[libvirt] Web Interface -> LibVirt Communication?
Stefan de Konink
skinkie at xs4all.nl
Wed Jul 9 14:26:11 UTC 2008
Michael March schreef:
> Stefan de Konink wrote:
>> Michael March schreef:
>>>
>>>> Michael March schreef:
>>>>> .. in this setup you MUST have the ssh public key of the user the
>>>>> web server runs as in the 'root' account of each server it
>>>>> manages.. again, this might not be 100% kosher.. but it works.
>>>>
>>>> The main problem I encounter is the hostname voodoo...but that check
>>>> can be disabled. I probably make an automatic hostname based on mac
>>>> address, and send that via SSH to the main box.
>>>>
>>>> A shared certificate is probably an option too, if the hostname is
>>>> ignored.
>>>>
>>> Hmm.. I'm not sure what you exactly mean by "hostname voodoo".... Do
>>> you mean the checks the ssh client does the first time it connects to
>>> an unknown server?
>>
>> No I mean that the certificate is not valid if the hostname doesn't
>> match. (It is possible to disable that in the connection string though)
>>
> All I did was make sure I ssh'd as a 'real' user first.. using whatever
> hostname I was using for the ssh endpoint.. if that went well (making
> sure I didn't have to enter a password or ssh key pass-phrase) I was
> pretty certain the libvirt connection would work.
>
> However.. other messages on this thread are recommending against the ssh
> method.. I'm going to try the recommended Digest-MD5 method now too
I'm using the tls connection not ssh.
Stefan
More information about the libvir-list
mailing list