[libvirt] login and password in connection string for vmware hypervisors...

Matthias Bolte matthias.bolte at googlemail.com
Fri Mar 11 21:54:58 UTC 2011


2011/3/8 john alexander sanabria ordonez <john.sanabria at correounivalle.edu.co>:
> Hi,
>
> I want submit commands against a VMWare hypervisor via virsh in a
> non-interactive way. I can connect to my [remote] hypervisor via virsh as
> follows:
>
> virsh -c gsx://ic-p19-01?no_verify=1
>
> then, it asks me for login and [root] password and I'm in.
> What mechanism can be used to submit commands, e.g. virsh -c
> gsx://localhost?no_verify list --all, with no password at all? A modified
> version of the connection string is required? what is the structure of that
> connection string? Additional parameters to the 'virsh' command?
>
> Thank you,
>

Currently that's an unsolved problem. The connection string is
considered to be public information, and libvirt doesn't support
passing secret information like a password via the connection string
because of this. That's the reason why only

virsh -c gsx://root@ic-p19-01?no_verify=1

is supported, but the following isn't

virsh -c gsx://root:password@ic-p19-01?no_verify=1

VMware ESX supports login via SSPI pass-through authentication. This
allows to login to an ESX server using your already authenticated
Windows session. The problem with SSPI is that it's Windows specific
and requires a domain controller, as far as I have understood it.

For non-Windows systems there is login via username and password only.
Currently libvirt support passing the username in the connection
string only. There is no mechanism to automatically pass the password
as well, yet.

One possibility could be to store the password in plaintext in your
home directory. For example in ~/.libvirt/credentials or maybe more
specific to the ESX driver as in ~/.libvirt/esx/credentials. The
format of the file could look like this

# <challenge>:<username>:<password>
ic-p19-01:root:password
192.168.5.10:root:f00baR

But storing passwords in plaintext isn't such a good idea. On the
other hand I don't see other options for automated login.

Matthias




More information about the libvir-list mailing list