Xen project Mailing List

Re: [Xen-users] Xen 4.2 - Security on Live Migration

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

From: Katerina Mparmpopoulou <kate_mparmpop@xxxxxxxxxxx>

Date: Wed, 27 Feb 2013 13:58:07 +0100

Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>

Delivery-date: Wed, 27 Feb 2013 12:59:23 +0000

List-id: Xen user discussion <xen-users.lists.xen.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Ian, Thx again for your information, i'm quite unfamiliar with that and i'm still can't get it. On 02/27/2013 11:40 AM, Ian Campbell wrote: > On Wed, 2013-02-27 at 09:29 +0000, Katerina Mparmpopoulou wrote: >> If i want to place my own ssl key and my own certificate when >> i'm migrating a vm in another physical machine, how should I use >> the command?? > > You need to pass a command which will connect its stdin/stdout over > the communication channel of your choice to the stdin/stdout of > "xl migrate-receive" running on the target host. How you setup > that communication channel and arrange for that process on the > remote machine is up to you to arrange in that command. > you mean that everything need to be done in: xl migrate -s <sshcommand> <guest_vm> <target_machine> where sshcommand is the stdin/stdout of another command? > For example you could reasonably trivially build something out of > netcat and ssh which did secure authentication and but insecure > data transfer. > > If you want to do something with SSL certs then I expect you will > wantto find an ssl capable netcat type thing, I think openssl has > such mechanisms in it. Or you could write your own client/server > pair, etc etc. I have already created my client/server pairs, but i don't know in which file to place/save them. Namely, xl migrate-receive command from which file retrieves these keys? Where are the default pair (If there is any)? In previous version I could create client/server pairs and I used to save them in etc/xen/xend-config.sxp, like this: (xend-relocation-server-ssl-key-file my_server.key) (xend-relocation-server-ssl-cert-file my_server.crt) Now do I need to run the migrate command every time along with these pair? For example like this? $xl migrate -s /etc/ssh/keys/my_server.key /etc/ssh/keys/my_server.crt <sshcommand> <guest_vm> <target_machine> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRLgLfAAoJEIrShLVVnSKrPHcIAJ6lEO8kNZA1imy6Yg2XqgvK ZhSpG6WfWRH1Fp7fBWB1oaE1lYt1Mhoyzknkpi8JOlIq5M4eJqn+bRyG5/IZwNdT e1M0JsTdtDqNoqBx4Q2ijSadS3b4Vc764ZHKH5W2PRkgU+9C0cX12QmZw4/oVC+G GHqgOljtjQbnUb9tmkyTu/DhMUp+Ge/HKxx0d+k84QcaXvu22Nj8F4cQRa8Zgn0B gWqNVOxxajVFITDrCWZl1KXm3r8/dMCclmeo9RCxwC/qvrvlp0VzaWcZ0F0Tn7gW TL+r/fiWJ1gej7UswtN7Y3XTuZY02F5c5dRDf+U8oKqEd4E/OPpP8nxWarLNPjs= =mk2U -----END PGP SIGNATURE----- _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.