Libvirt absichern: Unterschied zwischen den Versionen

@@ Zeile 1: / Zeile 1: @@
-=Schlüssel erzeugen=
-*xinuxpki cert spock.xinux.lan
-oder mit [[openssl]]
-=Schlüssel und Zertifkate=
-==Privater Schlüssel==
-spock.xinux.lan.key
-==Öffentlicher Schlüssel und Zertifikat==
-spock.xinux.lan.crt
-==Öffentlicher Schlüssel und Zertifikat der CA==
-xin-ca.crt
-=Server=
-==Directory erzeugen und Datein kopieren==
-*mkdir -p /etc/pki/libvirt/private
-*mkdir -p /etc/pki/CA
-*cp xin-ca.crt /etc/pki/CA/cacert.pem
-*cp spock.xinux.lan.crt /etc/pki/libvirt
-*cp spock.xinux.lan.key /etc/pki/libvirt/private
-==Konfiguration==
-*cat  /etc/default/libvirt-bin
- start_libvirtd="yes"
- libvirtd_opts="-l"
-*cat  /etc/libvirt/libvirtd.conf
- listen_tls = 1
- tls_port = "16514"
- key_file = "/etc/pki/libvirt/private/spock.xinux.lan.key"
- cert_file = "/etc/pki/libvirt/spock.xinux.lan.crt"
- ca_file = "/etc/pki/CA/cacert.pem"
-==Services restarten==
-*systemctl restart libvirt-bin
-*systemctl restart libvirtd
-==Ports Checken==
-*netstat -lntp| grep libvirtd
- tcp        0      0 0.0.0.0:16514           0.0.0.0:*               LISTEN      1897/libvirtd
- tcp6       0      0 :::16514                :::*                    LISTEN      1897/libvirtd
-=Client=
-==Directory erzeugen und Datein kopieren==
-*mkdir -p /etc/pki/libvirt/private
-*mkdir -p /etc/pki/CA
-*cp xin-ca.crt /etc/pki/CA/cacert.pem
-*cp bajor.xinux.lan.crt /etc/pki/libvirt/clientcert.pem
-*cp bajor.xinux.lan.key /etc/pki/libvirt/private/clientkey.pem
-==Test==
-*virsh  -c qemu+tls://spock.xinux.lan/system list --all
-  Id    Name                           State
- ----------------------------------------------------
-  -     gina                           shut off

Libvirt absichern: Unterschied zwischen den Versionen

Aktuelle Version vom 10. Oktober 2017, 13:08 Uhr

Navigationsmenü

Suche