WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] stubdom fails with tls enabled

To: John Haxby <john.haxby@xxxxxxxxxx>
Subject: Re: [Xen-users] stubdom fails with tls enabled
From: Dan Hickox <danhickox@xxxxxxxxx>
Date: Tue, 24 Nov 2009 10:02:13 -0800
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 24 Nov 2009 10:03:17 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=E/oKFVmBjj43b3f7s/TVRRGXYdDemiDsdUwgI5tP2KM=; b=KPkQ67VgwiX8CJoSs/QijfHRs8rsruTW61MWpFU0HQgcd1xNIEpg5F4ATfh6Xz3Ami xYK9gnslFsAGuSbfngwu/c4ljx8mOXHHqZVmNGa+4qbpEearFV8WT8H0vYcFzY8oiFBu GW1EsCHKzKg5BoO4vmylImY7CDpEVbLvD2GE4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=X1T7V27JbVUP+Pjf74Mi9ctDa0bKJyPvk9x9fs+4J/Vg7sff1Tf7THsIYWiNY0Fw8m +MMag7vD00aEA6r9ZK2etr9I0zPtl21OAJzF/+9oWNr6rrXj5qklgrtsRCAzsTbn7Fsk 203tZtOd/Che0kY7LeTChHH6g5skb2xvbkvhw=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4B0A7B56.3010909@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <02DA15E79C184F588E04A7E8B75BDAD5@workstation> <4B0A7B56.3010909@xxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
John,
     Thanks for the response. I did see that much :) Correct me if I'm wrong; but, it appears that xm create pulls the configuration and formats it (among other things) and passes the configuration to qemu-dm or in this case stubdom-dm. It also seems that qemu-dm expects 'tls' as an argument and not 'tls=whatever'. The 'tls' argument was being auto generated in '/etc/xen/stubdom' (I think by the updated stubdom-dm script) and not something I had manually appended to the configuration of the VM; and occurs when (vnc-tls 1) is uncommented.
 
I was able to patch image.py and create.py to pass the information to stubdom-dm. Which leaves me with:
 
INFO (image:394) spawning device models: /usr/lib64/xen/bin/stubdom-dm ['/usr/lib64/xen/bin/stubdom-dm', '-d', '23', '-domain-name', 'windowsxp', '-videoram', '4', '-vnc', '127.0.0.1:1,tls,x509=/etc/xen/vnc', '-vcpus', '1', '-boot', 'd', '-acpi', '-usbdevice', 'tablet', '-net', 'nic,vlan=1,macaddr=00:16:3e:0a:12:15,model=rtl8139', '-net', 'tap,vlan=1,ifname=tap23.0,bridge=xenbr0', '-M', 'xenfv']
 
But, after all this it still appears that tls is either not enabled or there is some incompatibility between client/server. You wouldn't happend to know a compatible client? I did double check that vnc tls was enabled during build...
 
Well... Seems that there is more work to do...
 
Any suggestions would be appreciated.
 
Thanks,
Dan
On Mon, Nov 23, 2009 at 4:08 AM, John Haxby <john.haxby@xxxxxxxxxx> wrote:
On 20/11/09 17:53, Dan Hickox wrote:


 

Error: tls should be a pair, separated by an equals sign.

Using config file "/etc/xen/stubdoms/windowsxp-dm".

 

windowsxp-dm contains:

 

#This file is autogenerated, edit windowsxp instead!

kernel = '/usr/lib/xen/boot/ioemu-stubdom.gz'

vfb = ['sdl=0, opengl=1, xauthority=/root/.Xauthority, vnc=1, vncdisplay=1,tls, vnclisten=127.0.0.1, vncunused=0']

disk = [ 'phy:sda1,hda:disk,w','file:/mnt/launch/XRMPFPP_EN.iso,hdc:cdrom,r' ]

vif = [ 'mac=00:16:3e:04:b2:d5' ]

 

At first newbish glance I see that stubdom-dm and image.py use this information. But, I'm not exactly sure how it's handled throughout the app...



If anything, it should be "tls=1".

However, as of 3.4.0 (and possibly later) you don't do tls like that.   Read the tls comments in /etc/xen/xend-config.sxp -- you mostly want to uncomment the "(vnc-tls 1)" line but you'll need the certificates it mentions in place first.

jch

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
<Prev in Thread] Current Thread [Next in Thread>