4:58 a.m.
Hi Doug,
Thanks for your help.
qemu+tcp could work now after enabling listen_tcp in /etc/libvirt/libvirtd.conf.
user@x86:~$ virsh -c qemu+tcp://10.193.20.109/system list --all
Id Name State
----------------------------------------------------
2 test running
For qemu+ssh, it seemed that we need build standalone netcat instead use nc in busybox.
For qemu+tls, we need generate many pem files on both server and client.
http://wiki.libvirt.org/page/TLSCreateServerCerts
Server:
/etc/pki/CA/cacert.pem
/etc/pki/libvirt/servercert.pem
/etc/pki/libvirt/private/serverkey.pem
Client:
/etc/pki/CA/cacert.pem
/etc/pki/libvirt/clientcert.pem
/etc/pki/libvirt/private/clientkey.pem
But one question is that how does a client know the server name if without DNS service.
Our scenario is a ppc board as server. Could we use IP address as the CN in template
file?
# cat host1_server_template.info
organization = libvirt.org
cn = host1
tls_www_server
encryption_key
signing_key
Best Regards,
Olivia
-----Original Message-----
From: cardoe(a)cardoe.com [mailto:cardoe@cardoe.com] On Behalf Of Doug
Goldstein
Sent: Friday, March 22, 2013 1:59 AM
To: Yin Olivia-R63875
Cc: libvir-list(a)redhat.com; libvirt-users(a)redhat.com
Subject: Re: [libvirt] remote connection issue 'virsh -c
qemu+ssh:///root@localhost/system list'
On Thu, Mar 21, 2013 at 6:23 AM, Yin Olivia-R63875 <r63875(a)freescale.com>
wrote:
> Hi,
>
> I'm trying remote connection with qemu hypervisor on FSL PPC board.
>
> The libvirt server is the PPC board.
>
> root@ppc:~# ifconfig eth0 10.193.20.109 root@ppc:~# libvirtd -d
> root@ppc:~# virsh -c qemu:///system define test.xml root@ppc:~# virsh
> -c qemu:///system start test root@ppc:~# virsh -c qemu:///system list
> --all
> Id Name State
> ----------------------------------------------------
> 2 test running
>
> Connect from an X86 PC (Ubuntu 10.04) to the PPC board.
>
> user@x86:~$ virsh -c qemu+ssh://root@10.193.20.109/system list --all
> The authenticity of host '10.193.20.109 (10.193.20.109)' can't be
established.
> RSA key fingerprint is 2f:56:07:08:da:7d:ac:41:45:57:d2:12:15:19:67:e0.
> Are you sure you want to continue connecting (yes/no)? yes
> root(a)10.193.20.109's password:
> error: failed to connect to the hypervisor
> error: End of file while reading data: Warning: Permanently added
'10.193.20.109' (RSA) to the list of known hosts.
> nc: invalid option -- 'U'
> BusyBox v1.19.4 (2013-03-08 13:08:18 CST) multi-call binary.
>
> Usage: nc [-iN] [-wN] [-l] [-p PORT] [-f FILE|IPADDR PORT] [-e PROG]:
> Input/output error
>
>
>
> I tried to verify the remote connection on localhost. But it also failed
as below:
>
> root@mpc8572ds:~# virsh -c qemu+ssh:///root@localhost/system list
> --all root@localhost's password:
> error: failed to connect to the hypervisor
> error: End of file while reading data: nc: invalid option -- 'U'
> BusyBox v1.19.4 (2013-03-08 13:08:18 CST) multi-call binary.
>
> Usage: nc [-iN] [-wN] [-l] [-p PORT] [-f FILE|IPADDR PORT] [-e PROG]:
> Input/output error
>
>
> Could anyone give suggestion on this issue?
>
>
> Best Regards,
> Olivia
>
You're using busybox's nc (netcat) implementation. It does not support UNIX
sockets which is a requirement of libvirt when using the
qemu+ssh:// scheme to connect.
I'd suggest looking into generating some certificates and using
qemu+tls:// (the default when using qemu:// to a remote system). If
you don't care about any authentication or encryption for testing purposes
you can use qemu+tcp://
--
Doug Goldstein