[ovirt-users] Thinking loud about VM's serial console access

Hi, on KVM forum VM's serial console access was raised. I'd like to make some comments, hopefully it would help to think about how we would access VM's serial consoles in oVirt. 1. encrypted access (ssh preferable) is a must 2. not to type any automatically generated password to access serial console should be possible (like for spice) i can imagine a centralized console server could be used to manage all serial console accesses. usually such console servers are access via ssh and then a connection is spawned and sysadmin's ssh session is connected to remote serial console without any action 3. not to see a interactive menu should be possible there can be serial console output parser/monitor persistently running to catch kernel outputs and alerts in console. if kernel crashes, the output is on console and thus a monitoring can catch it 4. access to VM's serial console should not require to know where a VM is running (thus to know host fqdn/IP) this is obvious, a sysadmin wants to just get serial console without manual kung-fu 5. multi-user access to one VM's serial console in some paranoid environment there must be two people working together, each controlling other. whatever. multi-user concurrency should be possible, there can be passive serial console output parser/monitor and sysadmin's interactive session Hopefully the above will contribute to implementation design. All above is possible with open source tools while using real hw serial consoles, thus it would be expected that implementation for VM's serial console would work similarly. FYI I created RFE for qemu for TLS mode for chardev socket https://bugzilla.redhat.com/show_bug.cgi?id=1154115, so there could be a way not to use ssh to host as this has been not preferred by alonbl@ for other functionality in the past :) j.