[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] Preliminary patch to support remote driver / libvirtd



Before getting into more discussion on the URI issue, I'll copy the "Architecture & Notes" section here so that everyone can actually read it first.

/* Architecture and notes:
 *
 * virConnectOpen ("remote:....") invokes this driver.  Depending
 * on the exact contents of the ellipsis "...." in the name string
 * we will try some method to connect to a libvirtd daemon, running
 * on a remote machine (or sometimes running on the local machine).
 *
 * All other vir* calls made on this connection are forwarded
 * to the libvirtd daemon which carries out the requested action.
 * So for example if you call virDomainCreateLinux, then the
 * domain gets created on the remote machine, and virConnectListDomains
 * lists domains running on the remote machine.
 *
 * Connections can be authenticated and encrypted -- it depends
 * on the transport selected by the name string.
 *
 * The current implementation uses SunRPC layered over one of:
 *  - GnuTLS (an SSL/TLS library providing enterprise-level
 *      authentication and encryption)
 *  - a local Unix domain socket
 *  - ssh or another external program such as rsh
 *  - a plain TCP socket (unencrypted, not recommended for production)
 *
 * See http://et.redhat.com/~rjones/secure_rpc for an insight into
 * the thinking that went into the selection of SunRPC.  In
 * the future we may use a different RPC system - for example
 * XML-RPC would be a logical choice - so for now you should regard
 * the protocol used as private and subject to change in future
 * versions of libvirt without notice.
 *
 * The name string selects the transport to use and the type of
 * virtualisation at the remote end.  The general format is:
 *
 *  "remote:<protocol>:<path> var=value var=value ..."
 *
 * Some examples:
 *
 *  "remote:unix:/var/run/libvirtd/socket"
 *  "remote:tls:myxenserver"
 *  "remote:ssh:myserver name=qemud"
 *  "remote:ssh:myserver command=/opt/openssh/bin/ssh"
 *
 * The <protocol> is one of: tls, unix, ssh, ext or tcp.
 * The <path> is protocol specific:
 *
 *   Protocol   Path-format
 *   -----------------------------------------
 *   tls        hostname[:port]
 *   unix       Path to local socket
 *   ssh        hostname[:port]
 *   ext        Name or path of external program
 *   tcp        hostname[:port]
 *
 * For tls, the default port is 16514.  For tcp, the default port is
 * 16509 (but note that tcp is almost never enabled because it is
 * insecure - it's only there for testing).
 *
 * For ssh: The default port for ssh is 22.  You should configure ssh
 * so that it doesn't ask for a password (eg. using ssh-agent).  The
 * remote server should have a recent version of the the netcat program
 * installed as 'nc', and the remote libvirtd must be configured to
 * listen on a Unix domain socket.  The following full command is run:
 *   ssh -p $port $hostname nc -U /var/run/libvirtd/socket
 *
 * For ext: Only the command you specify is run.  It is up to you to
 * write this command so that it somehow makes a connection to a
 * remote libvirtd, and passes input and output over its stdin/stdout.
 *
 * The var=value pairs provide optional extra information:
 *
 *   Variable    Protocols     Meaning
 *   -----------------------------------------
 *   name        (all)         Name used in remote virConnectOpen
 *                               (default is NULL).
 *   command     ssh           Name or path of external program (instead
 *                               of "ssh").
 *
 * The value is %-escaped (just like URL encoding), so if you want it
 * to contain a literal space use "%20" or "+", if you want it to have
* a literal + character use "%2b", and for a literal % character use "%25".
 *
 * To provide some forwards compatibility, variables which are not
 * understood are ignored (but a warning is printed on stderr).
 *
 * Several shorthand syntaxes are available:
 *
 *   "remote:/var/run/libvirtd/socket"  connect to Unix domain socket
 *   "remote://server"                  connect to TLS socket on server
 *   "remote://server:9000"             connect to TLS server port 9000
 *
 * For the details of the implementation of SunRPC over GnuTLS, etc.
 * please see http://et.redhat.com/~rjones/secure_rpc which contains
 * simple code samples which will allow you to understand what's
 * going on here.
 */



--
Emerging Technologies, Red Hat  http://et.redhat.com/~rjones/
64 Baker Street, London, W1U 7DF     Mobile: +44 7866 314 421
 "[Negative numbers] darken the very whole doctrines of the equations
 and make dark of the things which are in their nature excessively
 obvious and simple" (Francis Maseres FRS, mathematician, 1759)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]