Secret Incantations For Virt-viewer?
Hello everyone –
I am trying to use virt-viewer to connect to KVM virtual machines running on a CentOS7 host. It works great when running directly on the host, but I have not been able to figure out the magic connection string to make it work from another computer.
On the host, I set selinux to “permissive” and stopped the firewalld service.
No change, so it is not related to them.
Almost every command I try gives an immediate dialog box that says “Unable to connect to libvirt with URI …”. The only command line that gets me anything different is this:
virt-viewer –connect xen+ssh://root@practice7.billgee.local/
dd2a2ba7-707d-42b5-8c83-94b11ce6e269
This will ask me for the root password on the host machine and then gives me the same “Unable to connect” message. I tried it with a regular user account instead of root and got the same result.
I have tried it with and without the “root@” string. I tried using both the UUID and the domain name of the guest. I tried all of the following protocols:
ssh://
qemu://
qemu:///
xen://
xen+ssh://
qemu_ssh://
qemu+ssh://
If I open a regular SSH shell using the +X parameter and then launch virt-
viewer, it works. The connection string in that case is
–connect=qemu:///system
Any suggestions?
Thanks – Bill Gee
6 thoughts on - Secret Incantations For Virt-viewer?
virt-viewer connects to a VNC console, which is listening only on localhost. You need to modify the VNC console on the VM to access throu the network.
I use
–connect=qemu+ssh://root@host.company.tl/system virtualname
greetings Patrick
Op 30-12-14 om 15:46 schreef Bill Gee:
As Marcelo points out, by default QEMU listens on localhost for VNC
consoles. If you grep VNC out of the qemu.conf, you’ll get hints at a bunch of different options. More than likely you want the VNC_listen config parameter.
~]# grep VNC /etc/libvirt/qemu.conf vnc_listen = “X.X.X.X”
# over VNC_listen.
#vnc_auto_unix_socket = 1
#vnc_tls = 1
# default it to keep them in /etc/pki/libvirt-vnc. This directory
#vnc_tls_x509_cert_dir = “/etc/pki/libvirt-vnc”
# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
#vnc_tls_x509_verify = 1
#vnc_password = “XYZ12345”
#vnc_sasl = 1
#vnc_sasl_dir = “/some/directory/sasl2”
#vnc_allow_host_audio = 0
# result into negative VNC display number.
I suspect (although I have not tested it) that the method Patrick suggested tunnels through SSH.
[ Personally I don’t use virt-viewer often and instead use virsh CLI along with a VNC client if necessary. ]
Hi Mike –
Thanks! I changed the qemu.conf file to listen on 0.0.0.0. That works – I can connect to the virtual machines using a VNC client.
The problem with VNC is that the port number assigned to a particular VM
depends on the order in which it is started. There is no command-line option for VNC that will attach to a VM by name … only by display number or port number.
With virt-viewer I can name the domain on the command line. It is unambiguous
– There is no doubt about which VM it will connect to.
I found where the VNC port can be fixed in the XML file that defines each VM.
However, it is a manual process. I have not found a way to set it using virsh.
I found where virsh can report the VNC port number used by a domain. However, the computers from where I am running VNC client do not have virsh installed.
Somewhere in all this experimenting I have managed to break virt-viewer again.
It was working, but no more. Argh! Good thing this is all happening on test computers!
Bill Gee
Listening on 0.0.0.0 listens on all network interfaces. Mark’s comment is not a major concern unless your KVM host is directly connected to the Internet (no firewall).
* You should consider adding firewall rules on your KVM host none the less.
You can specify the VNC port when creating a host. But as far as connecting via VNC to a host VM by name without also having to add a port # suffix, that is more difficult. Easiest way for you to do so is to create shell aliases for each one.
For my own deployments, I have a wiki page which documents what VNC ports are used.
There’s also virsh commands to extract info. virsh dominfo
virsh VNCdisplay
Yes, a manual process. One would think there’s a way to change it via virsh, but that could/would be a problem for a running VM.
virt-install has options for specifying VNC ports.
They do not need virsh. SSH to the KVM host and run the virsh commands from there.
Maybe, but the port used for a host does not change.
Ok, install virsh?
( If solves the/a problem. )
Again, the VNC port used by a host does not change. Not sure I see the problem here.
There may be something out there that does exactly what you want.
( I don’t know of it yet. :-/ )
[ I have been hoping that somebody who uses the KVM GUIs might chime in. ]
* Please do post with your final solution for the betterment of the CentOS
Community.