[ovirt-users] Thinking loud about VM's serial console access

Jiri Belka jbelka at redhat.com
Fri Oct 17 11:15:43 EDT 2014


Hi,

on KVM forum VM's serial console access was raised. I'd like to make
some comments, hopefully it would help to think about how we would
access VM's serial consoles in oVirt.

1. encrypted access (ssh preferable) is a must

2. not to type any automatically generated password to access
   serial console should be possible (like for spice)

   i can imagine a centralized console server could be used to
   manage all serial console accesses. usually such console servers are
   access via ssh and then a connection is spawned and sysadmin's ssh
   session is connected to remote serial console without any action

3. not to see a interactive menu should be possible

   there can be serial console output parser/monitor persistently
   running to catch kernel outputs and alerts in console. if kernel
   crashes, the output is on console and thus a monitoring can catch it

4. access to VM's serial console should not require to know where a VM
   is running (thus to know host fqdn/IP)

   this is obvious, a sysadmin wants to just get serial console without
   manual kung-fu

5. multi-user access to one VM's serial console

   in some paranoid environment there must be two people working
   together, each controlling other. whatever. multi-user concurrency
   should be possible, there can be passive serial console output
   parser/monitor and sysadmin's interactive session

Hopefully the above will contribute to implementation design. All above
is possible with open source tools while using real hw serial consoles,
thus it would be expected that implementation for VM's serial console
would work similarly.

FYI I created RFE for qemu for TLS mode for chardev socket
 https://bugzilla.redhat.com/show_bug.cgi?id=1154115, so there could be
a way not to use ssh to host as this has been not preferred by
alonbl@ for other functionality in the past :)

j.


More information about the Users mailing list