To be clear, it doesn't break consoleproxy for me, but it breaks migration as wido mentions in his long first post. I think he intended to fix it with the new libvirt 0.5.0 bindings rather than roll back, but it didn't happen before the cut. It should probably be rolled back on both 4.1 and master at this point, lest it be forgotten, and he can add it back in once we for certain have the new libvirt bindings and fix.
On Thu, Mar 21, 2013 at 2:46 PM, Marcus Sorensen <shadow...@gmail.com> wrote: > The change was in server side code, so maybe. > > On Jan 4, 2013 1:09 PM, "Wido den Hollander" <w...@widodh.nl> wrote: >> >> Hi, >> >> I just noticed that CLOUDSTACK-411 got resolved which is related to >> CLOUDSTACK-410 >> >> * https://issues.apache.org/jira/browse/CLOUDSTACK-410 >> * https://issues.apache.org/jira/browse/CLOUDSTACK-411 >> >> Today I made this commit: 7240204a507cce8143c248e6aa635da6dad60ed0 >> >> About 7 months ago I already fixed that the listen address for VNC would >> be set to the private IP of the hypervisor so that you don't have to specify >> vnc_listen in qemu.conf >> >> With vnc listening on 0.0.0.0 you have a potential security issue since >> you need a firewall to prevent the whole world connecting to your VNC. >> >> <graphics type='vnc' port='5907' autoport='yes' listen='10.4.0.67'> >> <listen type='address' address='10.4.0.67'/> >> </graphics> >> >> That's how the XML definition looks like. >> >> With commit 7240204a507cce8143c248e6aa635da6dad60ed0 this works again, but >> 30 minutes later I figured out that migrations brake due to this, dôh! >> >> On the other hypervisor that private IP isn't available for binding, so >> Qemu won't start... >> >> Instead of reverting the commit I'm now working on changing the XML during >> migration. libvirt supports this, but libvirt-java doesn't. >> >> I have a bunch of patches still ready for libvirt-java. Together with >> those patches I'll submit this to the libvirt guys next week. >> >> The method in libvirt-java will be: >> >> migrate(Connect dconn, long flags, String dxml, String dname, String uri, >> long bandwidth) >> >> dxml: (optional) XML config for launching guest on target >> >> In LibvirtComputingResource I'll generate a new XML with the private IP of >> the new hypervisor and pass that on to the migrate method. >> >> For the 4.1 release libvirt-java 0.5.0 should be out and this should then >> work. >> >> No more need for setting vnc_listen in qemu.conf and no potential security >> leak of having VNC listening world-wide (assuming your hypervisor has a >> public IP). >> >> Just wanted to let you know what I'm working on. >> >> Wido
