Hi, On Thu, 2009-08-20 at 10:00 -0400, weiming wrote: > Hi VIncent, > > Yes, I'm considering adding a TCP socket for xenstored. > > Since xen apis can be called remotely, there's no reason to prevent > accessing xenstore in the same way.
We did this when working on an experiment to use Xen on a single system image. Our implementation utilized a private back-end LAN which was not exposed to dom-u's that faced the public, so no authentication mechanism was needed. We needed to set up remote watches to facilitate a sort of 'cluster wide upstart for xen'. I would warn you, XenStore is fragile and often fickle, I've crashed it many times within a guest while working on split drivers for various character devices. If you expose it via sockets, without having the API as a buffer to take most 'brute force' abuse, be sure to code very defensively and utilize iptables to restrict access. While xend can be re-started , xenstored can not. Yes, API's can be called remotely, however some diligence prevails before the API actually talks to xenstore. Cheers, --Tim > > thanks, > Weiming > > On Thu, Aug 20, 2009 at 5:24 AM, Vincent Hanquez > <[email protected]> wrote: > > weiming wrote: > Hi, > > Is it possible to read/write the xenstore from another > physical machine? > > I know it uses Unix socket. So it looks hard to access > it remotely, isn't it? > Hi weiming, > > whilst it's not possible at the moment and certainly a bad > idea security wise, make xenstored listen on a tcp socket > along with the unix socket is very easy. > > cheers, > -- > Vincent > > > _______________________________________________ > Xen-devel mailing list > [email protected] > http://lists.xensource.com/xen-devel -- Monkey + Typewriter = Echoreply ( http://echoreply.us ) _______________________________________________ xen-api mailing list [email protected] http://lists.xensource.com/mailman/listinfo/xen-api
