 
            On Fri, Oct 12, 2007 at 03:44:18AM -0400, Daniel Veillard wrote:
On Thu, Oct 11, 2007 at 10:52:13PM +0100, Daniel P. Berrange wrote:
The QEMU VNC server spawned by the QEMU driver in libvirt is hardcoded to start off on 127.0.0.1, unless the person creating a guest overides this in the XML passed to libvirt. If wanting to setup off-host VNC access, it is much much more convenient to be able to set the system wide default to be 0.0.0.0 than to specify 0.0.0.0 for each VM created.
In addition, it is desirable to be able to configure use of TLS and x509 certificates for the VNC servers system wide.
In Xen world this is already possible through the /etc/xen/xend-config.sxp configuration file.
In QEMU world, libvirtd takes the place of XenD. The /etc/libvirt/libvirtd.conf file though is for the daemon as a whole. There is no config file for the QEMU driver in libvirt itself. So this patch extends the QEMU driver to be able to load /etc/libvirt/qemu.conf and configure a handful of options.
- vnc_listen = "0.0.0.0" - the address for VNC to listen on. Defaults to 127.0.0.1 for security sake - vnc_tls = 1 - turn on use of TLS extension - vnc_tls_x509_verify - request client certificates for auth - vnc_tls_cert_dir - the location of the VNC server certs. Defaults to /etc/pki/libvirt-vnc
The code for building command line args for the -vnc flag to QEMU takes care to look at these options & add approprivate syntax.
Sounds sensible, but shouldn't we provide a default qemu.conf example with a detail of the options, in which case the file should also be added, and the Makefile.am/libvirt.spec.in should be extended for it, no ?. We don't do this apparently for libvirtd.conf maybe that should be fixed too, I'm a bit worried if configuration files start to pop out and the user can't easilly find out they exist and how they should be used, default templates sounds the best approach to me.
Good idea. I've committed this patch, and also added the example config files libvirtd.conf and qemu.conf - all the values are commented out in the configs so they use defaults out of the box. I included inline docs too, since people often forget to look at the website for this info, though we should really have a man page for the config files.... Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|