[libvirt] Libvirt Auth
Hello guys, I've created a plugin for Hudson (CI) to manage virtmachines using libvirt java (start vm for a build and stop just after). I've just a problem in authentication, in fact I cannot send uname and password using code, libvirt ask me for the credentials on CLI. someone could explain me How I can use authentican or where I can find an usage guide or example? Thanks a lot Bye Marco
2010/3/3 Marco Mornati <mmornati@byte-code.com>:
Hello guys,
I've created a plugin for Hudson (CI) to manage virtmachines using libvirt java (start vm for a build and stop just after).
I've just a problem in authentication, in fact I cannot send uname and password using code, libvirt ask me for the credentials on CLI. someone could explain me How I can use authentican or where I can find an usage guide or example?
Thanks a lot Bye Marco
You have to use virConnectOpenAuth to open a connection and provide an authentication callback. I have no Java example at hand but you can look at the examples/python/esxlist.py Python script for an example how to provide an authentication callback. Also see the ConnectAuth and ConnectAuthDefault classes in the Java bindings. Matthias
Il giorno 03/mar/2010, alle ore 19.03, Matthias Bolte <matthias.bolte@googlemail.com
ha scritto:
2010/3/3 Marco Mornati <mmornati@byte-code.com>:
Hello guys,
I've created a plugin for Hudson (CI) to manage virtmachines using libvirt java (start vm for a build and stop just after).
I've just a problem in authentication, in fact I cannot send uname and password using code, libvirt ask me for the credentials on CLI. someone could explain me How I can use authentican or where I can find an usage guide or example?
Thanks a lot Bye Marco
You have to use virConnectOpenAuth to open a connection and provide an authentication callback.
I have no Java example at hand but you can look at the examples/python/esxlist.py Python script for an example how to provide an authentication callback.
Also see the ConnectAuth and ConnectAuthDefault classes in the Java bindings.
Yes I've already take a look to Java sources but there is nothing useful there. I'll try looking to python class. What I don't know now is if the credentials work in the same way if I need to connect using ssh: Xen+ssh://host/system Is it the same? Thanks Again Bye Marco
Matthias
I tried to modify the python esx script to provide authentication (without asking to user) and it doesn't work!! Any other idea? Bye Marco Il giorno 03/mar/2010, alle ore 19.03, Matthias Bolte <matthias.bolte@googlemail.com
ha scritto:
2010/3/3 Marco Mornati <mmornati@byte-code.com>:
Hello guys,
I've created a plugin for Hudson (CI) to manage virtmachines using libvirt java (start vm for a build and stop just after).
I've just a problem in authentication, in fact I cannot send uname and password using code, libvirt ask me for the credentials on CLI. someone could explain me How I can use authentican or where I can find an usage guide or example?
Thanks a lot Bye Marco
You have to use virConnectOpenAuth to open a connection and provide an authentication callback.
I have no Java example at hand but you can look at the examples/python/esxlist.py Python script for an example how to provide an authentication callback.
Also see the ConnectAuth and ConnectAuthDefault classes in the Java bindings.
Matthias
2010/3/3 Marco Mornati <mmornati@byte-code.com>:
I tried to modify the python esx script to provide authentication (without asking to user) and it doesn't work!!
Any other idea?
Bye Marco
Il giorno 03/mar/2010, alle ore 19.03, Matthias Bolte <matthias.bolte@googlemail.com> ha scritto:
2010/3/3 Marco Mornati <mmornati@byte-code.com>:
Hello guys,
I've created a plugin for Hudson (CI) to manage virtmachines using libvirt java (start vm for a build and stop just after).
I've just a problem in authentication, in fact I cannot send uname and password using code, libvirt ask me for the credentials on CLI. someone could explain me How I can use authentican or where I can find an usage guide or example?
Thanks a lot Bye Marco
You have to use virConnectOpenAuth to open a connection and provide an authentication callback.
I have no Java example at hand but you can look at the examples/python/esxlist.py Python script for an example how to provide an authentication callback.
Also see the ConnectAuth and ConnectAuthDefault classes in the Java bindings.
Matthias
Ah, the authentication callback is used for hypervisor level authentication. You cannot provide credentials for SSH transport level authentication through the libvirt API. You'll need to setup the SSL certificates properly to enable automatic SSH login if you don't want to be prompted for the SSH credentials. Matthias
Ah, the authentication callback is used for hypervisor level authentication. You cannot provide credentials for SSH transport level authentication through the libvirt API. You'll need to setup the SSL certificates properly to enable automatic SSH login if you don't want to be prompted for the SSH credentials.
Matthias
Ohh... ok... it's not really what I want (because I could have many different machines to configure). Reading to libvirt sources (the c file) it seams that auth callbacks should be used also for the ssh code (inside openSSHSession method): virConnectCredential creds[] = { {VIR_CRED_PASSPHRASE, "password", "Password", NULL, NULL, 0}, }; if (!auth || !auth->cb) { PHYP_ERROR(conn, VIR_ERR_AUTH_FAILED, "%s", _("No authentication callback provided.")); goto disconnect; } maybe in some way it's possible to use ssh too with auth (I don't know but I want to try). Anyway, Matt, if I expose libvirt over tcp can I use it directly with provided callbacks? Thanks a lot Bye Marco -- Dott. Ing. Mornati Marco Byte-Code s.r.l via Antonio Cechov, 1 San Giuliano Milanese (MI) E-Mail: mmornati@byte-code.com
2010/3/3 Marco Mornati <mmornati@byte-code.com>:
Ah, the authentication callback is used for hypervisor level authentication. You cannot provide credentials for SSH transport level authentication through the libvirt API. You'll need to setup the SSL certificates properly to enable automatic SSH login if you don't want to be prompted for the SSH credentials.
Matthias
Ohh... ok... it's not really what I want (because I could have many different machines to configure). Reading to libvirt sources (the c file) it seams that auth callbacks should be used also for the ssh code (inside openSSHSession method):
virConnectCredential creds[] = { {VIR_CRED_PASSPHRASE, "password", "Password", NULL, NULL, 0}, };
if (!auth || !auth->cb) { PHYP_ERROR(conn, VIR_ERR_AUTH_FAILED, "%s", _("No authentication callback provided.")); goto disconnect; }
maybe in some way it's possible to use ssh too with auth (I don't know but I want to try).
Anyway, Matt, if I expose libvirt over tcp can I use it directly with provided callbacks?
Thanks a lot Bye Marco
Don't mixup the internal of the IBM Power Hypervisor (phyp) driver and the libvirt remote transport mechanisms. The phyp driver uses libssh2 internally and relies on the auth callback to let the user provide credentials. This in not in any way related to the libvirt remote transport mechanisms. As I said before, the auth callback you can pass to virConnectOpenAuth is not used for the libvirt SSH remote transport authentication. The same it true for the TCP transport, it uses SASL for authentication by default. Matthias
Don't mixup the internal of the IBM Power Hypervisor (phyp) driver and the libvirt remote transport mechanisms. The phyp driver uses libssh2 internally and relies on the auth callback to let the user provide credentials. This in not in any way related to the libvirt remote transport mechanisms.
As I said before, the auth callback you can pass to virConnectOpenAuth is not used for the libvirt SSH remote transport authentication. The same it true for the TCP transport, it uses SASL for authentication by default.
Ok thanks a lot. In fact I reached my goal just exchanging ssh key between my nodes. It's so strange that nothing was previewed to provide password for the ssh connection :| Thanks Bye Marco
Matthias
On 03/03/2010 12:11 PM, Marco Mornati wrote:
Hello guys,
I've created a plugin for Hudson (CI) to manage virtmachines using libvirt java (start vm for a build and stop just after).
I've just a problem in authentication, in fact I cannot send uname and password using code, libvirt ask me for the credentials on CLI. someone could explain me How I can use authentican or where I can find an usage guide or example?
Thanks a lot Bye Marco
Check out this test class: http://libvirt.org/git/?p=libvirt-java.git;a=blob;f=src/test/java/test.java;... It shows how the ConnectAuthDefault class is used. You need to create a new class which implements ConnectAuth and pass it in. -- bk
participants (3)
-
Bryan Kearney -
Marco Mornati -
Matthias Bolte