Menu
▾
▴
#1394 kvm.pm: add listen='0.0.0.0' for VNC
Please add listen='0.0.0.0'
to `kvm_nodedata' table
<graphics type="vnc" port="5902" autoport="yes"/>
without this:
tcp 0 0 localhost.localdomain:5900 : LISTEN
instead:
tcp 0 0 :5903 :* LISTEN
I can't connect with VNC to guest nodes.
grep -rn graphics .
./xen.pm:259: $xtree{devices}->{graphics}->{type}='vnc';
./xen.pm:260: $xtree{devices}->{graphics}->{'listen'}='0.0.0.0';
./xen.pm:276: my $vncport=$newxml->{devices}->{graphics}->{port};
./kvm.pm:557: $xtree{devices}->{graphics}->{type}='vnc';
./kvm.pm:570: my $vncport=$newxml->{devices}->{graphics}->{port};
xen.pm have such feature, kvm.pm - doesn't.
"vnc"
Starts a VNC server. The port attribute specifies the TCP port number (with -1 as legacy syntax indicating that it should be auto-allocated). The autoport attribute is the new preferred syntax for indicating autoallocation of the TCP port to use. The listen attribute is an IP address for the server to listen on. The passwd attribute provides a VNC password in clear text. The keymap attribute specifies the keymap to use.
I had not noticed that check in to Xen to unconditionally do that. I'm not particularly excited about opening that up unconditionally, it would have to be a non-default option, unless we enabled setting and changing the vnc password dynamically, which may not be a bad idea.
Why not use ssh tunneling as in wvid? I'm guessing there are users who will not have accounts on the hypervisor system being given access..
My concern is that provides unrestricted, unauthenticated access to remote kvm, allowing things like interacting with boot loader, passing kernel command line arguments, and other similar activities.
Should be fixed in 2.5.1, not in 2.5.
Jarrod Can you updated status on this old xCAT bug
Fixed in current (uses secure password generation instead of binding)