Libvirt allows you to access hypervisors running on remote
machines through authenticated and encrypted connections.
</p>
- <ul>
- <li>
- <a href="#Remote_basic_usage">Basic usage</a>
- </li>
- <li>
- <a href="#Remote_transports">Transports</a>
- </li>
- <li>
- <a href="#Remote_URI_reference">Remote URIs</a>
- <ul>
- <li>
- <a href="#Remote_URI_parameters">Extra parameters</a>
- </li>
- </ul>
- </li>
- <li>
- <a href="#Remote_certificates">Generating TLS certificates</a>
- <ul>
- <li>
- <a href="#Remote_PKI">Public Key Infrastructure set up</a>
- </li>
- <li>
- <a href="#Remote_TLS_background">Background to TLS certificates</a>
- </li>
- <li>
- <a href="#Remote_TLS_CA">Setting up a Certificate Authority (CA)</a>
- </li>
- <li>
- <a href="#Remote_TLS_server_certificates">Issuing server certificates</a>
- </li>
- <li>
- <a href="#Remote_TLS_client_certificates">Issuing client certificates</a>
- </li>
- <li>
- <a href="#Remote_TLS_troubleshooting">Troubleshooting TLS certificate problems</a>
- </li>
- </ul>
- </li>
- <li>
- <a href="#Remote_libvirtd_configuration">libvirtd configuration file</a>
- </li>
- <li>
- <a href="#Remote_IPv6">IPv6 support</a>
- </li>
- <li>
- <a href="#Remote_limitations">Limitations</a>
- </li>
- </ul>
- <h3>
+ <ul id="toc"></ul>
+
+ <h2>
<a name="Remote_basic_usage">Basic usage</a>
- </h3>
+ </h2>
<p>
On the remote machine, <code>libvirtd</code> should be running in general.
See <a href="#Remote_libvirtd_configuration">the section
<li> Remote calls are handled synchronously, so they will be
much slower than, say, direct hypervisor calls. </li>
</ul>
- <h3>
+ <h2>
<a name="Remote_transports">Transports</a>
- </h3>
+ </h2>
<p>
Remote libvirt supports a range of transports:
</p>
<p>
The default transport, if no other is specified, is <code>tls</code>.
</p>
- <h3>
+ <h2>
<a name="Remote_URI_reference">Remote URIs</a>
- </h3>
+ </h2>
<p>
See also: <a href="uri.html">documentation on ordinary ("local") URIs</a>.
</p>
Connect to a remote host using a ssh connection with the libssh driver
and use a different known_hosts file.</li>
</ul>
- <h4>
+ <h3>
<a name="Remote_URI_parameters">Extra parameters</a>
- </h4>
+ </h3>
<p>
Extra parameters can be added to remote URIs as part
of the query string (the part following <q><code>?</code></q>).
<td> Example: <code>sshauth=privkey,agent</code> </td>
</tr>
</table>
- <h3>
+ <h2>
<a name="Remote_certificates">Generating TLS certificates</a>
- </h3>
- <h4>
+ </h2>
+ <h3>
<a name="Remote_PKI">Public Key Infrastructure set up</a>
- </h4>
+ </h3>
<p>
If you are unsure how to create TLS certificates, skip to the
next section.
</li>
<li> For the root user, the global default locations will always be used.</li>
</ul>
- <h4>
+ <h3>
<a name="Remote_TLS_background">Background to TLS certificates</a>
- </h4>
+ </h3>
<p>
Libvirt supports TLS certificates for verifying the identity
of the server and clients. There are two distinct checks involved:
address. You may want to change this to make it less (or more)
permissive, depending on your needs.
</p>
- <h4>
+ <h3>
<a name="Remote_TLS_CA">Setting up a Certificate Authority (CA)</a>
- </h4>
+ </h3>
<p>
You will need the <a href="http://www.gnu.org/software/gnutls/manual/html_node/Invoking-certtool.html">GnuTLS
certtool program documented here</a>. In Fedora, it is in the
key carefully as you will need it when you come to issue certificates
for your clients and servers.
</p>
- <h4>
+ <h3>
<a name="Remote_TLS_server_certificates">Issuing server certificates</a>
- </h4>
+ </h3>
<p>
For each server (libvirtd) you need to issue a certificate
with the X.509 CommonName (CN) field set to the hostname
<code>/etc/pki/libvirt/servercert.pem</code>.
</li>
</ul>
- <h4>
+ <h3>
<a name="Remote_TLS_client_certificates">Issuing client certificates</a>
- </h4>
+ </h3>
<p>
For each client (ie. any program linked with libvirt, such as
<a href="http://virt-manager.et.redhat.com/">virt-manager</a>)
</pre>
</li>
</ol>
- <h4>
+ <h3>
<a name="Remote_TLS_troubleshooting">Troubleshooting TLS certificate problems</a>
- </h4>
+ </h3>
<dl>
<dt> failed to verify client's certificate </dt>
<dd>
to analyze the setup on the client or server machines, preferably as root.
It will try to point out the possible problems and provide solutions to
fix the set up up to a point where you have secure remote access.</p>
- <h3>
+ <h2>
<a name="Remote_libvirtd_configuration">libvirtd configuration file</a>
- </h3>
+ </h2>
<p>
Libvirtd (the remote daemon) is configured from a file called
<code>/etc/libvirt/libvirtd.conf</code>, or specified on
</td>
</tr>
</table>
- <h3>
+ <h2>
<a name="Remote_IPv6">IPv6 support</a>
- </h3>
+ </h2>
<p>
The libvirtd service and libvirt remote client driver both use the
<code>getaddrinfo()</code> functions for name resolution and are
connection will be made, otherwise IPv4 will be used. In summary it
should just 'do the right thing(tm)'.
</p>
- <h3>
+ <h2>
<a name="Remote_limitations">Limitations</a>
- </h3>
+ </h2>
<ul>
<li> Fine-grained authentication: libvirt in general,
but in particular the remote case should support more
<p>
Libvirt supports the following storage pool types:
</p>
- <ul>
- <li>
- <a href="#StorageBackendDir">Directory backend</a>
- </li>
- <li>
- <a href="#StorageBackendFS">Local filesystem backend</a>
- </li>
- <li>
- <a href="#StorageBackendNetFS">Network filesystem backend</a>
- </li>
- <li>
- <a href="#StorageBackendLogical">Logical backend</a>
- </li>
- <li>
- <a href="#StorageBackendDisk">Disk backend</a>
- </li>
- <li>
- <a href="#StorageBackendISCSI">iSCSI backend</a>
- </li>
- <li>
- <a href="#StorageBackendSCSI">SCSI backend</a>
- </li>
- <li>
- <a href="#StorageBackendMultipath">Multipath backend</a>
- </li>
- <li>
- <a href="#StorageBackendRBD">RBD (RADOS Block Device) backend</a>
- </li>
- <li>
- <a href="#StorageBackendSheepdog">Sheepdog backend</a>
- </li>
- <li>
- <a href="#StorageBackendGluster">Gluster backend</a>
- </li>
- <li>
- <a href="#StorageBackendZFS">ZFS backend</a>
- </li>
- <li>
- <a href="#StorageBackendVstorage">Virtuozzo storage backend</a>
- </li>
- </ul>
+ <ul id="toc"></ul>
<h2><a name="StorageBackendDir">Directory pool</a></h2>
<p>
</p>
- <h2><a name="StorageBackendLogical">Logical volume pools</a></h2>
+ <h2><a name="StorageBackendLogical">Logical volume pool</a></h2>
<p>
This provides a pool based on an LVM volume group. For a
pre-defined LVM volume group, simply providing the group
</p>
- <h2><a name="StorageBackendDisk">Disk volume pools</a></h2>
+ <h2><a name="StorageBackendDisk">Disk pool</a></h2>
<p>
This provides a pool based on a physical disk. Volumes are created
by adding partitions to the disk. Disk pools have constraints
</ul>
- <h2><a name="StorageBackendISCSI">iSCSI volume pools</a></h2>
+ <h2><a name="StorageBackendISCSI">iSCSI pool</a></h2>
<p>
This provides a pool based on an iSCSI target. Volumes must be
pre-allocated on the iSCSI server, and cannot be created via
The iSCSI volume pool does not use the volume format type element.
</p>
- <h2><a name="StorageBackendSCSI">SCSI volume pools</a></h2>
+ <h2><a name="StorageBackendSCSI">SCSI pool</a></h2>
<p>
This provides a pool based on a SCSI HBA. Volumes are preexisting SCSI
LUNs, and cannot be created via the libvirt APIs. Since /dev/XXX names
The SCSI volume pool does not use the volume format type element.
</p>
- <h2><a name="StorageBackendMultipath">Multipath pools</a></h2>
+ <h2><a name="StorageBackendMultipath">Multipath pool</a></h2>
<p>
This provides a pool that contains all the multipath devices on the
host. Therefore, only one Multipath pool may be configured per host.
The Multipath volume pool does not use the volume format type element.
</p>
- <h2><a name="StorageBackendRBD">RBD pools</a></h2>
+ <h2><a name="StorageBackendRBD">RBD pool</a></h2>
<p>
This storage driver provides a pool which contains all RBD
images in a RADOS pool. RBD (RADOS Block Device) is part
The RBD pool does not use the volume format type element.
</p>
- <h2><a name="StorageBackendSheepdog">Sheepdog pools</a></h2>
+ <h2><a name="StorageBackendSheepdog">Sheepdog pool</a></h2>
<p>
This provides a pool based on a Sheepdog Cluster.
Sheepdog is a distributed storage system for QEMU/KVM.
The Sheepdog pool does not use the volume format type element.
</p>
- <h2><a name="StorageBackendGluster">Gluster pools</a></h2>
+ <h2><a name="StorageBackendGluster">Gluster pool</a></h2>
<p>
This provides a pool based on native Gluster access. Gluster is
a distributed file system that can be exposed to the user via
pool type.
</p>
- <h2><a name="StorageBackendZFS">ZFS pools</a></h2>
+ <h2><a name="StorageBackendZFS">ZFS pool</a></h2>
<p>
This provides a pool based on the ZFS filesystem. Initially it was developed
for FreeBSD, and <span class="since">since 1.3.2</span> experimental support
<p>
The ZFS volume pool does not use the volume format type element.
</p>
- <h2><a name="StorageBackendVstorage">Vstorage pools</a></h2>
+ <h2><a name="StorageBackendVstorage">Vstorage pool</a></h2>
<p>
This provides a pool based on Virtuozzo storage. Virtuozzo Storage is
a highly available distributed software-defined storage with built-in
projects / thirdparty / libvirt.git / commitdiff
