On 2013/4/3 16:39, Alex Jia wrote:
On 04/03/2013 03:20 PM, Yang Dongsheng wrote:
Yes, I saw these, but they're not enough, the transports may be ssh, tcp, tls
and unix, etc, so some test scenario
have a little complex(please seehttp://libvirt.org/remote.html), for example,
(I) Positive
EXAM1:
1. append auth_unix_rw="sasl" into the /etc/libvirt/libvirtd.conf
2. add sasl user
# saslpasswd2 -a libvirt test
(input your passwd)
# sasldblistusers2 -f /etc/libvirt/passwd.db
xxx@yyy <mailto:[email protected]>: userPassword
3. add auth.conf file in the /etc/libvirtd/
# cat /etc/libvirt/auth.conf
[credentials-sasl]
authname=test
password=autotest
[auth-libvirt-localhost]
credentials=sasl
4. restart libvirtd service
service libvirtd restart
Stopping libvirtd daemon: [ OK ]
Starting libvirtd daemon:
5. without sasl username and passwd
# virsh -c qemu+unix:///system list
Id Name State
----------------------------------------------------
1 test running
EXAM2:
On the server:
1. edit /etc/sysconfig/libvirtd and uncomment LIBVIRTD_ARGS line
LIBVIRTD_ARGS="--listen"
2. edit /etc/libvirt/libvirtd.conf
listen_tls = 0
listen_tcp =1
tcp_port = "16510"
auth_tcp = "none"
3. restart libvirtd service
#service libvirtd restart
4. Refresh iptables or add some policies
#iptables -F
On the client:
1. remotely connect above server witch tcp transports
# virsh -c qemu+tcp://<ip>:16510/system
(II) Negative
EXAM1:
1. stop libvirtd service on the remote server
# service libvirtd stop
2. connect remote server from client
# virsh -c qemu+ssh://<ip>/system
EXAM2:
1. Disable ssh root login on the server
appending "PermitRootLogin = no" into /etc/ssh/sshd_config and restart sshd
service on the server
2. Remotely connect server with ssh transports from libvirt client
# virsh -c qemu+ssh://<ip>/system
There are many test cases can be designed for remote access, it will be huge
work for us, so we also may
do it later if you want, I think it should be okay if your patches series just
focus basic connect operations,
but considering future case extension, we shouldn't hard cord transports to
'ssh'.
So glad to get this review.
When I made this patch for virsh connect, I have learnd about that there
is so many kinds of remote uri .
And in my test module for virsh connect , I have thought about some
externsion, but it's not enough obviously.
I will consider again . Thanx ~
_______________________________________________
Virt-test-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/virt-test-devel
