brycec: must be blind, I haven't seen that popup (support contract/license) for proxmox)
<3   http://www.youtube.com/watch?v=A43JOxLa5MM
hehe
some ppl here are running proxmox? I'm trying to get vnc working, without being through the java plugin, but can't
shouldn't this work: /bin/nc -l -p 5900 -w 1 -c '/usr/sbin/qm vncproxy 100' ? I always get 'no connection : Connection timed out'
while '/usr/sbin/qm vncproxy 100' gives me: RFB 003.008
I'll help in a sec
here are my crib notes:
$ cat proxmoxssl
Note: user@pam for local auth
Note: example inetd.conf entry: "59100 stream tcp nowait root /usr/sbin/qm qm vncproxy 100"
Note: apt-get install openbsd-inetd
/usr/local/lib/ssvnc/ssvnc_cmd -proxy vencrypt://10.255.3.129:59701 10.255.3.129:59701 -noraiseonbeep
see if they get you further ;-)
I'm not familiar with using nc as an inetd replacement, I'd rather use the real deal
how would _me_ being the blind one work in that scenario? :P 00:10:09 >>@toddf<< brycec: must be blind, I haven't seen that popup (support contract/license) for proxmox)
Anyhow, it's the first thing that I see when I login https://dl.dropboxusercontent.com/u/3167967/screenshot_2013-08-29_09-23-16.png
toddf: will test and report back :-)
brycec: yeah, I got that too everytime I log in
Ooh good thinking on the inetd entry, toddf
brycec: I'm blind, I don't see the popup, sorry it was misunderstood
brycec: its slightly hackish as you have to manually allocate a port per vm, but quite less mem intensive than java to access consoles (though conserver is also a good idea too)
Sooo much easier and nicer than Java :) And if I just keep using sequential ID's, I can just dump a bunch in inetd and forget about it
toddf: and there's another prob with the java plugin, i have a box with and old java version which doesn't run even
I wish I could figure out how to tell proxmox to set perms on a serial unix socket properly; my choices are a) allocate tcp ports for proxmox serial ports for conserver or b) use unix sockets and manually chmod them everytime a vm is stopped/started; perhaps someone with conserver fu can suggest how to do the chmod from the conserver config though
brycec: indeed
good news, at least now it connects! but still: Connected to RFB server, using protocol version 3.8 Server did not offer supported security type
using vncviewer here
gonna try ssvnc
hmm, just had to reboot my VM on kvr19, seemed to have gotten into a bad IO state or something
toddf: btw, your setup notes are here http://pve.proxmox.com/wiki/Vnc_2.0#configure_Proxmox_host_for_TLS_connections
vncviewer does not do the ssl bits, the ssvnc cmdline above is all I have gotten to work, if you get something else to work, please do share
someday I'll understand what this spice thing is and why people are excited for newer versions of proxmox to support it
the cirucuit sim?
Oh "SPICE (protocol), a remote-connection sharing protocol"
yeah that
from what I've heard, it's everything that makes RDP good, but free and open source
Apparently it's already in QEMU as of March 2010.
looks like that webpage is missing the ssvnc bits to let unix hit console via that mechanism
sure it exists, I still don't know how I could use it ;-(
you could use the html5 client
$ qemu-system-i386 -h 2>&1 | grep -i spice
-spice [port=port][,tls-port=secured-port][,x509-dir=<dir>]
   enable spice
well someday you'll get around to trying it out :p
brycec: !@#%!@#%$!@^%@!#$!@#$ ok talk to me about this html5 client. I have no infoz on how to do it yet my friend insists it works yet I have no browser that can connect to his consoles without java.
http://en.wikipedia.org/wiki/SPICE_(protocol)#spice-html5 all the info I have on it now. Oh and http://cgit.freedesktop.org/spice/spice-html5/
oh html5 spice client.
I thought you meant html5 vnc ssl client.
oh, yeah, fuck that
looks like there's a spice-gtk and virt-viewer that might talk spice in ports of OpenBSD.. hmm..
toddf: got it to work! :-) you saved me again
anybody: if you figure out how to use spice to talk to qemu and/or kvm and/or proxmox let me know in a brief note like I did above for rgouveia and proxmox + ssl vnc consoles
does it have to be ssl vnc?
would you acceupt unencrypted vnc?
brycec: 'qm vncproxy' speaks nothing else
http://pve.proxmox.com/wiki/Vnc_2.0  suggests that can be disabled
tested with ssvnc
brycec: if you can get encription all the way to kvm/qemu why would you ever want to disable it?
toddf: because it blocks old clients?
toddf: SPICE has its own encryption too
brycec: well, theres that. I see your url suggests a way to do it w/out inetd and traditional unencrypted vnc. nice too.
brycec: i bet as a corilary you could do a 'ps awwwx' and note how to do it directly with tls and not with the proxmox unix socket thing, probably break web ui consoles, but who cares if you don't use them eh?
guys, I've just tried with args stuff in the 100.conf and it works with vncviewer
indeed me too
i prefer that one ;-)
args: -serial tcp:localhost:5000,server,nowait -vnc 192.168.2.250:300,x509,password
indeed its much more straightforward
i'm already used doing ssh -L with vncviewer
I have openvpn to my friend's proxmox system and ipsec to a clients so using ssh -L is not needed here ;-)
/usr/bin/kvm -id 300 -chardev socket,id=qmp,path=/var/run/qemu-server/300.qmp,server,nowait -mon chardev=qmp,mode=control -vnc unix:/var/run/qemu-server/300.vnc,x509,password -pidfile /var/run/qemu-server/300.pid -daemonize -name 4.v.freedaemon.com -smp sockets=1,cores=1 -cpu Opteron_G5 -nodefaults -boot menu=on -vga cirrus -k en-us -m 1024 -cpuunits 100 -serial tcp:localhost:5000,server,nowait -vnc 192.168.2.250:300,x509,password ...
... -device piix3-usb-uhci,id=uhci,bus=pci.0,addr=0x1.0x2 -device usb-tablet,id=tablet,bus=uhci.0,port=1 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 -drive file=/mnt/pve/nfsToddsCrap/images/300/vm-300-disk-1.qcow2,if=none,id=drive-ide0,format=qcow2,aio=native,cache=none -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0,id=ide0,bootindex=100 -drive ...
... file=/mnt/pve/nfsToddsCrap/images/300/vm-300-disk-2.qcow2,if=none,id=drive-ide1,format=qcow2,cache=unsafe,aio=native -device ide-hd,bus=ide.0,unit=1,drive=drive-ide1,id=ide1 -device lsi,id=scsihw0,bus=pci.0,addr=0x5 -drive if=none,id=drive-scsi2,media=cdrom,aio=native -device scsi-cd,bus=scsihw0.0,scsi-id=2,drive=drive-scsi2,id=scsi2 -netdev type=tap,id=net0,ifname=tap300i0,script=/var/lib/qemu-server/pve-bridge -device ...
... e1000,romfile=,mac=CA:5F:74:03:4B:46,netdev=net0,bus=pci.0,addr=0x12,id=net0
looks like having multiple -vnc args results in only the last one applying
root@proxmox:/var/run/qemu-server# netstat -an | grep 30..vnc
unix  2      [ ACC ]     STREAM     LISTENING     19057    /var/run/qemu-server/303.vnc
unix  2      [ ACC ]     STREAM     LISTENING     19344    /var/run/qemu-server/304.vnc
unix  2      [ ACC ]     STREAM     LISTENING     18852    /var/run/qemu-server/302.vnc
unix  2      [ ACC ]     STREAM     LISTENING     18638    /var/run/qemu-server/301.vnc
gotta go, thanks toddf and brycec again! ttyl
so I guess if you wanna use the web ui with java and also hit it w/out the inetd approach will let you choose, otherwise, there's the args: method that forces it to only listen on a tcp socket
brycec | you could use the html5 client
brycec: what html5 client? :)
oh, html5 spice...
toddf: so kvm supports the x509 option for "-vnc" arg..? nice
toddf: what is the default arg they use for it to listen on <something> to connect to the web ui?
just wondering...
up_the_irons: by default it listens on a socket that the web ui taps somehow (via netcat)
-vnc unix:/var/run/qemu-server/101.vnc,x509,password
is the arg to qemu
and the "qm vncproxy" command is a perl script that opens the socket and listens on a port
it's apparently called whenever I click "console"
and the 'secure' reality is .. it listens on port 5900 long enough to establish a connection or times out; too many people hitting 'console' at the same moment doesn't exactly bode well for my tastes
up_the_irons: if your kvm instances support the x509 option, I'd be willing to submit a support request to ask that that be tweaked for my vm's .. then I wouldn't have to ssh tunnel to get to them securely anymore
Hey I figured out how I can replicate VirtualBox's savestate! I just run the entire proxbox instance in a VirtualBox VM of its own. VMs inside a VM, nothing can go wrong! (But it can go slowly :P)
savestate?
is that similar to kvm/qemu's 'stop' then 'savevm' ?
(which requires qcow2 though but anyway)
toddf: more like a hibernate, but from the outside of the machine
this is exactly what I described
(Saves all state, ram, etc to disk and freezes the VM)
I thought stop was equivalent to a hard poweroff?
'stop' halts the virtual hardware cold, 'savevm' preserves state, you can 'quit' then 'kvm/qemu -loadvm' upon bootup and resume after rebooting the host
So I can savevm after I've stopped?
I am confuzeled as to how multiple vm images can be saved, and if the state of the disk is consistent if you run multiple vm's in sequence, but you can do that too and explore what the ramifications are
yes
if you don't give savevm a name it will choose one for you
it saves ram and hardware state (presuming your disk image is capable of storing it)
aka raw is not eligible
sure, I get that
I was under the impression that "stop" would kill the process and once killed, that state information would no longer be available (like unplugging a computer)
But hey, TIL
(qemu) or (kvm) prompt 'stop' literally turns the cpu utilization to 0 for that instance on the host os
Ah, so probably not the same as the Stop button in proxmox. (I'd have to pull up the "monitor" tab to issue commands to qemu itself)
correct
proxmox stop = cmdline quit
cmdline stop = 'pause all emulation for this guest'
thanks for the clarification toddf
brycec: toddf: ah ok
toddf: i see  the x509 option in the man page, but i think my libvirt is too old
ah so your libvirt can't do it. feel free to either a) close my support request or b) keep it around as a pet until newer libvirt can handle it
Or what about migrate toddf to the new boxes (>=KVR19 i think?) that have the newer stuff?
i still think the newer boxes libvirt can't do it
debian old packages again? :)
no we're on Ubuntu
ahh
ubuntu has old xen
but i have no idea what it's doing with qemu
looks like 1.0 in precise
looks like even old libvirt had some bugs with x509 so must have had some support
so it turns out that using SPICE in Proxmox is *insanely* easy
http://pve.proxmox.com/wiki/SPICE
Pretty much, set the gfx card to SPICE, you'll then have a SPICE button beside Console - click to download a config and run remote-viewer $file (or setup your browser to run it)
no more Java!
Pro-tip: Be sure you're clicking the correct Shutdown button.
Test
Test?
Yep
Guess it works then.
Testing my irssi proxy from tablet irc client
nice
It's handy
Yea
but eventually I switched to znc
OK,  back to work!
Why znc?
Gosh, I dunno... I guess because I saw other respected users on devio.us using it, so I gave it a shot and it feels good, solid, and mature
Real light too
irssi-proxy was fine, ubt I wanted a bouncer to get some backlog when I'd connect from my tablet
Ahh
i just use screen and irssi
Same, screen and irssi.  Just setup irssi-proxy
Just need to find a decent irc client for android now
when i used android, i used andirc
dunno if it still exists, but it was alright
that sound familiar, think I used that
the lack of tab-completion was annoying
i think it was the defacto android irc client for a long time
I know I tried a half dozen
i found a pretty nice free ssh client for my ipad - server manager or something like that
supports ctrl + alt onscreen keys and stuff - i just use that to resume my screen session for irc from that particular device
http://www.spin.com/articles/chris-friedrich-caspian-bassist-dead/ <- bummer
can I go home yet?
gizmoguy: you have my permission
m0unds: you should be my boss
I've just got back from a large work lunch that I organised
help finished off a couple jugs of ber
beer*
not like I'm gonna be much use
I'm glad it's read-only friday
hahahaha
i want beer
fwiw toddf once I disabled the pve-enterprise apt repo, the web gui stopped bitching about a license key.
I'm enjoying weechat-android
brycec: so spice runs in your browser or how does that work?
read only Friday LOL
up_the_irons: I'm running virt-viewer http://virt-manager.org/
er http://spice-space.org/download.html
not sure which is "right" since I used a package
Apparently there is an HTML5 client though
brycec: ah ok
Why I'm pissed off at Chunkhost: http://brycesawesomeapp.com/BryceBot/WhyBryceBotIsNowRetarded.png
brycec: doesn't Chunkhost put like 100 VMs on a box? ;)
Wouldn't surprise me
They moved me a few weeks ago, and it went to shit
as you can see
(Also, there is a disappointing lack of IPv6 among all y'all that clicked that.)
brycec: I'm not the one letting the team down
gizmoguy: you're in .nz eh?
I'm 2001:df0
yup
sadly you're the only ipv6 hit
the rest of you should be ashamed
brycec: lol
brycec: yeah i don't have ipv6 at home
lame. At least tunnel that
I can finally turn my v6 on again at home
tunnel through ARP even
brycec: I was tunneling at home, but it killed my youtube performance
i've tried it the past, performance was bad and i don't know why
well congrats on native v6 gizmoguy
gizmoguy: same
however I see google as of 2 days ago have finally rolled out v6 to all the GGC nodes in NZ
so I might finally get decent youtube performance on v6
brycec: just hit you from the other machine on my desk
on 2001:bd00 I think
so you did dead:beef
:)
2400:bd00:dead:beef::
dead:beef ftw
Chunkhost didn't used to be so bad...
Oh well, they drove me to ARP
And ARP is much better (though I have yet to migrate all my services, obviously)
there is a corollary somewhere... all services start out good
otherwise they would not have survived to become bad
does anyone here use arch much?
i'm debating on whether to give it another try
not on a VM, but I do.
just for general purpose desktop use.
Exactly what I use it for
And I'm quite happy with it
i'm mostly used to debian stable and testing.
heh, well get used to Sid :p
That said, my desktops rarely break
my only concer with sid is there would be months of updates downtime when testing freezes.
I wasn't suggesting Sid, only comparing Arch to Sid
i.e. rolling-release, bleeding edge
i may give is a shot then. i havent used it in about 8 months or so.
and not for very long.
well now you get systemd, have fun
lol
probably smart to try it in a VM first
Learn any idiosyncrasies etc to minimize downtime when you do switch
i'll just put all my dotfiles and keys on another machine while i switch over.
i don't keep much on my desktop pc.
and i need to repartition anyway. i think 30 gigs is too much for a system partition.
 10 seemed safe... but I bump into that sometimes, so I'd rec 15
Android sdks take up an inordinate amount of space
and i do want to mess with android sdk eventually :)
So do I. Then I sit down to do a Hello World or similar, but alas it's still in Java and I loathe and detest Java.
Android Studio is nice, but you still have to write Java :(
bah, java.
i love how the windows java has you install crapware.
oh, you mean java itself? :p
makes me kind of weary of oracle.
lol
(you can un-check the crapware during install/update)
How is Ask.com even a thing still?
yeah i know about unchecking it, but i love how it is checked by default.
Well for now, I stick to web-based stuff. The web is so insanely cross-platform, it's glorious
and Flash for windows has you install McAfee by default.
well at least that's potentially useful
"here's a condom" vs "here's a sticker"
you don't like toolbars? http://i.imgur.com/Ko5QcQl.jpg
lol digg
And this is why IE constantly bitches at you to speed up your IE experience and disable addons
IE should just have a default homepage of firefox.com
then it self destructs after 1 use.
You can use Scala instead of Java for Android dev.
That's not really an improvement...
I disagree.
okay, it's better than Java
but way too Java-like for my taste
You still need to use the Android SDK, so everything is going to have Java class names.
i'm still learning the basics of programming at all.
so by the time i get around to java, android may be dead.
maybe sailfish OS will take its' place.
I just wish Google could eat its own dogfood with Android and use Go (instead/in addition to Java)
Go is not really an improvement...
brachiation: The basics of programming, like wearing cargo pants and hiking boots to the office, staying up too late, and drinking Mountain Dew?
yes, yes, and yes.
lol
my sleep patterns are a mess, and have been for the last 6 years.
and i am addicted to caffeine pretty bad.
though not sure about the cargo pants and boots.
I'm drinking cherry coke and wearing cargo shorts with sandals... but I'm writing documentation and testing out proxmox. If I were programming, there were be gummy bears.
swedish fish is my candy of choice.
Mmm got a baggy of those at home
Gummy foods and profiling ftw
haha
ohshit, 2330 here... I need to get home
im hungry now ...
.......... dammit