Xen project Mailing List

Re: [Xen-users] XEN 4.3.1 VNC TLS is not working?

Date: Tue, 26 Nov 2013 00:43:16 +0200

Delivery-date: Mon, 25 Nov 2013 22:47:02 +0000

Importance: Normal

List-id: Xen user discussion <xen-users.lists.xen.org>

> On Mon, Nov 25, 2013 at 11:31:03PM +0200, NiX wrote: >> > On Mon, Nov 25, 2013 at 09:06:09PM +0200, NiX wrote: >> >> > On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote: >> >> >> Hi. I am using XEN 4.3.1 source compile. In >> /etc/xen/xend-config.sxp >> >> >> I've >> >> >> the following settings enabled: >> >> >> >> >> > >> >> > Hmm... The default toolstack in 4.3 is xl. I don't think xl ever >> looks >> >> > at xend-config.sxp. Which toolstack are you using? >> >> >> >> xl >> >> >> >> > >> >> > And to be honest I don't see a way for doing this in xl... >> >> > >> >> > If you're expecting some extra VNC TLS arguments added to QEMU, >> maybe >> >> > you can use device_model_extra_args in your config file to work >> around >> >> > this? >> >> >> >> That's going to be trial and error because I've never done that with >> >> QEMU. >> >> I'll try with device_model_extra_args >> >> >> >> I guess it's something like device_model_extra_args = 'args' >> >> >> > >> > No, I misremebered the name. Something like device_model_args = >> ['arg1', >> > 'arg2']. You'd better google for examples. >> > >> > BTW there's variant for hvm called device_model_args_hvm. >> >> I've no luck when trying to get that working using device_model_args = [ >> "args" ] >> > > In any case you're not using the above option verbatim, right? I tried device_model_args = [ ",tls,x509=/etc/xen/cert" ] and device_model_args = [ "tls,x509=/etc/xen/cert" ] but VM won't start at all libxl: debug: libxl_device.c:257:libxl__device_disk_set_backend: Disk vdev=xvda spec.backend=qdisk libxl: debug: libxl_dm.c:1206:libxl__spawn_local_dm: Spawning device-model /usr/lib/xen/bin/qemu-system-i386 with arguments: libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: /usr/lib/xen/bin/qemu-system-i386 libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -xen-domid libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 5 libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -chardev libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-5,server,nowait libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -mon libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: chardev=libxl-cmd,mode=control libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -xen-attach libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -name libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 10.100.12.5 libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -vnc libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 10.100.12.10:10,password,to=99 libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: ,tls,x509=/etc/xen/cert libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -M libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: xenpv libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -m libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 2049 If you check line 425 from /var/src/xen-4.3.1/tools/libxl/libxl_dm.c Is it only way to modify source and recompile to get that working? > >> I just found that when using 'xl' it uses tools/libxl/libxl_dm.c and >> from >> there it does bother reading xend config at all. Your only option is to >> edit that libxl_dm.c manually and recompile ... Well my C skills are >> limited, I am PHP developer. >> > > Hmm... Which line did you see libxl reads xend-config.sxp? Maybe you > misread something? It was logical expectation that 'xl' would read it because those option are there. What is reading and using vnc tls options from xend-config.sxp? I could not find anything with google nor documentation is not saying anything clearly on how to make this work. > >> Does 'xm' toolstack use >> '/usr/local/lib/python2.7/site-packages/xen/xend/image.py' ? From >> image.py: >> >> if vncx509verify: >> vncopts = vncopts + ",tls,x509verify=%s" % >> vncx509certdir >> else: >> vncopts = vncopts + ",tls,x509=%s" % vncx509certdir >> >> So the options that needs to be appended are as far as I know as >> follows: >> >> tls,x509=/etc/xen/cert >> > > This needs to be appened after other VNC parameters. > > Wei. > _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.