On Wed, Jan 24, 2007 at 06:50:16PM +0000, Ewan Mellor wrote:
> You're right that xen-api-server is very new -- I snuck this in at the end of
> the 3.0.4 release cycle, so that people could try the Xen-API support. It
> will be available as a full release, not a preview, with 3.0.5.
> The only documentation of that option is in tools/examples/xend-config.sxp
> (though I think that the comments there are pretty comprehensive). If you
> could update the main docs, then that would be great.
> You don't have to enable specific options, though you do need to be using
> 3.0.4 or above (preferably xen-unstable, because it's still changing a fair
> xend-tcp-xmlrpc-server et al are the legacy interfaces into Xend. Certainly
> if you turn one of these on and restart Xend you should see open ports.
> Here's a quick run through:
> xend-http-server: Very old and totally broken HTML interface and legacy,
> generally working SXP-based interface, on port 8000.
> xend-unix-server: Ditto, using a unix domain socket.
> xend-unix-xmlrpc-server: Legacy XML-RPC server, over HTTP/unix, the
> way to access Xend in 3.0.4.
> xend-tcp-xmlrpc-server: Ditto, over TCP, on port 8006.
NB, there is no authentication in these 4 server methods of Xend. ie if
you turn them on, who ever can access the socket has full control over all
XenD functions with no prior authentication. Thus the UNIX socket based
servers have best security since they are chmod'd to only allow root to
access them. If you turn on HTTP server at the very least restrict it to
run on 127.0.0.1, so only local users access it and be sure you lock down
or trust your local users). Tunnelling over SSH is the only way to get
reasonably secure access to the XenD with these server methods
> xen-api-server: All new, all shiny Xen-API interface, available in preview
> form now, and landing for 3.0.5.
This requires username & password authentication using PAM as its backend
so will make secure remote management more viable, although it is still
only HTTP so passwords are sent over the wire in cleartext.
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
xen-api mailing list