[libvirt] Web Interface -> LibVirt Communication?
Michael March
mmarch at gmail.com
Wed Jul 9 14:23:17 UTC 2008
Stefan de Konink wrote:
> Michael March schreef:
>>
>>> Michael March schreef:
>>>> .. in this setup you MUST have the ssh public key of the user the
>>>> web server runs as in the 'root' account of each server it
>>>> manages.. again, this might not be 100% kosher.. but it works.
>>>
>>> The main problem I encounter is the hostname voodoo...but that check
>>> can be disabled. I probably make an automatic hostname based on mac
>>> address, and send that via SSH to the main box.
>>>
>>> A shared certificate is probably an option too, if the hostname is
>>> ignored.
>>>
>> Hmm.. I'm not sure what you exactly mean by "hostname voodoo".... Do
>> you mean the checks the ssh client does the first time it connects to
>> an unknown server?
>
> No I mean that the certificate is not valid if the hostname doesn't
> match. (It is possible to disable that in the connection string though)
>
All I did was make sure I ssh'd as a 'real' user first.. using whatever
hostname I was using for the ssh endpoint.. if that went well (making
sure I didn't have to enter a password or ssh key pass-phrase) I was
pretty certain the libvirt connection would work.
However.. other messages on this thread are recommending against the ssh
method.. I'm going to try the recommended Digest-MD5 method now too
More information about the libvir-list
mailing list