2:31 p.m.
In the GNOME UI we'd like to make use of Avahi discovery and name
resolution "out of the box". A typical use case is for discovery of
printers that are advertised using MDNS. This should work even on
potentially 'hostile' networks such as a wireless access point in a
print shop or airport. It should work without user configuration.
https://fedoraproject.org/wiki/Desktop/Whiteboards/AvahiDefault
In order to turn on Avahi by default, and make it work by default, we'd
like to make it possible to use Avahi without advertising any
information to the network by default. Advertising information to the
network (even the host name) without the user's configuration or consent
is a privacy issue.
libvirtd advertises itself via MDNS on the network by default. I
understand that MDNS discovery of libvirtd is really handy in many cases.
However since one has to configure network access in libvirtd anyway --
none of the access methods work "out of the box" to my understanding --
I'd like to suggest turning off libvirtd's MDNS publishing by default.
As part of setting up libvirtd for network access, the user would turn
on mdns_adv.
I hope that makes sense. Let me know if I've gotten something wrong.
Would you accept a patch to do this? Or would you suggest that we try
and do this downstream in the Fedora/RHEL packages instead?
Cheers,
Stef
6:03 p.m.
On Mon, Mar 26, 2012 at 2:31 PM, Stef Walter <stefw(a)gnome.org> wrote:
In the GNOME UI we'd like to make use of Avahi discovery and name
resolution
"out of the box". A typical use case is for discovery of printers that are
advertised using MDNS. This should work even on potentially 'hostile'
networks such as a wireless access point in a print shop or airport. It
should work without user configuration.
https://fedoraproject.org/wiki/Desktop/Whiteboards/AvahiDefault
In order to turn on Avahi by default, and make it work by default, we'd like
to make it possible to use Avahi without advertising any information to the
network by default. Advertising information to the network (even the host
name) without the user's configuration or consent is a privacy issue.
libvirtd advertises itself via MDNS on the network by default. I understand
that MDNS discovery of libvirtd is really handy in many cases.
However since one has to configure network access in libvirtd anyway --
none of the access methods work "out of the box" to my understanding --
I'd
like to suggest turning off libvirtd's MDNS publishing by default. As part
of setting up libvirtd for network access, the user would turn on mdns_adv.
I hope that makes sense. Let me know if I've gotten something wrong.
Would you accept a patch to do this? Or would you suggest that we try and do
this downstream in the Fedora/RHEL packages instead?
Cheers,
Stef
A bit off topic for this list but I hope you're adding the ability to
configure a network as a friendly/trusted network vs a hostile
network. Similar to what Windows has when you connect it to a new
network. If you let it know that you're on a friendly network there
should be some way to enable all these services to auto-advertise
themselves. Otherwise they will becoming an annoying mess of having to
enable every service in every way to advertise itself.
--
Doug Goldstein
12:56 a.m.
On 2012-03-27 01:03, Doug Goldstein wrote:
A bit off topic for this list but I hope you're adding the
ability to
configure a network as a friendly/trusted network vs a hostile
network. Similar to what Windows has when you connect it to a new
network. If you let it know that you're on a friendly network there
should be some way to enable all these services to auto-advertise
themselves. Otherwise they will becoming an annoying mess of having to
enable every service in every way to advertise itself.
There's work being done on that. I agree it's certainly something that
needs to be done.
But as far as Avahi discovery, we need it working by default on both
hostile and friendly networks.
Cheers,
Stef
4:17 a.m.
On Mon, Mar 26, 2012 at 09:31:44PM +0200, Stef Walter wrote:
In the GNOME UI we'd like to make use of Avahi discovery and
name
resolution "out of the box". A typical use case is for discovery of
printers that are advertised using MDNS. This should work even on
potentially 'hostile' networks such as a wireless access point in a
print shop or airport. It should work without user configuration.
https://fedoraproject.org/wiki/Desktop/Whiteboards/AvahiDefault
In order to turn on Avahi by default, and make it work by default,
we'd like to make it possible to use Avahi without advertising any
information to the network by default. Advertising information to
the network (even the host name) without the user's configuration or
consent is a privacy issue.
libvirtd advertises itself via MDNS on the network by default. I
understand that MDNS discovery of libvirtd is really handy in many
cases.
However since one has to configure network access in libvirtd anyway
-- none of the access methods work "out of the box" to my
understanding -- I'd like to suggest turning off libvirtd's MDNS
publishing by default. As part of setting up libvirtd for network
access, the user would turn on mdns_adv.
Actually, it is possible to remotely connect to any libvirtd instance
using an SSH tunnel, which works out of the box. Only the direct,
non-tunnelled TLS/SASL based connections require manual setup.
But since, IIUC, the default Fedora firewall setup blocks mDNS,
it still wouldn't work out of the box.
I hope that makes sense. Let me know if I've gotten something
wrong.
Would you accept a patch to do this? Or would you suggest that we
try and do this downstream in the Fedora/RHEL packages instead?
Our policy for Fedora / RHEL is to not change upstream behaviour, so this
kind of policy decision should be resolved here.
While apps like virt-manager do have the ability to use mDNS to locate
remote libvirtd servers, my gut feeling is that it is probably rarely
used. So given the need to tradeoff off out of the box usability against
privacy concerns, I think we could probably say turning off mDNS by
default is acceptable.
What do others think ?
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
4:29 a.m.
On 2012-03-27 11:17, Daniel P. Berrange wrote:
Actually, it is possible to remotely connect to any libvirtd
instance
using an SSH tunnel, which works out of the box. Only the direct,
non-tunnelled TLS/SASL based connections require manual setup.
Doesn't this require setting installing an ssh server on your machine?
openssh-server doesn't seem to be installed/enabled by default on many
(most?) distros, including Fedora.
In addition doesn't this only work when you ssh as root to the box that
the libvirtd instance is running on? I couldn't get this working with my
user account and a qemu-ssh uri. I'm probably missing something ...
> I hope that makes sense. Let me know if I've gotten something
wrong.
>
> Would you accept a patch to do this? Or would you suggest that we
> try and do this downstream in the Fedora/RHEL packages instead?
Our policy for Fedora / RHEL is to not change upstream behaviour, so this
kind of policy decision should be resolved here.
Okay, good to know.
Cheers,
Stef
4:36 a.m.
On Tue, Mar 27, 2012 at 11:29:15AM +0200, Stef Walter wrote:
On 2012-03-27 11:17, Daniel P. Berrange wrote:
>Actually, it is possible to remotely connect to any libvirtd instance
>using an SSH tunnel, which works out of the box. Only the direct,
>non-tunnelled TLS/SASL based connections require manual setup.
Doesn't this require setting installing an ssh server on your
machine? openssh-server doesn't seem to be installed/enabled by
default on many (most?) distros, including Fedora.
Yes you need an SSH server.
In addition doesn't this only work when you ssh as root to the
box
that the libvirtd instance is running on? I couldn't get this
working with my user account and a qemu-ssh uri. I'm probably
missing something ...
You can ssh in as non-root, but it requires some manual config
steps with policykit to allow libvirtd access first.
You can't use the qemu:///session instance remotely either.
>>I hope that makes sense. Let me know if I've gotten
something wrong.
>>
>>Would you accept a patch to do this? Or would you suggest that we
>>try and do this downstream in the Fedora/RHEL packages instead?
>
>Our policy for Fedora / RHEL is to not change upstream behaviour, so this
>kind of policy decision should be resolved here.
Okay, good to know.
Cheers,
Stef
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
7:08 a.m.
New subject: [libvirt] [PATCH] Re: Turning off libvirtd mdns by default
On 2012-03-27 11:17, Daniel P. Berrange wrote:
While apps like virt-manager do have the ability to use mDNS to locate
remote libvirtd servers, my gut feeling is that it is probably rarely
used. So given the need to tradeoff off out of the box usability against
privacy concerns, I think we could probably say turning off mDNS by
default is acceptable.
What do others think ?
BTW, I filed a bug that implements this change:
https://bugzilla.redhat.com/show_bug.cgi?id=807273
Cheers,
Stef
9:20 a.m.
New subject: [libvirt] [PATCH] Re: Turning off libvirtd mdns by default
On 2012-03-27 14:08, Stef Walter wrote:
On 2012-03-27 11:17, Daniel P. Berrange wrote:
>
> While apps like virt-manager do have the ability to use mDNS to locate
> remote libvirtd servers, my gut feeling is that it is probably rarely
> used. So given the need to tradeoff off out of the box usability against
> privacy concerns, I think we could probably say turning off mDNS by
> default is acceptable.
>
> What do others think ?
BTW, I filed a bug that implements this change:
https://bugzilla.redhat.com/show_bug.cgi?id=807273
And here's the actual patch.
Cheers,
Stef
10:59 a.m.
New subject: [libvirt] [PATCH] Re: Turning off libvirtd mdns by default
On 03/27/2012 08:20 AM, Stef Walter wrote:
>From ef831d7c35871f26964742ca1de49ef464dd7bbb Mon Sep 17 00:00:00 2001
From: Stef Walter <stefw(a)gnome.org>
Date: Tue, 27 Mar 2012 13:59:07 +0200
Subject: [PATCH] Change the default of mdns_adv to false
* Don't advertise information on the network without consent of
the user, either through manual configuration, or a user
interface that drives this option.
* Since libvirtd must be configured for network access anyway
this setting was not useful "out of the box", so changing this
default setting does not remove "out of the box" functionality.
I tweaked this wording slightly, since ssh access doesn't need tweaking;
but agree with the patch in general.
---
daemon/libvirtd.c | 2 +-
daemon/libvirtd.conf | 4 ++--
daemon/test_libvirtd.aug | 8 ++++----
docs/remote.html.in | 2 +-
tests/confdata/libvirtd.conf | 4 ++--
tests/confdata/libvirtd.out | 4 ++--
6 files changed, 12 insertions(+), 12 deletions(-)
ACK. I've added your name to AUTHORS, and pushed the patch. Let me
know if you prefer an alternate spelling.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
3:33 p.m.
New subject: [libvirt] [PATCH] Re: Turning off libvirtd mdns by default
On 2012-03-27 17:59, Eric Blake wrote:
On 03/27/2012 08:20 AM, Stef Walter wrote:
>
> > From ef831d7c35871f26964742ca1de49ef464dd7bbb Mon Sep 17 00:00:00 2001
> From: Stef Walter<stefw(a)gnome.org>
> Date: Tue, 27 Mar 2012 13:59:07 +0200
> Subject: [PATCH] Change the default of mdns_adv to false
>
> * Don't advertise information on the network without consent of
> the user, either through manual configuration, or a user
> interface that drives this option.
> * Since libvirtd must be configured for network access anyway
> this setting was not useful "out of the box", so changing this
> default setting does not remove "out of the box" functionality.
I tweaked this wording slightly, since ssh access doesn't need tweaking;
but agree with the patch in general.
> ---
> daemon/libvirtd.c | 2 +-
> daemon/libvirtd.conf | 4 ++--
> daemon/test_libvirtd.aug | 8 ++++----
> docs/remote.html.in | 2 +-
> tests/confdata/libvirtd.conf | 4 ++--
> tests/confdata/libvirtd.out | 4 ++--
> 6 files changed, 12 insertions(+), 12 deletions(-)
ACK. I've added your name to AUTHORS, and pushed the patch. Let me
know if you prefer an alternate spelling.
Thanks! Much appreciated.
Cheers,
Stef
9:21 a.m.
On Tue, Mar 27, 2012 at 10:17:02AM +0100, Daniel P. Berrange wrote:
On Mon, Mar 26, 2012 at 09:31:44PM +0200, Stef Walter wrote:
> In the GNOME UI we'd like to make use of Avahi discovery and name
> resolution "out of the box". A typical use case is for discovery of
> printers that are advertised using MDNS. This should work even on
> potentially 'hostile' networks such as a wireless access point in a
> print shop or airport. It should work without user configuration.
>
> https://fedoraproject.org/wiki/Desktop/Whiteboards/AvahiDefault
>
> In order to turn on Avahi by default, and make it work by default,
> we'd like to make it possible to use Avahi without advertising any
> information to the network by default. Advertising information to
> the network (even the host name) without the user's configuration or
> consent is a privacy issue.
>
> libvirtd advertises itself via MDNS on the network by default. I
> understand that MDNS discovery of libvirtd is really handy in many
> cases.
>
> However since one has to configure network access in libvirtd anyway
> -- none of the access methods work "out of the box" to my
> understanding -- I'd like to suggest turning off libvirtd's MDNS
> publishing by default. As part of setting up libvirtd for network
> access, the user would turn on mdns_adv.
Actually, it is possible to remotely connect to any libvirtd instance
using an SSH tunnel, which works out of the box. Only the direct,
non-tunnelled TLS/SASL based connections require manual setup.
But since, IIUC, the default Fedora firewall setup blocks mDNS,
it still wouldn't work out of the box.
> I hope that makes sense. Let me know if I've gotten something wrong.
>
> Would you accept a patch to do this? Or would you suggest that we
> try and do this downstream in the Fedora/RHEL packages instead?
Our policy for Fedora / RHEL is to not change upstream behaviour, so this
kind of policy decision should be resolved here.
While apps like virt-manager do have the ability to use mDNS to locate
remote libvirtd servers, my gut feeling is that it is probably rarely
used. So given the need to tradeoff off out of the box usability against
privacy concerns, I think we could probably say turning off mDNS by
default is acceptable.
What do others think ?
I agree with you that turning off mDNS by default is probably ok.
Dave
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
4623
days inactive
4624
days old
10 comments
5 participants
participants (5)
-
Daniel P. Berrange -
Dave Allan -
Doug Goldstein -
Eric Blake -
Stef Walter