WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-api

Re: [Xen-API] xen management ap versus xend-tcp-xmlrpc-server

To: Ewan Mellor <ewan@xxxxxxxxxxxxx>
Subject: Re: [Xen-API] xen management ap versus xend-tcp-xmlrpc-server
From: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Date: Thu, 25 Jan 2007 18:48:16 +0000
Cc: xen-api@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 25 Jan 2007 10:47:42 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20070124185016.GF31083@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-api-request@lists.xensource.com?subject=help>
List-id: Discussion of API issues surrounding Xen <xen-api.lists.xensource.com>
List-post: <mailto:xen-api@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api>, <mailto:xen-api-request@lists.xensource.com?subject=unsubscribe>
References: <45B7A6A7.9070309@xxxxxx> <20070124185016.GF31083@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: "Daniel P. Berrange" <berrange@xxxxxxxxxx>
Sender: xen-api-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.1i
On Wed, Jan 24, 2007 at 06:50:16PM +0000, Ewan Mellor wrote:
> You're right that xen-api-server is very new -- I snuck this in at the end of
> the 3.0.4 release cycle, so that people could try the Xen-API support.  It
> will be available as a full release, not a preview, with 3.0.5.
> 
> The only documentation of that option is in tools/examples/xend-config.sxp
> (though I think that the comments there are pretty comprehensive).  If you
> could update the main docs, then that would be great.
> 
> You don't have to enable specific options, though you do need to be using
> 3.0.4 or above (preferably xen-unstable, because it's still changing a fair
> amount).
> 
> xend-tcp-xmlrpc-server et al are the legacy interfaces into Xend.  Certainly
> if you turn one of these on and restart Xend you should see open ports.
> 
> Here's a quick run through:
> 
> xend-http-server: Very old and totally broken HTML interface and legacy,
> generally working SXP-based interface, on port 8000.
> 
> xend-unix-server: Ditto, using a unix domain socket.
> 
> xend-unix-xmlrpc-server: Legacy XML-RPC server, over HTTP/unix, the 
> recommended
> way to access Xend in 3.0.4.
> 
> xend-tcp-xmlrpc-server: Ditto, over TCP, on port 8006.

NB, there is no authentication in  these 4 server methods of Xend. ie if
you turn them on, who ever can access the socket has full control over all
XenD functions with no prior authentication. Thus the UNIX socket based 
servers have best security since they are chmod'd to only allow root to
access them. If you turn on HTTP server at the very least restrict it to
run on 127.0.0.1, so only local users access it and be sure you lock down
or trust your local users).  Tunnelling over SSH is the only way to get
reasonably secure access to the XenD with these server methods

> xen-api-server: All new, all shiny Xen-API interface, available in preview
> form now, and landing for 3.0.5.

This requires username & password authentication using PAM as its backend
so will make secure remote management more viable, although it is still
only HTTP so passwords are sent over the wire in cleartext. 

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-api