On Mon, Apr 07, 2008 at 02:38:17PM +0100, Richard W.M. Jones wrote:
On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote:
I'm designing a web interface for libvirt so that my customers can manage their DomUs - unless you know of a good one that already exists???
I'm thinking that the best way to run this is have the web server connected to libvirtd - but I can't find any documentation about the API it presents - can you help?
I sort of gathered from IRC that you are using Perl & Dan's Perl bindings. This is the right approach.
In order to be able to contact libvirtd without needing to run anything as root you (may) need to change the permissions on the libvirtd socket (normally /var/run/libvirt/libvirt-sock). If your libvirt was configured to use PolicyKit you may also need to edit the configuration file /etc/PolicyKit/PolicyKit.conf to allow your web server user access to the privilege 'org.libvirt.unix.manage'.
PolicyKit is one option - you'd need to edit /etc/PolicyKit/PolicyKit.conf to add an explicit rule allowing the httpd user access. Alternatively you could switch the UNIX socket to use SASL as its auth method, and setup a SASL username & password There's some docs here http://libvirt.org/auth.html Dan. -- |: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|