I'll create a patch for it.
> -----Original Message----- > From: Chip Childers [mailto:chip.child...@sungard.com] > Sent: Thursday, March 21, 2013 5:19 PM > To: dev@cloudstack.apache.org > Cc: cloudstack-...@incubator.apache.org > Subject: Re: VNC listen address for KVM > > On Thu, Mar 21, 2013 at 04:11:56PM -0700, Edison Su wrote: > > At least, need to revert the following change: > > - GraphicDef grap = new GraphicDef("vnc", (short) 0, true, > > null, null, > > + GraphicDef grap = new GraphicDef("vnc", (short) 0, > > + true, vmTO.getVncAddr(), null, > > null); > > > > in LibvirtComputingResource in 4.1, otherwise, live migration will not work > as Wido pointed out. > > Can someone provide a clean patch for 4.1 for this? Also need a bug ID for > the commit. > > > > > > -----Original Message----- > > > From: Marcus Sorensen [mailto:shadow...@gmail.com] > > > Sent: Thursday, March 21, 2013 2:02 PM > > > To: cloudstack-...@incubator.apache.org > > > Subject: Re: VNC listen address for KVM > > > > > > To be clear, it doesn't break consoleproxy for me, but it breaks > > > migration as wido mentions in his long first post. I think he > > > intended to fix it with the new libvirt 0.5.0 bindings rather than roll > > > back, > but it didn't happen before the cut. > > > It should probably be rolled back on both 4.1 and master at this > > > point, lest it be forgotten, and he can add it back in once we for > > > certain have the new libvirt bindings and fix. > > > > > > On Thu, Mar 21, 2013 at 2:46 PM, Marcus Sorensen > > > <shadow...@gmail.com> > > > wrote: > > > > The change was in server side code, so maybe. > > > > > > > > On Jan 4, 2013 1:09 PM, "Wido den Hollander" <w...@widodh.nl> > wrote: > > > >> > > > >> Hi, > > > >> > > > >> I just noticed that CLOUDSTACK-411 got resolved which is related > > > >> to > > > >> CLOUDSTACK-410 > > > >> > > > >> * https://issues.apache.org/jira/browse/CLOUDSTACK-410 > > > >> * https://issues.apache.org/jira/browse/CLOUDSTACK-411 > > > >> > > > >> Today I made this commit: > > > >> 7240204a507cce8143c248e6aa635da6dad60ed0 > > > >> > > > >> About 7 months ago I already fixed that the listen address for > > > >> VNC would be set to the private IP of the hypervisor so that you > > > >> don't have to specify vnc_listen in qemu.conf > > > >> > > > >> With vnc listening on 0.0.0.0 you have a potential security issue > > > >> since you need a firewall to prevent the whole world connecting > > > >> to your > > > VNC. > > > >> > > > >> <graphics type='vnc' port='5907' autoport='yes' listen='10.4.0.67'> > > > >> <listen type='address' address='10.4.0.67'/> > > > >> </graphics> > > > >> > > > >> That's how the XML definition looks like. > > > >> > > > >> With commit 7240204a507cce8143c248e6aa635da6dad60ed0 this > works > > > >> again, but > > > >> 30 minutes later I figured out that migrations brake due to this, dôh! > > > >> > > > >> On the other hypervisor that private IP isn't available for > > > >> binding, so Qemu won't start... > > > >> > > > >> Instead of reverting the commit I'm now working on changing the > > > >> XML during migration. libvirt supports this, but libvirt-java doesn't. > > > >> > > > >> I have a bunch of patches still ready for libvirt-java. Together > > > >> with those patches I'll submit this to the libvirt guys next week. > > > >> > > > >> The method in libvirt-java will be: > > > >> > > > >> migrate(Connect dconn, long flags, String dxml, String dname, > > > >> String uri, long bandwidth) > > > >> > > > >> dxml: (optional) XML config for launching guest on target > > > >> > > > >> In LibvirtComputingResource I'll generate a new XML with the > > > >> private IP of the new hypervisor and pass that on to the migrate > method. > > > >> > > > >> For the 4.1 release libvirt-java 0.5.0 should be out and this > > > >> should then work. > > > >> > > > >> No more need for setting vnc_listen in qemu.conf and no potential > > > >> security leak of having VNC listening world-wide (assuming your > > > >> hypervisor has a public IP). > > > >> > > > >> Just wanted to let you know what I'm working on. > > > >> > > > >> Wido > >
