RE: [Xen-devel] Xen API/libvirt & Remote
Authentication would have been my next question had I discovered that
remote access was possible and widely used, but since there is no
authentication mechanism, I agree that opening the http port is a bad
I think I've found a solution. I've wrapped the libvirt calls I need
with gSOAP using SSL certificate authentication. It seems to be
working for me and secure.
From: Daniel Veillard [mailto:veillard@xxxxxxxxxx]
Sent: Thursday, August 03, 2006 1:46 AM
To: John Anderson
Subject: Re: [Xen-devel] Xen API/libvirt & Remote
On Wed, Aug 02, 2006 at 04:28:37PM -0700, John Anderson wrote:
> I've been reading through the Xen API wiki page and it's associated
> as well as checking out libvirt for a solution to remotely manage xend
> daemons. Unless I missed something, it seems both the Xen API and
> libvirt only make xml-rpc calls to a local xend daemon. Is this true
> am I way off base?
It's a bit more complex, first libvirt does not (yet) make xml-rpc
it currently does more ad-hoc HTTP based calls when talking to xend.
libvirt interract with Xen in more ways than just with xend.
> If the Xen API & libvirt can only connect to a local xend daemon, are
> there any alternatives short of providing your own transport (i.e.
> ssh/telnet to invoke the command locally) ?
I think libvirt 0.1.3 should be able to connect to remote xend daemons
using the HTTP protocol. It will be limited to xend based accesses and
there is unfortunately no authentication.
Security wise opening the HTTP port is a big no-no in my opinion,
getting access to the network one way or another would instantly get
over every domain running. Using SSH or other secure authenticated
to then connect to the local service sounds way saner, that's why I
really pushed or tested the remote access. But passing an URL pointing
the remote service when opening the libvirt connection may work, though
said I don't really recommend this.
Daniel Veillard | Red Hat http://redhat.com/
veillard@xxxxxxxxxx | libxml GNOME XML XSLT toolkit
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
Xen-devel mailing list