Bug 437108

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3

Description of problem:
After upgrade my xen host from f7 to f8, i will no longer be able to connect to vm-consoles via vnc. It seems, that this functionality in f8 is delivered bei qemu-dm instead of <missing binary name> in f7 used.

Maybe my problem is caused by some missing vnc/ vnc-security/ vnc-crypto configuration parameters in /etc/xen/xend-config.sxp but i am not able to resolve this due to missing documentation. Non-encrypted connections are ok for me.

All guests are f8 in different patch levels running in pv mode.

- UltraVnc Viewer on Win-Client will pop up and disappear immediately. No chance to read any message.

- TightVnc Viewer will immediately pop up "Connection closed". In another window viewer tells me "Status: Security type requested".

- virt-viewer does not appear. x-server running under win only gives me a short beep. Only message on console is: "libvir: Remote Fehler : Datei oder Verzeichnis nicht gefunden<cr> libvir: Warnung : Netzwerk wurde nicht gefunden: Is the daemon runnning ?". This message also appears on some virsh commands but never was a problem i think.


Version-Release number of selected component (if applicable):
kernel-xen-2.6.21.7-2.fc8; xen-libs-3.1.2-2.fc8; xen-3.1.2-2.fc8; libvirt-python-0.4.0-4.fc8; virt-viewer-0.0.2-2.fc8; libvirt-0.4.0-4.fc8; python-virtinst-0.300.2-3.fc8; virt-manager-0.5.3-1.fc8

How reproducible:
Always


Steps to Reproduce:
1. Start vnc viewer
2. connect to 192.168.122.1:5903 (192.168.122.1::5903, 192.168.122.1:3, 192.168.122.1::3). Problem exists on all Display's (1..7)


Actual Results:
vnc viewer pops up and disappears immediately (tight vnc viewer shows above described message)


Expected Results:
vnc viewer pops up, stay and shows the console of a pv guest machine.

Additional info:
Xend-Configuration in /etc/xen/xend-config.sxp:

#
# Xend configuration file.
#

# This example configuration is appropriate for an installation that
# utilizes a bridged network configuration. Access to xend via http
# is disabled.

# Commented out entries show the default for that entry, unless otherwise
# specified.

#(logfile /var/log/xen/xend.log)
#(loglevel DEBUG)


# The Xen-API server configuration.  (Please note that this server is
# available as an UNSUPPORTED PREVIEW in Xen 3.0.4, and should not be relied
# upon).
#
# This value configures the ports, interfaces, and access controls for the
# Xen-API server.  Each entry in the list starts with either unix, a port
# number, or an address:port pair.  If this is "unix", then a UDP socket is
# opened, and this entry applies to that.  If it is a port, then Xend will
# listen on all interfaces on that TCP port, and if it is an address:port
# pair, then Xend will listen on the specified port, using the interface with
# the specified address.
#
# The subsequent string configures the user-based access control for the
# listener in question.  This can be one of "none" or "pam", indicating either
# that users should be allowed access unconditionally, or that the local
# Pluggable Authentication Modules configuration should be used.  If this
# string is missing or empty, then "pam" is used.
#
# The final string gives the host-based access control for that listener. If
# this is missing or empty, then all connections are accepted.  Otherwise,
# this should be a space-separated sequence of regular expressions; any host
# with a fully-qualified domain name or an IP address that matches one of
# these regular expressions will be accepted.
#
# Example: listen on TCP port 9363 on all interfaces, accepting connections
# only from machines in example.com or localhost, and allow access through
# the unix domain socket unconditionally:
#
#   (xen-api-server ((9363 pam '^localhost$ example\\.com$')
#                    (unix none)))
#
# Optionally, the TCP Xen-API server can use SSL by specifying the private
# key and certificate location:
#
#                    (9367 pam '' /etc/xen/xen-api.key /etc/xen/xen-api.crt)
#
# Default:
#   (xen-api-server ((unix)))


#(xend-http-server yes)
(xend-unix-server yes)
#(xend-tcp-xmlrpc-server no)
#(xend-unix-xmlrpc-server yes)
#(xend-relocation-server no)
# The relocation server should be kept desactivated unless using a trusted
# network, the domain virtual memory will be exchanged in raw form without
# encryption of the communication. See also xend-relocation-hosts-allow option

(xend-unix-path /var/lib/xend/xend-socket)


# Address and port xend should use for the legacy TCP XMLRPC interface,
# if xen-tcp-xmlrpc-server is set.
#(xen-tcp-xmlrpc-server-address 'localhost')
#(xen-tcp-xmlrpc-server-port 8006)

# SSL key and certificate to use for the legacy TCP XMLRPC interface.
# Setting these will mean that this port serves only SSL connections as
# opposed to plaintext ones.
#(xend-tcp-xmlrpc-server-ssl-key-file  /etc/xen/xmlrpc.key)
#(xend-tcp-xmlrpc-server-ssl-cert-file /etc/xen/xmlrpc.crt)


# Port xend should use for the HTTP interface, if xend-http-server is set.
#(xend-port            8000)

# Port xend should use for the relocation interface, if xend-relocation-server
# is set.
#(xend-relocation-port 8002)

# Address xend should listen on for HTTP connections, if xend-http-server is
# set.
# Specifying 'localhost' prevents remote connections.
# Specifying the empty string '' (the default) allows all connections.
(xend-address '')
#(xend-address localhost)

# Address xend should listen on for relocation-socket connections, if
# xend-relocation-server is set.
# Meaning and default as for xend-address above.
#(xend-relocation-address '')

# The hosts allowed to talk to the relocation port.  If this is empty (the
# default), then all connections are allowed (assuming that the connection
# arrives on a port and interface on which we are listening; see
# xend-relocation-port and xend-relocation-address above).  Otherwise, this
# should be a space-separated sequence of regular expressions.  Any host with
# a fully-qualified domain name or an IP address that matches one of these
# regular expressions will be accepted.
#
# For example:
#  (xend-relocation-hosts-allow '^localhost$ ^.*\\.example\\.org$')
#
#(xend-relocation-hosts-allow '')
(xend-relocation-hosts-allow '^localhost$ ^localhost\\.localdomain$')

# The limit (in kilobytes) on the size of the console buffer
#(console-limit 1024)

##
# To bridge network traffic, like this:
#
# dom0: ----------------- bridge -> real eth0 -> the network
#                            |
# domU: fake eth0 -> vifN.0 -+
#
# use
#
# (network-script network-bridge)
#
# Your default ethernet device is used as the outgoing interface, by default.
# To use a different one (e.g. eth1) use
#
# (network-script 'network-bridge netdev=eth1')
#
# The bridge is named xenbr0, by default.  To rename the bridge, use
#
# (network-script 'network-bridge bridge=<name>')
#
# It is possible to use the network-bridge script in more complicated
# scenarios, such as having two outgoing interfaces, with two bridges, and
# two fake interfaces per guest domain.  To do things like this, write
# yourself a wrapper script, and call network-bridge from it, as appropriate.
#
#(network-script network-bridge)
(network-script /bin/true)

#### LAPTOP USERS ! #####
# For laptops, or machines where network interfaces come/go on-the-fly,
# or are otherwise managed by NetworkManager, comment out the above line.
# Then, uncomment the line below, and use libvirt's virtual networking
# capability which sets up a isolated bridge + NAT forwarding
#(network-script /bin/true)
#### LAPTOP USERS ! #####

# The script used to control virtual interfaces.  This can be overridden on a
# per-vif basis when creating a domain or a configuring a new vif.  The
# vif-bridge script is designed for use with the network-bridge script, or
# similar configurations.
#
# If you have overridden the bridge name using
# (network-script 'network-bridge bridge=<name>') then you may wish to do the
# same here.  The bridge name can also be set when creating a domain or
# configuring a new vif, but a value specified here would act as a default.
#
# If you are using only one bridge, the vif-bridge script will discover that,
# so there is no need to specify it explicitly.
#
(vif-script vif-bridge)


## Use the following if network traffic is routed, as an alternative to the
# settings for bridged networking given above.
# NB: Obsolete. See note above for LAPTOP USERS
#(network-script network-route)
#(vif-script     vif-route)


## Use the following if network traffic is routed with NAT, as an alternative
# to the settings for bridged networking given above.
# NB: Obsolete. See note above for LAPTOP USERS
#(network-script network-nat)
#(vif-script     vif-nat)


# Dom0 will balloon out when needed to free memory for domU.
# dom0-min-mem is the lowest memory level (in MB) dom0 will get down to.
# If dom0-min-mem=0, dom0 will never balloon out.
(dom0-min-mem 256)

# In SMP system, dom0 will use dom0-cpus # of CPUS
# If dom0-cpus = 0, dom0 will take all cpus available
(dom0-cpus 0)

# Whether to enable core-dumps when domains crash.
#(enable-dump no)

# The tool used for initiating virtual TPM migration
#(external-migration-tool '')

# The interface for VNC servers to listen on. Defaults
# to 127.0.0.1  To restore old 'listen everywhere' behaviour
# set this to 0.0.0.0
(vnc-listen '192.168.122.1')

# The default password for VNC console on HVM domain.
# Empty string is no authentication.
(vncpasswd 'blah')

# The default keymap to use for the VM's virtual keyboard
# when not specififed in VM's configuration
(keymap 'en-us')
#(keymap 'de-DE')

# The VNC server can be told to negotiate a TLS session
# to encryption all traffic, and provide x509 cert to
# clients enalbing them to verify server identity. The
# GTK-VNC widget, virt-viewer, virt-manager and VeNCrypt
# all support the VNC extension for TLS used in QEMU. The
# TightVNC/RealVNC/UltraVNC clients do not.
#
# To enable this create x509 certificates / keys in the
# directory /etc/xen/vnc
#
#  ca-cert.pem       - The CA certificate
#  server-cert.pem   - The Server certificate signed by the CA
#  server-key.pem    - The server private key
#
# and then uncomment this next line
#(vnc-tls 0)
#(vnc-tls 1)
#
# The certificate dir can be pointed elsewhere..
#
# (vnc-x509-cert-dir /etc/xen/vnc)
#
# The server can be told to request & validate an x509
# certificate from the client. Only clients with a cert
# signed by the trusted CA will be able to connect. This
# is more secure the password auth alone. Passwd auth can
# used at the same time if desired. To enable client cert
# checking uncomment this:
#
# (vnc-x509-verify 1)



xml configuration file used with virsh:

<domain type='xen' id='27'>
  <name>VM3</name>
  <uuid>0bff5fad830c2a8d6ddd4a839f2dc79d</uuid>
  <bootloader>/usr/bin/pygrub</bootloader>
  <os>
    <type>linux</type>
  </os>
  <memory>262144</memory>
  <vcpu>1</vcpu>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <interface type='bridge'>
      <source bridge='br2-dmz'/>
      <mac address='00:16:3e:2c:93:33'/>
      <script path='vif-bridge'/>
    </interface>
    <graphics type='vnc' port='5903'/>
    <disk type='block' device='disk'>
      <driver name='phy'/>
      <source dev='VolGroup01/lv_mail-01_xvda'/>
      <target dev='xvda'/>
    </disk>
    <disk type='block' device='disk'>
      <driver name='phy'/>
      <source dev='VolGroup01/lv_mail-01_xvdb'/>
      <target dev='xvdb'/>
    </disk>
    <disk type='block' device='disk'>
      <driver name='phy'/>
      <source dev='VolGroup01/lv_mail-01_swap'/>
      <target dev='xvdc'/>
    </disk>
    <console tty='/dev/pts/0'/>
  </devices>
</domain>