Hi! This is my first post to either of these list, I have been
lurking, (sorry to cross post but I don’t know if this is a virt-manager
or libvirt question). So first off thank you to everyone for all your efforts.
I think libvirt and virt-manager are excellent! I’ve built a pair of
server s in the lab with a Xen stack and have been attempting to get
virt-manager 0.5.4 to communicate with, first libvirt 0.4.2 and then libvirt
0.4.4 using TLS across the network in a “client / server”
configuration unsuccessfully. All the machines are on the same subnet
(192.168.4.x/24). I can make Virt-Manager communicate with Libvirt over TCP
without authentication so now that I know the installation works I want to
further secure it using TLS. I’ve read everything I can get my hands on, subscribe
to the lists and feel that I must be making a simple error ;I could really use
a fresh perspective. I would really appreciate any feedback you can offer. Here’s my configuration and testing method. Workstation Ubuntu Hardy Heron 64 bit Virt-manager 0.5.4 Server Distribution = CentOS 5.1 (64 bit) Kernel = 2.6.18.8-xen (compiled from
source) Xen = 3.2.1.gz virsh # version Compiled against library: libvir 0.4.4 Using library: libvir 0.4.4 Using API: Xen 3.0.1 Running hypervisor: Xen 3.2.0 /usr/local/etc/libvirt/libvirtd.conf Listen_tcp = 1 auth_unix_ro = “none” auth_unix_rw=”none” auth_tcp=”none” In this configuration I can use “Remove Password or
Kerberos” to connect. I just enter the hostname of the Xen machine and Virt-Manager
lets me see all the Domains that are running (or shutdown if I virsh define
them) as well as look at their consoles (if the vfb is configured correctly). I followed the configuration notes at: http://libvirt.org/remote.html with a
couple of exceptions: 1.
I already have a linux based CA
that I use with OpenVPN so I used that CA root certificate and just generated
client and server cert / key pairs for my client and server (I tested with just
one server) 2.
I reverted back to the default
libvirtd.conf to setup for TLS and noticed that the default paths for the
certificate locations were not in line with the documentation on the web page but
there were commented sections as follows that matched the documentation, so I
uncommented them: #crl_file = “/etc/pki/CA/crl.pem” 3.
On the server I execute “libvirtd
–listen –verbose” (libvirtd output) attached 4.
virt-manager 0.5.4 (as root) ,
File, Open Connection Connection: Remote SSL/TLS with x509 certificate Hostname: vxen-01.aenigmacorp.com (I have a host
entry for this machine) The virt-manager console reports “unable to open
a connection to the libvirt management daemon”. Verify that the “libvirtd”
daemon has been started. Then, in details there is a lot of info (see
virt-manager output) 5.
If I tail /root/.virt-manager/virt-manager.log
I get the following output (see virt-manager.log) That about sums it up. I have not read any instructions
that ask me to copy the CA root certificate to the client, is that required?
And if so where would I put it. Also, whenever I attempt to connect there are
no errors appearing in the libvirtd output, which is a bit surprising. I would
have expected that by using –verbose on the libvirtd command line that i
would see more info. Lin 94 in the libvirt.py script is definitely trying to
do some kind of authentication but I don’t really know what to do to
troubleshot this next? I still don’t know if my issue is related to the
client or the server? Any advice would be greatly appreciated. Many thanks Geoff Wiener |
Attachment:
libvirtd output
Description: libvirtd output
Attachment:
virt-manager output
Description: virt-manager output
Attachment:
virt-manager.log
Description: virt-manager.log
-- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list