________
Users mailing list -- users@ovirt.org <mailto:users@ovirt.org>
To unsubscribe send an email to users-le...@ovirt.org
<mailto:users-le...@ovirt.org>
Privacy Statement: https://www.ovirt.org/privacy-policy.html
<https://www.ovirt.org/privacy-policy.html>
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
<https://www.ovirt.org/community/about/community-guidelines/>
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GYNC72W3P5TEN3EOQSYPPKCQZ4TGIRDC/
<https://lists.ovirt.org/archives/list/users@ovirt.org/message/GYNC72W3P5TEN3EOQSYPPKCQZ4TGIRDC/>
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YJAKRQUMJX564QBHOLUUH74IRL2YNCCA/
