[libvirt] Web Interface -> LibVirt Communication?

[Daniel P. Berrange]

On Wed, Jul 09, 2008 at 07:18:32AM -0700, Michael March wrote:
> 
> >On Wed, Jul 09, 2008 at 06:57:11AM -0700, Michael March wrote:
> >  
> >>This might not be the 'right way' but here is how I handled 
> >>communication to each Xen instance my web interface is managing. I used 
> >>the ssh style connect string.. even if it was a local instance.. here is 
> >>a line ripped right from my code:
> >>
> >>server_list={"michael":['127.0.0.1',""], "tito":['192.168.101.5',""], 
> >>"jermaine":['192.168.101.6',""}
> >>
> >>.. then later in my code...
> >>
> >>for server in server_list:
> >>   server_list[server][1] = 
> >>libvirt.open('xen+ssh://root@'+server_list[server][0]+'/')
> >>    
> >
> >I wouldn't recommend using the SSH transport for serious management
> >tools. If you want a simple username/password based auth scheme which 
> >is trivial to setup, then the Digest-MD5 scheme is best bet. The
> >SSH tunnel capability is handy for ad-hoc sysadmin work, but it suffers
> >from having a high initial connection overhead and poor diagnostics 
> >when things go wrong. 
> >
> >Digest-MD5 is easy to setup, only requiring you to create a user on each
> >managed node which your app will authenticate as:
> >
> >  http://libvirt.org/auth.html#ACL_server_username
> >  
> 
> When I looked at this it *seemed* you had to embed the username and 
> password someplace in your code or a config file... did I get the wrong 
> impression?

That is correct - you'll need to store the password somewhere in your
client app. I'd recommend keeping it in a file and then using UNIX file
permissions to ensure only your app can read the file.

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|