AGPL spice-web-client is a spice html5 library from eyeos with another fork from flexvdi. I have tested them with libvirt (no encryption/authentication) and they really work great. I want to use them with Ovirt since spice-html5 is under-performant. However with ovirt I have to deal with authentication and ssl encryption. Since the OVirt certificate is self signed I cannot really ask users to import it (anyway that didn't work when I tried as it is missing the root certificate from the download link on the OVirt web admin console).
So far I am able to get a proxy setup using websockify and provide my own certificate and proxy it back to libvirt. I identified from the console.vv file the minimum fields remote-viewer needs to make a secure connection to OVirt. Now I need my websockyproxy to do the same Any help on getting this working will be appreciated. I haven't found any documentation on how this is working. I am ready to read remote-viewer code to try to figure out though Thanks On Fri, Mar 19, 2021 at 8:22 AM Michal Skrivanek < michal.skriva...@redhat.com> wrote: > Hi, > > > On 19. 3. 2021, at 3:56, Pascal D <pas...@butterflyit.com> wrote: > > > > Hi, > > > > I am trying to get the spice-web-client working with ovirt. > > what is spice-web-client? > > > One area where I am having difficulties is authentication.Looking at > remote-viewer on linux I am able to see that the minimum fields to have a > successful spice connection are the following: > > > > [virt-viewer] > > type=spice > > host=70.xxx.176.xxx > > port=5914 > > password=WQJQWCo+s8tK > > tls-port=5915 > > tls-ciphers=DEFAULT > > host-subject=O=xxxx.com,CN=d1c1v5.xxx.net > > ca=-----BEGIN > CERTIFICATE-----\nMIIDzDCCArSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM\nD2J1dHRlcmZseWl0LmNvbTEiMCAGA1UEAwwZb3YxLmJ1dHRlcmZseWl0LmNvbS40NTQ2NTAeFw0x\nOTA2MDQwMDMyMDVaFw0yOTA2MDIwMDMyMxxxxxxxxxxxxxxxxxxxxxxxxdXR0\nZXJmbHlpdC5jb20xIjAgBgNVBAMMGW92MS5idXR0ZXJmbHlpdC5jb20uNDU0NjUwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD218EJkIJewgmeDFcUM7vEQ3RQ4nL9ZNEg+zORlruLKON\neZRDfgXei3XTt+VFUNTrxBjepf+yN3WjhVP+lDeDveZU/3OYKj9dSewlz7Mj1XTKE8DXDMIGYc79\nXUrcSoiEjCRG1eB+w+uyP4WK0AlJwGKav3AZuU5awjvYAftkW0RhOgdjp80ofuoC3K9TUPPjemtw\n3EWb4bjRcWiDUj8owfhhAHnb4RfacUSMQmYpVJ5YfRunYrCOixlOeGx7PkvXLqWmu2Rnrnk7TNn6\nv74fHh3ruHmZHLk2i6/yNoOAiJC/M8piCGZ3tiOcnPcYF2ZoX+Ud6BV69Hp6SxnF/eCXAgMBAAGj\ngbkwgbYwHQYDVR0OBBYEFAlrTpLGY5Dq6gtA7d7CXc1QAFmOMHQGA1UdIwRtMGuAFAlrTpLGY5Dq\n6gtA7d7CXc1QAFmOoU+kTTBLMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPYnV0dGVyZmx5aXQuY29t\nMSIwIAYDVQQDDBlvdjEuYnV0dGVyZmx5aXQuY29tLjQ1NDY1ggIQADAPBgNVHRMBAf8EBTADAQH/\nMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCA > > > QEAoC8Nx/s4Uafgc3iyzxbLPb/chQ8U\n7+lULXTq+ZLOuMDdu6UKt7qKZpJZK8ZhjFh/1yVOnpzm7Np+oP7TQlOUkup8X4HsfAwrCgNK1IT1\nETdbdMYD8HYFjxz/0xbnMkJAHfPEh1vtqplw3YhVgiAZfZfT8HzVY/xGkjurvxSyVjBSbn+4uao1\n6W9URt2rWTHn+XxoT+j+cx8vv1WKsynlMBtUjCFy8eR7ZDngRcM/9iRkRCGHJvWJmi1CRrQeE5RZ\nvBH0zE64J3cOJj4BSlN3wOYWiRq28XLB9epDDyZaRpnsqLCOq/+/LscM7iPW1acdCoCu68nJUwTQ\nh1Jh7vQjCQ==\n-----END > CERTIFICATE-----\n > > > > > > with this I can successfully connect to a vm. Now I would like to do the > same from spice-web-client but websockify doesn't give me a tls-port. > > a tls-port for what? the one in .vv file is the qemu/spice-server tls port > > > How to could I implement this? Is there a wrapper that exists that I can > pass to websockify to do the authentication on the port + 1 (it seems it is > always the next port) > > the authentication in .vv file is for the SPICE protocol. it’s for the > “spice-web-client” to implement that. > > Thanks, > michal > > > > > Thanks in advance for your help > > _______________________________________________ > > Users mailing list -- users@ovirt.org > > To unsubscribe send an email to users-le...@ovirt.org > > Privacy Statement: https://www.ovirt.org/privacy-policy.html > > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7MIZRV5PHVVVMAX3GQSZCAYDUZI4HH7/ > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/YPZ5CFLOXUFBKOAVBTLBRBMI5MOX3V75/ >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MP7GHQBCLIASG6EL7IULEXROOLYWMI4X/
