cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edison Su <Edison...@citrix.com>
Subject RE: VNC listen address for KVM
Date Fri, 22 Mar 2013 00:26:45 GMT
I'll create a patch for it.

> -----Original Message-----
> From: Chip Childers [mailto:chip.childers@sungard.com]
> Sent: Thursday, March 21, 2013 5:19 PM
> To: dev@cloudstack.apache.org
> Cc: cloudstack-dev@incubator.apache.org
> Subject: Re: VNC listen address for KVM
> 
> On Thu, Mar 21, 2013 at 04:11:56PM -0700, Edison Su wrote:
> > At least, need to revert the following change:
> > -               GraphicDef grap = new GraphicDef("vnc", (short) 0, true, null, null,
> > +               GraphicDef grap = new GraphicDef("vnc", (short) 0,
> > + true, vmTO.getVncAddr(), null,
> >                                 null);
> >
> > in LibvirtComputingResource in 4.1, otherwise, live migration will not work
> as Wido pointed out.
> 
> Can someone provide a clean patch for 4.1 for this?  Also need a bug ID for
> the commit.
> 
> >
> > > -----Original Message-----
> > > From: Marcus Sorensen [mailto:shadowsor@gmail.com]
> > > Sent: Thursday, March 21, 2013 2:02 PM
> > > To: cloudstack-dev@incubator.apache.org
> > > Subject: Re: VNC listen address for KVM
> > >
> > > To be clear, it doesn't break consoleproxy for me, but it breaks
> > > migration as wido mentions in his long first post. I think he
> > > intended to fix it with the new libvirt 0.5.0 bindings rather than roll back,
> but it didn't happen before the cut.
> > > It should probably be rolled back on both 4.1 and master at this
> > > point, lest it be forgotten, and he can add it back in once we for
> > > certain have the new libvirt bindings and fix.
> > >
> > > On Thu, Mar 21, 2013 at 2:46 PM, Marcus Sorensen
> > > <shadowsor@gmail.com>
> > > wrote:
> > > > The change was in server side code, so maybe.
> > > >
> > > > On Jan 4, 2013 1:09 PM, "Wido den Hollander" <wido@widodh.nl>
> wrote:
> > > >>
> > > >> Hi,
> > > >>
> > > >> I just noticed that CLOUDSTACK-411 got resolved which is related
> > > >> to
> > > >> CLOUDSTACK-410
> > > >>
> > > >> * https://issues.apache.org/jira/browse/CLOUDSTACK-410
> > > >> * https://issues.apache.org/jira/browse/CLOUDSTACK-411
> > > >>
> > > >> Today I made this commit:
> > > >> 7240204a507cce8143c248e6aa635da6dad60ed0
> > > >>
> > > >> About 7 months ago I already fixed that the listen address for
> > > >> VNC would be set to the private IP of the hypervisor so that you
> > > >> don't have to specify vnc_listen in qemu.conf
> > > >>
> > > >> With vnc listening on 0.0.0.0 you have a potential security issue
> > > >> since you need a firewall to prevent the whole world connecting
> > > >> to your
> > > VNC.
> > > >>
> > > >>     <graphics type='vnc' port='5907' autoport='yes' listen='10.4.0.67'>
> > > >>       <listen type='address' address='10.4.0.67'/>
> > > >>     </graphics>
> > > >>
> > > >> That's how the XML definition looks like.
> > > >>
> > > >> With commit 7240204a507cce8143c248e6aa635da6dad60ed0 this
> works
> > > >> again, but
> > > >> 30 minutes later I figured out that migrations brake due to this,
dôh!
> > > >>
> > > >> On the other hypervisor that private IP isn't available for
> > > >> binding, so Qemu won't start...
> > > >>
> > > >> Instead of reverting the commit I'm now working on changing the
> > > >> XML during migration. libvirt supports this, but libvirt-java doesn't.
> > > >>
> > > >> I have a bunch of patches still ready for libvirt-java. Together
> > > >> with those patches I'll submit this to the libvirt guys next week.
> > > >>
> > > >> The method in libvirt-java will be:
> > > >>
> > > >> migrate(Connect dconn, long flags, String dxml, String dname,
> > > >> String uri, long bandwidth)
> > > >>
> > > >> dxml: (optional) XML config for launching guest on target
> > > >>
> > > >> In LibvirtComputingResource I'll generate a new XML with the
> > > >> private IP of the new hypervisor and pass that on to the migrate
> method.
> > > >>
> > > >> For the 4.1 release libvirt-java 0.5.0 should be out and this
> > > >> should then work.
> > > >>
> > > >> No more need for setting vnc_listen in qemu.conf and no potential
> > > >> security leak of having VNC listening world-wide (assuming your
> > > >> hypervisor has a public IP).
> > > >>
> > > >> Just wanted to let you know what I'm working on.
> > > >>
> > > >> Wido
> >

Mime
View raw message