Ask Your Question
2

Fedora 21 virt-manager - remote manage problem?

asked 2014-12-20 08:27:05 -0600

Sampson gravatar image

updated 2014-12-20 10:45:54 -0600

mether gravatar image

Hi All,

I more or less managed to use virt-manager to manage local QEMU using root account.

Now, I want to run QEMU remotely and use a local virt-manager.

Is that setup must involve generate and distribute of SSH keys? Any simple method just use username/password?

Regards, Sampson

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2014-12-20 18:34:26 -0600

Sampson gravatar image

updated 2014-12-23 10:30:24 -0600

Update 3: copy libvirtd.service to /etc/systemd/system. And only edit the file under /etc (Thanks to randomuser)

Update 2: edit the actual solution for Fedora 21 as inspired by IBM KC document.

Update: A much better (with some security) solution from IBM Knowledge Center:

http://www-01.ibm.com/support/knowledgecenter/linuxonibm/liaat/liaatkvmsecsrmsasl.htm

=== Part 2: 2nd solution based on IBM KC document linked above ===

change /etc/libvirt/libvirtd.conf -> listen_tls = 0 -> listen_tcp = 1 -> tcp_port = "16509" -> auth_tcp = "sasl"

(if not already exist) copy /lib/systemd/system/libvirtd.service /etc/systemd/system change /etc/systemd/system/libvirtd.service, in [Service] section -> ExecStart=/usr/sbin/libvirtd -l $LIBVIRTD_ARGS ** just added "-l" to this line.

create a SASL user, this is straight from the IBM document # saslpasswd2 -a libvirt admin Password: Again (for verification):

=== End of Part 2===

=== Part 1: Original non-secure solution ===

Now, I managed to have Virt-Manager connect to a remote host.

As it is unsecure, thus it is disabled by Fedora 21 by default.

These is what I did:

  1. @server, enable libvirtd to listen on TCP without authentication
  2. @server, modify libvirtd unit file for systemd to add the "-l" parameter

At least now my Virt-Manager@workstation can connect, start / shutdown , view Display for a pre-existing guest.

I am going to install a new guest using remote Virt-Manager next.

=== End of Part 1 ===

Note: Both method works to manage pre-existing VMs plus Create New, Delete, Start / Stop, etc.

Regards, Sampson

edit flag offensive delete link more

Comments

This setup is fully working - I can see pre-existing Guests. Create new VMs, connect to their GUI, etc.

The only draw back is no security control. But at least it works and I can continue my test setup

Sampson gravatar imageSampson ( 2014-12-23 06:13:46 -0600 )edit

This is IBM article is written for a different distribution and formatted poorly. At the end of the very long article, you explain that you didn't follow the instructions you pasted. I think this answer could be improved. I use ssh+qemu, try that?

randomuser gravatar imagerandomuser ( 2014-12-23 08:30:31 -0600 )edit

I should make it more clear.

My original solution is "non-secure", thus at the end of the article.

Then I discover the IBM KC solution, I tried working. Thus update to the start.

I will edit out the original text from IBM KC, and replace with the actual changes I did in the Fedora 21 next.

Thank you for the comment.

ps. I decided not to use ssh+qemu because from reading the online materials, I must create Keys. As I have multiple machines at home, thus password only seems easier as a start.

Can I avoid create Keys using ssh+qemu?

I tried ssh -X user@server, virt-manager can start, but not working at all.

Sampson gravatar imageSampson ( 2014-12-23 09:36:32 -0600 )edit

Using keys isn't difficult. You can use a password for qemu+ssh, but you end up typing it in a lot. Let's make a trade: you remove the pasted instructions for the wrong OS, and later today I'll write you a thorough answer explaining qemu+ssh with keys step-by-step.

randomuser gravatar imagerandomuser ( 2014-12-23 09:43:27 -0600 )edit

I done the SASL part. Looking forward to yours.

My original intend is to have virt-manager able to manage remotely as quickly as possible.

As new "user" to Fedora 21, I find the endless looking of information to "start" use of "something" very tired.

Sampson gravatar imageSampson ( 2014-12-23 09:51:54 -0600 )edit

Question Tools

1 follower

Stats

Asked: 2014-12-20 08:27:05 -0600

Seen: 566 times

Last updated: Dec 23 '14