[Ovirt-devel] [PATCH release] RFC: Helper script to allow access to ovirt WUI over SSH tunnel

Perry Myers pmyers at redhat.com
Fri Sep 26 03:26:00 UTC 2008


The current way to access the oVirt WUI running on the appliance is to start
Firefox on the host machine (i.e. the machine running the appliance) and then
browse to http://192.168.50.2/ovirt.  You then authenticate using
ovirtadmin/ovirt.

If you want to access the WUI from an outside machine not on the 192.168.50
network there are two problems to overcome.  First, the .50 network is not
routed to the upstream network so you need a tunnel.  This can be done using
a simple ssh tunnel.  This works for general web-server access, but the
mod-krb-auth plugin will not properly authenticate you.  This is due to the
fact that your http headers have a url that does not map to the service
principal set up on the appliance for httpd.  For example:

HostA runs the Appliance
HostB is the external host running Firefox

What you want to do is create a tunnel from B to A like this:
ssh -L 8080:192.168.50.2:80 HostA
And use urls on Host B like this:
http://localhost:8080/ovirt

This won't work since when the request gets to the appliance
the url doesn't resolve to match the service principal that
was set up for httpd on the appliance.  (192.168.50.2)

Solution is to fudge the http header by creating mapping in /etc/hosts
for 127.0.0.1 to management.priv.ovirt.org on HostB

Then on host B, the following url will work:
http://management.priv.ovirt.org:8080/ovirt

But because the address is no longer localhost, the -g option in the
ssh tunnel is needed.

This script edits /etc/hosts and then sets up the ssh tunnel so that
the above url works on HostB connecting to HostA.

Arguments to the script are the hostname for HostA and the port
that you want to bind locally (i.e. 8080)
---
 misc-scripts/ovirt-tunnel |   20 ++++++++++++++++++++
 1 files changed, 20 insertions(+), 0 deletions(-)
 create mode 100755 misc-scripts/ovirt-tunnel

diff --git a/misc-scripts/ovirt-tunnel b/misc-scripts/ovirt-tunnel
new file mode 100755
index 0000000..94d721b
--- /dev/null
+++ b/misc-scripts/ovirt-tunnel
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+APPHOST=management.priv.ovirt.org
+APPIP=192.168.50.2
+
+if [[ $# < 2 ]]; then
+   echo "usage: $0 host port"
+   exit 1
+fi
+
+HOST=$1
+PORT=$2
+SSH="ssh -N -f -g -L $PORT:$APPIP:80 $HOST"
+
+if ! grep $APPHOST /etc/hosts > /dev/null 2>&1 ; then
+   sudo sed -i "s/^127.0.0.1\(.*\)/127.0.0.1 \1 $APPHOST/" /etc/hosts
+fi
+
+pkill -f "$SSH"
+$SSH
-- 
1.5.5.1




More information about the ovirt-devel mailing list