Re: Guestinfo alike info polling from Guest via guest-agent

qemu-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Guestinfo alike info polling from Guest via guest-agent

From:	Florian Lohoff
Subject:	Re: Guestinfo alike info polling from Guest via guest-agent
Date:	Thu, 12 Dec 2024 08:15:01 +0100
User-agent:	NeoMutt/20170113 (1.7.2)

Hi Connor,

On Wed, Dec 11, 2024 at 08:52:09PM -0800, Connor Kuehl wrote:
> On 11/21/24 5:33 AM, Florian Lohoff via wrote:
> > 
> > Hi,
> > is there a way with qemu-guest-agent to push infos down to the
> > hypervisor?
> 
> I may be placing undue emphasis on your use of the word "push", but
> as far as I'm aware, qemu-guest-agent strictly responds to requests
> *from* the hypervisor, and does not have a way of sending information
> unsolicited to it.

> That said, the hypervisor can send requests to qemu-ga whenever it wants
> (assuming the guest agent is listening.)
> 
> The qemu-ga protocol supports a number of remote procedure calls[1].
> I recommend checking it out.
> 
> With regards to the specific use-case above, you might be able to accomplish
> that with one or more of guest-file-open, guest-exec, or maybe
> something else I didn't see.
> 
> [1] https://www.qemu.org/docs/master/interop/qemu-ga-ref.html

I found that - and "exec cat /etc/ssh/ssh_host*.pub" works but for
me thats a deep intrusion into the guests OS and i would rather not see
something like that working.

I like the vmwares possibility of storing variables in the hypervisor 
with small blobs e.g. like ssh host keys. Which makes it possible to
retrieve host keys Out of band without security nightmares like
stricthostkeychecking=no or userknownhostfile=/dev/null and the like.

I use it to mark the VM to be available for connection and i also copy
ssh host keys to the customers netbox. From netbox i generate DNS with "sshfp" 
DNS records, and the start of all ansible first replaces the local 
ssh known hosts from the ones in netbox - So no hackery needed on
"first connect" from anywhere. SSH Host keys are common knowledge after
that because we had a secure out of band channel. 

I am trying to find a solution for this with qemu and i fail - sort of.

Thats the last commands in a vmware setup:

for key in /etc/ssh/ssh_host_*pub; do
        base=$(basename $key | sed -e 's/.pub$/_pub/')
        vmtoolsd --cmd="info-set guestinfo.$base ""$(base64 -w0 <$key)"
done

Then you have your ssh keys as e.g. "guestinfo.ssh_host_ed25519_key_pub" in your
hypervisors variable store for that VM.

Flo
-- 
Florian Lohoff                                                     f@zz.de
  Any sufficiently advanced technology is indistinguishable from magic.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Guestinfo alike info polling from Guest via guest-agent, Connor Kuehl, 2024/12/11
- Re: Guestinfo alike info polling from Guest via guest-agent, Florian Lohoff <=
  - Re: Guestinfo alike info polling from Guest via guest-agent, Connor Kuehl, 2024/12/12
    - Re: Guestinfo alike info polling from Guest via guest-agent, Florian Lohoff, 2024/12/12

Prev by Date: Re: Guestinfo alike info polling from Guest via guest-agent
Next by Date: Re: Guestinfo alike info polling from Guest via guest-agent
Previous by thread: Re: Guestinfo alike info polling from Guest via guest-agent
Next by thread: Re: Guestinfo alike info polling from Guest via guest-agent
Index(es):
- Date
- Thread