Re: [libvirt] [RFC]: Secure migration
On Wed, Mar 04, 2009 at 11:03:17AM +0100, Chris Lalancette wrote:
> These are all just minor auth credentials/acl config tasks that
the admin
> has to deal with for normal remote usage already, so I don't see that they
> present a particular problem for migration
Yes, they are certainly all solvable from the admin's point-of-view, so they are
not show stoppers. The thing is that I think admins will have a difficult time
discovering what the problems are when migration doesn't work for them. There
are just so many combinations that it's very easy for the admin to get one of
them wrong, and then it may be difficult to figure out exactly what they need to
do to get it working. On the other hand, having a dedicated channel makes it
relatively easy; if the admin is having problems, then the answer is going to be
"open port XYZ on the destination", and that will usually solve the problem.
From my POV, I think getting the auth fixed is a matter of installing
proper files on a machine and of the responsability of the sysadmins
basically and purely within their realm. On the other hand opening a new
port is a decision involving network admins and security, it's not the
same scope within a company with strict policies.
I would really stay with the existing RPC model and avoid the
requirement of adding a new open port, from a pure sysadmin "upgrade"
perspective this can turn into a nightmare,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/