On 31.12.2012 19:25, Marc Haber wrote: > Hi, > > I have a virtualization host running KVM and libvirt 0.9.12 (on Debian > unstable). I would like to connect with virt-viewer 0.5.4 from a > different host to a domain that has Display Spice configured as > graphics interface. > > I can connect to the KVM host using > virsh --connect=qemu+ssh://mh@fan.local/system > and start m KVM domain from there, so I guess that authentication is > just fine. > > However, > virt-viewer --connect=qemu+ssh://mh@fan.local/system <domain> > does not work. The easy issue was that virt viewer issues a "nc > fan.local 5900" on the remote host, while the Display Spice agent > listens on 127.0.0.1 only. I could fix that by checking the "listen on > all IP addresses" box in the Display Spice configuration in > virt-manager. After that, I could see the TCP connection to the Spice > agent on the remote host succeed when tcpdumping on the KVM host's lo > interface. > > When I invoke virt-viewer when the domain is not running, it says > "Waiting for the guest domain to start", and changes to "Connecting to > graphic server" when I start the domain. When I invoke virt-viewer > when the domain is already running, it immediately says "Connecting to > graphic server", but the domain's console does never show up. > > When I invoke > virt-viewer --connect=qemu:///system <domain> > directly on the KVM host, the console shows up alright. > On the KVM host, > virt-viewer --connect=qemu+ssh:///system <domain> > gives the same behavior as the remote invocation, while > virt-viewer --direct --connect=qemu+ssh:///system <domain> > does. So I guess there is something wrong with the tunneling of the > Spice session through ssh. > > Am I doing something wrong? I would appreciate any hints. > > Greetings > Marc > The Spice session isn't tunneled over libvirt's connection whereas libvirt's APIs are tunneled. virt-viewer finds the desired domain, then asks for XML and cut 'listen' attribute (/domain/devices/graphics/@listen). Same goes for 'port'. Obtained values are used to establish a new TCP connection to Spice session. If you want the connection to inherit usage of ssh from libvirt connection, don't use '--direct' then. Or if you want to connect directly, without any tunnel magic, use '--direct'. There were some attempts to tunnel Spice/VNC over libvirt connection, but the patches aren't pushed yet: https://www.redhat.com/archives/libvir-list/2012-December/msg00399.html Michal _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
