WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Xen, HVM guest won't start without VNC=1

...
> > 
> > As far as I understand one of the options (either vnc, or sdl)
> > should be enabled. Otherwise domain will not work.
> > 
> > What bad if you bound VNC to local interface?
> > 
> 
> [Norton, Jerry] Thanks for the reply Igor.  I did some digging and found
> a reference to SDL in a qemu.log.  I guess nothing is wrong with running
> VNC, it's just that I'm a little paranoid.  I hate having processes
> running that no one will be using and try my best to keep servers very
> lean.  I see it as a potential security risk.  

Yes I understand you, 
but 

1) There are no special processes starting which must handle 
   VNC connections.
2) You can bound it to 127.0.0.1 or something else IP
3) You can drop all the traffic that goes to that IP with iptables

iptables -I INPUT -d 127.0.0.1 -p tcp --dport 5900 -j REJECT --reject-with 
tcp-reset

and after you have this command run, it will be impossible 
to connect to the VNC session (assuming its run on the port 5900)
even from the localhost.

> 
> Am I understanding correctly that SDL needs X11?  I'm adverse to running
> X11 on a server.  I prefer to keep them console only.
> 

I know that SDL can run without X Window System (using framebuffer)
but I don't know if it possible in case of SDL usage with Xen.

I think that VNC is more convenient option for you task
and you should not contrive something wit SDL.

> I'm ultimately looking to run the guest OS's headless and running in the
> background with a backdoor console that I can start up only as needed.
> 

I think that you can use VNC as this backdoor.
You can bond it to local interface (and even firewall it, in the way
I mentioned earlier) and make SSH-portforwarding when you need
to access it from the external host.

> I guess if VNC or SDL w/ X running are the only options, I'll work with
> them.  I just want to be sure those are the only options.
> 
> > 
> > 
> > > Here's my config file
> > > ***
> > > kernel = '/usr/lib/xen-3.0.3-1/boot/hvmloader'
> > > builder = 'hvm'
> > > device_model='/usr/lib/xen-3.0.3-1/bin/qemu-dm'
> > > memory = '256'
> > > disk = [
> > >
> 'phy:/dev/xendisks/base_deb,ioemu:hda,w','phy:/dev/cdrom,hdc:cdrom,r'
> > ]
> > > name = base_deb'
> > > vif = ['type=ioemu,bridge=xenbr0,mac=00:19:c0:a8:01:c9']
> > > boot='c'
> > > vnc=1
> > > vncviewer=0
> > > vncunused=0
> > > vncdisplay=2
> > > vnclisten='0.0.0.0'
> > > serial='pty'
> > > ***
> > >
> > >
> > >
> > > _______________________________________________
> > > Xen-users mailing list
> > > Xen-users@xxxxxxxxxxxxxxxxxxx
> > > http://lists.xensource.com/xen-users
> > 
> > --
> > WBR, i.m.chubin
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

-- 
WBR, i.m.chubin


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users