Bug 805243
| Summary: | [RFE] add some mechanism to pre-populate credentials for libvirt connections | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Daniel Berrangé <berrange> |
| Component: | libvirt | Assignee: | Daniel Berrangé <berrange> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.2 | CC: | acathrow, ajia, dallan, dyuan, kraxel, marcandre.lureau, mzhan, rwu, whuang, yupzhang, zpeng |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-0.10.2-0rc1.el6 | Doc Type: | Enhancement |
| Doc Text: |
Feature:
Provide support for a configuration file to allow authentication credentials to be pre-populated, avoiding interactive prompts.
Reason:
When connecting to libvirt some form of authentication may be required. Typically this results in interactive prompts presented to the user. When automating works scripts / background jobs, interactive prompts cannot be used. A means to pre-populate libvirt authentication credentials is required.
Result (if any):
The $HOME/.libvirt/auth.conf file can be used to supply authentication credentials for connections.
|
Story Points: | --- |
| Clone Of: | 794644 | Environment: | |
| Last Closed: | 2013-02-21 07:09:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 794644 | ||
|
Comment 1
Daniel Berrangé
2012-03-20 17:36:34 UTC
(In reply to comment #1) > The following patch series adds support to pre-populate libvirt connection > credentials using a simple config file > > https://www.redhat.com/archives/libvir-list/2012-March/msg00828.html Dan, is this work committed, so this BZ can be put in POST? If this work didn't get committed, please move back to assigned. Hi, Daniel Berrange I want to verify this bug , could you provide some steps to do that ? Thanks very much. Wenlong This feature is basically about providing a way to provide a username+ password when connecting to a libvirtd server configured with SASL Digest-MD5 To setup libvirtd auth config for username+password see this section: http://libvirt.org/auth.html#ACL_server_username Check you can connect using virsh, and that you are prompted for username+password. Next, to configure the libvirt client so that apps like virsh can get password/username from a config file follow this guide: http://libvirt.org/auth.html#Auth_client_config if that is setup correctly, you should now be able to connect with virsh without password Thanks, Daniel Berrange!
Verify this bug with :
libvirt-0.10.2-0rc1.el6.x86_64
Server :
1)add configurations in /etc/libvirt/libvirtd.conf
listen_tls = 0
listen_tcp = 1
auth_tcp = "sasl"
2) add sasl user
# saslpasswd2 -a libvirt test
(input your passwd)
# sasldblistusers2 -f /etc/libvirt/passwd.db
test.nay.redhat.com: userPassword
3) restart libvirtd
Client:
1) add this file in the Client
# cat /etc/libvirt/auth.conf
[credentials-sasl]
authname=test
password=redhat123
[auth-libvirt-10.66.85.231]
credentials=sasl
2) try to connect to server
#virsh -c qemu+tcp://10.66.85.231/system
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
No need pass to login , so bug is fixed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0276.html |