Hello,
Curious if anyone knows the state of PSARC 2008/165 xVM Hypervisor
Remote Access (virtd), which I see referenced at
http://www.opensolaris.org/jive/thread.jspa?messageID=210306𳖂
My attempt to remotely access a hypervisor with the describe syntax has
failed. When I truss virsh, I don''t even see it attempt to use ssh to
connect remotely, or exec anything that might indicate it is trying to
do something to make a remote connection.
Has remote access been implemented?
--joe
On Thu, Jan 08, 2009 at 11:37:24AM -0800, Joseph Mocker wrote:> Curious if anyone knows the state of PSARC 2008/165 xVM Hypervisor > Remote Access (virtd), which I see referenced at > > http://www.opensolaris.org/jive/thread.jspa?messageID=210306𳖂 > > My attempt to remotely access a hypervisor with the describe syntax has > failed. When I truss virsh, I don''t even see it attempt to use ssh to > connect remotely, or exec anything that might indicate it is trying to > do something to make a remote connection. > > Has remote access been implemented?No, it''s not enabled. We would need some kind of secure wrapper before we could consider this. regards john
John Levon wrote:> On Thu, Jan 08, 2009 at 11:37:24AM -0800, Joseph Mocker wrote: > > >> Curious if anyone knows the state of PSARC 2008/165 xVM Hypervisor >> Remote Access (virtd), which I see referenced at >> >> http://www.opensolaris.org/jive/thread.jspa?messageID=210306𳖂 >> >> My attempt to remotely access a hypervisor with the describe syntax has >> failed. When I truss virsh, I don''t even see it attempt to use ssh to >> connect remotely, or exec anything that might indicate it is trying to >> do something to make a remote connection. >> >> Has remote access been implemented? >> > > No, it''s not enabled. We would need some kind of secure wrapper before > we could consider this. >What is the concern here? Just tunneling though SSH as root in the first place? As I read the capabilities of libvirt, it would seem that the use of TLS might provide more security out of the box. Thanks... --joe
On Thu, Jan 08, 2009 at 12:06:06PM -0800, Joseph Mocker wrote:> As I read the capabilities of libvirt, it would seem that the use of TLS > might provide more security out of the box.Yes, we want something like this. regards john