[libvirt] listen_tls not enabling libvirtd to listen for tls

Daniel P. Berrange berrange at redhat.com
Thu May 15 14:26:06 UTC 2008 

On Thu, May 15, 2008 at 10:21:46AM -0400, Daniel Veillard wrote:
> On Tue, May 13, 2008 at 05:04:43PM +0300, Kenneth Nagin wrote:
> > > Kenneth Nagin wrote:
> > > > libvirtd is not listening for TLS connection by default.
> > > > Setting 'listen_tls = 1' in /etc/libvirt/libvirtd.conf does not help
> > > > either.
> > > > However, starting 'libvirtd --listen' does work.
> > > > I'm running Fedora 8.   I prefer to use the configuration file since
> > > > it is automatically started when the system reboots.  Does anyone
> > > > know how to configure libvirtd to listen for tls?
> > >
> > > Yes.  As you found out, there are 2 things you need to do, the first
> > > of which is
> > > to instruct libvirtd to listen, and the second of which is to make
> > > it listen for
> > > TLS.  You can accomplish the first on Fedora by editing
> > > /etc/sysconfig/libvirtd
> > > and uncommenting the LIBVIRTD_ARGS="--listen" line.  You can accomplish
> > the
> > > second by edit /etc/libvirt/libvirtd.conf by uncommenting the "listen_tls
> > = 1"
> > > line.  Then "service libvirtd restart", and you should be good to go(this
> > will
> > > also preserve the configuration across reboots).
> > >
> > > Chris Lalancette
> > Thanks for the quick response.  That solved the problem.  I suggest
> > updating the web document on
> > remote support.
> 
>   Even better, send us a patch with your suggested documentation udate :-)
> The web site is a checkout of the libvirt CVS docs subdirectory. Do a 
> CVS checkout, edit remote.html.in and send us the diff, it's not hard
> and may help others !

Since 0.4.1  the default configuration file has comments right next to
the 'listen_tls' and 'listen_tcp' options explicitly saying you need
to add the --listen flag. 

Regards,
Daniel.
-- 
|: Red Hat, Engineering, Boston   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list