Thank you for the answer! Yes, I use TLS when want to have encryption, tcp just for testing purpose. I am building my proxy for filtering traffic between two machines in virt-manager. Decryption of tls with, for example mitmproxy, is easy. But when user will choose sasl with default mechanism (gssapi) - it becomes harder to decrypt. Where should I look to find out how libvirt does this decryption when sasl is used?
чт, 22 нояб. 2018 г. в 12:31, Jiri Denemark <jdene...@redhat.com>: > On Thu, Nov 22, 2018 at 09:58:41 +0300, Anastasiya Ruzhanskaya wrote: > > Hello! > > I was investigating libvirt a year ago regarding it's remote control. I > > figured out necessary settings for configuring remote control in ubuntu > > (setting flags in libvirt setting files). Now I have several questions: > > > > 1) Are these flags the same for Centos? > > They did not worked for me. > > My flags for ubuntu are (for tcp for example): > > > > /etc/libvirt/libvirtd.conf : listen_tls = 0, listen_tcp = 1, listen_addr > = > > "0.0.0.0 " auth_- > > tcp = "none " > > These configuration options are the same in all distros. But, listening > on TCP without any encryption and authentication is very dangerous and > it should not be used. A connection to system libvirtd is equivalent to > having a root account and I believe you don't want to provide root > access to anyone connecting to an open TCP port, do you? See > https://libvirt.org/remote.html for more details about remote access. > > > /etc/init/libvirt-bin.conf: add -l (listen) : env libvirtd_opts = d -l" > > /etc/default/libvirt-bin add -l : libvirtd_opts = d -l" > > This is different in CentOS. You need to edit /etc/sysconfig/libvirtd > file and uncomment LIBVIRTD_ARGS="--listen". > > > 2) Can the remote control be configured along with local on one machine? > > Yes, local access via UNIX sockets is always enabled. That is, enabling > remote access as described above will allow you to connect to libvirtd > both locally and remotely. > > Jirka >
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
