Hi. I am using XEN 4.3.1 source compile. In /etc/xen/xend-config.sxp I''ve the following settings enabled: (vnc-tls 1) (vnc-x509-cert-dir /etc/xen/cert) ls -la /etc/xen/cert total 20 drwxr-sr-x 2 root root 4096 Nov 25 06:01 . drwxr-sr-x 6 root root 4096 Nov 25 05:18 .. -rw-r--r-- 1 root root 2660 Nov 25 06:00 ca-cert.pem -rw-r--r-- 1 root root 1846 Nov 25 06:01 server-cert.pem -rw-r--r-- 1 root root 1675 Nov 25 06:01 server-key.pem Finally my guest config as follows: ---------------------------------------- builder="generic" vcpus=1 memory=2048 name="10.100.12.5" kernel="/xen/kernels/vmlinuz-2.6.32.61-AMD-grsec" #ramdisk="" extra="root=/dev/xvda1 xencons=tty1 earlyprintk=xen" vif = [ "ip=10.100.12.5,mac=00:16:3E:30:B3:2E,model=e1000,bridge=br0" ] disk = [ "raw:/xen/images/debian_64.img,ioemu:xvda,w" ] vfb = [ "type=vnc,vnclisten=10.100.12.10,vncdisplay=10,vncpasswd=test12345" ] serial="pty" boot = "c" sdl=0 monitor=1 localtime=0 xen_platform_pci=1 stdvga=1 gfx_passthru=0 keymap="fi" on_poweroff="destroy" on_reboot="restart" on_crash="destroy" ---------------------------------------- ps -ef | grep qemu root 24401 1 2 19:37 ? 00:00:00 /usr/lib/xen/bin/qemu-system-i386 -xen-domid 16 -chardev socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-16,server,nowait -mon chardev=libxl-cmd,mode=control -xen-attach -name 10.100.12.5 -vnc 10.100.12.10:10,password,to=99 -M xenpv -m 2049 Why I can''t get VNC TLS working? When I was doing source compile, I remember it compiled QEMU automatically with TLS I''ve googled for this several hours and tried many things but no luck yet.
On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote:> Hi. I am using XEN 4.3.1 source compile. In /etc/xen/xend-config.sxp I''ve > the following settings enabled: >Hmm... The default toolstack in 4.3 is xl. I don''t think xl ever looks at xend-config.sxp. Which toolstack are you using? And to be honest I don''t see a way for doing this in xl... If you''re expecting some extra VNC TLS arguments added to QEMU, maybe you can use device_model_extra_args in your config file to work around this? Wei.
> On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote: >> Hi. I am using XEN 4.3.1 source compile. In /etc/xen/xend-config.sxp >> I''ve >> the following settings enabled: >> > > Hmm... The default toolstack in 4.3 is xl. I don''t think xl ever looks > at xend-config.sxp. Which toolstack are you using?xl> > And to be honest I don''t see a way for doing this in xl... > > If you''re expecting some extra VNC TLS arguments added to QEMU, maybe > you can use device_model_extra_args in your config file to work around > this?That''s going to be trial and error because I''ve never done that with QEMU. I''ll try with device_model_extra_args I guess it''s something like device_model_extra_args = ''args'' PS. Thanks for fast reply.> > Wei. > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users >
On Mon, Nov 25, 2013 at 09:06:09PM +0200, NiX wrote:> > On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote: > >> Hi. I am using XEN 4.3.1 source compile. In /etc/xen/xend-config.sxp > >> I''ve > >> the following settings enabled: > >> > > > > Hmm... The default toolstack in 4.3 is xl. I don''t think xl ever looks > > at xend-config.sxp. Which toolstack are you using? > > xl > > > > > And to be honest I don''t see a way for doing this in xl... > > > > If you''re expecting some extra VNC TLS arguments added to QEMU, maybe > > you can use device_model_extra_args in your config file to work around > > this? > > That''s going to be trial and error because I''ve never done that with QEMU. > I''ll try with device_model_extra_args > > I guess it''s something like device_model_extra_args = ''args'' >No, I misremebered the name. Something like device_model_args = [''arg1'', ''arg2'']. You''d better google for examples. BTW there''s variant for hvm called device_model_args_hvm. Wei.> PS. Thanks for fast reply. > > > > > Wei. > > > > _______________________________________________ > > Xen-users mailing list > > Xen-users@lists.xen.org > > http://lists.xen.org/xen-users > > >
> On Mon, Nov 25, 2013 at 09:06:09PM +0200, NiX wrote: >> > On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote: >> >> Hi. I am using XEN 4.3.1 source compile. In /etc/xen/xend-config.sxp >> >> I''ve >> >> the following settings enabled: >> >> >> > >> > Hmm... The default toolstack in 4.3 is xl. I don''t think xl ever looks >> > at xend-config.sxp. Which toolstack are you using? >> >> xl >> >> > >> > And to be honest I don''t see a way for doing this in xl... >> > >> > If you''re expecting some extra VNC TLS arguments added to QEMU, maybe >> > you can use device_model_extra_args in your config file to work around >> > this? >> >> That''s going to be trial and error because I''ve never done that with >> QEMU. >> I''ll try with device_model_extra_args >> >> I guess it''s something like device_model_extra_args = ''args'' >> > > No, I misremebered the name. Something like device_model_args = [''arg1'', > ''arg2'']. You''d better google for examples. > > BTW there''s variant for hvm called device_model_args_hvm.I''ve no luck when trying to get that working using device_model_args = [ "args" ] I just found that when using ''xl'' it uses tools/libxl/libxl_dm.c and from there it does bother reading xend config at all. Your only option is to edit that libxl_dm.c manually and recompile ... Well my C skills are limited, I am PHP developer. Does ''xm'' toolstack use ''/usr/local/lib/python2.7/site-packages/xen/xend/image.py'' ? From image.py: if vncx509verify: vncopts = vncopts + ",tls,x509verify=%s" % vncx509certdir else: vncopts = vncopts + ",tls,x509=%s" % vncx509certdir So the options that needs to be appended are as far as I know as follows: tls,x509=/etc/xen/cert This is a mess ...> > Wei. > >> PS. Thanks for fast reply. >> >> > >> > Wei. >> > >> > _______________________________________________ >> > Xen-users mailing list >> > Xen-users@lists.xen.org >> > http://lists.xen.org/xen-users >> > >> >
On Mon, Nov 25, 2013 at 11:31:03PM +0200, NiX wrote:> > On Mon, Nov 25, 2013 at 09:06:09PM +0200, NiX wrote: > >> > On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote: > >> >> Hi. I am using XEN 4.3.1 source compile. In /etc/xen/xend-config.sxp > >> >> I''ve > >> >> the following settings enabled: > >> >> > >> > > >> > Hmm... The default toolstack in 4.3 is xl. I don''t think xl ever looks > >> > at xend-config.sxp. Which toolstack are you using? > >> > >> xl > >> > >> > > >> > And to be honest I don''t see a way for doing this in xl... > >> > > >> > If you''re expecting some extra VNC TLS arguments added to QEMU, maybe > >> > you can use device_model_extra_args in your config file to work around > >> > this? > >> > >> That''s going to be trial and error because I''ve never done that with > >> QEMU. > >> I''ll try with device_model_extra_args > >> > >> I guess it''s something like device_model_extra_args = ''args'' > >> > > > > No, I misremebered the name. Something like device_model_args = [''arg1'', > > ''arg2'']. You''d better google for examples. > > > > BTW there''s variant for hvm called device_model_args_hvm. > > I''ve no luck when trying to get that working using device_model_args = [ > "args" ] >In any case you''re not using the above option verbatim, right?> I just found that when using ''xl'' it uses tools/libxl/libxl_dm.c and from > there it does bother reading xend config at all. Your only option is to > edit that libxl_dm.c manually and recompile ... Well my C skills are > limited, I am PHP developer. >Hmm... Which line did you see libxl reads xend-config.sxp? Maybe you misread something?> Does ''xm'' toolstack use > ''/usr/local/lib/python2.7/site-packages/xen/xend/image.py'' ? From > image.py: > > if vncx509verify: > vncopts = vncopts + ",tls,x509verify=%s" % vncx509certdir > else: > vncopts = vncopts + ",tls,x509=%s" % vncx509certdir > > So the options that needs to be appended are as far as I know as follows: > > tls,x509=/etc/xen/cert >This needs to be appened after other VNC parameters. Wei.
> On Mon, Nov 25, 2013 at 11:31:03PM +0200, NiX wrote: >> > On Mon, Nov 25, 2013 at 09:06:09PM +0200, NiX wrote: >> >> > On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote: >> >> >> Hi. I am using XEN 4.3.1 source compile. In >> /etc/xen/xend-config.sxp >> >> >> I''ve >> >> >> the following settings enabled: >> >> >> >> >> > >> >> > Hmm... The default toolstack in 4.3 is xl. I don''t think xl ever >> looks >> >> > at xend-config.sxp. Which toolstack are you using? >> >> >> >> xl >> >> >> >> > >> >> > And to be honest I don''t see a way for doing this in xl... >> >> > >> >> > If you''re expecting some extra VNC TLS arguments added to QEMU, >> maybe >> >> > you can use device_model_extra_args in your config file to work >> around >> >> > this? >> >> >> >> That''s going to be trial and error because I''ve never done that with >> >> QEMU. >> >> I''ll try with device_model_extra_args >> >> >> >> I guess it''s something like device_model_extra_args = ''args'' >> >> >> > >> > No, I misremebered the name. Something like device_model_args >> [''arg1'', >> > ''arg2'']. You''d better google for examples. >> > >> > BTW there''s variant for hvm called device_model_args_hvm. >> >> I''ve no luck when trying to get that working using device_model_args = [ >> "args" ] >> > > In any case you''re not using the above option verbatim, right?I tried device_model_args = [ ",tls,x509=/etc/xen/cert" ] and device_model_args = [ "tls,x509=/etc/xen/cert" ] but VM won''t start at all libxl: debug: libxl_device.c:257:libxl__device_disk_set_backend: Disk vdev=xvda spec.backend=qdisk libxl: debug: libxl_dm.c:1206:libxl__spawn_local_dm: Spawning device-model /usr/lib/xen/bin/qemu-system-i386 with arguments: libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: /usr/lib/xen/bin/qemu-system-i386 libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -xen-domid libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 5 libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -chardev libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-5,server,nowait libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -mon libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: chardev=libxl-cmd,mode=control libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -xen-attach libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -name libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 10.100.12.5 libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -vnc libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 10.100.12.10:10,password,to=99 libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: ,tls,x509=/etc/xen/cert libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -M libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: xenpv libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -m libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 2049 If you check line 425 from /var/src/xen-4.3.1/tools/libxl/libxl_dm.c Is it only way to modify source and recompile to get that working?> >> I just found that when using ''xl'' it uses tools/libxl/libxl_dm.c and >> from >> there it does bother reading xend config at all. Your only option is to >> edit that libxl_dm.c manually and recompile ... Well my C skills are >> limited, I am PHP developer. >> > > Hmm... Which line did you see libxl reads xend-config.sxp? Maybe you > misread something?It was logical expectation that ''xl'' would read it because those option are there. What is reading and using vnc tls options from xend-config.sxp? I could not find anything with google nor documentation is not saying anything clearly on how to make this work.> >> Does ''xm'' toolstack use >> ''/usr/local/lib/python2.7/site-packages/xen/xend/image.py'' ? From >> image.py: >> >> if vncx509verify: >> vncopts = vncopts + ",tls,x509verify=%s" % >> vncx509certdir >> else: >> vncopts = vncopts + ",tls,x509=%s" % vncx509certdir >> >> So the options that needs to be appended are as far as I know as >> follows: >> >> tls,x509=/etc/xen/cert >> > > This needs to be appened after other VNC parameters. > > Wei. >
On Tue, Nov 26, 2013 at 12:43:16AM +0200, NiX wrote:> > On Mon, Nov 25, 2013 at 11:31:03PM +0200, NiX wrote: > >> > On Mon, Nov 25, 2013 at 09:06:09PM +0200, NiX wrote: > >> >> > On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote: > >> >> >> Hi. I am using XEN 4.3.1 source compile. In > >> /etc/xen/xend-config.sxp > >> >> >> I''ve > >> >> >> the following settings enabled: > >> >> >> > >> >> > > >> >> > Hmm... The default toolstack in 4.3 is xl. I don''t think xl ever > >> looks > >> >> > at xend-config.sxp. Which toolstack are you using? > >> >> > >> >> xl > >> >> > >> >> > > >> >> > And to be honest I don''t see a way for doing this in xl... > >> >> > > >> >> > If you''re expecting some extra VNC TLS arguments added to QEMU, > >> maybe > >> >> > you can use device_model_extra_args in your config file to work > >> around > >> >> > this? > >> >> > >> >> That''s going to be trial and error because I''ve never done that with > >> >> QEMU. > >> >> I''ll try with device_model_extra_args > >> >> > >> >> I guess it''s something like device_model_extra_args = ''args'' > >> >> > >> > > >> > No, I misremebered the name. Something like device_model_args > >> [''arg1'', > >> > ''arg2'']. You''d better google for examples. > >> > > >> > BTW there''s variant for hvm called device_model_args_hvm. > >> > >> I''ve no luck when trying to get that working using device_model_args = [ > >> "args" ] > >> > > > > In any case you''re not using the above option verbatim, right? > > I tried device_model_args = [ ",tls,x509=/etc/xen/cert" ] and > device_model_args = [ "tls,x509=/etc/xen/cert" ] but VM won''t start at all >Yes, because they were appended to wrong position.> libxl: debug: libxl_device.c:257:libxl__device_disk_set_backend: Disk > vdev=xvda spec.backend=qdisk > libxl: debug: libxl_dm.c:1206:libxl__spawn_local_dm: Spawning device-model > /usr/lib/xen/bin/qemu-system-i386 with arguments: > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: > /usr/lib/xen/bin/qemu-system-i386 > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -xen-domid > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 5 > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -chardev > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: > socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-5,server,nowait > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -mon > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: > chardev=libxl-cmd,mode=control > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -xen-attach > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -name > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 10.100.12.5 > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -vnc > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: > 10.100.12.10:10,password,to=99 > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: > ,tls,x509=/etc/xen/cert > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -M > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: xenpv > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -m > libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 2049 > > If you check line 425 from /var/src/xen-4.3.1/tools/libxl/libxl_dm.c >That''s constructing QEMU arguments from libxl internal configuration state.> Is it only way to modify source and recompile to get that working? >No, but you need to trick libxl by disaling VNC in the configuration file, so that it skips the code you found. Then use device_model_args to append whole VNC rune to QEMU. In theory this would work, but I''ve never tried.> > > >> I just found that when using ''xl'' it uses tools/libxl/libxl_dm.c and > >> from > >> there it does bother reading xend config at all. Your only option is to > >> edit that libxl_dm.c manually and recompile ... Well my C skills are > >> limited, I am PHP developer. > >> > > > > Hmm... Which line did you see libxl reads xend-config.sxp? Maybe you > > misread something? > > It was logical expectation that ''xl'' would read it because those option > are there. What is reading and using vnc tls options from xend-config.sxp? >As the name suggests, xend-config.sxp is configuration for Xend, which is not in use from 4.3 onwards.> I could not find anything with google nor documentation is not saying > anything clearly on how to make this work. >Sadly that might be missing bit in libxl. Wei.
> On Tue, Nov 26, 2013 at 12:43:16AM +0200, NiX wrote: >> > On Mon, Nov 25, 2013 at 11:31:03PM +0200, NiX wrote: >> >> > On Mon, Nov 25, 2013 at 09:06:09PM +0200, NiX wrote: >> >> >> > On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote: >> >> >> >> Hi. I am using XEN 4.3.1 source compile. In >> >> /etc/xen/xend-config.sxp >> >> >> >> I''ve >> >> >> >> the following settings enabled: >> >> >> >> >> >> >> > >> >> >> > Hmm... The default toolstack in 4.3 is xl. I don''t think xl ever >> >> looks >> >> >> > at xend-config.sxp. Which toolstack are you using? >> >> >> >> >> >> xl >> >> >> >> >> >> > >> >> >> > And to be honest I don''t see a way for doing this in xl... >> >> >> > >> >> >> > If you''re expecting some extra VNC TLS arguments added to QEMU, >> >> maybe >> >> >> > you can use device_model_extra_args in your config file to work >> >> around >> >> >> > this? >> >> >> >> >> >> That''s going to be trial and error because I''ve never done that >> with >> >> >> QEMU. >> >> >> I''ll try with device_model_extra_args >> >> >> >> >> >> I guess it''s something like device_model_extra_args = ''args'' >> >> >> >> >> > >> >> > No, I misremebered the name. Something like device_model_args >> >> [''arg1'', >> >> > ''arg2'']. You''d better google for examples. >> >> > >> >> > BTW there''s variant for hvm called device_model_args_hvm. >> >> >> >> I''ve no luck when trying to get that working using device_model_args >> = [ >> >> "args" ] >> >> >> > >> > In any case you''re not using the above option verbatim, right? >> >> I tried device_model_args = [ ",tls,x509=/etc/xen/cert" ] and >> device_model_args = [ "tls,x509=/etc/xen/cert" ] but VM won''t start at >> all >> > > Yes, because they were appended to wrong position. > >> libxl: debug: libxl_device.c:257:libxl__device_disk_set_backend: Disk >> vdev=xvda spec.backend=qdisk >> libxl: debug: libxl_dm.c:1206:libxl__spawn_local_dm: Spawning >> device-model >> /usr/lib/xen/bin/qemu-system-i386 with arguments: >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: >> /usr/lib/xen/bin/qemu-system-i386 >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -xen-domid >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 5 >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -chardev >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: >> socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-5,server,nowait >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -mon >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: >> chardev=libxl-cmd,mode=control >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -xen-attach >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -name >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 10.100.12.5 >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -vnc >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: >> 10.100.12.10:10,password,to=99 >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: >> ,tls,x509=/etc/xen/cert >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -M >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: xenpv >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: -m >> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm: 2049 >> >> If you check line 425 from /var/src/xen-4.3.1/tools/libxl/libxl_dm.c >> > > That''s constructing QEMU arguments from libxl internal configuration > state. > >> Is it only way to modify source and recompile to get that working? >> > > No, but you need to trick libxl by disaling VNC in the configuration > file, so that it skips the code you found. > > Then use device_model_args to append whole VNC rune to QEMU. > > In theory this would work, but I''ve never tried.Here''s what I tried: #vfb = [ "type=vnc,vnclisten=10.100.12.10,vncdisplay=10,vncpasswd=test12345" ] device_model_args = [ "-vnc 10.100.12.10:10,tls,x509=/etc/xen/cert" ] VM won''t start despite syntax is right. Even if it would start, we''re going to have another problem because you''ve no way to define password using options stated above because of http://wiki.qemu.org/download/qemu-doc.html#pcsys_005fmonitor This must be considered as a broken feature. By any change is there any interests fix this feature for xl toolstack so we could use vnc tls in guest config ie. vfb = [ "type=vnc,vnclisten=10.100.12.10,vncdisplay=10,vncpasswd=test12345,tls,x509=/etc/xen/cert" ] PS. After starting a VM with ''vfb = [ "type=vnc,vnclisten=10.100.12.10,vncdisplay=10,vncpasswd=test12345" ]'' I was able to verify qemu-system-i386 syntax and tls vnc functionality by using the following command line: /usr/lib/xen/bin/qemu-system-i386 -xen-domid 11 -chardev socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-11,server,nowait -mon chardev=libxl-cmd,mode=control -xen-attach -name 10.100.12.5 -vnc 10.100.12.10:11,tls,x509=/etc/xen/cert -M xenpv -m 2049 VeNCrypt was able to connect successfully so at least my SSL certificate was correctly done.> >> > >> >> I just found that when using ''xl'' it uses tools/libxl/libxl_dm.c and >> >> from >> >> there it does bother reading xend config at all. Your only option is >> to >> >> edit that libxl_dm.c manually and recompile ... Well my C skills are >> >> limited, I am PHP developer. >> >> >> > >> > Hmm... Which line did you see libxl reads xend-config.sxp? Maybe you >> > misread something? >> >> It was logical expectation that ''xl'' would read it because those option >> are there. What is reading and using vnc tls options from >> xend-config.sxp? >> > > As the name suggests, xend-config.sxp is configuration for Xend, which > is not in use from 4.3 onwards. > >> I could not find anything with google nor documentation is not saying >> anything clearly on how to make this work. >> > > Sadly that might be missing bit in libxl. > > Wei. >
On Mon, 2013-11-25 at 22:54 +0000, Wei Liu wrote:> On Tue, Nov 26, 2013 at 12:43:16AM +0200, NiX wrote: > > It was logical expectation that ''xl'' would read it because those option > > are there. What is reading and using vnc tls options from xend-config.sxp? > > > > As the name suggests, xend-config.sxp is configuration for Xend, which > is not in use from 4.3 onwards.yes. xl''s conf file is /etc/xen/xl.conf.> > > I could not find anything with google nor documentation is not saying > > anything clearly on how to make this work. > > > > Sadly that might be missing bit in libxl.I swear I wrote this code way back, apparently it never went in: http://lists.xenproject.org/archives/html/xen-devel/2011-12/msg01353.html http://lists.xenproject.org/archives/html/xen-devel/2012-01/msg00240.html towards the end I say I''m going to resend, but if I did I can''t find it... (I searched three months into the future). Does any one fancy picking that stuff up and rebasing it? Ian.
create ! title it xl missing support for encrypted VNC thanks Creating a bug to remember this. Sadly the original thread predates even the historical messages which the bug tracker was seeded with. The links below will have to suffice. Ian. On Tue, 2013-11-26 at 10:20 +0000, Ian Campbell wrote:> > Sadly that might be missing bit in libxl. > > I swear I wrote this code way back, apparently it never went in: > http://lists.xenproject.org/archives/html/xen-devel/2011-12/msg01353.html > http://lists.xenproject.org/archives/html/xen-devel/2012-01/msg00240.html > towards the end I say I''m going to resend, but if I did I can''t find > it... (I searched three months into the future). > > Does any one fancy picking that stuff up and rebasing it? > > Ian. > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users
create ! title it xl missing support for encrypted VNC thanks Creating a bug to remember this. Sadly the original thread predates even the historical messages which the bug tracker was seeded with. The links below will have to suffice. Ian. On Tue, 2013-11-26 at 10:20 +0000, Ian Campbell wrote:> > Sadly that might be missing bit in libxl. > > I swear I wrote this code way back, apparently it never went in: > http://lists.xenproject.org/archives/html/xen-devel/2011-12/msg01353.html > http://lists.xenproject.org/archives/html/xen-devel/2012-01/msg00240.html > towards the end I say I''m going to resend, but if I did I can''t find > it... (I searched three months into the future). > > Does any one fancy picking that stuff up and rebasing it? > > Ian. > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xen.org > http://lists.xen.org/xen-users
xen@bugs.xenproject.org
2013-Nov-26 10:45 UTC
Processed: Re: [Xen-users] XEN 4.3.1 VNC TLS is not working?
Processing commands for xen@bugs.xenproject.org:> create !Created new bug #24 rooted at `<1385462142.23112.11.camel@kazak.uk.xensource.com>'' Title: `Re: [Xen-users] XEN 4.3.1 VNC TLS is not working?''> title it xl missing support for encrypted VNCSet title for #24 to `xl missing support for encrypted VNC''> thanksFinished processing. Modified/created Bugs: - 24: http://bugs.xenproject.org/xen/bug/24 (new) --- Xen Hypervisor Bug Tracker See http://wiki.xen.org/wiki/Reporting_Bugs_against_Xen for information on reporting bugs Contact xen-bugs-owner@bugs.xenproject.org with any infrastructure issues
On Tue, Nov 26, 2013 at 03:29:41AM +0200, NiX wrote: [...]> >> > >> If you check line 425 from /var/src/xen-4.3.1/tools/libxl/libxl_dm.c > >> > > > > That''s constructing QEMU arguments from libxl internal configuration > > state. > > > >> Is it only way to modify source and recompile to get that working? > >> > > > > No, but you need to trick libxl by disaling VNC in the configuration > > file, so that it skips the code you found. > > > > Then use device_model_args to append whole VNC rune to QEMU. > > > > In theory this would work, but I''ve never tried. > > Here''s what I tried: > > #vfb = [ > "type=vnc,vnclisten=10.100.12.10,vncdisplay=10,vncpasswd=test12345" ] > > device_model_args = [ "-vnc 10.100.12.10:10,tls,x509=/etc/xen/cert" ] > > VM won''t start despite syntax is right. Even if it would start, we''re > going to have another problem because you''ve no way to define password > using options stated above because of > http://wiki.qemu.org/download/qemu-doc.html#pcsys_005fmonitor >You can access the QMP monitor separately. See below.> This must be considered as a broken feature. By any change is there any > interests fix this feature for xl toolstack so we could use vnc tls in > guest config ie. >Please send an email to Xen-devel reporting this so that we can properly track it. http://wiki.xen.org/wiki/Reporting_Bugs_against_Xen> vfb = [ > "type=vnc,vnclisten=10.100.12.10,vncdisplay=10,vncpasswd=test12345,tls,x509=/etc/xen/cert" > ] > > PS. > > After starting a VM with ''vfb = [ > "type=vnc,vnclisten=10.100.12.10,vncdisplay=10,vncpasswd=test12345" ]'' > > I was able to verify qemu-system-i386 syntax and tls vnc functionality by > using the following command line: > > /usr/lib/xen/bin/qemu-system-i386 -xen-domid 11 -chardev > socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-11,server,nowait -mon > chardev=libxl-cmd,mode=control -xen-attach -name 10.100.12.5 -vnc > 10.100.12.10:11,tls,x509=/etc/xen/cert -M xenpv -m 2049 >/var/run/xen/qmp-libxl-11 is the socket to QMP monitor, you can use a client to connect to it and set your password. A simple client is included in QEMU source code directory. Wei.
On Tue, Nov 26, 2013 at 11:22:29AM +0000, Wei Liu wrote: [...]> > This must be considered as a broken feature. By any change is there any > > interests fix this feature for xl toolstack so we could use vnc tls in > > guest config ie. > > > > Please send an email to Xen-devel reporting this so that we can properly > track it. > > http://wiki.xen.org/wiki/Reporting_Bugs_against_Xen >Just found out Ian has already done it, so no need to send email to Xen-devel@. ;-) Wei.
On Tue, 2013-11-26 at 11:24 +0000, Wei Liu wrote:> On Tue, Nov 26, 2013 at 11:22:29AM +0000, Wei Liu wrote: > [...] > > > This must be considered as a broken feature. By any change is there any > > > interests fix this feature for xl toolstack so we could use vnc tls in > > > guest config ie. > > > > > > > Please send an email to Xen-devel reporting this so that we can properly > > track it. > > > > http://wiki.xen.org/wiki/Reporting_Bugs_against_Xen > > > > Just found out Ian has already done it, so no need to send email to > Xen-devel@. ;-)But please do post any followups to xen-devel as well so they are logged in the bug. Ian.