Stefan de Konink wrote:
Michael March schreef:
Michael March schreef:
.. in this setup you MUST have the ssh public key of the user the
web server runs as in the 'root' account of each server it
manages.. again, this might not be 100% kosher.. but it works.
The main problem I encounter is the hostname voodoo...but that check
can be disabled. I probably make an automatic hostname based on mac
address, and send that via SSH to the main box.
A shared certificate is probably an option too, if the hostname is
ignored.
Hmm.. I'm not sure what you exactly mean by "hostname voodoo".... Do
you mean the checks the ssh client does the first time it connects to
an unknown server?
No I mean that the certificate is not valid if the hostname doesn't
match. (It is possible to disable that in the connection string though)
All I did was make sure I ssh'd as a 'real' user first.. using whatever
hostname I was using for the ssh endpoint.. if that went well (making
sure I didn't have to enter a password or ssh key pass-phrase) I was
pretty certain the libvirt connection would work.
However.. other messages on this thread are recommending against the ssh
method.. I'm going to try the recommended Digest-MD5 method now too
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list