[pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname

Alexandre DERUMIER aderumier at odiso.com
Thu Jul 18 16:16:00 CEST 2013


about seamless migration, they are 2 mode:

true seamless migration, adding seamless-migration=on to spice server options.

semi-semless migration (client disconnect/reconnect to spice).

But documentation is not very clear, I don't known if I need to use client_migrate_info with true seamless mode.

Also, in my firsts tests, spice client disconnect when receive client_migrate_info....(it should wait for the end of the migration).

I'll continue tests, I'll send a report tomorrow.



----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "Dietmar Maurer" <dietmar at proxmox.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Jeudi 18 Juillet 2013 14:30:54 
Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname 

Works fine on my test cluster ! Thanks ! 


I'll try to see how seamless migration works. 
I known we can send new host,port values with qmp , but I don't known how it's works with proxy and proxyticket (as we have a timestamp). 


" 
client_migrate_info 
------------------ 

Set the spice/vnc connection info for the migration target. The spice/vnc 
server will ask the spice/vnc client to automatically reconnect using the 
new parameters (if specified) once the vm migration finished successfully. 

Arguments: 

- "protocol": protocol: "spice" or "vnc" (json-string) 
- "hostname": migration target hostname (json-string) 
- "port": spice/vnc tcp port for plaintext channels (json-int, optional) 
- "tls-port": spice tcp port for tls-secured channels (json-int, optional) 
- "cert-subject": server certificate subject (json-string, optional) 
" 





----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "Dietmar Maurer" <dietmar at proxmox.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Jeudi 18 Juillet 2013 13:40:15 
Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname 

sorry, my fault, I didn't have updated qemuserver package 

I'm going testing it now 
----- Mail original ----- 

De: "Alexandre DERUMIER" <aderumier at odiso.com> 
À: "Dietmar Maurer" <dietmar at proxmox.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Jeudi 18 Juillet 2013 13:32:42 
Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname 

I have an error on the call to spiceproxy api. (missing the new proxy propery) 

https://kvmtest1.odiso.net:8006/api2/extjs/nodes/kvmtest1/qemu/115/spiceproxy?proxy=kvmtest1.odiso.net 

{"success":0,"errors":{"proxy":"property is not defined in schema and the schema does not allow additional properties"},"status":"400","data":null,"message":"Parameter verification failed.\n"} 




----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Jeudi 18 Juillet 2013 12:36:34 
Objet: RE: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname 

> 
> I don't known if you I have time to implement the proxy forward to connect 
> on a vm on a remote node: ? 
> 
> client ---> http connect proxy1----> http connect proxy2 

Just implemented that - please can you test? 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 



More information about the pve-devel mailing list