MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2025-07-05 05:15:25 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
meta-virtualization/recipes-extended/libvirt/README
He Zhe 37a554a249 libvirt: libvirtd: Facilitate using tls connection mode 
tls is the default network connection mode of libvirtd upstream, though we use
tcp mode as default.

tls requires necessary keys and certificates of certificate authority, server
and client to be properly generated and deployed. Otherwise servers and clients
cannot be connected.

This patch,
 - integrates sample keys and certificats of certificate authority, server and
   client for users to be able to use tls mode out of box.
 - sets default server IP address to 127.0.0.1 for users to use local client out
   of box.
 - integrates certtool and provides gnutls-help.py for users to generate keys
   and certificates on targets in their own ways.
 - adds a PACKAGECONFIG option "gnutls" to control all of the above integration
   but disables it to keep the same default behavior as before.

Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2019-07-16 19:41:05 +00:00

1.4 KiB
Raw Permalink Blame History

libvirt default connection mode between client(where for example virsh runs) and server(where libvirtd runs) is tls which requires keys and certificates for certificate authority, client and server to be properly generated and deployed. Otherwise, servers and clients cannot be connected.

recipes-extended/libvirt/libvirt/gnutls-help.py is provided to help generate required keys and certificates.

Usage: gnutls-help.py [-a|--ca-info] <ca.info> [-b|--server-info] <server.info> [-c|--client-info] <client.info> If ca.info or server.info or client.info is not provided, a corresponding sample file will be generated.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! "ip_address" field of server.info must be IP address of the server. !! !! For more details, please refer to: !! !! https://libvirt.org/remote.html#Remote_certificates !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Please deploy cacert.pem to CA and server and client /etc/pki/CA/cacert.pem Please deploy serverkey.pem to server /etc/pki/libvirt/private/serverkey.pem Please deploy servercert.pem to server /etc/pki/libvirt/servercert.pem Please deploy clientkey.pem to client /etc/pki/libvirt/private/clientkey.pem Please deploy clientcert.pem to client /etc/pki/libvirt/clientcert.pem"

For more details please refer to libvirt official document, https://libvirt.org/remote.html#Remote_certificates