[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XEN 4.3.1 VNC TLS is not working?

On Mon, Nov 25, 2013 at 11:31:03PM +0200, NiX wrote:
> > On Mon, Nov 25, 2013 at 09:06:09PM +0200, NiX wrote:
> >> > On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote:
> >> >> Hi. I am using XEN 4.3.1 source compile. In /etc/xen/xend-config.sxp
> >> >> I've
> >> >> the following settings enabled:
> >> >>
> >> >
> >> > Hmm... The default toolstack in 4.3 is xl. I don't think xl ever looks
> >> > at xend-config.sxp. Which toolstack are you using?
> >>
> >> xl
> >>
> >> >
> >> > And to be honest I don't see a way for doing this in xl...
> >> >
> >> > If you're expecting some extra VNC TLS arguments added to QEMU, maybe
> >> > you can use device_model_extra_args in your config file to work around
> >> > this?
> >>
> >> That's going to be trial and error because I've never done that with
> >> QEMU.
> >> I'll try with device_model_extra_args
> >>
> >> I guess it's something like device_model_extra_args = 'args'
> >>
> >
> > No, I misremebered the name. Something like device_model_args = ['arg1',
> > 'arg2']. You'd better google for examples.
> >
> > BTW there's variant for hvm called device_model_args_hvm.
> 
> I've no luck when trying to get that working using device_model_args = [
> "args" ]
> 

In any case you're not using the above option verbatim, right?

> I just found that when using 'xl' it uses tools/libxl/libxl_dm.c and from
> there it does bother reading xend config at all. Your only option is to
> edit that libxl_dm.c manually and recompile ... Well my C skills are
> limited, I am PHP developer.
> 

Hmm... Which line did you see libxl reads xend-config.sxp? Maybe you
misread something?

> Does 'xm' toolstack use
> '/usr/local/lib/python2.7/site-packages/xen/xend/image.py' ? From
> image.py:
> 
> if vncx509verify:
>                     vncopts = vncopts + ",tls,x509verify=%s" % vncx509certdir
>                 else:
>                     vncopts = vncopts + ",tls,x509=%s" % vncx509certdir
> 
> So the options that needs to be appended are as far as I know as follows:
> 
> tls,x509=/etc/xen/cert
> 

This needs to be appened after other VNC parameters.

Wei.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.