On Thu, Oct 11, 2007 at 10:52:13PM +0100, Daniel P. Berrange wrote:
The QEMU VNC server spawned by the QEMU driver in libvirt is
hardcoded to
start off on 127.0.0.1, unless the person creating a guest overides this in
the XML passed to libvirt. If wanting to setup off-host VNC access, it is
much much more convenient to be able to set the system wide default to be
0.0.0.0 than to specify 0.0.0.0 for each VM created.
In addition, it is desirable to be able to configure use of TLS and x509
certificates for the VNC servers system wide.
In Xen world this is already possible through the /etc/xen/xend-config.sxp
configuration file.
In QEMU world, libvirtd takes the place of XenD. The /etc/libvirt/libvirtd.conf
file though is for the daemon as a whole. There is no config file for the
QEMU driver in libvirt itself. So this patch extends the QEMU driver to be
able to load /etc/libvirt/qemu.conf and configure a handful of options.
- vnc_listen = "0.0.0.0" - the address for VNC to listen on. Defaults
to 127.0.0.1 for security sake
- vnc_tls = 1 - turn on use of TLS extension
- vnc_tls_x509_verify - request client certificates for auth
- vnc_tls_cert_dir - the location of the VNC server certs.
Defaults to /etc/pki/libvirt-vnc
The code for building command line args for the -vnc flag to QEMU takes
care to look at these options & add approprivate syntax.
Sounds sensible, but shouldn't we provide a default qemu.conf example with
a detail of the options, in which case the file should also be added,
and the Makefile.am/libvirt.spec.in should be extended for it, no ?. We don't
do this apparently for libvirtd.conf maybe that should be fixed too, I'm a
bit worried if configuration files start to pop out and the user can't easilly
find out they exist and how they should be used, default templates sounds
the best approach to me.
+1
Daniel
--
Red Hat Virtualization group
http://redhat.com/virtualization/
Daniel Veillard | virtualization library
http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit
http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine
http://rpmfind.net/