Ce contenu n'est pas disponible dans la langue sélectionnée.

Appendix F. Proxies


F.1. SPICE Proxy

F.1.1. SPICE Proxy Overview

The SPICE Proxy is a tool used to connect SPICE Clients to virtual machines when the SPICE Clients are outside the network that connects the hypervisors. Setting up a SPICE Proxy consists of installing Squid on a machine and configuring the firewall to allow proxy traffic. Turning a SPICE Proxy on consists of using engine-config on the Manager to set the key SpiceProxyDefault to a value consisting of the name and port of the proxy. Turning a SPICE Proxy off consists of using engine-config on the Manager to remove the value to which the key SpiceProxyDefault has been set.

Important

The SPICE Proxy can only be used in conjunction with the standalone SPICE client, and cannot be used to connect to virtual machines using noVNC.

F.1.2. SPICE Proxy Machine Setup

This procedure explains how to set up a machine as a SPICE Proxy. A SPICE Proxy makes it possible to connect to the Red Hat Virtualization network from outside the network. We use Squid in this procedure to provide proxy services.

Procedure

  1. Install Squid on the Proxy machine:

    # dnf install squid
  2. Open /etc/squid/squid.conf. Change:

    http_access deny CONNECT !SSL_ports

    to:

    http_access deny CONNECT !Safe_ports
  3. Start the squid service and enable it to run automatically after reboot:

    # systemctl enable squid.service --now
  4. Enable incoming requests to the squid service in the default firewalld zone:

    # firewall-cmd --permanent --add-service=squid
  5. Make this firewall rule persistent in the runtime configuration:

    # firewall-cmd --reload
  6. Confirm that the squid service appears in the list of firewall services:

    # firewall-cmd --list-services
    ssh dhcpv6-client squid

You have now set up a machine as a SPICE proxy. Before connecting to the Red Hat Virtualization network from outside the network, activate the SPICE proxy.

F.1.3. Turning On a SPICE Proxy

This procedure explains how to activate (or turn on) the SPICE proxy.

Procedure

  1. On the Manager, use the engine-config tool to set a proxy:

    # engine-config -s SpiceProxyDefault=someProxy
  2. Restart the ovirt-engine service:

    # systemctl restart ovirt-engine.service

    The proxy must have this form:

    protocol://[host]:[port]
    Note

    Only SPICE clients shipped with Red Hat Enterprise Linux 6.7, Red Hat Enterprise Linux 7.2, or later, support HTTPS proxies. Earlier clients only support HTTP. If HTTPS is specified for earlier clients, the client will ignore the proxy setting and attempt a direct connection to the host.

SPICE Proxy is now activated (turned on). It is now possible to connect to the Red Hat Virtualization network through the SPICE proxy.

F.1.4. Turning Off a SPICE Proxy

This procedure explains how to turn off (deactivate) a SPICE proxy.

Procedure

  1. Log in to the Manager:

    $ ssh root@[IP of Manager]
  2. Run the following command to clear the SPICE proxy:

    # engine-config -s SpiceProxyDefault=""
  3. Restart the Manager:

    # systemctl restart ovirt-engine.service

SPICE proxy is now deactivated (turned off). It is no longer possible to connect to the Red Hat Virtualization network through the SPICE proxy.

Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.