[Libvir] Web Interface Question
Daniel P. Berrange
berrange at redhat.com
Mon Apr 7 18:44:14 UTC 2008
On Mon, Apr 07, 2008 at 02:38:17PM +0100, Richard W.M. Jones wrote:
> On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote:
> > I'm designing a web interface for libvirt so that my customers can
> > manage their DomUs - unless you know of a good one that already exists???
> >
> > I'm thinking that the best way to run this is have the web server
> > connected to libvirtd - but I can't find any documentation about the API
> > it presents - can you help?
>
> I sort of gathered from IRC that you are using Perl & Dan's Perl
> bindings. This is the right approach.
>
> In order to be able to contact libvirtd without needing to run
> anything as root you (may) need to change the permissions on the
> libvirtd socket (normally /var/run/libvirt/libvirt-sock). If your
> libvirt was configured to use PolicyKit you may also need to edit the
> configuration file /etc/PolicyKit/PolicyKit.conf to allow your web
> server user access to the privilege 'org.libvirt.unix.manage'.
PolicyKit is one option - you'd need to edit /etc/PolicyKit/PolicyKit.conf
to add an explicit rule allowing the httpd user access.
Alternatively you could switch the UNIX socket to use SASL as its auth
method, and setup a SASL username & password
There's some docs here
http://libvirt.org/auth.html
Dan.
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list