Re: [Libvir] Web Interface Question
On Mon, Apr 07, 2008 at 02:38:17PM +0100, Richard W.M. Jones wrote:
On Sat, Apr 05, 2008 at 09:35:33PM +0100, Henri Cook wrote:
> I'm designing a web interface for libvirt so that my customers can
> manage their DomUs - unless you know of a good one that already exists???
>
> I'm thinking that the best way to run this is have the web server
> connected to libvirtd - but I can't find any documentation about the API
> it presents - can you help?
I sort of gathered from IRC that you are using Perl & Dan's Perl
bindings. This is the right approach.
In order to be able to contact libvirtd without needing to run
anything as root you (may) need to change the permissions on the
libvirtd socket (normally /var/run/libvirt/libvirt-sock). If your
libvirt was configured to use PolicyKit you may also need to edit the
configuration file /etc/PolicyKit/PolicyKit.conf to allow your web
server user access to the privilege 'org.libvirt.unix.manage'.
PolicyKit is one option - you'd need to edit /etc/PolicyKit/PolicyKit.conf
to add an explicit rule allowing the httpd user access.
Alternatively you could switch the UNIX socket to use SASL as its auth
method, and setup a SASL username & password
There's some docs here
http://libvirt.org/auth.html
Dan.
--
|: Red Hat, Engineering, Boston -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|