Bug 805243 - [RFE] add some mechanism to pre-populate credentials for libvirt connections
[RFE] add some mechanism to pre-populate credentials for libvirt connections
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt (Show other bugs)
6.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Daniel Berrange
Virtualization Bugs
: FutureFeature
Depends On:
Blocks: 794644
  Show dependency treegraph
 
Reported: 2012-03-20 13:35 EDT by Daniel Berrange
Modified: 2016-04-26 10:39 EDT (History)
11 users (show)

See Also:
Fixed In Version: libvirt-0.10.2-0rc1.el6
Doc Type: Enhancement
Doc Text:
Feature: Provide support for a configuration file to allow authentication credentials to be pre-populated, avoiding interactive prompts. Reason: When connecting to libvirt some form of authentication may be required. Typically this results in interactive prompts presented to the user. When automating works scripts / background jobs, interactive prompts cannot be used. A means to pre-populate libvirt authentication credentials is required. Result (if any): The $HOME/.libvirt/auth.conf file can be used to supply authentication credentials for connections.
Story Points: ---
Clone Of: 794644
Environment:
Last Closed: 2013-02-21 02:09:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 1 Daniel Berrange 2012-03-20 13:36:34 EDT
The following patch series adds support to pre-populate libvirt connection credentials using a simple config file

https://www.redhat.com/archives/libvir-list/2012-March/msg00828.html
Comment 8 Dave Allan 2012-08-30 11:59:13 EDT
(In reply to comment #1)
> The following patch series adds support to pre-populate libvirt connection
> credentials using a simple config file
> 
> https://www.redhat.com/archives/libvir-list/2012-March/msg00828.html

Dan, is this work committed, so this BZ can be put in POST?
Comment 9 Dave Allan 2012-09-11 21:52:34 EDT
If this work didn't get committed, please move back to assigned.
Comment 13 Huang Wenlong 2012-09-19 03:43:28 EDT
Hi, Daniel Berrange

I want to verify this bug , could you provide some steps to do that ? 
Thanks very much.


Wenlong
Comment 14 Daniel Berrange 2012-09-20 16:46:59 EDT
This feature is basically about providing a way to provide a username+ password when connecting to a libvirtd server configured with SASL Digest-MD5

To setup libvirtd auth config for username+password see this section:

   http://libvirt.org/auth.html#ACL_server_username

Check you can connect using virsh, and that you are prompted for username+password.

Next, to configure the libvirt client so that apps like virsh can get password/username from a config file follow this guide:

  http://libvirt.org/auth.html#Auth_client_config

if that is setup correctly, you should now be able to connect with virsh without password
Comment 15 Huang Wenlong 2012-09-21 01:06:00 EDT
Thanks, Daniel Berrange! 

Verify this bug with :
libvirt-0.10.2-0rc1.el6.x86_64 


Server : 
1)add configurations  in /etc/libvirt/libvirtd.conf

listen_tls = 0
listen_tcp = 1
auth_tcp = "sasl"

2) add sasl user 
# saslpasswd2 -a libvirt test
(input your passwd)
# sasldblistusers2 -f /etc/libvirt/passwd.db
test@intel-q9400-4-7.englab.nay.redhat.com: userPassword

3) restart libvirtd 


Client: 
1) add this file in the Client 
# cat /etc/libvirt/auth.conf

[credentials-sasl]
authname=test
password=redhat123

[auth-libvirt-10.66.85.231]
credentials=sasl

2) try to connect to server
#virsh -c qemu+tcp://10.66.85.231/system
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # 

No need pass to login , so bug is fixed
Comment 17 errata-xmlrpc 2013-02-21 02:09:00 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html

Note You need to log in before you can comment on or make changes to this bug.