2011/3/8 john alexander sanabria ordonez <john.sanabria(a)correounivalle.edu.co>:
Hi,
I want submit commands against a VMWare hypervisor via virsh in a
non-interactive way. I can connect to my [remote] hypervisor via virsh as
follows:
virsh -c gsx://ic-p19-01?no_verify=1
then, it asks me for login and [root] password and I'm in.
What mechanism can be used to submit commands, e.g. virsh -c
gsx://localhost?no_verify list --all, with no password at all? A modified
version of the connection string is required? what is the structure of that
connection string? Additional parameters to the 'virsh' command?
Thank you,
Currently that's an unsolved problem. The connection string is
considered to be public information, and libvirt doesn't support
passing secret information like a password via the connection string
because of this. That's the reason why only
virsh -c gsx://root@ic-p19-01?no_verify=1
is supported, but the following isn't
virsh -c gsx://root:password@ic-p19-01?no_verify=1
VMware ESX supports login via SSPI pass-through authentication. This
allows to login to an ESX server using your already authenticated
Windows session. The problem with SSPI is that it's Windows specific
and requires a domain controller, as far as I have understood it.
For non-Windows systems there is login via username and password only.
Currently libvirt support passing the username in the connection
string only. There is no mechanism to automatically pass the password
as well, yet.
One possibility could be to store the password in plaintext in your
home directory. For example in ~/.libvirt/credentials or maybe more
specific to the ESX driver as in ~/.libvirt/esx/credentials. The
format of the file could look like this
# <challenge>:<username>:<password>
ic-p19-01:root:password
192.168.5.10:root:f00baR
But storing passwords in plaintext isn't such a good idea. On the
other hand I don't see other options for automated login.
Matthias