Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 19. Proxies
19.1. SPICE Proxy
Link kopierenLink in die Zwischenablage kopiert!
19.1.1. SPICE Proxy Overview
Link kopierenLink in die Zwischenablage kopiert!
The SPICE Proxy is a tool used to connect SPICE Clients to virtual machines when the SPICE Clients are outside the network that connects the hypervisors. Setting up a SPICE Proxy consists of installing Squid on a machine and configuring iptables to allow proxy traffic through the firewall. Turning a SPICE Proxy on consists of using engine-config on the Manager to set the key
SpiceProxyDefault to a value consisting of the name and port of the proxy. Turning a SPICE Proxy off consists of using engine-config on the Manager to remove the value to which the key SpiceProxyDefault has been set.
Important
The SPICE Proxy can only be used in conjunction with the standalone SPICE client, and cannot be used to connect to virtual machines using SPICE HTML5 or noVNC.
19.1.2. SPICE Proxy Machine Setup
Link kopierenLink in die Zwischenablage kopiert!
This procedure explains how to set up a machine as a SPICE Proxy. A SPICE Proxy makes it possible to connect to the Red Hat Enterprise Virtualization network from outside the network. We use Squid in this procedure to provide proxy services.
Procedure 19.1. Installing Squid on Red Hat Enterprise Linux
- Install Squid on the Proxy machine:
yum install squid
# yum install squidCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Open
/etc/squid/squid.conf. Change:http_access deny CONNECT !SSL_ports
http_access deny CONNECT !SSL_portsCopy to Clipboard Copied! Toggle word wrap Toggle overflow to:http_access deny CONNECT !Safe_ports
http_access deny CONNECT !Safe_portsCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Start the proxy:
service squid start
# service squid startCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Open the default squid port:
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
# iptables -A INPUT -p tcp --dport 3128 -j ACCEPTCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Make this iptables rule persistent:
service iptables save
# service iptables saveCopy to Clipboard Copied! Toggle word wrap Toggle overflow
You have now set up a machine as a SPICE proxy. Before connecting to the Red Hat Enterprise Virtualization network from outside the network, activate the SPICE proxy.
19.1.3. Turning on SPICE Proxy
Link kopierenLink in die Zwischenablage kopiert!
This procedure explains how to activate (or turn on) the SPICE proxy.
Procedure 19.2. Activating SPICE Proxy
- On the Manager, use the engine-config tool to set a proxy:
engine-config -s SpiceProxyDefault=someProxy
# engine-config -s SpiceProxyDefault=someProxyCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Restart the ovirt-engine service:
service ovirt-engine restart
# service ovirt-engine restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow The proxy must have this form:protocol://[host]:[port]
protocol://[host]:[port]Copy to Clipboard Copied! Toggle word wrap Toggle overflow Note
Only SPICE clients shipped with Red Hat Enterprise Linux 6.7, Red Hat Enterprise Linux 7.2, or newer support HTTPS proxies. Older clients only support HTTP. If HTTPS is specified for older clients, the client will ignore the proxy setting and attempt a direct connection to the hypervisor.
SPICE Proxy is now activated (turned on). It is now possible to connect to the Red Hat Enterprise Virtualization network through the SPICE proxy.
19.1.4. Turning Off a SPICE Proxy
Link kopierenLink in die Zwischenablage kopiert!
This procedure explains how to turn off (deactivate) a SPICE proxy.
Procedure 19.3. Turning Off a SPICE Proxy
- Log in to the Manager:
ssh root@[IP of Manager]
$ ssh root@[IP of Manager]ssh root@[IP of Manager]Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Run the following command to clear the SPICE proxy:
engine-config -s SpiceProxyDefault=""
# engine-config -s SpiceProxyDefault=""Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Restart the Manager:
service ovirt-engine restart
# service ovirt-engine restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow
SPICE proxy is now deactivated (turned off). It is no longer possible to connect to the Red Hat Enterprise Virtualization network through the SPICE proxy.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}