Hello everyone -
I am trying to use virt-viewer to connect to KVM virtual machines running on a CentOS7 host. It works great when running directly on the host, but I have not been able to figure out the magic connection string to make it work from another computer.
On the host, I set selinux to "permissive" and stopped the firewalld service. No change, so it is not related to them.
Almost every command I try gives an immediate dialog box that says "Unable to connect to libvirt with URI ...". The only command line that gets me anything different is this:
virt-viewer --connect xen+ssh://root@practice7.billgee.local/ dd2a2ba7-707d-42b5-8c83-94b11ce6e269
This will ask me for the root password on the host machine and then gives me the same "Unable to connect" message. I tried it with a regular user account instead of root and got the same result.
I have tried it with and without the "root@" string. I tried using both the UUID and the domain name of the guest. I tried all of the following protocols:
ssh:// qemu:// qemu:/// xen:// xen+ssh:// qemu_ssh:// qemu+ssh://
If I open a regular ssh shell using the +X parameter and then launch virt- viewer, it works. The connection string in that case is
--connect=qemu:///system
Any suggestions?
Thanks - Bill Gee
On Tue, Dec 30, 2014 at 11:46 AM, Bill Gee bgee@campercaver.net wrote:
Hello everyone -
I am trying to use virt-viewer to connect to KVM virtual machines running on a CentOS7 host. It works great when running directly on the host, but I have not been able to figure out the magic connection string to make it work from another computer.
virt-viewer connects to a VNC console, which is listening only on localhost. You need to modify the VNC console on the VM to access throu the network.
On Tue, Dec 30, 2014 at 9:58 AM, Marcelo Roccasalva < marcelo-centos@irrigacion.gov.ar> wrote:
On Tue, Dec 30, 2014 at 11:46 AM, Bill Gee bgee@campercaver.net wrote:
Hello everyone -
I am trying to use virt-viewer to connect to KVM virtual machines running on a CentOS7 host. It works great when running directly on the host, but I
have
not been able to figure out the magic connection string to make it work from another computer.
virt-viewer connects to a VNC console, which is listening only on localhost. You need to modify the VNC console on the VM to access throu the network.
As Marcelo points out, by default QEMU listens on localhost for VNC consoles. If you grep vnc out of the qemu.conf, you'll get hints at a bunch of different options. More than likely you want the vnc_listen config parameter.
~]# grep vnc /etc/libvirt/qemu.conf vnc_listen = "X.X.X.X" # over vnc_listen. #vnc_auto_unix_socket = 1 #vnc_tls = 1 # default it to keep them in /etc/pki/libvirt-vnc. This directory #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem #vnc_tls_x509_verify = 1 #vnc_password = "XYZ12345" #vnc_sasl = 1 #vnc_sasl_dir = "/some/directory/sasl2" #vnc_allow_host_audio = 0 # result into negative vnc display number.
I suspect (although I have not tested it) that the method Patrick suggested tunnels through SSH.
[ Personally I don't use virt-viewer often and instead use virsh CLI along with a VNC client if necessary. ]
On Tuesday, December 30, 2014 13:01:57 SilverTip257 wrote:
On Tue, Dec 30, 2014 at 9:58 AM, Marcelo Roccasalva <
marcelo-centos@irrigacion.gov.ar> wrote:
On Tue, Dec 30, 2014 at 11:46 AM, Bill Gee bgee@campercaver.net wrote:
Hello everyone -
I am trying to use virt-viewer to connect to KVM virtual machines running on a CentOS7 host. It works great when running directly on the host, but I
have
not been able to figure out the magic connection string to make it work from another computer.
virt-viewer connects to a VNC console, which is listening only on localhost. You need to modify the VNC console on the VM to access throu the network.
As Marcelo points out, by default QEMU listens on localhost for VNC consoles. If you grep vnc out of the qemu.conf, you'll get hints at a bunch of different options. More than likely you want the vnc_listen config parameter.
~]# grep vnc /etc/libvirt/qemu.conf vnc_listen = "X.X.X.X" # over vnc_listen. #vnc_auto_unix_socket = 1 #vnc_tls = 1 # default it to keep them in /etc/pki/libvirt-vnc. This directory #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem #vnc_tls_x509_verify = 1 #vnc_password = "XYZ12345" #vnc_sasl = 1 #vnc_sasl_dir = "/some/directory/sasl2" #vnc_allow_host_audio = 0 # result into negative vnc display number.
I suspect (although I have not tested it) that the method Patrick suggested tunnels through SSH.
[ Personally I don't use virt-viewer often and instead use virsh CLI along with a VNC client if necessary. ]
Hi Mike -
Thanks! I changed the qemu.conf file to listen on 0.0.0.0. That works - I can connect to the virtual machines using a VNC client.
The problem with VNC is that the port number assigned to a particular VM depends on the order in which it is started. There is no command-line option for VNC that will attach to a VM by name ... only by display number or port number.
With virt-viewer I can name the domain on the command line. It is unambiguous - There is no doubt about which VM it will connect to.
I found where the VNC port can be fixed in the XML file that defines each VM. However, it is a manual process. I have not found a way to set it using virsh.
I found where virsh can report the VNC port number used by a domain. However, the computers from where I am running VNC client do not have virsh installed.
Somewhere in all this experimenting I have managed to break virt-viewer again. It was working, but no more. Argh! Good thing this is all happening on test computers!
Bill Gee
On Tue, Dec 30, 2014 at 4:08 PM, Bill Gee bgee@campercaver.net wrote:
Thanks! I changed the qemu.conf file to listen on 0.0.0.0. That works - I can connect to the virtual machines using a VNC client.
Listening on 0.0.0.0 listens on all network interfaces. Mark's comment is not a major concern unless your KVM host is directly connected to the Internet (no firewall). * You should consider adding firewall rules on your KVM host none the less.
The problem with VNC is that the port number assigned to a particular VM depends on the order in which it is started. There is no command-line option for VNC that will attach to a VM by name ... only by display number or port number.
You can specify the VNC port when creating a host. But as far as connecting via VNC to a host VM by name without also having to add a port # suffix, that is more difficult. Easiest way for you to do so is to create shell aliases for each one.
For my own deployments, I have a wiki page which documents what VNC ports are used.
There's also virsh commands to extract info. virsh dominfo <VM_name> virsh vncdisplay <VM_name>
With virt-viewer I can name the domain on the command line. It is unambiguous
- There is no doubt about which VM it will connect to.
I found where the VNC port can be fixed in the XML file that defines each VM. However, it is a manual process. I have not found a way to set it using virsh.
Yes, a manual process. One would think there's a way to change it via virsh, but that could/would be a problem for a running VM.
virt-install has options for specifying VNC ports.
I found where virsh can report the VNC port number used by a domain. However, the computers from where I am running VNC client do not have virsh installed.
They do not need virsh. SSH to the KVM host and run the virsh commands from there.
Somewhere in all this experimenting I have managed to break virt-viewer again. It was working, but no more. Argh! Good thing this is all happening on test computers!
Bill Gee
Hi Mike - Comments inline below.
On Thursday, January 01, 2015 19:54:53 SilverTip257 wrote:
On Tue, Dec 30, 2014 at 4:08 PM, Bill Gee bgee@campercaver.net wrote:
Thanks! I changed the qemu.conf file to listen on 0.0.0.0. That works - I can connect to the virtual machines using a VNC client.
Listening on 0.0.0.0 listens on all network interfaces. Mark's comment is not a major concern unless your KVM host is directly connected to the Internet (no firewall).
- You should consider adding firewall rules on your KVM host none the less.
Not a problem, I live behind a NAT box. Rules for firewalld are on my list of things to learn. For now the host machine has firewalld running with a default set of rules.
Even if it were directly connected to the Internet, it would still have to listen on some port. There has to be SOME way for connections to be made.
The problem with VNC is that the port number assigned to a particular VM depends on the order in which it is started. There is no command-line option for VNC that will attach to a VM by name ... only by display number or port number.
You can specify the VNC port when creating a host. But as far as connecting via VNC to a host VM by name without also having to add a port # suffix, that is more difficult. Easiest way for you to do so is to create shell aliases for each one.
For my own deployments, I have a wiki page which documents what VNC ports are used.
I keep a page in KJots listing the ports used for my VirtualBox guests. It would be easy to do the same thing here. However, it seems a kludge. For large installations it is not tenable at all.
There's also virsh commands to extract info. virsh dominfo <VM_name> virsh vncdisplay <VM_name>
Yep, I know about these. But I don't have virsh on the local computer.
With virt-viewer I can name the domain on the command line. It is unambiguous
- There is no doubt about which VM it will connect to.
I found where the VNC port can be fixed in the XML file that defines each VM. However, it is a manual process. I have not found a way to set it using virsh.
Yes, a manual process. One would think there's a way to change it via virsh, but that could/would be a problem for a running VM.
virt-install has options for specifying VNC ports.
It might be a problem for a running machine - but it is a one-time change and so no problem to pick a time to shutdown/restart the guest.
I found where virsh can report the VNC port number used by a domain. However, the computers from where I am running VNC client do not have virsh installed.
They do not need virsh. SSH to the KVM host and run the virsh commands from there.
The ultimate goal is to create shortcuts in the Start menu which will launch directly to the guest. Your method requires the user to first ssh into the host and then modify the Start menu shortcut. This is not usable even in my small home network, never mind the problems with any kind of business environment.
There *IS* a version of virt-viewer to run on Windows. I am not using it (my workstations run Fedora), but in a business it would be a requirement.
Somewhere in all this experimenting I have managed to break virt-viewer again. It was working, but no more. Argh! Good thing this is all happening on test computers!
Bill Gee
On Fri, Jan 2, 2015 at 8:22 AM, Bill Gee bgee@campercaver.net wrote:
For my own deployments, I have a wiki page which documents what VNC ports are used.
I keep a page in KJots listing the ports used for my VirtualBox guests. It would be easy to do the same thing here. However, it seems a kludge. For large installations it is not tenable at all.
Maybe, but the port used for a host does not change.
There's also virsh commands to extract info. virsh dominfo <VM_name> virsh vncdisplay <VM_name>
Yep, I know about these. But I don't have virsh on the local computer.
Ok, install virsh? ( If solves the/a problem. )
I found where virsh can report the VNC port number used by a domain. However, the computers from where I am running VNC client do not have virsh installed.
They do not need virsh. SSH to the KVM host and run the virsh commands from there.
The ultimate goal is to create shortcuts in the Start menu which will launch directly to the guest. Your method requires the user to first ssh into the host and then modify the Start menu shortcut. This is not usable even in my small home network, never mind the problems with any kind of business environment.
Again, the VNC port used by a host does not change. Not sure I see the problem here.
There may be something out there that does exactly what you want. ( I don't know of it yet. :-/ ) [ I have been hoping that somebody who uses the KVM GUIs might chime in. ]
* Please do post with your final solution for the betterment of the CentOS Community.
I use --connect=qemu+ssh://root@host.company.tl/system virtualname
greetings Patrick
Op 30-12-14 om 15:46 schreef Bill Gee:
Hello everyone -
I am trying to use virt-viewer to connect to KVM virtual machines running on a CentOS7 host. It works great when running directly on the host, but I have not been able to figure out the magic connection string to make it work from another computer.
On the host, I set selinux to "permissive" and stopped the firewalld service. No change, so it is not related to them.
Almost every command I try gives an immediate dialog box that says "Unable to connect to libvirt with URI ...". The only command line that gets me anything different is this:
virt-viewer --connect xen+ssh://root@practice7.billgee.local/ dd2a2ba7-707d-42b5-8c83-94b11ce6e269
This will ask me for the root password on the host machine and then gives me the same "Unable to connect" message. I tried it with a regular user account instead of root and got the same result.
I have tried it with and without the "root@" string. I tried using both the UUID and the domain name of the guest. I tried all of the following protocols:
ssh:// qemu:// qemu:/// xen:// xen+ssh:// qemu_ssh:// qemu+ssh://
If I open a regular ssh shell using the +X parameter and then launch virt- viewer, it works. The connection string in that case is
--connect=qemu:///system
Any suggestions?
Thanks - Bill Gee
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi Patrick -
Thanks! Adding "/system" on the end of the URI made a difference. Now it will ask me for the password, then open a new window that says "Waiting for display 1". I verified that the target guest is running.
Odd behavior - When I close the new window, the command shell I ran it from no longer echos commands to the screen. It takes them if I type blindly. I have to kill and restart bash to get it back.
I set up a new menu item in KDE to launch virt-viewer. That works! It gets me all the way to the remote display. It asks for the kwallet password and for the host machine root password twice - but it does get there.
Regards - Bill Gee
On Tuesday, December 30, 2014 16:03:49 Patrick Bervoets wrote:
I use --connect=qemu+ssh://root@host.company.tl/system virtualname
greetings Patrick
Op 30-12-14 om 15:46 schreef Bill Gee:
Hello everyone -
I am trying to use virt-viewer to connect to KVM virtual machines running on a CentOS7 host. It works great when running directly on the host, but I have not been able to figure out the magic connection string to make it work from another computer.
On the host, I set selinux to "permissive" and stopped the firewalld service. No change, so it is not related to them.
Almost every command I try gives an immediate dialog box that says "Unable to connect to libvirt with URI ...". The only command line that gets me anything different is this:
virt-viewer --connect xen+ssh://root@practice7.billgee.local/ dd2a2ba7-707d-42b5-8c83-94b11ce6e269
This will ask me for the root password on the host machine and then gives me the same "Unable to connect" message. I tried it with a regular user account instead of root and got the same result.
I have tried it with and without the "root@" string. I tried using both the UUID and the domain name of the guest. I tried all of the following protocols:
ssh:// qemu:// qemu:/// xen:// xen+ssh:// qemu_ssh:// qemu+ssh://
If I open a regular ssh shell using the +X parameter and then launch virt- viewer, it works. The connection string in that case is
--connect=qemu:///system
Any suggestions?
Thanks - Bill Gee
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Bill Gee -
Marcelo Roccasalva -
Patrick Bervoets -
SilverTip257