Extra parameters can be added to a URI as part of the query string
(the part following ?). A single parameter is formed by a
@@ -117,7 +117,7 @@ vpx://example-vcenter.com/dc1/cluster1/example-esx.com
In order to perform a migration the driver needs to know the
VMware vCenter for the ESX server. If set to *,
the driver connects to the vCenter known to the ESX server.
- This paramater in useful when connecting to an ESX server only.
+ This parameter in useful when connecting to an ESX server only.
+ By default the ESX driver uses HTTPS to communicate with an ESX server. + Proper HTTPS communication requires correctly configured SSL + certificates. This certificates are different from the ones libvirt + uses for secure communication over TLS to a + libvirtd one a remote server. +
++ By default the driver tries to verify the server's SSL certificate + using the CA certificate pool installed on your client computer. With + an out-of-the-box installed ESX server this won't work, because a newly + installed ESX server uses auto-generated self-signed certificates. + Those are singed by a CA certificate that is typically not known to your + client computer and libvirt will report an error like this one: +
++error: internal error curl_easy_perform() returned an error: Peer certificate cannot be authenticated with known CA certificates (60) ++
+ Where are two ways to solve this problem: +
+no_verify=1 extra parameter
+ to disable server certificate verification.
+ + There are also other causes for connection problems than the + HTTPS certificate related ones. +
++$ virsh -c esx+tcp://example.com/ +error: unable to connect to libvirtd at 'example.com': Connection refused ++
+$ virsh -c esx+tls://example.com/ +error: Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory ++
+$ virsh -c esx+ssh://example.com/ +error: cannot recv data: ssh: connect to host example.com port 22: Connection refused ++
+$ virsh -c esx+ssh://example.com/ +error: cannot recv data: Resource temporarily unavailable ++
+$ virsh -c esx://example.com/ +error: Cannot access CA certificate '/etc/pki/CA/cacert.pem': No such file or directory ++
+ Don't let this error message confuse you. Setting up certificates + as described on the remote transport mechanism page + does not help, as this is not a certificate related problem. +
++ To fix this problem you need to update your libvirt to 0.7.0 or newer. + You may also see this error when you use a libvirt version that + contains the ESX driver but you or your distro disabled the ESX + driver during compilation. Since 0.8.3 + the error message has been improved in this case: +
++$ virsh -c esx://example.com/ +error: invalid argument in libvirt was built without the 'esx' driver ++
Some methods of the VI API start tasks, for example diff --git a/docs/remote.html.in b/docs/remote.html.in index 37b019b5f852d5ce6c5c8acb572f71fd52c4c765..b0fdb7c2ef637b3bba2ac7b6f133ef25234d6a26 100644 --- a/docs/remote.html.in +++ b/docs/remote.html.in @@ -61,11 +61,17 @@ machines through authenticated and encrypted connections. Basic usage
-On the remote machine, libvirtd should be running.
+On the remote machine, libvirtd should be running in general.
See the section
on configuring libvirtd for more information.
+ Not all hypervisors supported by libvirt require a running
+ libvirtd. If you want to connect to a VMware ESX/ESXi or
+ GSX server then libvirtd is not necessary. See the
+ VMware ESX page for details.
+
To tell libvirt that you want to access a remote resource,
you should supply a hostname in the normal URI that is passed
to virConnectOpen (or virsh -c ...).