The change was in server side code, so maybe. On Jan 4, 2013 1:09 PM, "Wido den Hollander" <w...@widodh.nl> wrote:
> Hi, > > I just noticed that CLOUDSTACK-411 got resolved which is related to > CLOUDSTACK-410 > > * > https://issues.apache.org/**jira/browse/CLOUDSTACK-410<https://issues.apache.org/jira/browse/CLOUDSTACK-410> > * > https://issues.apache.org/**jira/browse/CLOUDSTACK-411<https://issues.apache.org/jira/browse/CLOUDSTACK-411> > > Today I made this commit: 7240204a507cce8143c248e6aa635d**a6dad60ed0 > > About 7 months ago I already fixed that the listen address for VNC would > be set to the private IP of the hypervisor so that you don't have to > specify vnc_listen in qemu.conf > > With vnc listening on 0.0.0.0 you have a potential security issue since > you need a firewall to prevent the whole world connecting to your VNC. > > <graphics type='vnc' port='5907' autoport='yes' listen='10.4.0.67'> > <listen type='address' address='10.4.0.67'/> > </graphics> > > That's how the XML definition looks like. > > With commit 7240204a507cce8143c248e6aa635d**a6dad60ed0 this works again, > but 30 minutes later I figured out that migrations brake due to this, dôh! > > On the other hypervisor that private IP isn't available for binding, so > Qemu won't start... > > Instead of reverting the commit I'm now working on changing the XML during > migration. libvirt supports this, but libvirt-java doesn't. > > I have a bunch of patches still ready for libvirt-java. Together with > those patches I'll submit this to the libvirt guys next week. > > The method in libvirt-java will be: > > migrate(Connect dconn, long flags, String dxml, String dname, String uri, > long bandwidth) > > dxml: (optional) XML config for launching guest on target > > In LibvirtComputingResource I'll generate a new XML with the private IP of > the new hypervisor and pass that on to the migrate method. > > For the 4.1 release libvirt-java 0.5.0 should be out and this should then > work. > > No more need for setting vnc_listen in qemu.conf and no potential security > leak of having VNC listening world-wide (assuming your hypervisor has a > public IP). > > Just wanted to let you know what I'm working on. > > Wido >
