Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora/Linux Management Tools (http://www.linux-archive.org/fedora-linux-management-tools/)
-   -   ocaml-libvirt-0.4.0.1: Can't connect to Xen- Host (http://www.linux-archive.org/fedora-linux-management-tools/96076-ocaml-libvirt-0-4-0-1-cant-connect-xen-host.html)

"Richard W.M. Jones" 05-27-2008 09:45 AM

ocaml-libvirt-0.4.0.1: Can't connect to Xen- Host
 
On Tue, May 27, 2008 at 11:37:10AM +0200, Feichtinger Günter wrote:
> I intstalled the ocaml-libvirt-0.4.0.1.exe on MS- Vista without problems.
> Also the virt-ctrl.exe starts without problems.
> But when I try to connect to a Xen-Host I get the messages:
> libvir: Remote error : Cannot access CA certificate 'C:/msys/1.0/local/etc/pki/C
> A/cacert.pem': No such file or directory (2)
>
> Please be so kind and help.

It's not very clear to me what you are trying to connect to what, but
you'll probably want to read about remote connections, here:

http://libvirt.org/remote.html

Rich.

--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
Read my OCaml programming blog: http://camltastic.blogspot.com/
Fedora now supports 59 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora

_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@redhat.com
https://www.redhat.com/mailman/listinfo/et-mgmt-tools

"Richard W.M. Jones" 06-02-2008 09:52 AM

ocaml-libvirt-0.4.0.1: Can't connect to Xen- Host
 
On Wed, May 28, 2008 at 12:22:53PM +0200, Feichtinger Günter wrote:
> > -----Ursprüngliche Nachricht-----
> > Von: Richard W.M. Jones [mailto:rjones@redhat.com]
> > Gesendet: Dienstag, 27. Mai 2008 11:45
> > An: Feichtinger Günter
> > Cc: et-mgmt-tools@redhat.com
> > Betreff: Re: ocaml-libvirt-0.4.0.1: Can't connect to Xen- Host
> >
> > On Tue, May 27, 2008 at 11:37:10AM +0200, Feichtinger Günter wrote:
> > > I intstalled the ocaml-libvirt-0.4.0.1.exe on MS- Vista
> > without problems.
> > > Also the virt-ctrl.exe starts without problems.
> > > But when I try to connect to a Xen-Host I get the messages:
> > > libvir: Remote error : Cannot access CA certificate
> > > 'C:/msys/1.0/local/etc/pki/C
> > > A/cacert.pem': No such file or directory (2)
> > >
> > > Please be so kind and help.
> >
> > It's not very clear to me what you are trying to connect to
> > what, but you'll probably want to read about remote connections, here:
> >
> > http://libvirt.org/remote.html
> >
> > Rich.
>
> Hello Richard,
> thanks for your prompt answer. I see, I have to explain it more excatly.
> I have 3 Xen-Hosts (CentOS 5.1) and use virt-managaer local an this hosts.
> I'm looking for a possibility to manages xen-hosts from MS-Windows-Clients like VMWareServerConsole.
> So I was looking around and found your port of the virt-manager.
> I tried to connect with xen://xen-host/ and get the message above.
> Which possibility to I have for remote connections? I think I read that with your virt-manager port only support TLS, isn't it?
> So do I have to work with certificates? In my test-envirment a "low" security solution is also fine :-)

The first thing to say is that this isn't a port of virt-manager. We
couldn't get that working on Windows because the Python stuff for
Win32 was too complicated. This is a port of virt-ctrl instead
(http://et.redhat.com/~rjones/virt-ctrl/) which is a far less powerful
virt-manager clone that I wrote in my spare time, just as an
experiment. (It's also a rather old version of virt-ctrl. I really
must update that package ...)

Anyway, you should be able to set up your Xen hosts so that TCP
(insecure) connections are possible. Assuming that libvirtd is
running, there should be a file /etc/libvirt/libvirtd.conf which you
can edit to enable TCP connections:

http://libvirt.org/remote.html#Remote_libvirtd_configuration

listen_tcp = 1

I believe you also need to edit /etc/sysconfig/libvirtd and uncomment:

LIBVIRTD_ARGS="--listen"

and of course open firewall port 16509 if necessary.

Then you should be able to connect remotely using this URI:

xen+tcp://hostname/

TCP connections are totally insecure, so you should only do this on a
private network.

Rich.

--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
Read my OCaml programming blog: http://camltastic.blogspot.com/
Fedora now supports 59 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora

_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@redhat.com
https://www.redhat.com/mailman/listinfo/et-mgmt-tools

"Daniel P. Berrange" 06-02-2008 09:59 AM

ocaml-libvirt-0.4.0.1: Can't connect to Xen- Host
 
On Mon, Jun 02, 2008 at 10:52:19AM +0100, Richard W.M. Jones wrote:
> http://libvirt.org/remote.html#Remote_libvirtd_configuration
>
> listen_tcp = 1
>
> I believe you also need to edit /etc/sysconfig/libvirtd and uncomment:
>
> LIBVIRTD_ARGS="--listen"
>
> and of course open firewall port 16509 if necessary.
>
> Then you should be able to connect remotely using this URI:
>
> xen+tcp://hostname/
>
> TCP connections are totally insecure, so you should only do this on a
> private network.

This is no longer true. Recent libvirt will enable SASL authentication on
the TCP socket by default, and the default SASL config for libvirt turns
on digest-md5 which provides by username+password authentication and
subsquent session encryption. You can also switch SASL to use kerberos
which again provides auth & session encryption. With either digest-md5
or Kerberos, the security is on a par with SSL/TLS in terms of encryption
strength

http://libvirt.org/auth.html#ACL_server_username

Regards,
Daniel.
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

_______________________________________________
et-mgmt-tools mailing list
et-mgmt-tools@redhat.com
https://www.redhat.com/mailman/listinfo/et-mgmt-tools


All times are GMT. The time now is 08:14 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.