Libvirt TLS
Zur Navigation springen
Zur Suche springen
Schlüssel erzeugen
- xinuxpki cert spock.xinux.lan
oder mit openssl
Schlüssel und Zertifkate
Privater Schlüssel
spock.xinux.lan.key
Öffentlicher Schlüssel und Zertifikat
spock.xinux.lan.crt
Öffentlicher Schlüssel und Zertifikat der CA
xin-ca.crt
Server
Directory erzeugen und Datein kopieren
- mkdir -p /etc/pki/libvirt/private
- mkdir -p /etc/pki/CA
- cp xin-ca.crt /etc/pki/CA/cacert.pem
- cp spock.xinux.lan.crt /etc/pki/libvirt
- cp spock.xinux.lan.key /etc/pki/libvirt/private
Konfiguration
- cat /etc/default/libvirt-bin
start_libvirtd="yes" libvirtd_opts="-l"
- cat /etc/libvirt/libvirtd.conf
listen_tls = 1 tls_port = "16514" key_file = "/etc/pki/libvirt/private/spock.xinux.lan.key" cert_file = "/etc/pki/libvirt/spock.xinux.lan.crt" ca_file = "/etc/pki/CA/cacert.pem"
Services restarten
- systemctl restart libvirt-bin
- systemctl restart libvirtd
Ports Checken
- netstat -lntp| grep libvirtd
tcp 0 0 0.0.0.0:16514 0.0.0.0:* LISTEN 1897/libvirtd tcp6 0 0 :::16514 :::* LISTEN 1897/libvirtd
Client
Directory erzeugen und Datein kopieren
- mkdir -p /etc/pki/libvirt/private
- mkdir -p /etc/pki/CA
- cp xin-ca.crt /etc/pki/CA/cacert.pem
- cp bajor.xinux.lan.crt /etc/pki/libvirt/clientcert.pem
- cp bajor.xinux.lan.key /etc/pki/libvirt/private/clientkey.pem
Test
- virsh -c qemu+tls://spock.xinux.lan/system list --all
Id Name State ---------------------------------------------------- - gina shut off