KVM on Debian question

If none of the more specific forums is the right place to ask

KVM on Debian question

Postby fyfelka » 2020-01-13 05:17

Hey all, newbee here.
So I've got a couple servers on my hands for work, and all of them have debian installed on them, with KVM on top, and several virtual machines in KVMs (most of VMs are Windows).
So, initial setup was done by another person, and now I have a question.
I can ssh to every debian server, but if try to run a vncserver on them, I'll get a vnc to one of the VM on this server, not the debian.
This is my first post, so idk what info I should post here, as well as how to efficiently administrate KVMs, so if you need smth - please ask for it, and I'll try to provide any info possible.
Thank you in advance.
fyfelka
 
Posts: 8
Joined: 2020-01-13 05:07

Re: KVM on Debian question

Postby Chrisdb » 2020-01-13 09:30

We need some extra info:
- Do you have an X server running on the host?
- which commands/tools do you use to connect?
- post contents of '/etc/libvirt/qemu.conf'
- there's probably some port forwarding going on, show us your ssh commands
User avatar
Chrisdb
 
Posts: 156
Joined: 2018-04-10 07:16

Re: KVM on Debian question

Postby CwF » 2020-01-13 14:28

?
The debian host likely doesn't, and shouldn't have a vncserver. The VM's likely have a host vnc/spice provided "vncserver". Debian VM's could have, additionally, a ssh server that it may not need. A windows guest (VM) may have a vnc server installed, in addtion to the virtual channel supplied by the host.

So from an external connection;
Connect to the host with ssh.
Connect to a windows vm through the host provided virtual vncserver(spice) if configured.
-OR connect to the windows VM through the guest installed vncserver.
--No need to have, but useful for local control in vfio setups.
Connect to a debian VM through the host provided virtual vncserver(spice) if configured.
-OR in a similar way to a windows vm, guest installed vnc or ssh server.
--For local control of a vfio enabled debian, X2X through SSH would be the ticket.

Any VM does NOT need a configured network interface as configured within the vm in order to use the host provided vnc/spice channel.

Any VM can have a configured nic and run any software configured within the VM. This is in addition to the host provided channel.

Generally there is no need to have any guest with any such software since the host can provide it. You can ssh into the debian host and use a local virt-manager on your local computer to view and configure the remote host's VM's.

So many possibilities...
CwF
 
Posts: 545
Joined: 2018-06-20 15:16

Re: KVM on Debian question

Postby fyfelka » 2020-01-13 14:53

So, first thing first.
1. how do I check if X-server is running?
2. I use ssh to connect to debian, and remmina to connect to VNC sessions of VMs, and there is an RDP option as well.
3. qemu.conf is full default
4. ssh host -l login

to CwF
Can you explain more about using virt-manager on local machine through ssh?
fyfelka
 
Posts: 8
Joined: 2020-01-13 05:07

Re: KVM on Debian question

Postby CwF » 2020-01-13 15:56

fyfelka wrote:Can you explain more about using virt-manager on local machine through ssh?

Yes, I don't do that much, but have. As I remember if a ssh connection is otherwise working then simply add the connection. In "Virtual Machine Manager" on your local machine from "File>Add Connection" you get the dialog. Select the check box "Connect to remote host" and fill in the details, uncheck the "Autoconnect", and if you have no dns resolution of host names use the ip. When everything is happy it works just like local, but slower. You have full access to the domain editor and the domain viewer. Another view option is "virt-viewer -c qemu:///system" with the correct remote ip for 'system' and the command trapped in the correct ssh cli, can't remember that one off hand.
CwF
 
Posts: 545
Joined: 2018-06-20 15:16

Re: KVM on Debian question

Postby fyfelka » 2020-01-14 01:24

Hmm, so I have an working ssh to a server, but if I try to setup a connection in virt-manager - I get an error:Unable to connect to libvirt qemu+ssh://-login@host/system. configure SSH key access for remote host or install an SSH askpass package locally.
EDIT: I have an openssh-askpass installed
fyfelka
 
Posts: 8
Joined: 2020-01-13 05:07

Re: KVM on Debian question

Postby CwF » 2020-01-14 14:38

I used it a few versions ago. I believe root access has changed, and a user can be used now (?), but I don't know for sure the setup. Look into /etc/polkit-1/rules.d/80-libvirt-manage.rules or something on the remote computer.
Do you get a password dialog?
Can you ssh into "root"?

I'm sure the current version is tighter and you will likley need to edit on the remote computer. I believe you need to setup polkit on the remote computer to respond. This would be a local user with rights, and a policy file to allow remote access. I have no details for you. Hope I didn't point to a broken solution!

Hope my rambling helps some, post back what you find. I may stumble around some more.
CwF
 
Posts: 545
Joined: 2018-06-20 15:16

Re: KVM on Debian question

Postby CwF » 2020-01-14 22:51

Okidoki!
I fired up some stuff and it's now working for me.
On the remote host make sure there is user (not root) to connect to in the libvirt group, and that netcat-openbsd is installed, it doesn't have to be before maybe. You should verify, have verified, that that user is funtional locally.
I'm not sure it is referenced, but for good measure create /etc/polkit-1/rules.d/52-libvirt-manage.rules or something similar
Code: Select all
polkit.addRule(function(action, subject) {
  if (action.id == "org.libvirt.unix.manage" &&
      subject.isInGroup("libvirt") && subject.user == "USER") {
      return polkit.Result.YES;
  }
});
CwF
 
Posts: 545
Joined: 2018-06-20 15:16

Re: KVM on Debian question

Postby fyfelka » 2020-01-15 05:53

Nope, that doesn't work, same error as before, sadly. how hard is to manage VMs with virsh? cause I guess it will be easier to learn to manage VMs from command line, then to setup this properly.
fyfelka
 
Posts: 8
Joined: 2020-01-13 05:07

Re: KVM on Debian question

Postby fyfelka » 2020-01-15 06:12

Okay, last question, back to the first one.
this the /root/.vnc/xstartup file
Code: Select all
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresourses ] && xrdb $HOME/.Xresourses
xsetroot -solid grey
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
awesome &

why does it launch VM vnc session, if I start vncserver from debian?
fyfelka
 
Posts: 8
Joined: 2020-01-13 05:07

Re: KVM on Debian question

Postby Chrisdb » 2020-01-15 07:09

fyfelka wrote:why does it launch VM vnc session, if I start vncserver from debian?

It would be easier for us to help you if you provided us with more detailed steps.

From what I can tell, you connect from your local pc to the Debian host through ssh with the command 'ssh someuser@host', correct?
Inside this ssh session, you start vnc with the command 'vncserver', right? What is the output here? Any errors, warnings?
What makes you think that the VM vnc session is launched? Do you see a windows login screen?

Another question, is the awesome WM on the host installed/configured correctly?
User avatar
Chrisdb
 
Posts: 156
Joined: 2018-04-10 07:16

Re: KVM on Debian question

Postby fyfelka » 2020-01-15 07:35

Yes, steps are right.
1 ssh host -l login // to connect to debian server
2 su // go to root
3 vncserver // start a vnc, standard message, vnc server started on display 2
4 now there is an open vnc port, and I can connect to vnc session, but it's from one of VMs, and yeah, I see a windows login screen


about awesome WM - I can't really help you, since I didn't install it, and never saw it running on this machine, cause I can't connect to it xD
EDIT: WM should be configured correctly, since I recall that previous guy used virt-manager on host machine, so it's probably alright
EDIT_2: I can't connect directly to root through ssh for obv security reasons
fyfelka
 
Posts: 8
Joined: 2020-01-13 05:07

Re: KVM on Debian question

Postby Chrisdb » 2020-01-15 08:07

fyfelka wrote:Yes, steps are right.
1 ssh host -l login // to connect to debian server
2 su // go to root
3 vncserver // start a vnc, standard message, vnc server started on display 2
4 now there is an open vnc port, and I can connect to vnc session, but it's from one of VMs, and yeah, I see a windows login screen


about awesome WM - I can't really help you, since I didn't install it, and never saw it running on this machine, cause I can't connect to it xD
EDIT: WM should be configured correctly, since I recall that previous guy used virt-manager on host machine, so it's probably alright
EDIT_2: I can't connect directly to root through ssh for obv security reasons

hmm, seems ok...

What settings are you using for 'remmina'? do you connect through an ssh tunnel? Are you using the correct ip/port?
User avatar
Chrisdb
 
Posts: 156
Joined: 2018-04-10 07:16

Re: KVM on Debian question

Postby fyfelka » 2020-01-15 09:26

I use default settings for remmina, I do not use ssh tunnel, ip/ports are correct.
Also, what does stale mean in vncserver -list output?
Code: Select all
X DISPLAY #      RFB PORT #       PROCESS ID
:1               5901             2200 (stale)
fyfelka
 
Posts: 8
Joined: 2020-01-13 05:07

Re: KVM on Debian question

Postby Chrisdb » 2020-01-15 11:18

fyfelka wrote:I use default settings for remmina, I do not use ssh tunnel, ip/ports are correct.
Also, what does stale mean in vncserver -list output?
Code: Select all
X DISPLAY #      RFB PORT #       PROCESS ID
:1               5901             2200 (stale)


From the info I can find, 'stale' basically means the process hasn't been (correctly) terminated for a while.
Just to be sure, try to kill the process and restart it again.

Can you try to connect with remmina through an ssh tunnel and let us know how it turns out? FWIW, using an SSH tunnel is more secure anyway.
User avatar
Chrisdb
 
Posts: 156
Joined: 2018-04-10 07:16

Next

Return to General Questions

Who is online

Users browsing this forum: No registered users and 9 guests

fashionable