Re: virsh ok with TLS but virt-viewer not

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi there,


I folowed instructions on:
http://wiki.libvirt.org/page/TLSSetup

To setup TLS conections to a qemu+kvm host, for remote administration. I
guess I did everything right, because
sudo virsh -c qemu+tls://myhost/system

But I cannot open any guest console, be it from virt-manager or from
virt-viewer.
sudo virt-viewer -c qemu+tls://myhost/system 1

I get an error pop-up telling "Unable to connect to graphics server
myhost:5900"


Use the virsh command to get to one of the machines and then do a

    netstat -lpnt

and verify you have something listening on port 5900. If you don't,
then the virt console won't work (probably that the vnc server didn't
start on the guest machine).
All qemu-kvm processes were listening on ports 590x, but on loopback only. Now it makes sense: virsh / virt-manager conect to libvirtd, but virt-viewer connect to qemu-kvm. That's why one can work while the other can't.
I found there's "another" virt-manager web site. Followed the instructions on 

http://virt-manager.et.redhat.com/page/RemoteTLS
And now I can get remote console access from either virt-viewer or virt-manager.
But also got another serious problem: now each active VM listens on two ports (For example, 5900 and 5902 for guest 1). One accepts plain text vnc or spice connections. The other accepts TLS connections, as seen on virt-manager guest details. My wish is to enable only TLS connections. Can't do that using iptables rules because port assignment is dynamic.
Worse yet, I found using netstat that virt-viewer and virt-manager connects to the non-secure port. :-(
I found no way of connecting using remote-viewer to the TLS port, only to the non-secure port. So I don't really know if my vnc/spice TLS setup is working.
On the Windows side, I got virsh working with TLS. But not virt-viewer. The windows port of virt-viewer seems unable to recognize "qemu+tls" urls, as I did on Linux. :-( And as I don't know how to make TLS connections using remote-viewer, I haven't got secure guest console access from windows clients. 


[]s, Fernando Lozano


--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux