[libvirt-users] [libvirt] remote connection issue 'virsh -c qemu+ssh:///root at localhost/system list'

Yin Olivia-R63875 r63875 at freescale.com
Fri Mar 22 09:58:37 UTC 2013


Hi Doug,

Thanks for your help.

qemu+tcp could work now after enabling listen_tcp in /etc/libvirt/libvirtd.conf.
user at x86:~$ virsh -c qemu+tcp://10.193.20.109/system list --all
Id    Name                           State
----------------------------------------------------
 2     test                           running


For qemu+ssh, it seemed that we need build standalone netcat instead use nc in busybox.

For qemu+tls, we need generate many pem files on both server and client.
http://wiki.libvirt.org/page/TLSCreateServerCerts

Server:
	/etc/pki/CA/cacert.pem
	/etc/pki/libvirt/servercert.pem
	/etc/pki/libvirt/private/serverkey.pem

Client:
	/etc/pki/CA/cacert.pem
	/etc/pki/libvirt/clientcert.pem
	/etc/pki/libvirt/private/clientkey.pem


But one question is that how does a client know the server name if without DNS service.
Our scenario is a ppc board as server. Could we use IP address as the CN in template file?
# cat host1_server_template.info
 organization = libvirt.org
 cn = host1
 tls_www_server
 encryption_key
 signing_key


Best Regards,
Olivia


> -----Original Message-----
> From: cardoe at cardoe.com [mailto:cardoe at cardoe.com] On Behalf Of Doug
> Goldstein
> Sent: Friday, March 22, 2013 1:59 AM
> To: Yin Olivia-R63875
> Cc: libvir-list at redhat.com; libvirt-users at redhat.com
> Subject: Re: [libvirt] remote connection issue 'virsh -c
> qemu+ssh:///root@localhost/system list'
> 
> On Thu, Mar 21, 2013 at 6:23 AM, Yin Olivia-R63875 <r63875 at freescale.com>
> wrote:
> > Hi,
> >
> > I'm trying remote connection with qemu hypervisor on FSL PPC board.
> >
> > The libvirt server is the PPC board.
> >
> > root at ppc:~# ifconfig eth0 10.193.20.109 root at ppc:~# libvirtd -d
> > root at ppc:~# virsh -c qemu:///system define test.xml root at ppc:~# virsh
> > -c qemu:///system start test root at ppc:~# virsh -c qemu:///system list
> > --all
> >  Id    Name                           State
> > ----------------------------------------------------
> >  2     test                           running
> >
> > Connect from an X86 PC (Ubuntu 10.04) to the PPC board.
> >
> > user at x86:~$ virsh -c qemu+ssh://root@10.193.20.109/system list --all
> > The authenticity of host '10.193.20.109 (10.193.20.109)' can't be
> established.
> > RSA key fingerprint is 2f:56:07:08:da:7d:ac:41:45:57:d2:12:15:19:67:e0.
> > Are you sure you want to continue connecting (yes/no)? yes
> > root at 10.193.20.109's password:
> > error: failed to connect to the hypervisor
> > error: End of file while reading data: Warning: Permanently added
> '10.193.20.109' (RSA) to the list of known hosts.
> > nc: invalid option -- 'U'
> > BusyBox v1.19.4 (2013-03-08 13:08:18 CST) multi-call binary.
> >
> > Usage: nc [-iN] [-wN] [-l] [-p PORT] [-f FILE|IPADDR PORT] [-e PROG]:
> > Input/output error
> >
> >
> >
> > I tried to verify the remote connection on localhost. But it also failed
> as below:
> >
> > root at mpc8572ds:~# virsh -c qemu+ssh:///root@localhost/system list
> > --all root at localhost's password:
> > error: failed to connect to the hypervisor
> > error: End of file while reading data: nc: invalid option -- 'U'
> > BusyBox v1.19.4 (2013-03-08 13:08:18 CST) multi-call binary.
> >
> > Usage: nc [-iN] [-wN] [-l] [-p PORT] [-f FILE|IPADDR PORT] [-e PROG]:
> > Input/output error
> >
> >
> > Could anyone give suggestion on this issue?
> >
> >
> > Best Regards,
> > Olivia
> >
> 
> You're using busybox's nc (netcat) implementation. It does not support UNIX
> sockets which is a requirement of libvirt when using the
> qemu+ssh:// scheme to connect.
> 
> I'd suggest looking into generating some certificates and using
> qemu+tls:// (the default when using qemu:// to a remote system). If
> you don't care about any authentication or encryption for testing purposes
> you can use qemu+tcp://
> 
> --
> Doug Goldstein





More information about the libvirt-users mailing list