[libvirt] listen_tls not enabling libvirtd to listen for tls
Kenneth Nagin
NAGIN at il.ibm.com
Mon May 19 13:39:26 UTC 2008
> On Thu, May 15, 2008 at 10:21:46AM -0400, Daniel Veillard wrote:
> > On Tue, May 13, 2008 at 05:04:43PM +0300, Kenneth Nagin wrote:
> > > > Kenneth Nagin wrote:
> > > > > libvirtd is not listening for TLS connection by default.
> > > > > Setting 'listen_tls = 1' in /etc/libvirt/libvirtd.conf does not
help
> > > > > either.
> > > > > However, starting 'libvirtd --listen' does work.
> > > > > I'm running Fedora 8. I prefer to use the configuration file
since
> > > > > it is automatically started when the system reboots. Does anyone
> > > > > know how to configure libvirtd to listen for tls?
> > > >
> > > > Yes. As you found out, there are 2 things you need to do, the
first
> > > > of which is
> > > > to instruct libvirtd to listen, and the second of which is to make
> > > > it listen for
> > > > TLS. You can accomplish the first on Fedora by editing
> > > > /etc/sysconfig/libvirtd
> > > > and uncommenting the LIBVIRTD_ARGS="--listen" line. You can
accomplish
> > > the
> > > > second by edit /etc/libvirt/libvirtd.conf by uncommenting the
> "listen_tls
> > > = 1"
> > > > line. Then "service libvirtd restart", and you should be goodto go
(this
> > > will
> > > > also preserve the configuration across reboots).
> > > >
> > > > Chris Lalancette
> > > Thanks for the quick response. That solved the problem. I suggest
> > > updating the web document on
> > > remote support.
> >
> > Even better, send us a patch with your suggested documentation
udate :-)
> > The web site is a checkout of the libvirt CVS docs subdirectory. Do a
> > CVS checkout, edit remote.html.in and send us the diff, it's not hard
> > and may help others !
>
> Since 0.4.1 the default configuration file has comments right next to
> the 'listen_tls' and 'listen_tcp' options explicitly saying you need
> to add the --listen flag.
>
> Regards,
> Daniel.
> --
> |: Red Hat, Engineering, Boston -o-
http://people.redhat.com/berrange/ :|
> |: http://libvirt.org -o- http://virt-manager.org -o-
http://ovirt.org :|
> |: http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
> |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B
9505 :|
Per your request I created this attached updated remote.html.in file:
(See attached file: remote.html.in.nagin)
This is the diff:
[nagin at lnx-nagin docs]$ diff remote.html.in remote.html.in.nagin
654a655,657
> Note: it is also necessary to start the server in listening mode by
> running it with --listen or editing /etc/sysconfig/libvirtd by
uncommenting the LIBVIRTD_ARGS="--listen" line
> to cause the server to come up in listening mode whenever it is
started.
661a665
> Note: it is also necessary to start the server in listening mode.
I hope these updates are acceptable.
- Kenneth Nagin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: remote.html.in.nagin
Type: application/octet-stream
Size: 30567 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20080519/b13f2490/attachment-0001.obj>
More information about the libvir-list
mailing list