On Wed, 16 Sep 2020 16:53:01 -0400 Tom Horsley wrote:

No idea what that is about.

Found a man page saying x0vncserver is only for sharing the physical X display, since the only times I ever use vncserver is to create a separate instance of an X display not associated with a physical display this sounds like a major chunk of functionality just disappeared. Seems like a bug to me.

On Wed, 16 Sep 2020 16:54:55 -0400 Ben Cotton wrote:

You can see the new instructions in the HOWTO.md file in the package repo

More frigging systemd fungus engulfing the world, huh?

Soon there will be no commands left in linux other than systemctl.

Sheesh!

On Tue, 22 Dec 2020 18:05:05 -0600 Robert G. (Doc) Savage via users wrote:

When I followed the TigerVNC installation and configuration instructions in the F33 SysAdmin Guide

I took a different tack: I copied the vncserver script off my f32 partition, and it worked fine :-).

On 12/22/20 8:13 PM, Michael D. Setzer II wrote:

Problem is: If it works, you can no longer locally log into that user id, since it is configured for only the vnc session on that user??

That doesn't make sense. Can you explain what you mean?

Never got a clear answer on why they seem to think this is necessary, and who is pushing it. Have heard there were some issues with running a local gnome and an vnc gnome at same time. I always ran the vnc with xfce so never had an issue. Had lines in rc.local that would start the vncserver for users at boot up using runuser option.

Of course you can't run them both at the same time. Both Gnome sessions are going to be trying to run the same processes and they'll conflict. If you run a simpler desktop system that doesn't use dbus or multiple processes, then it might be ok to run both. But you still might end up with conflicting file writes for configs or caches.

Their is now a new config file in the ~/.vnc directory that is suppose to start up things, but last time I tested it. I was giving errors if you tried to setup a session option.

Works fine for me. I have it setup for openbox.

On 12/22/20 10:06 PM, Michael D. Setzer II wrote:

On 22 Dec 2020 at 20:28, Samuel Sieb wrote:

...

On 12/22/20 8:13 PM, Michael D. Setzer II wrote:

...

Problem is: If it works, you can no longer locally log into that user id, since it is configured for only the vnc session on that user??

That doesn't make sense. Can you explain what you mean?

Never said it made sense. Just what it is.

If you set up a user account they way they say. It will start a vnc session on boot up with that user and that port. You can then vnc into the computer on that port and use the computer.

If you try to log in locally on that computer with that user id, the log in doesn't work, and it goes immediately back to the log in screen..

Oh, that's what you mean. I thought you meant you couldn't ssh into it using that user or something like that. Ok, then that's just the same thing that you were saying further down. You can't have multiple graphical sessions for the same user. It just doesn't work. Have you ever been able to do that with vncserver? It's never worked for me. Or it sort of worked briefly, but sooner or later things go badly wrong.

On Wed, 2020-12-23 at 18:15 +1000, Michael D. Setzer II via users wrote:

On 22 Dec 2020 at 23:04, Samuel Sieb wrote:

Subject:                Re: vncserver program disappered on FC32?? To:                     Community support for Fedora users users@lists.fedoraproject.org From:                   Samuel Sieb samuel@sieb.net Date sent:              Tue, 22 Dec 2020 23:04:46 -0800 Send reply to:          Community support for Fedora users users@lists.fedoraproject.org

...

On 12/22/20 10:06 PM, Michael D. Setzer II wrote:

...

On 22 Dec 2020 at 20:28, Samuel Sieb wrote:

...

On 12/22/20 8:13 PM, Michael D. Setzer II wrote:

...

Problem is: If it works, you can no longer locally log into that user id, since it is configured for only the vnc session on that user??

That doesn't make sense.  Can you explain what you mean?

Never said it made sense. Just what it is.

If you set up a user account they way they say. It will start a vnc session on boot up with that user and that port. You can then vnc into the computer on that port and use the computer.

If you try to log in locally on that computer with that user id, the log in doesn't work, and it goes immediately back to the log in screen..

Oh, that's what you mean.  I thought you meant you couldn't ssh into it using that user or something like that.  Ok, then that's just the same thing that you were saying further down.  You can't have multiple graphical sessions for the same user.  It just doesn't work.  Have you ever been able to do that with vncserver?  It's never worked for me.  Or it sort of worked briefly, but sooner or later things go badly wrong.

I think if you try and run a local session and vnc session with both using gnome desktop there are issues with it. But I always run the vnc session with the xfce desktop and never had a problem. I've also had no problem running xfce locally with a vnc xfce session. Seems gnome is doing something with dbus, and causes a conflict with both sessions trying to use the same dbus settings??

My situation is similar, except that I use MATE exclusively. I am trying to understand why the upstream maintainer's solution allows only a single TigerVNC logon using a particular UserID. In other words, if I have a local USER-A and a TigerVNC USER-A, if one is logged on the other cannot. Does this mean that a TigerVNC USER-A will not have access to local USER-A's home directory, and vice versa. If so, this is ludicrous.

If TigerVNC has been so badly mangled in the name of systemd support, what alternative VNC can folks recommend in its place? I seriously need one to support development of virtual machines hosted on a server with huge storage, and the local console of that storage machine is not in a suitable place for development.

--Doc Savage     Fairview Heights, IL

On Thu, 2020-12-24 at 13:07 -0500, Matthew Miller wrote:

On Thu, Dec 24, 2020 at 11:29:02AM -0600, Robert G. (Doc) Savage via users wrote:

...

what alternative VNC can folks recommend in its place? I seriously need one to support development of virtual machines hosted on a server with huge storage, and the local console of that storage machine is not in a suitable place for development.

Does X2Go work for your use cases?

https://wiki.x2go.org/doku.php/start

Or, wait, since you're running VMs, have you considered using VNC as the graphics console for your VMs and connecting directly?

-- Matthew Miller mattdm@fedoraproject.org Fedora Project Leader

Matt,

The primary mission of the server is mass storage (19 TB ZFS). Direct console (MATE) and ssh connections meet those needs just fine. It's the new mission objective of using that huge back-end storage space for creating virtual machines to prototype new client servers (not yet purchased). A VNC supporting the MATE desktop would be ideal since the local console is located in an inconvenient space. My plans to use TigerVNC to access virtual machines on this server now seem to be torpedoed.

--Doc Savage     Fairview Heights, IL

On 25/12/2020 02:47, Matthew Miller wrote:

On Thu, Dec 24, 2020 at 12:30:19PM -0600, Robert G. (Doc) Savage via users wrote:

...

The primary mission of the server is mass storage (19 TB ZFS). Direct console (MATE) and ssh connections meet those needs just fine. It's the new mission objective of using that huge back-end storage space for creating virtual machines to prototype new client servers (not yet purchased). A VNC supporting the MATE desktop would be ideal since the local console is located in an inconvenient space. My plans to use TigerVNC to access virtual machines on this server now seem to be torpedoed.

For this use case, have you considered using the built-in VNC functionality of virt-manager?

When it comes to connecting to a VM I use remmina along with the remmina-plugins-spice. Works fine, and there is no need to configure a VNC server on the VM.

--- The key to getting good answers is to ask good questions.

On 27/12/2020 11:39, Robert G. (Doc) Savage via users wrote:

Snapshot:  I want to build and use a 240 GB  C7.9 VM from my F33 laptop using NFS storage from a C8.3 server

Reality: You can't get there from here. At every step there's a permissions blockage, and none is a simple rwx problem.

Do I understand you correctly when I say you want your C(entos) 7 VM's disk storage to reside on your C(entos) NFS server?

If so, that is pretty much what I do.

My F33 desktop had several VM's defined.  While I don't use that much storage the F33 system has, for example.

[root@meimei images]# pwd /var/lib/libvirt/images

[root@meimei images]# ll f33k.qcow2 lrwxrwxrwx. 1 root root 27 Aug 29 16:35 f33k.qcow2 -> /aux/qemu-images/f33k.qcow2

[root@meimei images]# df -T | grep aux nas:/volume1/aux nfs4     5621463168 1946477440 3674985728  35% /aux

The system "nas" is a Synology NFS server.

--- The key to getting good answers is to ask good questions.

On Sun, 2020-12-27 at 12:14 +0800, Ed Greshko wrote:

On 27/12/2020 11:39, Robert G. (Doc) Savage via users wrote:

...

Snapshot:  I want to build and use a 240 GB  C7.9 VM from my F33 laptop using NFS storage from a C8.3 server

Reality: You can't get there from here. At every step there's a permissions blockage, and none is a simple rwx problem.

Do I understand you correctly when I say you want your C(entos) 7 VM's disk storage to reside on your C(entos) NFS server?

If so, that is pretty much what I do.

My F33 desktop had several VM's defined.  While I don't use that much storage the F33 system has, for example.

[root@meimei images]# pwd /var/lib/libvirt/images

[root@meimei images]# ll f33k.qcow2 lrwxrwxrwx. 1 root root 27 Aug 29 16:35 f33k.qcow2 -> /aux/qemu- images/f33k.qcow2

[root@meimei images]# df -T | grep aux nas:/volume1/aux nfs4     5621463168 1946477440 3674985728  35% /aux

The system "nas" is a Synology NFS server.

Ed,

Here's the environment:

Bulk storage server for whole home - 45drives.com Storinator - 1 of 3 payload bays populated with 15 x 4TB drives in a 39 TB ZFS raidz3 array - OS is CentOS 8.3 with array - NFS shared as /tank - /etc/exports  contains   /tank  192.168.1.0/24(rw/sync,root_squash) - samba not yet configured

Linux laptop - ThinkKPad P72 with 2 TB NVME boot drive - OS is Fedora 33 - /etc/fstab contains   store:/tank /tank nfs defaults 0 0 - tank array mounted on /tank

Windows 10 Pro PC

My original concept was to create a 240 GB VM in the /tank/VM/ space and prototype C7, C8, or F33 versions of a physical storage server at a client site with a 240 GB SSD boot drive and 4 x 500 GB LVM RAID5 array served out with Samba to multiple client PCs and MACs.

I wanted to use a TigerVNC client on the Linux laptop to set up and configure the 240 GB VM on the storage server, but because the upstream author has munged its systemd conversion this is no longer possible. I also wanted to use RDP to connect the Windows PC to test samba connections on the VM running TigerVNC server.

Unfortunately I've run into permissions hell and can get none of these working. I would like to find an alternative to TigerVNC that will work in the target environment.

--Doc Savage     Fairview Heights, IL

On Mon, 2020-12-28 at 07:17 +0800, Ed Greshko wrote:

On 28/12/2020 06:04, Robert G. (Doc) Savage via users wrote:

...

Here's the environment:

Bulk storage server for whole home

• 45drives.com Storinator
• 1 of 3 payload bays populated with 15 x 4TB drives in a 39 TB ZFS

raidz3 array

• OS is CentOS 8.3 with array
• NFS shared as /tank
• /etc/exports  contains   /tank

192.168.1.0/24(rw/sync,root_squash)

• samba not yet configured

Linux laptop

• ThinkKPad P72 with 2 TB NVME boot drive
• OS is Fedora 33
• /etc/fstab contains   store:/tank /tank nfs defaults 0 0
• tank array mounted on /tank

Windows 10 Pro PC

My original concept was to create a 240 GB VM in the /tank/VM/ space and prototype C7, C8, or F33 versions of a physical storage server at a client site with a 240 GB SSD boot drive and 4 x 500 GB LVM RAID5 array served out with Samba to multiple client PCs and MACs.

I wanted to use a TigerVNC client on the Linux laptop to set up and configure the 240 GB VM on the storage server, but because the upstream author has munged its systemd conversion this is no longer possible. I also wanted to use RDP to connect the Windows PC to test samba connections on the VM running TigerVNC server.

Unfortunately I've run into permissions hell and can get none of these working. I would like to find an alternative to TigerVNC that will work in the target environment.

To verify.

1.  The VM's disk will be located on the file system mounted on that laptop at /tank in a subdirectory VM. 2.  The VM is running on the laptop.  That is, the laptop is running virt-manager.  Meaning the laptop is the host. 3.  Your user is a member of the libvirt group.

(Ignoring for the moment that it isn't clear to me what you mean by, and where the 240 GB SSD boot drive and 4 x 500 GB LVM RAID5 array resides.  And/or, if that storage is to be part of the C7, C8 VM's in some manner.)

If the above is true, then I see no need to connect to the storage server via VNC.

On the laptop I would run something akin to....

qemu-img create -f qcow2 /tank/VM/F33.qcow2 240G

Then running virt-manager on the laptop follow the steps to create a new VM and in the step to create or choose the storage location point to /tank/VM/F33.qcow2.

Ed,

Imagine I were trying to do all this on one machine. I would use virt- manager to create a 240 GB VM on the laptop and install a working copy of the client's fileserver OS there. (I would also create a small Samba disk later to test operation from a Windows PC, but let's not get tripped up on that just yet.)

Now disperse this scenario. Run virt-manager on the laptop and create a VM on the storage server. To test the correct configuration of the VM, I will need to have a VNC installed in that VM and connect to it from the Windows PC. If I need to make any changes, I'll go back to the VNC client on the laptop and make any mods required.

The trouble with this dispersal concept is that the various components don't cooperate permissions-wise. This is partly due to classic rwx permissions, partly systemd misconfiguration, and partly other stuff I haven't quite figured out.

I should point out that the storage server is not in a convenient location, which is why I want it to have a VNC server and also one in each of the VMs I build in its payload bay. Simple ssh connections without desktops aren't enough.

And I have created the 240 GB image file on the storage server:

# ls -l /tank/VMs/ total 1 -rwxrw-rw-. 1 doc doc 257698037760 Dec 26 10:57 U-Studios.img

The problem is the virt-manager on my laptop can't connect to it.

# dir /tank/VMs/ total 1 -rw-------. 1 root root 257698037760 Dec 26 10:57 U-Studios.img

Virtual Machine Manager Connectiono libvirt qemu+ssh://doc@storinator/system. Configure SSH key access for the remote host, or install an SSH askpass package locally. Would you still like to remember this connection?

Details:

Unable to connect to libvirt qemu+ssh://doc@storinator/system.

Configure SSH key access for the remote host, or install an SSH askpass package locally.

Libvirt URI is: qemu+ssh://doc@storinator/system

Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/connection.py", line 922, in _do_open self._backend.open(cb, data) File "/usr/share/virt-manager/virtinst/connection.py", line 153, in open conn = libvirt.openAuth(self._open_uri, File "/usr/lib64/python3.9/site-packages/libvirt.py", line 104, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirt.libvirtError: Cannot recv data: ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory Permission denied, please try again. ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory Permission denied, please try again. ssh_askpass: exec(/usr/libexec/openssh/ssh-askpass): No such file or directory doc@storinator: Permission denied (publickey,gssapi-keyex,gssapi-with- mic,password).: Connection reset by peer

And yes, I can connect to the storinator server from my laptop via ssh just fine:

$ ssh doc@storinator Activate the web console with: systemctl enable --now cockpit.socket

Last login: Mon Dec 28 11:45:05 2020 from 192.168.1.30

$

This is a good example of what I mean when I say dispersal of the architecture components doesn't work.

--Doc

On 29/12/2020 05:56, Matthew Miller wrote:

...

exec(/usr/libexec/openssh/ssh-askpass): No such file or directory

sudo dnf install /usr/libexec/openssh/ssh-askpass

That isn't necessary if one has copied their public key to the ~/.ssh/authorized_keys file on the remote host running which is running libvirtd.

FWIW, one of the first things I do when configuring a new system is to disable passwords for ssh connections and only allow public key authentication.

--- The key to getting good answers is to ask good questions.

On 30/12/2020 00:51, Matthew Miller wrote:

On Tue, Dec 29, 2020 at 08:34:49AM +0800, Ed Greshko wrote:

...

...

...

exec(/usr/libexec/openssh/ssh-askpass): No such file or directory

sudo dnf install /usr/libexec/openssh/ssh-askpass

That isn't necessary if one has copied their public key to the ~/.ssh/authorized_keys file on the remote host running which is running libvirtd.

Is that what it's complaining about? I assumed it wasn't properly getting the key from the GNOME keyring and therefore needed to run that to unlock it.

Yes.  That is why it says "ssh".

Did you define the connection in virt-manager?  If you did, didn't you find it "odd" that there was no "password" field to enter?

--- The key to getting good answers is to ask good questions.

On 30/12/2020 02:01, Matthew Miller wrote:

On Wed, Dec 30, 2020 at 01:21:08AM +0800, Ed Greshko wrote:

...

...

On Tue, Dec 29, 2020 at 08:34:49AM +0800, Ed Greshko wrote:

...

...

...

exec(/usr/libexec/openssh/ssh-askpass): No such file or directory

sudo dnf install /usr/libexec/openssh/ssh-askpass

That isn't necessary if one has copied their public key to the ~/.ssh/authorized_keys file on the remote host running which is running libvirtd.

Is that what it's complaining about? I assumed it wasn't properly getting the key from the GNOME keyring and therefore needed to run that to unlock it.

Yes.  That is why it says "ssh".

Well, it specifically says that ssh-askpass is not found, not "ssh authentication denied". So there might be a key that exists but isn't unlocked.

You're right.

I just realized that all of my ssh keys were generated with empty pass phrases.  To add to my confused state, I did a test from a VM which was installed via the Xfce spin.  Unlike Workstation and the KDE spin, the Xfce spin installs openssh-askpass by default which I did not realize.

Now, with that in mind, it would have been good to know *how* the OP was starting virt-manager since these are 3 observations.  With the ssh key and a pass phrase.

1.  Starting virt-manager from the command line and openssh-askpass installed one gets a GUI pop-up requesting pass phrase.

2.  Starting virt-manager from the command line without openssh-askpass installed one gets a prompt in the terminal for the pass-phrase.

3.  Starting virt-manager from the menu without openssh-askpass installed results in a pop-up as noted by the OP.  "Configure SSH key access for the remote host, or install an SSH askpass package locally."

So, knowing #3 wold have given me a better chance of actually recreating the error.  :-) :-)

--- The key to getting good answers is to ask good questions.

On Thu, 24 Dec 2020 at 13:29, Robert G. (Doc) Savage via users < users@lists.fedoraproject.org> wrote:

On Wed, 2020-12-23 at 18:15 +1000, Michael D. Setzer II via users wrote:

I think if you try and run a local session and vnc session with both using gnome desktop there are issues with it. But I always run the vnc session with the xfce desktop and never had a problem. I've also had no problem running xfce locally with a vnc xfce session. Seems gnome is doing something with dbus, and causes a conflict with both sessions trying to use the same dbus settings??

My situation is similar, except that I use MATE exclusively. I am trying to understand why the upstream maintainer's solution allows only a single TigerVNC logon using a particular UserID. In other words, if I have a local USER-A and a TigerVNC USER-A, if one is logged on the other cannot. Does this mean that a TigerVNC USER-A will not have access to local USER-A's home directory, and vice versa. If so, this is ludicrous.

If TigerVNC has been so badly mangled in the name of systemd support, what alternative VNC can folks recommend in its place? I seriously need one to support development of virtual machines hosted on a server with huge storage, and the local console of that storage machine is not in a suitable place for development.

My use case needs VM's with a number of default installs of popular linux distros in order to support specialized applications for users scattered around the globe, so I can't avoid GNOME. With Fedora 29-32 I was using SPICE on the console of the system (located in a different building, so not always convenient) that hosted the VM's. Fedora 33 came along at the same time as new versions of the applications and some new hardware, so I haven't had time to look after the VM's. Getting remote access to the VM's is on my todo list.

Some of my colleagues use macOS so I may need to add that to the mix.

SPICE ("The SPICE project aims to provide a complete open source solution for remote access to virtual machines in a seamless way so you can play videos, record audio, share usb devices and share folders without complications." --https://www.spice-space.org/index.html), is not a long-term option:

SPICE has been deprecated inRHEL 8 https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/deprecated_functionality#deprecated-functionality_virtualization

In RHEL 8.3, the SPICE remote display protocol has been deprecated. Note that SPICE will remain supported in RHEL 8, but Red Hat recommends using alternate solutions for remote display streaming:

- For remote console access, use the VNC protocol. - For advanced remote display functions, use third party tools such as RDP, HP RGS, or Mechdyne TGX.

I have used VirtualBox RDP support in an "enterprise" environment where Windows was the "desktop standard", but I'm not familiar with HP RGS https://www8.hp.com/ca/en/campaigns/workstations/remote-graphics-software.html or Mechdyne TGX https://www.mechdyne.com/software-services/software-solutions/remote-desktop-tgx/. Both are commercial. HP RGS is now called* HP ZCentral Remote Boost.*

On 12/22/20 4:05 PM, Robert G. (Doc) Savage via users wrote:

When I followed the TigerVNC installation and configuration instructions in the F33 SysAdmin Guide, I suspected something had been overtaken by systemctl. But when I followed the instructions in link [2], I'm still getting pretty much the same unhelpful error:

If you followed the instructions in the sysadmin guide, you will most likely have to undo everything you did or it won't work. The instructions in that second link which is also at /usr/share/doc/tigervnc/HOWTO.md are the correct ones.

Dec 22 18:02:39 tiger.protogeek.org systemd[153994]: vncserver@:1.service: Failed to execute command: Permission denied Dec 22 18:02:39 tiger.protogeek.org systemd[153994]: vncserver@:1.service: Failed at step EXEC spawning /sbin/runuser: Permission denied

Check the journal to see if there is any more information.