[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XEN 4.3.1 VNC TLS is not working?

On Tue, Nov 26, 2013 at 12:43:16AM +0200, NiX wrote:
> > On Mon, Nov 25, 2013 at 11:31:03PM +0200, NiX wrote:
> >> > On Mon, Nov 25, 2013 at 09:06:09PM +0200, NiX wrote:
> >> >> > On Mon, Nov 25, 2013 at 07:39:05PM +0200, NiX wrote:
> >> >> >> Hi. I am using XEN 4.3.1 source compile. In
> >> /etc/xen/xend-config.sxp
> >> >> >> I've
> >> >> >> the following settings enabled:
> >> >> >>
> >> >> >
> >> >> > Hmm... The default toolstack in 4.3 is xl. I don't think xl ever
> >> looks
> >> >> > at xend-config.sxp. Which toolstack are you using?
> >> >>
> >> >> xl
> >> >>
> >> >> >
> >> >> > And to be honest I don't see a way for doing this in xl...
> >> >> >
> >> >> > If you're expecting some extra VNC TLS arguments added to QEMU,
> >> maybe
> >> >> > you can use device_model_extra_args in your config file to work
> >> around
> >> >> > this?
> >> >>
> >> >> That's going to be trial and error because I've never done that with
> >> >> QEMU.
> >> >> I'll try with device_model_extra_args
> >> >>
> >> >> I guess it's something like device_model_extra_args = 'args'
> >> >>
> >> >
> >> > No, I misremebered the name. Something like device_model_args =
> >> ['arg1',
> >> > 'arg2']. You'd better google for examples.
> >> >
> >> > BTW there's variant for hvm called device_model_args_hvm.
> >>
> >> I've no luck when trying to get that working using device_model_args = [
> >> "args" ]
> >>
> >
> > In any case you're not using the above option verbatim, right?
> 
> I tried device_model_args = [ ",tls,x509=/etc/xen/cert" ] and
> device_model_args = [ "tls,x509=/etc/xen/cert" ] but VM won't start at all
> 

Yes, because they were appended to wrong position.

> libxl: debug: libxl_device.c:257:libxl__device_disk_set_backend: Disk
> vdev=xvda spec.backend=qdisk
> libxl: debug: libxl_dm.c:1206:libxl__spawn_local_dm: Spawning device-model
> /usr/lib/xen/bin/qemu-system-i386 with arguments:
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:  
> /usr/lib/xen/bin/qemu-system-i386
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   -xen-domid
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   5
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   -chardev
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:  
> socket,id=libxl-cmd,path=/var/run/xen/qmp-libxl-5,server,nowait
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   -mon
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:  
> chardev=libxl-cmd,mode=control
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   -xen-attach
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   -name
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   10.100.12.5
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   -vnc
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:  
> 10.100.12.10:10,password,to=99
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:  
> ,tls,x509=/etc/xen/cert
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   -M
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   xenpv
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   -m
> libxl: debug: libxl_dm.c:1208:libxl__spawn_local_dm:   2049
> 
> If you check line 425 from /var/src/xen-4.3.1/tools/libxl/libxl_dm.c
> 

That's constructing QEMU arguments from libxl internal configuration
state.

> Is it only way to modify source and recompile to get that working?
> 

No, but you need to trick libxl by disaling VNC in the configuration
file, so that it skips the code you found.

Then use device_model_args to append whole VNC rune to QEMU.

In theory this would work, but I've never tried.

> >
> >> I just found that when using 'xl' it uses tools/libxl/libxl_dm.c and
> >> from
> >> there it does bother reading xend config at all. Your only option is to
> >> edit that libxl_dm.c manually and recompile ... Well my C skills are
> >> limited, I am PHP developer.
> >>
> >
> > Hmm... Which line did you see libxl reads xend-config.sxp? Maybe you
> > misread something?
> 
> It was logical expectation that 'xl' would read it because those option
> are there. What is reading and using vnc tls options from xend-config.sxp?
> 

As the name suggests, xend-config.sxp is configuration for Xend, which
is not in use from 4.3 onwards.

> I could not find anything with google nor documentation is not saying
> anything clearly on how to make this work.
> 

Sadly that might be missing bit in libxl.

Wei.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.