[ovirt-users] Thinking loud about VM's serial console access
Jiri Belka
jbelka at redhat.com
Fri Oct 17 11:15:43 EDT 2014
Hi,
on KVM forum VM's serial console access was raised. I'd like to make
some comments, hopefully it would help to think about how we would
access VM's serial consoles in oVirt.
1. encrypted access (ssh preferable) is a must
2. not to type any automatically generated password to access
serial console should be possible (like for spice)
i can imagine a centralized console server could be used to
manage all serial console accesses. usually such console servers are
access via ssh and then a connection is spawned and sysadmin's ssh
session is connected to remote serial console without any action
3. not to see a interactive menu should be possible
there can be serial console output parser/monitor persistently
running to catch kernel outputs and alerts in console. if kernel
crashes, the output is on console and thus a monitoring can catch it
4. access to VM's serial console should not require to know where a VM
is running (thus to know host fqdn/IP)
this is obvious, a sysadmin wants to just get serial console without
manual kung-fu
5. multi-user access to one VM's serial console
in some paranoid environment there must be two people working
together, each controlling other. whatever. multi-user concurrency
should be possible, there can be passive serial console output
parser/monitor and sysadmin's interactive session
Hopefully the above will contribute to implementation design. All above
is possible with open source tools while using real hw serial consoles,
thus it would be expected that implementation for VM's serial console
would work similarly.
FYI I created RFE for qemu for TLS mode for chardev socket
https://bugzilla.redhat.com/show_bug.cgi?id=1154115, so there could be
a way not to use ssh to host as this has been not preferred by
alonbl@ for other functionality in the past :)
j.
More information about the Users
mailing list