Accessing virtual machine consoles
- Accessing virtual machine consoles in the OKD web console
- Accessing virtual machine consoles by using CLI commands

Accessing virtual machine consoles

OKD Virtualization provides different virtual machine consoles that you can use to accomplish different product tasks. You can access these consoles through the OKD web console and by using CLI commands.

Accessing virtual machine consoles in the OKD web console

You can connect to virtual machines by using the serial console or the VNC console in the OKD web console.

You can connect to Windows virtual machines by using the desktop viewer console, which uses RDP (remote desktop protocol), in the OKD web console.

Connecting to the serial console

Connect to the serial console of a running virtual machine from the Console tab on the VirtualMachine details page of the web console.

Procedure

In the OKD console, click Virtualization → VirtualMachines from the side menu.
Select a virtual machine to open the VirtualMachine details page.
Click the Console tab. The VNC console opens by default.
Click Disconnect to ensure that only one console session is open at a time. Otherwise, the VNC console session remains active in the background.
Click the VNC Console drop-down list and select Serial Console.
Click Disconnect to end the console session.
Optional: Open the serial console in a separate window by clicking Open Console in New Window.

Connecting to the VNC console

Connect to the VNC console of a running virtual machine from the Console tab on the VirtualMachine details page of the web console.

Procedure

In the OKD console, click Virtualization → VirtualMachines from the side menu.
Select a virtual machine to open the VirtualMachine details page.
Click the Console tab. The VNC console opens by default.
Optional: Open the VNC console in a separate window by clicking Open Console in New Window.
Optional: Send key combinations to the virtual machine by clicking Send Key.

Connecting to a Windows virtual machine with RDP

The desktop viewer console, which utilizes the Remote Desktop Protocol (RDP), provides a better console experience for connecting to Windows virtual machines.

To connect to a Windows virtual machine with RDP, download the console.rdp file for the virtual machine from the Consoles tab on the VirtualMachine Details page of the web console and supply it to your preferred RDP client.

Prerequisites

A running Windows virtual machine with the QEMU guest agent installed. The qemu-guest-agent is included in the VirtIO drivers.
A layer-2 NIC attached to the virtual machine.
An RDP client installed on a machine on the same network as the Windows virtual machine.

Procedure

In the OKD console, click Virtualization → VirtualMachines from the side menu.
Click a Windows virtual machine to open the VirtualMachine details page.
Click the Console tab.
In the Console list, select Desktop Viewer.
In the Network Interface list, select the layer-2 NIC.
Click Launch Remote Desktop to download the console.rdp file.
Open an RDP client and reference the console.rdp file. For example, using remmina:
```
$ remmina --connect /path/to/console.rdp
```
Enter the Administrator user name and password to connect to the Windows virtual machine.

Switching between virtual machine displays

If your Windows virtual machine (VM) has a vGPU attached, you can switch between the default display and the vGPU display by using the web console.

Prerequisites

The mediated device is configured in the HyperConverged custom resource and assigned to the VM.
The VM is running.

Procedure

In the OKD console, click Virtualization → VirtualMachines
Select a Windows virtual machine to open the Overview screen.
Click the Console tab.
From the list of consoles, select VNC console.
Choose the appropriate key combination from the Send Key list:
1. To access the default VM display, select Ctl + Alt+ 1.
2. To access the vGPU display, select Ctl + Alt + 2.

Additional resources

Configuring mediated devices

Accessing virtual machine consoles by using CLI commands

Accessing a virtual machine instance via SSH

You can use SSH to access a virtual machine (VM) after you expose port 22 on it.

The virtctl expose command forwards a virtual machine instance (VMI) port to a node port and creates a service for enabled access. The following example creates the fedora-vm-ssh service that forwards traffic from a specific port of cluster nodes to port 22 of the <fedora-vm> virtual machine.

Prerequisites

You must be in the same project as the VMI.
The VMI you want to access must be connected to the default pod network by using the masquerade binding method.
The VMI you want to access must be running.
Install the OpenShift CLI (oc).

Procedure

Run the following command to create the fedora-vm-ssh service:
```
$ virtctl expose vm <fedora-vm> --port=22 --name=fedora-vm-ssh --type=NodePort (1)
```
1 <fedora-vm> is the name of the VM that you run the fedora-vm-ssh service on.

Check the service to find out which port the service acquired:

$ oc get svc

Example output

NAME            TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)           AGE
fedora-vm-ssh   NodePort   127.0.0.1      <none>        22:32551/TCP   6s

In this example, the service acquired the 32551 port.

Log in to the VMI via SSH. Use the ipAddress of any of the cluster nodes and the port that you found in the previous step:
```
$ ssh username@<node_IP_address> -p 32551
```

Accessing a virtual machine via SSH with YAML configurations

You can enable an SSH connection to a virtual machine (VM) without the need to run the virtctl expose command. When the YAML file for the VM and the YAML file for the service are configured and applied, the service forwards the SSH traffic to the VM.

The following examples show the configurations for the VM’s YAML file and the service YAML file.

Prerequisites

Install the OpenShift CLI (oc).
Create a namespace for the VM’s YAML file by using the oc create namespace command and specifying a name for the namespace.

Procedure

In the YAML file for the VM, add the label and a value for exposing the service for SSH connections. Enable the masquerade feature for the interface:

Example VirtualMachine definition

apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  namespace: ssh-ns (1)
  name: vm-ssh
spec:
  running: false
  template:
    metadata:
      labels:
        kubevirt.io/vm: vm-ssh
        special: vm-ssh (2)
    spec:
      domain:
        devices:
          disks:
          - disk:
              bus: virtio
            name: containerdisk
          - disk:
              bus: virtio
            name: cloudinitdisk
          interfaces:
          - masquerade: {} (3)
            name: testmasquerade (4)
          rng: {}
        machine:
          type: ""
        resources:
          requests:
            memory: 1024M
      networks:
      - name: testmasquerade
        pod: {}
      volumes:
      - name: containerdisk
        containerDisk:
          image: kubevirt/fedora-cloud-container-disk-demo
      - name: cloudinitdisk
        cloudInitNoCloud:
          userData: |
            #cloud-config
            user: fedora
            password: fedora
            chpasswd: {expire: False}
# ...

1	Name of the namespace created by the `oc create namespace` command.
2	Label used by the service to identify the virtual machine instances that are enabled for SSH traffic connections. The label can be any `key:value` pair that is added as a `label` to this YAML file and as a `selector` in the service YAML file.
3	The interface type is `masquerade`.
4	The name of this interface is `testmasquerade`.

Create the VM:

$ oc create -f <path_for_the_VM_YAML_file>

Start the VM:
```
$ virtctl start vm-ssh
```

In the YAML file for the service, specify the service name, port number, and the target port.

Example Service definition

apiVersion: v1
kind: Service
metadata:
  name: svc-ssh (1)
  namespace: ssh-ns (2)
spec:
  ports:
  - targetPort: 22 (3)
    protocol: TCP
    port: 27017
  selector:
    special: vm-ssh (4)
  type: NodePort
# ...

1	Name of the SSH service.
2	Name of the namespace created by the `oc create namespace` command.
3	The target port number for the SSH connection.
4	The selector name and value must match the label specified in the YAML file for the VM.

Create the service:

$ oc create -f <path_for_the_service_YAML_file>

Verify that the VM is running:

$ oc get vmi

Example output

NAME    AGE     PHASE       IP              NODENAME
vm-ssh 6s       Running     10.244.196.152  node01

Check the service to find out which port the service acquired:

$ oc get svc

Example output

NAME            TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)           AGE
svc-ssh     NodePort       10.106.236.208 <none>        27017:30093/TCP   22s

In this example, the service acquired the port number 30093.

Run the following command to obtain the IP address for the node:

$ oc get node <node_name> -o wide

Example output

NAME    STATUS   ROLES   AGE    VERSION  INTERNAL-IP      EXTERNAL-IP
node01  Ready    worker  6d22h  v1.24.0  192.168.55.101   <none>

Log in to the VM via SSH by specifying the IP address of the node where the VM is running and the port number. Use the port number displayed by the oc get svc command and the IP address of the node displayed by the oc get node command. The following example shows the ssh command with the username, node’s IP address, and the port number:
```
$ ssh fedora@192.168.55.101 -p 30093
```

Accessing the serial console of a virtual machine instance

The virtctl console command opens a serial console to the specified virtual machine instance.

Prerequisites

The virt-viewer package must be installed.
The virtual machine instance you want to access must be running.

Procedure

Connect to the serial console with virtctl:
```
$ virtctl console <VMI>
```

Accessing the graphical console of a virtual machine instances with VNC

The virtctl client utility can use the remote-viewer function to open a graphical console to a running virtual machine instance. This capability is included in the virt-viewer package.

Prerequisites

The virt-viewer package must be installed.
The virtual machine instance you want to access must be running.

If you use virtctl via SSH on a remote machine, you must forward the X session to your machine.

Procedure

Connect to the graphical interface with the virtctl utility:
```
$ virtctl vnc <VMI>
```
If the command failed, try using the -v flag to collect troubleshooting information:
```
$ virtctl vnc <VMI> -v 4
```

Connecting to a Windows virtual machine with an RDP console

The Remote Desktop Protocol (RDP) provides a better console experience for connecting to Windows virtual machines.

To connect to a Windows virtual machine with RDP, specify the IP address of the attached L2 NIC to your RDP client.

Prerequisites

A running Windows virtual machine with the QEMU guest agent installed. The qemu-guest-agent is included in the VirtIO drivers.
A layer 2 NIC attached to the virtual machine.
An RDP client installed on a machine on the same network as the Windows virtual machine.

Procedure

Log in to the OKD Virtualization cluster through the oc CLI tool as a user with an access token.
```
$ oc login -u <user> https://<cluster.example.com>:8443
```

Use oc describe vmi to display the configuration of the running Windows virtual machine.

$ oc describe vmi <windows-vmi-name>

Example output

...
spec:
  networks:
  - name: default
    pod: {}
  - multus:
      networkName: cnv-bridge
    name: bridge-net
...
status:
  interfaces:
  - interfaceName: eth0
    ipAddress: 198.51.100.0/24
    ipAddresses:
      198.51.100.0/24
    mac: a0:36:9f:0f:b1:70
    name: default
  - interfaceName: eth1
    ipAddress: 192.0.2.0/24
    ipAddresses:
      192.0.2.0/24
      2001:db8::/32
    mac: 00:17:a4:77:77:25
    name: bridge-net
...

Identify and copy the IP address of the layer 2 network interface. This is 192.0.2.0 in the above example, or 2001:db8:: if you prefer IPv6.
Open an RDP client and use the IP address copied in the previous step for the connection.
Enter the Administrator user name and password to connect to the Windows virtual machine.