Hi, is there a comprehensive howto/tutorial you can recommend me on how
to set up libvirt with vnc over tls properly?
What I'm trying to do is to use vnc for production use outside my local
network and therefore I'd like to secure the vnc sessions. I already
made some attempts with ssvnc and
On Thu, Feb 26, 2009 at 11:47:15AM +0100, Michael Kress wrote:
Hi, is there a comprehensive howto/tutorial you can recommend me on how
to set up libvirt with vnc over tls properly?
What I'm trying to do is to use vnc for production use outside my local
network and therefore I'd like to secure
Daniel P. Berrange wrote:
I already
made some attempts with ssvnc and u...@vnc (both windows clients) but
these attemps all failed. I can't get the vnc server (launched by
virt-install / kvm) to be displayed via tls. It all runs perfectly
without tls.
There are some notes here
On Thu, Feb 26, 2009 at 12:07:15PM +0100, Michael Kress wrote:
Daniel P. Berrange wrote:
I already
made some attempts with ssvnc and u...@vnc (both windows clients) but
these attemps all failed. I can't get the vnc server (launched by
virt-install / kvm) to be displayed via tls. It all
Daniel P. Berrange wrote:
I have a working ssh tunnel from Vista/Putty/Port 5900 to
debian5/openssh/Port5900. Working means, I verified it with vncserver
(without tls) and with nc (netcat).
On windows side I tried with ssvnc using these values:
What VNC client are you using on Windows
On Thu, Feb 26, 2009 at 12:55:57PM +0100, Michael Kress wrote:
Daniel P. Berrange wrote:
I have a working ssh tunnel from Vista/Putty/Port 5900 to
debian5/openssh/Port5900. Working means, I verified it with vncserver
(without tls) and with nc (netcat).
On windows side I tried with ssvnc
Daniel P. Berrange wrote:
* http://www.karlrunge.com/x11vnc/ssvnc.html (effect as described)
To quote that page:
SSVNC also supports the VeNCrypt SSL/TLS extension to VNC (Unix and Mac OS X
only.)
So you're out of luck with Windows
Ok, this is no drawback - at least I
On Thu, Feb 26, 2009 at 01:29:09PM +0100, Michael Kress wrote:
Daniel P. Berrange wrote:
* http://www.karlrunge.com/x11vnc/ssvnc.html (effect as described)
To quote that page:
SSVNC also supports the VeNCrypt SSL/TLS extension to VNC (Unix and Mac OS
X only.)
So
On Mon, Feb 16, 2009 at 06:39:35PM -0500, Cole Robinson wrote:
The attached patch was posted by Michael Marineau at:
https://bugzilla.redhat.com/show_bug.cgi?id=472702
It prevents generating the python bindings multiple times in a parallel
build. Works fine in my testing, so I figured I'd
Hi,
As mentioned in the earlier mail, I have started the work on
adding Virtualbox support to libvirt. I have completed almost
all the basic functionality. Currently I can start, shutdown,
reboot, list and suspend/resume the domains.
Now I am in the process writing code for creating/defining
On Tue, Feb 17, 2009 at 02:49:22PM +, Daniel P. Berrange wrote:
On Tue, Feb 17, 2009 at 09:44:24AM -0500, Cole Robinson wrote:
Jim Meyering wrote:
Russell russellhaer...@gmail.com wrote:
Line 1133 of storage_backend_fs.c in 0.6.0:
if (vol-target.backingStore != NULL) {
On Wed, Feb 18, 2009 at 02:01:05PM +, Daniel P. Berrange wrote:
When connecting qemu:///session we can autostart the libvirtd daemon.
With the node device APIs present, it can take upto a second to start
up while talking to dbus. The remote driver was only waiting for a
fraction of a
On Wed, Feb 25, 2009 at 08:17:08PM +, Mark McLoughlin wrote:
Add implementations of dettach, reattach and reset for
PCI devices.
Background to this code can be found here:
http://marc.info/?l=kvmm=123454366317045
Some notes:
* pci-stub was first introduced in 2.6.29; if it's
Michael Kress napsal(a):
Daniel P. Berrange wrote:
* http://www.karlrunge.com/x11vnc/ssvnc.html (effect as described)
To quote that page:
SSVNC also supports the VeNCrypt SSL/TLS extension to VNC (Unix and Mac OS X only.)
So you're out of luck with Windows
Ok, this is no
On Thu, Feb 26, 2009 at 03:43:53PM +0100, Daniel Veillard wrote:
On Wed, Feb 18, 2009 at 02:01:05PM +, Daniel P. Berrange wrote:
When connecting qemu:///session we can autostart the libvirtd daemon.
With the node device APIs present, it can take upto a second to start
up while talking
On Thu, Feb 26, 2009 at 03:26:34PM +0100, Pritesh Kothari wrote:
Hi,
As mentioned in the earlier mail, I have started the work on
adding Virtualbox support to libvirt. I have completed almost
all the basic functionality. Currently I can start, shutdown,
reboot, list and suspend/resume the
On Thu, Feb 26, 2009 at 03:26:34PM +0100, Pritesh Kothari wrote:
Is the XML format for defining the Domains common to all the hypervisors? If
not then how should I start about defining it for Virtualbox?
Hi Pritesh. The XML format is not exactly the same between the
hypervisors, but large
On Wed, Feb 25, 2009 at 02:30:35PM +0100, Chris Lalancette wrote:
All,
There was a logic error in the Qemu driver when doing a non-live migrate.
During a non-live migrate, on the source host during the Perform step, we
pause the domain; however, if there was ever a failure, we were forgetting
Hi Daniel,
As of 0.6.0, the libvirtd daemon is fully multi-threaded. This means
that many API calls can be using your driver concurrently. So every
driver API call you have (ie those registered in the 'virDriver' struct
must use one or more mutexs to ensure safe access to internal state.
On Wed, Feb 25, 2009 at 03:12:58PM -0500, David Allan wrote:
This example code illustrates connecting to the hypervisor and making some
simple API calls.
Added a little code to let the user specify the URI of the hypervisor on the
command line, per the suggestion of Rich Jones.
Changes
Hi John,
Generally, if you can, use the generic parts. If you need to specify
something specific to VBox you have three options:
1. work out a hypervisor-agnostic abstraction for what you're trying to
define (preferred), then use that
1. define a vbox-specific ref as you above
2. if it's
Daniel Veillard wrote:
On Wed, Feb 25, 2009 at 02:30:35PM +0100, Chris Lalancette wrote:
All,
There was a logic error in the Qemu driver when doing a non-live migrate.
During a non-live migrate, on the source host during the Perform step, we
pause the domain; however, if there was ever a
On Thu, Feb 26, 2009 at 05:20:55PM +0100, Pritesh Kothari wrote:
Hi John,
Generally, if you can, use the generic parts. If you need to specify
something specific to VBox you have three options:
1. work out a hypervisor-agnostic abstraction for what you're trying to
define (preferred),
On Fri, Feb 20, 2009 at 02:38:05PM +, Daniel P. Berrange wrote:
I think we need to move place where we set the exec context to after
the fork() call, ideally to be the very last call made before the
actual execve().
We do not currently have an easy way todo this, but I have the exact
Recent Linux kernels have a new concept of 'CGroups' which is a way to
group tasks on the system and apply policy to them as a whole. We already
use this in the LXC container driver, to control total memory usage of
things runing within a container.
This patch series is a proof of concept to make
This patch sets up the cgroups for QEMU instances. It creates a cgroup
when starting a guest, uses an exec hook to place the process into the
correct cgroup, and cleans up empty cgroup when the QEMU process shuts
down.
Daniel
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
---
This patch implements the schedular parameter APIs. This adds a
single tunable 'cpu_shares' that is provided by cgroups. This is
a slightly more fancy way of doing nice priorities, giving a way
to tune relative priority of VMs
Daniel
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
---
This patch is more focused on access control. CGroups has a controller
that enforces ACLs on device nodes. This allows us to restrict exactly
what block/character devices a guest is allowed to access. So in the
absence of something like SELinux sVirt, you can get a degree of
isolation between
On Thu, Feb 26, 2009 at 05:20:55PM +0100, Pritesh Kothari wrote:
What exactly does the tag os_typexen/os_type exactly mean? how can
xen, hvm, etc be an os type?
It's a horrible wart. OS type really means v12n method, and it means
either paravirt or HVM here. Presumably vbox wouldn't
This is an incomplete patch starting to support the memory balloon device
in QEMU guests. This requires the VirtIO Balloon driver be present in the
guest. In much the same way as with Xen guests, this lets you adjust the
memory allocation of the guest on the fly, ceiling limited by the initial
On Thu, Feb 26, 2009 at 05:00:47PM +0100, Pritesh Kothari wrote:
I think it depends on exactly how you are doing it - best to just post the
patches and we can discuss whether it looks reasonable then. Why did you
dlopen() instead of just linking to it directly ?
Basically my code depends
On Thu, Feb 26, 2009 at 11:52:18AM -0500, John Levon wrote:
On Thu, Feb 26, 2009 at 05:00:47PM +0100, Pritesh Kothari wrote:
I think it depends on exactly how you are doing it - best to just post the
patches and we can discuss whether it looks reasonable then. Why did you
dlopen()
On Fri, 2009-02-13 at 09:12 +, Mark McLoughlin wrote:
Hi David,
Nice work ...
A thought as I update this Fedora feature page[1], given that the goal
of the feature could be described as fixing things so that the shared
physical device section of libvirt's Networking wiki page[2] isn't
Michael Kress wrote:
Then I'll give a try on linux and mail the results later.
So I tried under Linux with ssvnc in the following scenario:
ssvnc --- (port 5900) ssh tunnel established from localhost via ssh
--- sshd on remote host -- (port 5900) libvirt/kvm/vnc
The tunnel works and is built
Am 25.02.2009 um 23:28 schrieb Radek Hladik:
Andreas Rittershofer napsal(a):
Am 25.02.2009 um 00:11 schrieb David Lutterkort:
On Tue, 2009-02-24 at 14:25 +0100, Andreas Rittershofer wrote:
Task 1.) Each VM must have network access to each other VM and to
the
outside.
Task 2.) When one
Andreas Rittershofer napsal(a):
My problem is:
1.) VM1 running on host A must have network access to VM3 when VM3 is
running on host B by default _and_
2.) when VM3 is running on host A because host B failed.
In some of my configurations 1.) worked but 2.) not, in some other
configurations
Am 26.02.2009 um 20:26 schrieb Radek Hladik:
Andreas Rittershofer napsal(a):
My problem is:
1.) VM1 running on host A must have network access to VM3 when VM3
is running on host B by default _and_
2.) when VM3 is running on host A because host B failed.
In some of my configurations 1.)
Andreas Rittershofer napsal(a):
Am 26.02.2009 um 20:26 schrieb Radek Hladik:
Andreas Rittershofer napsal(a):
My problem is:
1.) VM1 running on host A must have network access to VM3 when VM3 is
running on host B by default _and_
2.) when VM3 is running on host A because host B failed.
In
Radek Hladik wrote:
Michael Kress napsal(a):
2009.02.26 19:09:44 LOG7[14644:3086588128]: Certificate:
/home/kress/keys/client-cert.pem
2009.02.26 19:09:44 LOG7[14644:3086588128]: Certificate loaded
2009.02.26 19:09:44 LOG7[14644:3086588128]: Key file:
/home/kress/keys/client-cert.pem
Michael Kress napsal(a):
Radek Hladik wrote:
Michael Kress napsal(a):
2009.02.26 19:09:44 LOG7[14644:3086588128]: Certificate:
/home/kress/keys/client-cert.pem
2009.02.26 19:09:44 LOG7[14644:3086588128]: Certificate loaded
2009.02.26 19:09:44 LOG7[14644:3086588128]: Key file:
Hi,
I have setup my virtual networks with initscripts like in this link:
http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29,
but there is no networking whitin any system either between vms or with the
host and the vms.
This setup is for kvm, but
IT WORKS!
Radek Hladik wrote:
Michael Kress napsal(a):
2009.02.26 19:09:44 LOG3[14644:3086588128]: error stack: 140B3009 :
error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
2009.02.26 19:09:44 LOG3[14644:3086588128]:
SSL_CTX_use_RSAPrivateKey_file: 906D06C:
On Thu, 2009-02-26 at 12:40 -0500, Dan Williams wrote:
On Fri, 2009-02-13 at 09:12 +, Mark McLoughlin wrote:
Hi David,
Nice work ...
A thought as I update this Fedora feature page[1], given that the goal
of the feature could be described as fixing things so that the shared
On Thu, 2009-02-26 at 16:36 +, Daniel P. Berrange wrote:
Recent Linux kernels have a new concept of 'CGroups' which is a way to
group tasks on the system and apply policy to them as a whole. We already
use this in the LXC container driver, to control total memory usage of
things runing
Michael Kress napsal(a):
IT WORKS!
Radek Hladik wrote:
Michael Kress napsal(a):
2009.02.26 19:09:44 LOG3[14644:3086588128 http://www.snapanumber.com/]: error
stack: 140B3009 :
error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
2009.02.26 19:09:44 LOG3[14644:3086588128
Hi,
Here are some updates on this work:
It is common that user want to set up backend device for a virtual
interface over a VLAN. So, one more option is added, '--vlanid', to
specify the VLAN ID user want to attach to the backend device supporting
this virtual interface. So that the shell
46 matches
Mail list logo