Re: [libvirt] Web Interface -> LibVirt Communication?
Stefan de Konink wrote:
Michael March schreef:
>
>> Michael March schreef:
>>> .. in this setup you MUST have the ssh public key of the user the
>>> web server runs as in the 'root' account of each server it
>>> manages.. again, this might not be 100% kosher.. but it works.
>>
>> The main problem I encounter is the hostname voodoo...but that check
>> can be disabled. I probably make an automatic hostname based on mac
>> address, and send that via SSH to the main box.
>>
>> A shared certificate is probably an option too, if the hostname is
>> ignored.
>>
> Hmm.. I'm not sure what you exactly mean by "hostname voodoo".... Do
> you mean the checks the ssh client does the first time it connects to
> an unknown server?
No I mean that the certificate is not valid if the hostname doesn't
match. (It is possible to disable that in the connection string though)
All I did was make sure I ssh'd as a 'real' user first.. using whatever
hostname I was using for the ssh endpoint.. if that went well (making
sure I didn't have to enter a password or ssh key pass-phrase) I was
pretty certain the libvirt connection would work.
However.. other messages on this thread are recommending against the ssh
method.. I'm going to try the recommended Digest-MD5 method now too