Xen project Mailing List

Re: [Xen-API] xen management ap versus xend-tcp-xmlrpc-server

From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>

Date: Thu, 25 Jan 2007 18:48:16 +0000

Delivery-date: Thu, 25 Jan 2007 10:47:42 -0800

List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>

On Wed, Jan 24, 2007 at 06:50:16PM +0000, Ewan Mellor wrote: > You're right that xen-api-server is very new -- I snuck this in at the end of > the 3.0.4 release cycle, so that people could try the Xen-API support. It > will be available as a full release, not a preview, with 3.0.5. > > The only documentation of that option is in tools/examples/xend-config.sxp > (though I think that the comments there are pretty comprehensive). If you > could update the main docs, then that would be great. > > You don't have to enable specific options, though you do need to be using > 3.0.4 or above (preferably xen-unstable, because it's still changing a fair > amount). > > xend-tcp-xmlrpc-server et al are the legacy interfaces into Xend. Certainly > if you turn one of these on and restart Xend you should see open ports. > > Here's a quick run through: > > xend-http-server: Very old and totally broken HTML interface and legacy, > generally working SXP-based interface, on port 8000. > > xend-unix-server: Ditto, using a unix domain socket. > > xend-unix-xmlrpc-server: Legacy XML-RPC server, over HTTP/unix, the > recommended > way to access Xend in 3.0.4. > > xend-tcp-xmlrpc-server: Ditto, over TCP, on port 8006. NB, there is no authentication in these 4 server methods of Xend. ie if you turn them on, who ever can access the socket has full control over all XenD functions with no prior authentication. Thus the UNIX socket based servers have best security since they are chmod'd to only allow root to access them. If you turn on HTTP server at the very least restrict it to run on 127.0.0.1, so only local users access it and be sure you lock down or trust your local users). Tunnelling over SSH is the only way to get reasonably secure access to the XenD with these server methods > xen-api-server: All new, all shiny Xen-API interface, available in preview > form now, and landing for 3.0.5. This requires username & password authentication using PAM as its backend so will make secure remote management more viable, although it is still only HTTP so passwords are sent over the wire in cleartext. Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| _______________________________________________ xen-api mailing list xen-api@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.