On Tue, Dec 30, 2014 at 9:58 AM, Marcelo Roccasalva < marcelo-centos at irrigacion.gov.ar> wrote:> On Tue, Dec 30, 2014 at 11:46 AM, Bill Gee <bgee at campercaver.net> wrote: > > > Hello everyone - > > > > I am trying to use virt-viewer to connect to KVM virtual machines running > > on a > > CentOS7 host. It works great when running directly on the host, but I > have > > not been able to figure out the magic connection string to make it work > > from > > another computer. > > > > virt-viewer connects to a VNC console, which is listening only on > localhost. You need to modify the VNC console on the VM to access throu the > network.As Marcelo points out, by default QEMU listens on localhost for VNC consoles. If you grep vnc out of the qemu.conf, you'll get hints at a bunch of different options. More than likely you want the vnc_listen config parameter. ~]# grep vnc /etc/libvirt/qemu.conf vnc_listen = "X.X.X.X" # over vnc_listen. #vnc_auto_unix_socket = 1 #vnc_tls = 1 # default it to keep them in /etc/pki/libvirt-vnc. This directory #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem #vnc_tls_x509_verify = 1 #vnc_password = "XYZ12345" #vnc_sasl = 1 #vnc_sasl_dir = "/some/directory/sasl2" #vnc_allow_host_audio = 0 # result into negative vnc display number. I suspect (although I have not tested it) that the method Patrick suggested tunnels through SSH. [ Personally I don't use virt-viewer often and instead use virsh CLI along with a VNC client if necessary. ] -- ---~~.~~--- Mike // SilverTip257 //
On Tuesday, December 30, 2014 13:01:57 SilverTip257 wrote:> On Tue, Dec 30, 2014 at 9:58 AM, Marcelo Roccasalva < > > marcelo-centos at irrigacion.gov.ar> wrote: > > On Tue, Dec 30, 2014 at 11:46 AM, Bill Gee <bgee at campercaver.net> wrote: > > > Hello everyone - > > > > > > I am trying to use virt-viewer to connect to KVM virtual machines > > > running > > > on a > > > CentOS7 host. It works great when running directly on the host, but I > > > > have > > > > > not been able to figure out the magic connection string to make it work > > > from > > > another computer. > > > > virt-viewer connects to a VNC console, which is listening only on > > localhost. You need to modify the VNC console on the VM to access throu > > the > > network. > > As Marcelo points out, by default QEMU listens on localhost for VNC > consoles. > If you grep vnc out of the qemu.conf, you'll get hints at a bunch of > different options. > More than likely you want the vnc_listen config parameter. > > ~]# grep vnc /etc/libvirt/qemu.conf > vnc_listen = "X.X.X.X" > # over vnc_listen. > #vnc_auto_unix_socket = 1 > #vnc_tls = 1 > # default it to keep them in /etc/pki/libvirt-vnc. This directory > #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" > # certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem > #vnc_tls_x509_verify = 1 > #vnc_password = "XYZ12345" > #vnc_sasl = 1 > #vnc_sasl_dir = "/some/directory/sasl2" > #vnc_allow_host_audio = 0 > # result into negative vnc display number. > > I suspect (although I have not tested it) that the method Patrick suggested > tunnels through SSH. > > [ Personally I don't use virt-viewer often and instead use virsh CLI along > with a VNC client if necessary. ]Hi Mike - Thanks! I changed the qemu.conf file to listen on 0.0.0.0. That works - I can connect to the virtual machines using a VNC client. The problem with VNC is that the port number assigned to a particular VM depends on the order in which it is started. There is no command-line option for VNC that will attach to a VM by name ... only by display number or port number. With virt-viewer I can name the domain on the command line. It is unambiguous - There is no doubt about which VM it will connect to. I found where the VNC port can be fixed in the XML file that defines each VM. However, it is a manual process. I have not found a way to set it using virsh. I found where virsh can report the VNC port number used by a domain. However, the computers from where I am running VNC client do not have virsh installed. Somewhere in all this experimenting I have managed to break virt-viewer again. It was working, but no more. Argh! Good thing this is all happening on test computers! Bill Gee
On Tuesday, December 30, 2014 16:15:45 m.roth at 5-cent.us wrote:> Bill Gee wrote: > > On Tuesday, December 30, 2014 13:01:57 SilverTip257 wrote: > >> On Tue, Dec 30, 2014 at 9:58 AM, Marcelo Roccasalva < > >> > >> marcelo-centos at irrigacion.gov.ar> wrote: > >> > On Tue, Dec 30, 2014 at 11:46 AM, Bill Gee <bgee at campercaver.net> > >> > >> wrote: > <snip> > > > Thanks! I changed the qemu.conf file to listen on 0.0.0.0. That works - > > I can connect to the virtual machines using a VNC client. > > <snip> > Eeek! > > I'd change that, if I were you, to something on your own network - > 192.168.0.0/24, or whatever. I don't think you want somebody, in, say, > North Korea or Brazil getting in there. > > mark, the unpostableHi Mark My understanding is that 0.0.0.0 in this context really means "all public network interfaces". There is no man page for qemu.conf, so all I can go by is the comments in the file. There are NAT routers in front of all of this. Bill Gee
On Tue, Dec 30, 2014 at 4:08 PM, Bill Gee <bgee at campercaver.net> wrote:> > Thanks! I changed the qemu.conf file to listen on 0.0.0.0. That works - > I can > connect to the virtual machines using a VNC client. >Listening on 0.0.0.0 listens on all network interfaces. Mark's comment is not a major concern unless your KVM host is directly connected to the Internet (no firewall). * You should consider adding firewall rules on your KVM host none the less.> > The problem with VNC is that the port number assigned to a particular VM > depends on the order in which it is started. There is no command-line > option > for VNC that will attach to a VM by name ... only by display number or > port > number. >You can specify the VNC port when creating a host. But as far as connecting via VNC to a host VM by name without also having to add a port # suffix, that is more difficult. Easiest way for you to do so is to create shell aliases for each one. For my own deployments, I have a wiki page which documents what VNC ports are used. There's also virsh commands to extract info. virsh dominfo <VM_name> virsh vncdisplay <VM_name>> > With virt-viewer I can name the domain on the command line. It is > unambiguous > - There is no doubt about which VM it will connect to. > > I found where the VNC port can be fixed in the XML file that defines each > VM. > However, it is a manual process. I have not found a way to set it using > virsh. >Yes, a manual process. One would think there's a way to change it via virsh, but that could/would be a problem for a running VM. virt-install has options for specifying VNC ports.> > I found where virsh can report the VNC port number used by a domain. > However, > the computers from where I am running VNC client do not have virsh > installed. >They do not need virsh. SSH to the KVM host and run the virsh commands from there.> > Somewhere in all this experimenting I have managed to break virt-viewer > again. > It was working, but no more. Argh! Good thing this is all happening on > test > computers! > > Bill Gee-- ---~~.~~--- Mike // SilverTip257 //