[libvirt] Using ESX domain XML for V2V

Matthias Bolte matthias.bolte at googlemail.com
Fri Jan 15 11:46:00 UTC 2010

2010/1/15 Daniel P. Berrange <berrange at redhat.com>:
> On Fri, Jan 15, 2010 at 12:04:50PM +0100, Matthias Bolte wrote:
>> 2010/1/15 Matthias Bolte <matthias.bolte at googlemail.com>:
>> > 2010/1/14 Matthew Booth <mbooth at redhat.com>:
>> >> I'm trying to use the ESX driver to extract metadata from ESX in an easily
>> >> digestible form for driving V2V. I've noticed the domain XML seems to be
>> >> missing a few bits:
>> >>
>> >> <features/>
>> >
>> > This is currently not implemented, but could be by parsing the CPUIDs.
>> > This is on my todo list.
>> >
>> >> <graphics/>
>> >
>> > VMware seems to use a certain type of VNC for this, but they use a
>> > custom authentication mechanism. There is a Firefox plugin for that
>> > (vmware-mks.xpi), but IIRC its Windows only. I think this could be
>> > implemented but there is more research necessary what to expose as
>> > graphics element.
> Interesting - if there is any docs or source code illustrating this
> auth mechanism we could try and hook it into GTK-VNC and see if it
> really does have normalish VNC

Well that's the VMware MKS stuff. The VI API contains a
AcquireMksTicket method [1] that returns a VirtualMachineMksTicket [2]
containing some information to establish a connection. But IIRC the
port return is 902 and thats the port of the vmware-authd-mks service.
I'm not sure if there is any public documentation available about the
auth mechanism for this service.

But there is no need for the VMware MKS stuff as I just discovered.
The VMX RemoteDisplay.vnc.* config options allow to enable normal VNC.
I edited the config of a virtual machine by hand and used the default
vncviewer of my Ubuntu box here to connect. On connect it asks for the
password and then it works as expected.

I'll have a patch for that shortly.

>> Okay, I should have looked at this in more detail before answering...
>> ESX (at least 4.0) supports normal VNC as well. It can be enabled by adding
>> RemoteDisplay.vnc.enabled = "true"
>> RemoteDisplay.vnc.port = "<port>"
>> RemoteDisplay.vnc.password = "password"
>> to the VMX config. I tested it and it works, but I had to manually
>> open the VNC port range in the ESX firewall using the VI client GUI. I
>> think this can be done using the VI API, but I'm not sure whether the
>> ESX driver should do this automatically or if proper firewall
>> configuration should stay a responsibility of the user.
> That's the responsibility of hte ESX admin, in same way the Linux host
> admin has to open the firewall for VNC when using KVM/Xen
> Daniel


[1] http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/vim.VirtualMachine.html#acquireMksTicket
[2] http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/vim.VirtualMachine.MksTicket.html


More information about the libvir-list mailing list