[libvirt-users] Remote and local connections at the same time (Centos 7)
Anastasiya Ruzhanskaya
anastasiya.ruzhanskaya at frtk.ru
Thu Nov 22 10:29:54 UTC 2018
Thank you for the answer!
Yes, I use TLS when want to have encryption, tcp just for testing purpose.
I am building my proxy for filtering traffic between two machines in
virt-manager. Decryption of tls with, for example mitmproxy, is easy. But
when user will choose sasl with default mechanism (gssapi)
- it becomes harder to decrypt. Where should I look to find out how libvirt
does this decryption when sasl is used?
чт, 22 нояб. 2018 г. в 12:31, Jiri Denemark <jdenemar at redhat.com>:
> On Thu, Nov 22, 2018 at 09:58:41 +0300, Anastasiya Ruzhanskaya wrote:
> > Hello!
> > I was investigating libvirt a year ago regarding it's remote control. I
> > figured out necessary settings for configuring remote control in ubuntu
> > (setting flags in libvirt setting files). Now I have several questions:
> >
> > 1) Are these flags the same for Centos?
> > They did not worked for me.
> > My flags for ubuntu are (for tcp for example):
> >
> > /etc/libvirt/libvirtd.conf : listen_tls = 0, listen_tcp = 1, listen_addr
> =
> > "0.0.0.0 " auth_-
> > tcp = "none "
>
> These configuration options are the same in all distros. But, listening
> on TCP without any encryption and authentication is very dangerous and
> it should not be used. A connection to system libvirtd is equivalent to
> having a root account and I believe you don't want to provide root
> access to anyone connecting to an open TCP port, do you? See
> https://libvirt.org/remote.html for more details about remote access.
>
> > /etc/init/libvirt-bin.conf: add -l (listen) : env libvirtd_opts = d -l"
> > /etc/default/libvirt-bin add -l : libvirtd_opts = d -l"
>
> This is different in CentOS. You need to edit /etc/sysconfig/libvirtd
> file and uncomment LIBVIRTD_ARGS="--listen".
>
> > 2) Can the remote control be configured along with local on one machine?
>
> Yes, local access via UNIX sockets is always enabled. That is, enabling
> remote access as described above will allow you to connect to libvirtd
> both locally and remotely.
>
> Jirka
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20181122/b5ca3027/attachment.htm>
More information about the libvirt-users
mailing list