On Mon, 2020-12-28 at 07:17 +0800, Ed Greshko wrote:
On 28/12/2020 06:04, Robert G. (Doc) Savage via users wrote:
Here's the environment:

Bulk storage server for whole home
- 45drives.com Storinator
- 1 of 3 payload bays populated with 15 x 4TB drives in a 39 TB ZFS raidz3 array
- OS is CentOS 8.3 with array
- NFS shared as /tank
- /etc/exports  contains   /tank  192.168.1.0/24(rw/sync,root_squash)
- samba not yet configured

Linux laptop
- ThinkKPad P72 with 2 TB NVME boot drive
- OS is Fedora 33
- /etc/fstab contains   store:/tank /tank nfs defaults 0 0
- tank array mounted on /tank

Windows 10 Pro PC

My original concept was to create a 240 GB VM in the /tank/VM/ space and prototype C7, C8, or F33 versions of a physical storage server at a client site with a 240 GB SSD boot drive and 4 x 500 GB LVM RAID5 array served out with Samba to multiple client PCs and MACs.

I wanted to use a TigerVNC client on the Linux laptop to set up and configure the 240 GB VM on the storage server, but because the upstream author has munged its systemd conversion this is no longer possible. I also wanted to use RDP to connect the Windows PC to test samba connections on the VM running TigerVNC server.

Unfortunately I've run into permissions hell and can get none of these working. I would like to find an alternative to TigerVNC that will work in the target environment.

To verify.

1.  The VM's disk will be located on the file system mounted on that laptop at /tank in a subdirectory VM.
2.  The VM is running on the laptop.  That is, the laptop is running virt-manager.  Meaning the laptop is the host.
3.  Your user is a member of the libvirt group.

(Ignoring for the moment that it isn't clear to me what you mean by, and where the 240 GB SSD boot drive
and 4 x 500 GB LVM RAID5 array resides.  And/or, if that storage is to be part of the C7, C8 VM's in some
manner.)

If the above is true, then I see no need to connect to the storage server via VNC.

On the laptop I would run something akin to....

qemu-img create -f qcow2 /tank/VM/F33.qcow2 240G

Then running virt-manager on the laptop follow the steps to create a new VM and in the step to create or choose
the storage location point to /tank/VM/F33.qcow2.

Ed,

Imagine I were trying to do all this on one machine. I would use virt-manager to create a 240 GB VM on the laptop and install a working copy of the client's fileserver OS there. (I would also create a small Samba disk later to test operation from a Windows PC, but let's not get tripped up on that just yet.)

Now disperse this scenario. Run virt-manager on the laptop and create a VM on the storage server. To test the correct configuration of the VM, I will need to have a VNC installed in that VM and connect to it from the Windows PC. If I need to make any changes, I'll go back to the VNC client on the laptop and make any mods required.

The trouble with this dispersal concept is that the various components don't cooperate permissions-wise. This is partly due to classic rwx permissions, partly systemd misconfiguration, and partly other stuff I haven't quite figured out.

I should point out that the storage server is not in a convenient location, which is why I want it to have a VNC server and also one in each of the VMs I build in its payload bay. Simple ssh connections without desktops aren't enough.

And I have created the 240 GB image file on the storage server:

# ls -l /tank/VMs/
total 1
-rwxrw-rw-. 1 doc doc 257698037760 Dec 26 10:57 U-Studios.img

The problem is the virt-manager on my laptop can't connect to it.

# dir /tank/VMs/
total 1
-rw-------. 1 root root 257698037760 Dec 26 10:57 U-Studios.img

Virtual Machine Manager Connectiono libvirt qemu+ssh://doc@storinator/system.
Configure SSH key access for the remote host, or install an SSH askpass package locally.
Would you still like to remember this connection?

Details:

Unable to connect to libvirt qemu+ssh://doc@storinator/system.

Configure SSH key access for the remote host, or install an SSH askpass package locally.

Libvirt URI is: qemu+ssh://doc@storinator/system

Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/connection.py", line 922, in _do_open
self._backend.open(cb, data)
File "/usr/share/virt-manager/virtinst/connection.py", line 153, in open
conn = libvirt.openAuth(self._open_uri,
File "/usr/lib64/python3.9/site-packages/libvirt.py", line 104, in openAuth
if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirt.libvirtError: Cannot recv data: ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
Permission denied, please try again.
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
Permission denied, please try again.
ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory
doc@storinator: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).: Connection reset by peer

And yes, I can connect to the storinator server from my laptop via ssh just fine:

$ ssh doc@storinator
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Mon Dec 28 11:45:05 2020 from 192.168.1.30

$

This is a good example of what I mean when I say dispersal of the architecture components doesn't work.

--Doc