|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] XEN 4.3.1 VNC TLS is not working?
> On Tue, Nov 26, 2013 at 12:43:16AM +0200, NiX wrote: >> > On Mon, Nov 25, 2013 at 11:31:03PM +0200, NiX wrote: >> >> > On Mon, Nov 25, 2013 at 09:06:09PM +0200, NiX wrote: >> >> >> > On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote: >> >> >> >> Hi. I am using XEN 4.3.1 source compile. In >> >> /etc/xen/xend-config.sxp >> >> >> >> I've >> >> >> >> the following settings enabled: >> >> >> >> >> >> >> > >> >> >> > Hmm... The default toolstack in 4.3 is xl. I don't think xl ever >> >> looks >> >> >> > at xend-config.sxp. Which toolstack are you using? >> >> >> >> >> >> xl >> >> >> >> >> >> > >> >> >> > And to be honest I don't see a way for doing this in xl... >> >> >> > >> >> >> > If you're expecting some extra VNC TLS arguments added to QEMU, >> >> maybe >> >> >> > you can use device_model_extra_args in your config file to work >> >> around >> >> >> > this? >> >> >> >> >> >> That's going to be trial and error because I've never done that >> with >> >> >> QEMU. >> >> >> I'll try with device_model_extra_args >> >> >> >> >> >> I guess it's something like device_model_extra_args = 'args' >> >> >> >> >> > >> >> > No, I misremebered the name. Something like device_model_args = >> >> ['arg1', >> >> > 'arg2']. You'd better google for examples. >> >> > >> >> > BTW there's variant for hvm called device_model_args_hvm. >> >> >> >> I've no luck when trying to get that working using device_model_args >> = [ >> >> "args" ] >> >> >> > >> > In any case you're not using the above option verbatim, right? >> >> I tried device_model_args = [ ",tls,x509=/etc/xen/cert" ] and >> device_model_args = [ "tls,x509=/etc/xen/cert" ] but VM won't start at >> all >> > > Yes, because they were appended to wrong position. > >> libxl: debug: libxl_device.c:257:libxl__device_disk_set_backend: Disk >> vdev=xvda spec.backend=qdisk >> libxl: debug: libxl_dm.c:1206:libxl__spawn_local_dm: Spawning >> device-model >> /usr/lib/xen/bin/qemu-system-i386 with arguments: >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: >> /usr/lib/xen/bin/qemu-system-i386 >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -xen-domid >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 5 >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -chardev >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: >> socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-5,server,nowait >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -mon >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: >> chardev=libxl-cmd,mode=control >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -xen-attach >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -name >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 10.100.12.5 >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -vnc >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: >> 10.100.12.10:10,password,to=99 >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: >> ,tls,x509=/etc/xen/cert >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -M >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: xenpv >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -m >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 2049 >> >> If you check line 425 from /var/src/xen-4.3.1/tools/libxl/libxl_dm.c >> > > That's constructing QEMU arguments from libxl internal configuration > state. > >> Is it only way to modify source and recompile to get that working? >> > > No, but you need to trick libxl by disaling VNC in the configuration > file, so that it skips the code you found. > > Then use device_model_args to append whole VNC rune to QEMU. > > In theory this would work, but I've never tried. Here's what I tried: #vfb = [ "type=vnc,vnclisten=10.100.12.10,vncdisplay=10,vncpasswd=test12345" ] device_model_args = [ "-vnc 10.100.12.10:10,tls,x509=/etc/xen/cert" ] VM won't start despite syntax is right. Even if it would start, we're going to have another problem because you've no way to define password using options stated above because of http://wiki.qemu.org/download/qemu-doc.html#pcsys_005fmonitor This must be considered as a broken feature. By any change is there any interests fix this feature for xl toolstack so we could use vnc tls in guest config ie. vfb = [ "type=vnc,vnclisten=10.100.12.10,vncdisplay=10,vncpasswd=test12345,tls,x509=/etc/xen/cert" ] PS. After starting a VM with 'vfb = [ "type=vnc,vnclisten=10.100.12.10,vncdisplay=10,vncpasswd=test12345" ]' I was able to verify qemu-system-i386 syntax and tls vnc functionality by using the following command line: /usr/lib/xen/bin/qemu-system-i386 -xen-domid 11 -chardev socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-11,server,nowait -mon chardev=libxl-cmd,mode=control -xen-attach -name 10.100.12.5 -vnc 10.100.12.10:11,tls,x509=/etc/xen/cert -M xenpv -m 2049 VeNCrypt was able to connect successfully so at least my SSL certificate was correctly done. > >> > >> >> I just found that when using 'xl' it uses tools/libxl/libxl_dm.c and >> >> from >> >> there it does bother reading xend config at all. Your only option is >> to >> >> edit that libxl_dm.c manually and recompile ... Well my C skills are >> >> limited, I am PHP developer. >> >> >> > >> > Hmm... Which line did you see libxl reads xend-config.sxp? Maybe you >> > misread something? >> >> It was logical expectation that 'xl' would read it because those option >> are there. What is reading and using vnc tls options from >> xend-config.sxp? >> > > As the name suggests, xend-config.sxp is configuration for Xend, which > is not in use from 4.3 onwards. > >> I could not find anything with google nor documentation is not saying >> anything clearly on how to make this work. >> > > Sadly that might be missing bit in libxl. > > Wei. > _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |