MIRRORS/meta-virtualization
1
0
Fork 0
mirror of git://git.yoctoproject.org/meta-virtualization.git synced 2026-01-27 10:41:26 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
45441d41bc
meta-virtualization/recipes-extended/libvirt
History
Kai Kang 4499b1b3f1 libvirt: set firewall backend priority 
If firewall_backend isn't configured in the config file, libvirt will
choose the first available backend from the following list by default:

    [nftables, iptables]

so when nftables is installed in image, firewall backend nftables rather
than iptables is adopted.

Add a PACKAGECONFIG to set the firewall backend priority. And update
runtime dependencies for backend nftables.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
2025-12-01 23:44:16 -05:00
..
libvirt libvirt: update to v11.4.0 2025-07-07 11:42:27 -04:00
libvirt-glib libvirt-glib: fix introspection and documentation build 2023-09-04 03:03:14 +00:00
libvirt_git.bb libvirt: set firewall backend priority 2025-12-01 23:44:16 -05:00
libvirt-dbus_1.4.1.bb recipes-extended: adapt to UNPACKDIR changes 2025-06-25 22:49:03 -04:00
libvirt-glib_5.0.0.bb recipes-extended: adapt to UNPACKDIR changes 2025-06-25 22:49:03 -04:00
libvirt-python.inc libvirt: Fix missing libvirt-python 2025-11-19 18:22:50 -05:00
README libvirt: libvirtd: Facilitate using tls connection mode 2019-07-16 19:41:05 +00:00

README

libvirt default connection mode between client(where for example virsh runs) and server(where libvirtd runs) is tls which requires keys and certificates for certificate authority, client and server to be properly generated and deployed. Otherwise, servers and clients cannot be connected.

recipes-extended/libvirt/libvirt/gnutls-help.py is provided to help generate required keys and certificates.

Usage: gnutls-help.py [-a|--ca-info] <ca.info> [-b|--server-info] <server.info> [-c|--client-info] <client.info> If ca.info or server.info or client.info is not provided, a corresponding sample file will be generated.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! "ip_address" field of server.info must be IP address of the server. !! !! For more details, please refer to: !! !! https://libvirt.org/remote.html#Remote_certificates !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Please deploy cacert.pem to CA and server and client /etc/pki/CA/cacert.pem Please deploy serverkey.pem to server /etc/pki/libvirt/private/serverkey.pem Please deploy servercert.pem to server /etc/pki/libvirt/servercert.pem Please deploy clientkey.pem to client /etc/pki/libvirt/private/clientkey.pem Please deploy clientcert.pem to client /etc/pki/libvirt/clientcert.pem"

For more details please refer to libvirt official document, https://libvirt.org/remote.html#Remote_certificates