Libvirt: Difference between revisions

Line 42:

This will make your user use the shipped repo configurations, and works around the fact that virt-builder reads its executable name to build its configuration path. The executable being wrapped, it is named differently.

[[Category:Virtualization]]

=== Accessing QEMU VMs through Webbrowser ===

I have a need that I can access some created VMs through a web browser. There's several SPICE html5 clients out there one from EyeOS works the best in my opinon.

In order to access the VM in a browser, we need to do several things.

==== Make VM SPICE accessible ====

In virt-manager (or whatever tool you use) you can add the Spice server as display. In virt-manager it's the <code>Graphics</code> new hardware. However - at least in virt-manager - you can't set everything as it needs to be. So after adding the Spice server through virt-manager, fire up your console and edit the xml file using <code>virsh edit {vmname}</code>.

Go to the graphics section and edit your you entry to something like this:

</graphics>

</syntaxhighlight>

==== Add Websockify ====

Since libvirt doesn't support websockets on its own, we'll need to add <code>websockify</code> to your configuration.nix

services.networking.websockify = {

enable = true;

sslCert = "/https-cert.pem";

sslKey = "/https-key.pem";

portMap = {

"5959" = 5900;

};

</syntaxhighlight>

The port mapping 5959 -> 5900 is the websocket forward from nginx 5959 to the spice server. If you used another port for the spice server, then adjust accordingly.

Also, I use letsencrypt dns mode to get https cert and key. Nginx i nixos can get the certs on its own. Since I use the same certs also for other things, I just put them in the root (/) folder. Use what is best for you.

==== Get EyeOS Spice Web Client ====

As said, the experience with the EyeOS Spice Web Client has been the best so far. Another client would be the [https://cgit.freedesktop.org/spice/spice-html5/ spice-html5] from freedesktop.org.

1. Download the [https://github.com/eyeos/spice-web-client/ EyeOS Spice Web Client] and unpack it (if necessary) or , as example, just <code>git clone https://github.com/eyeos/spice-web-client/ /var/www/spice</code>

2. Once downloaded (and unpacked), edit the run.js file and search for <code>'ws'</code> (around line 213) and change it to <code>'wss'</code>

==== Setup nginx for access ====

As last part, you'll need to setup nginx so serve files from the EyeOS Spice Web Client and use websockify to communicate with the VM.

services.nginx = {

enable = true;

virtualHosts."mydomain.tld" = {

forceSSL = true;

root = "/var/www/";

locations."/spice/" = {

index = "index.html index.htm";

};

locations."/websockify/" = {

proxyWebsockets = true;

proxyPass = "https://127.0.0.1:5959";

extraConfig = ''

proxy_read_timeout 61s;

proxy_buffering off;

'';

};

sslCertificate = "/https-cert.pem";

sslCertificateKey = "/https-key.pem";

listen =[ { addr = "*"; port = 45000; ssl = true; } ];

};

</syntaxhighlight>

So, in the above example we access the nginx installation on port 45000 (use whatever you want, you could also just use normal ports like 80/445). We tell it to use port 5959 for websockify which is mapped to port 5900. And we tell it to access the mydomain.tld/spice folder as <code>/var/www/spice</code> (where we did download the EyeOS Spice Web Client to).

==== Access the VM through the browser ====

In order to access the VM through the browser, you'll also need to open ports in your firewall (port for nginx, websockify and spice; 4500, 5959, 5900 in the example).

Then you'll need to start the vm, you can do it by sshing into the computer and run <code>virsh start {vmname}</code>.

And finally you can access the VMs GUI through <code>https://mydomain.tld:4500/spice/index.html?host=mydomain.tld&port=5959</code>

@@ Line 42: / Line 42: @@
 This will make your user use the shipped repo configurations, and works around the fact that virt-builder reads its executable name to build its configuration path. The executable being wrapped, it is named differently.
 [[Category:Virtualization]]
+=== Accessing QEMU VMs through Webbrowser ===
+I have a need that I can access some created VMs through a web browser. There's several SPICE html5 clients out there one from EyeOS works the best in my opinon.
+In order to access the VM in a browser, we need to do several things.
+==== Make VM SPICE accessible ====
+In virt-manager (or whatever tool you use) you can add the Spice server as display. In virt-manager it's the <code>Graphics</code> new hardware. However - at least in virt-manager - you can't set everything as it needs to be. So after adding the Spice server through virt-manager, fire up your console and edit the xml file using <code>virsh edit {vmname}</code>.
+Go to the graphics section and edit your you entry to something like this:
+<syntaxhighlight lang="console">
+    <graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' keymap='de-ch' defaultMode='insecure'>
+      <listen type='address' address='0.0.0.0'/>
+      <image compression='auto_lz'/>
+    </graphics>
+</syntaxhighlight>
+==== Add Websockify ====
+Since libvirt doesn't support websockets on its own, we'll need to add <code>websockify</code> to your configuration.nix
+<syntaxhighlight lang="nix">
+    services.networking.websockify = {
+        enable = true;
+        sslCert = "/https-cert.pem";
+        sslKey = "/https-key.pem";
+        portMap = {
+            "5959" = 5900;
+        };
+    };
+</syntaxhighlight>
+The port mapping 5959 -> 5900 is the websocket forward from nginx 5959 to the spice server. If you used another port for the spice server, then adjust accordingly.
+Also, I use letsencrypt dns mode to get https cert and key. Nginx i nixos can get the certs on its own. Since I use the same certs also for other things, I just put them in the root (/) folder. Use what is best for you.
+==== Get EyeOS Spice Web Client ====
+As said, the experience with the EyeOS Spice Web Client has been the best so far. Another client would be the [https://cgit.freedesktop.org/spice/spice-html5/ spice-html5] from freedesktop.org.
+. Download the [https://github.com/eyeos/spice-web-client/ EyeOS Spice Web Client] and unpack it (if necessary) or , as example, just <code>git clone https://github.com/eyeos/spice-web-client/ /var/www/spice</code>
+. Once downloaded (and unpacked), edit the run.js file and search for <code>'ws'</code> (around line 213) and change it to <code>'wss'</code>
+==== Setup nginx for access ====
+As last part, you'll need to setup nginx so serve files from the EyeOS Spice Web Client and use websockify to communicate with the VM.
+<syntaxhighlight lang="nix">
+    services.nginx = {
+        enable = true;
+        virtualHosts."mydomain.tld" = {
+            forceSSL = true;
+            root = "/var/www/";
+            locations."/spice/" = {
+                index = "index.html index.htm";
+            };
+            locations."/websockify/" = {
+                proxyWebsockets = true;
+                proxyPass = "https://127.0.0.1:5959";
+                extraConfig = ''
+                    proxy_read_timeout 61s;
+                    proxy_buffering off;
+                '';
+            };
+            sslCertificate = "/https-cert.pem";
+            sslCertificateKey = "/https-key.pem";
+            listen =[ { addr = "*"; port = 45000; ssl = true; } ];
+        };
+    };
+</syntaxhighlight>
+So, in the above example we access the nginx installation on port 45000 (use whatever you want, you could also just use normal ports like 80/445). We tell it to use port 5959 for websockify which is mapped to port 5900. And we tell it to access the mydomain.tld/spice folder as <code>/var/www/spice</code> (where we did download the EyeOS Spice Web Client to).
+==== Access the VM through the browser ====
+In order to access the VM through the browser, you'll also need to open ports in your firewall (port for nginx, websockify and spice; 4500, 5959, 5900 in the example).
+Then you'll need to start the vm, you can do it by sshing into the computer and run <code>virsh start {vmname}</code>.
+And finally you can access the VMs GUI through <code>https://mydomain.tld:4500/spice/index.html?host=mydomain.tld&port=5959</code>