# AUTHOR , YEAR. # msgid "" msgstr "" "Project-Id-Version: Fedora Virtualization Guide\n" "POT-Creation-Date: 2011-03-02T01:07:52\n" "PO-Revision-Date: 2011-08-21 10:49+0000\n" "Last-Translator: Automatically generated\n" "Language-Team: Greek \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Language: el\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" #. Tag: title #, no-c-format msgid "Remote management of virtualized guests" msgstr "" #. Tag: para #, no-c-format msgid "" "This section explains how to remotely manage your virtualized guests using " "ssh or TLS and SSL." msgstr "" #. Tag: title #, no-c-format msgid "Remote management with SSH" msgstr "" #. Tag: para #, no-c-format msgid "" "The ssh package provides an encrypted network protocol " "which can securely send management functions to remote virtualization " "servers. The method described uses the libvirt management" " connection securely tunneled over an SSH " "connection to manage the remote machines. All the authentication is done " "using SSH public key cryptography and passwords " "or passphrases gathered by your local SSH agent. " "In addition the VNC console for each guest " "virtual machine is tunneled over SSH." msgstr "" #. Tag: para #, no-c-format msgid "" "SSH is usually configured by default so you " "probably already have SSH keys setup and no extra firewall rules needed to " "access the management service or VNC console." msgstr "" #. Tag: para #, no-c-format msgid "" "Be aware of the issues with using SSH for " "remotely managing your virtual machines, including:" msgstr "" #. Tag: para #, no-c-format msgid "" "you require root log in access to the remote machine for managing virtual " "machines," msgstr "" #. Tag: para #, no-c-format msgid "the initial connection setup process may be slow," msgstr "" #. Tag: para #, no-c-format msgid "" "there is no standard or trivial way to revoke a user's key on all hosts or " "guests, and" msgstr "" #. Tag: para #, no-c-format msgid "ssh does not scale well with larger numbers of remote machines." msgstr "" #. Tag: title #, no-c-format msgid "" "Configuring password less or password managed SSH" " access for virt-manager" msgstr "" #. Tag: para #, no-c-format msgid "" "The following instructions assume you are starting from scratch and do not " "already have SSH keys set up. If you have SSH " "keys set up and copied to the other systems you can skip this procedure." msgstr "" #. Tag: title #, no-c-format msgid "The user is important for remote management" msgstr "" #. Tag: para #, no-c-format msgid "" "SSH keys are user dependent. Only the user who owns the key may access that " "key." msgstr "" #. Tag: para #, no-c-format msgid "" "virt-manager must run as the user who owns the keys to " "connect to the remote host. That means, if the remote systems are managed by" " a non-root user virt-manager must be run in unprivileged" " mode. If the remote systems are managed by the local root user then the SSH" " keys must be own and created by root." msgstr "" #. Tag: para #, no-c-format msgid "" "You cannot manage the local host as an unprivileged user with virt-" "manager." msgstr "" #. Tag: title #, no-c-format msgid "Optional: Changing user" msgstr "" #. Tag: para #, no-c-format msgid "" "Change user, if required. This example uses the local root user for remotely" " managing the other hosts and the local host." msgstr "" #. Tag: screen #, no-c-format msgid "$ su -" msgstr "" #. Tag: title #, no-c-format msgid "Generating the SSH key pair" msgstr "" #. Tag: para #, no-c-format msgid "" "Generate a public key pair on the machine virt-manager is" " used. This example uses the default key location, in the " "~/.ssh/ directory." msgstr "" #. Tag: screen #, no-c-format msgid "$ ssh-keygen -t rsa\n" msgstr "" #. Tag: title #, no-c-format msgid "Coping the keys to the remote hosts" msgstr "" #. Tag: para #, no-c-format msgid "" "Remote login without a password, or with a passphrase, requires an SSH key " "to be distributed to the systems being managed. Use the ssh-copy-id command " "to copy the key to root user at the system address provided (in the example," " root@example.com)." msgstr "" #. Tag: screen #, no-c-format msgid "" "# ssh-copy-id -i ~/.ssh/id_rsa.pub root@example.com\n" "root@example.com's password:\n" "\n" "Now try logging into the machine, with \"ssh 'root@example.com'\", and check in:\n" "\n" "\n" " .ssh/authorized_keys\n" "\n" " \n" "to make sure we haven't added extra keys that you weren't expecting\n" "\n" "\n" "\t\t\t\t" msgstr "" #. Tag: para #, no-c-format msgid "Repeat for other systems, as required." msgstr "" #. Tag: title #, no-c-format msgid "Optional: Add the passphrase to the ssh-agent" msgstr "" #. Tag: para #, no-c-format msgid "" "Add the passphrase for the SSH key to the ssh-agent, if " "required. On the local host, use the following command to add the passphrase" " (if there was one) to enable password-less login." msgstr "" #. Tag: screen #, no-c-format msgid "# ssh-add ~/.ssh/id_rsa.pub" msgstr "" #. Tag: para #, no-c-format msgid "The SSH key was added to the remote system." msgstr "" #. Tag: title #, no-c-format msgid "" "The libvirt daemon (libvirtd)" msgstr "" #. Tag: para #, no-c-format msgid "" "The libvirt daemon provide an " "interface for managing virtual machines. You must have the libvirtd daemon installed and running on every" " remote host that needs managing." msgstr "" #. Tag: screen #, no-c-format msgid "" "$ ssh root@somehost\n" "# chkconfig libvirtd on\n" "# service libvirtd start\n" msgstr "" #. Tag: para #, no-c-format msgid "" "After libvirtd and " "SSH are configured you should be able to remotely" " access and manage your virtual machines. You should also be able to access " "your guests with VNC at this point." msgstr "" #. Tag: title #, no-c-format msgid "Accessing remote hosts with virt-manager" msgstr "" #. Tag: para #, no-c-format msgid "" "Remote hosts can be managed with the virt-manager GUI tool. SSH keys must " "belong to the user executing virt-manager for password-less login to work." msgstr "" #. Tag: para #, no-c-format msgid "Start virt-manager." msgstr "" #. Tag: para #, no-c-format msgid "" "Open the File->Add " "Connection menu." msgstr "" #. Tag: para #, no-c-format msgid "" "Input values for the hypervisor type, the connection, Connection->Remote " "tunnel over SSH, and enter the desired hostname, then click connection." msgstr "" #. Tag: title #, no-c-format msgid "Remote management over TLS and SSL" msgstr "" #. Tag: para #, no-c-format msgid "" "You can manage virtual machines using TLS and SSL. TLS and SSL provides " "greater scalability but is more complicated than ssh (refer to ). TLS and SSL is the same technology used by" " web browsers for secure connections. The libvirt " "management connection opens a TCP port for incoming connections, which is " "securely encrypted and authenticated based on x509 certificates. In addition" " the VNC console for each guest virtual machine will be setup to use TLS " "with x509 certificate authentication." msgstr "" #. Tag: para #, no-c-format msgid "" "This method does not require shell accounts on the remote machines being " "managed. However, extra firewall rules are needed to access the management " "service or VNC console. Certificate revocation lists can revoke users' " "access." msgstr "" #. Tag: title #, no-c-format msgid "Steps to setup TLS/SSL access for virt-manager" msgstr "" #. Tag: para #, no-c-format msgid "" "The following short guide assuming you are starting from scratch and you do " "not have any TLS/SSL certificate knowledge. If you are lucky enough to have " "a certificate management server you can probably skip the first steps." msgstr "" #. Tag: term #, no-c-format msgid "libvirt server setup" msgstr "" #. Tag: para #, no-c-format msgid "" "For more information on creating certificates, refer to the " "libvirt website, http://libvirt.org/remote.html." msgstr "" #. Tag: term #, no-c-format msgid "" "virt-manager and virsh client setup" msgstr "" #. Tag: para #, no-c-format msgid "" "The setup for clients is slightly inconsistent at this time. To enable the " "libvirt management API over TLS, the CA and client " "certificates must be placed in /etc/pki. For details on " "this consult http://libvirt.org/remote.html" msgstr "" #. Tag: para #, no-c-format msgid "" "In the virt-manager user interface, use the " "'SSL/TLS' transport mechanism option when connecting " "to a host." msgstr "" #. Tag: para #, no-c-format msgid "For virsh, the URI has the following format:" msgstr "" #. Tag: para #, no-c-format msgid "qemu://hostname.guestname/system for KVM." msgstr "" #. Tag: para #, no-c-format msgid "" "To enable SSL and TLS for VNC, it is necessary to put the certificate " "authority and client certificates into $HOME/.pki, that" " is the following three files:" msgstr "" #. Tag: para #, no-c-format msgid "CA or ca-cert.pem - The CA certificate." msgstr "" #. Tag: para #, no-c-format msgid "" "libvirt-vnc or clientcert.pem - The " "client certificate signed by the CA." msgstr "" #. Tag: para #, no-c-format msgid "" "libvirt-vnc or clientkey.pem - The " "client private key." msgstr "" #. Tag: title #, no-c-format msgid "Transport modes" msgstr "" #. Tag: para #, no-c-format msgid "" "For remote management, libvirt supports the following " "transport modes:" msgstr "" #. Tag: title #, no-c-format msgid "Transport Layer Security (TLS)" msgstr "" #. Tag: para #, no-c-format msgid "" "Transport Layer Security TLS 1.0 (SSL 3.1) authenticated and encrypted " "TCP/IP socket, usually listening on a public port number. To use this you " "will need to generate client and server certificates. The standard port is " "16514." msgstr "" #. Tag: title #, no-c-format msgid "UNIX sockets" msgstr "" #. Tag: para #, no-c-format msgid "" "Unix domain sockets are only accessible on the local machine. Sockets are " "not encrypted, and use UNIX permissions or SELinux for authentication. The " "standard socket names are /var/run/libvirt/libvirt-sock" " and /var/run/libvirt/libvirt-sock-ro (for read-only " "connections)." msgstr "" #. Tag: title #, no-c-format msgid "SSH" msgstr "" #. Tag: para #, no-c-format msgid "" "Transported over a Secure Shell protocol (SSH) connection. Requires Netcat " "(the nc package) installed. The libvirt daemon " "(libvirtd) must be running on the remote machine. Port 22" " must be open for SSH access. You should use some sort of ssh key management" " (for example, the ssh-agent utility) or you will be " "prompted for a password." msgstr "" #. Tag: title #, no-c-format msgid "ext" msgstr "" #. Tag: para #, no-c-format msgid "" "The ext parameter is used for any external program " "which can make a connection to the remote machine by means outside the scope" " of libvirt. This parameter is experimental." msgstr "" #. Tag: title #, no-c-format msgid "tcp" msgstr "" #. Tag: para #, no-c-format msgid "" "Unencrypted TCP/IP socket. Not recommended for production use, this is " "normally disabled, but an administrator can enable it for testing or use " "over a trusted network. The default port is 16509." msgstr "" #. Tag: para #, no-c-format msgid "The default transport, if no other is specified, is tls." msgstr "" #. Tag: title #, no-c-format msgid "Remote URIs" msgstr "" #. Tag: para #, no-c-format msgid "" "A Uniform Resource Identifier (URI) is used by virsh and " "libvirt to connect to a remote host. URIs can also be " "used with the --connect parameter for the " "virsh command to execute single commands or migrations on" " remote hosts." msgstr "" #. Tag: para #, no-c-format msgid "" "libvirt URIs take the general form (content in square brackets, \"[]\", " "represents optional functions):" msgstr "" #. Tag: screen #, no-c-format msgid "" "driver[+transport]://[username@][hostname][:port]/[path][?extraparameters]\n" msgstr "" #. Tag: para #, no-c-format msgid "" "The transport method or the hostname must be provided to target an external " "location." msgstr "" #. Tag: title #, no-c-format msgid "Examples of remote management parameters" msgstr "" #. Tag: para #, no-c-format msgid "" "Connect to a remote KVM host named server7, using " "SSH transport and the SSH username ccurran." msgstr "" #. Tag: screen #, no-c-format msgid "qemu+ssh://ccurran@server7/\n" msgstr "" #. Tag: para #, no-c-format msgid "" "Connect to a remote KVM hypervisor on the host named " "server7 using TLS." msgstr "" #. Tag: screen #, no-c-format msgid "qemu://server7/\n" msgstr "" #. Tag: para #, no-c-format msgid "" "Connect to a remote KVM hypervisor on host server7 " "using TLS. The no_verify=1 instructs libvirt not to " "verify the server's certificate." msgstr "" #. Tag: screen #, no-c-format msgid "qemu://server7/?no_verify=1\n" msgstr "" #. Tag: title #, no-c-format msgid "Testing examples" msgstr "" #. Tag: para #, no-c-format msgid "" "Connect to the local KVM hypervisor with a non-standard UNIX socket. The " "full path to the Unix socket is supplied explicitly in this case." msgstr "" #. Tag: screen #, no-c-format msgid "qemu+unix:///system?socket=/opt/libvirt/run/libvirt/libvirt-sock\n" msgstr "" #. Tag: para #, no-c-format msgid "" "Connect to the libvirt daemon with an unencrypted TCP/IP connection to the " "server with the IP address 10.1.1.10 on port 5000. This uses the test driver" " with default settings." msgstr "" #. Tag: screen #, no-c-format msgid "test+tcp://10.1.1.10:5000/default\n" msgstr "" #. Tag: title #, no-c-format msgid "Extra URI parameters" msgstr "" #. Tag: para #, no-c-format msgid "" "Extra parameters can be appended to remote URIs. The table below " "covers the recognized parameters. All other parameters are ignored. Note " "that parameter values must be URI-escaped (that is, a question mark (?) is " "appended before the parameter and special characters are converted into the " "URI format)." msgstr "" #. Tag: entry #, no-c-format msgid "Name" msgstr "" #. Tag: entry #, no-c-format msgid "Transport mode" msgstr "" #. Tag: entry #, no-c-format msgid "Description" msgstr "" #. Tag: entry #, no-c-format msgid "Example usage" msgstr "" #. Tag: entry #, no-c-format msgid "name" msgstr "" #. Tag: entry #, no-c-format msgid "all modes" msgstr "" #. Tag: entry #, no-c-format msgid "" "The name passed to the remote virConnectOpen function. The name is normally " "formed by removing transport, hostname, port number, username and extra " "parameters from the remote URI, but in certain very complex cases it may be " "better to supply the name explicitly." msgstr "" #. Tag: entry #, no-c-format msgid "name=qemu:///system" msgstr "" #. Tag: entry #, no-c-format msgid "command" msgstr "" #. Tag: entry #, no-c-format msgid "ssh and ext" msgstr "" #. Tag: entry #, no-c-format msgid "" "The external command. For ext transport this is required. For ssh the " "default is ssh. The PATH is searched for the command." msgstr "" #. Tag: entry #, no-c-format msgid "command=/opt/openssh/bin/ssh" msgstr "" #. Tag: entry #, no-c-format msgid "socket" msgstr "" #. Tag: entry #, no-c-format msgid "unix and ssh" msgstr "" #. Tag: entry #, no-c-format msgid "" "The path to the UNIX domain socket, which overrides the default. For ssh " "transport, this is passed to the remote netcat command (see netcat)." msgstr "" #. Tag: entry #, no-c-format msgid "socket=/opt/libvirt/run/libvirt/libvirt-sock" msgstr "" #. Tag: entry #, no-c-format msgid "netcat" msgstr "" #. Tag: entry #, no-c-format msgid "ssh" msgstr "" #. Tag: para #, no-c-format msgid "" "The netcat command can be used to connect to remote " "systems. The default netcat parameter uses the nc " "command. For SSH transport, libvirt constructs an SSH command using the form" " below:" msgstr "" #. Tag: para #, no-c-format msgid "" "command -p port [-l " "username] hostname" msgstr "" #. Tag: para #, no-c-format msgid "netcat -U socket" msgstr "" #. Tag: para #, no-c-format msgid "" "The port, username and " "hostname parameters can be specified as part of the " "remote URI. The command, " "netcat and socket come from " "other extra parameters." msgstr "" #. Tag: entry #, no-c-format msgid "netcat=/opt/netcat/bin/nc" msgstr "" #. Tag: entry #, no-c-format msgid "no_verify" msgstr "" #. Tag: entry #, no-c-format msgid "tls" msgstr "" #. Tag: entry #, no-c-format msgid "" "If set to a non-zero value, this disables client checks of the server's " "certificate. Note that to disable server checks of the client's certificate " "or IP address you must change the libvirtd configuration." msgstr "" #. Tag: entry #, no-c-format msgid "no_verify=1" msgstr "" #. Tag: entry #, no-c-format msgid "no_tty" msgstr "" #. Tag: entry #, no-c-format msgid "" "If set to a non-zero value, this stops ssh from asking for a password if it " "cannot log in to the remote machine automatically (for using ssh-agent or " "similar). Use this when you do not have access to a terminal - for example " "in graphical programs which use libvirt." msgstr "" #. Tag: entry #, no-c-format msgid "no_tty=1" msgstr ""