Is it possible to access XenStore remotely?

Is it possible to access XenStore remotely?

[weiming]

[-- Attachment #1.1: Type: text/plain, Size: 173 bytes --]

Hi,

Is it possible to read/write the xenstore from another physical machine?

I know it uses Unix socket. So it looks hard to access it remotely, isn't
it?

Thanks,
Zephyr

[-- Attachment #1.2: Type: text/html, Size: 206 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: Is it possible to access XenStore remotely?

[Vincent Hanquez]

weiming wrote:
> Hi,
>
> Is it possible to read/write the xenstore from another physical machine?
>
> I know it uses Unix socket. So it looks hard to access it remotely, 
> isn't it?
Hi weiming,

whilst it's not possible at the moment and certainly a bad idea security 
wise, make xenstored listen on a tcp socket along with the unix socket 
is very easy.

cheers,
--
Vincent

Re: Is it possible to access XenStore remotely?

[weiming]

[-- Attachment #1.1: Type: text/plain, Size: 688 bytes --]

Hi VIncent,

Yes, I'm considering adding a TCP socket for xenstored.

Since xen apis can be called remotely, there's no reason to prevent
accessing xenstore in the same way.

thanks,
Weiming

On Thu, Aug 20, 2009 at 5:24 AM, Vincent Hanquez <
vincent.hanquez@eu.citrix.com> wrote:

> weiming wrote:
>
>> Hi,
>>
>> Is it possible to read/write the xenstore from another physical machine?
>>
>> I know it uses Unix socket. So it looks hard to access it remotely, isn't
>> it?
>>
> Hi weiming,
>
> whilst it's not possible at the moment and certainly a bad idea security
> wise, make xenstored listen on a tcp socket along with the unix socket is
> very easy.
>
> cheers,
> --
> Vincent
>
>

[-- Attachment #1.2: Type: text/html, Size: 1247 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: Is it possible to access XenStore remotely?

[Ian Jackson]

weiming writes ("Re: [Xen-devel] Is it possible to access XenStore remotely?"):
> Yes, I'm considering adding a TCP socket for xenstored.

As Jean says, this is easy but probably unwise.

> Since xen apis can be called remotely, there's no reason to prevent
> accessing xenstore in the same way.

You will need to think about access control.  I don't think we will be
accepting any patches to implement the more complex access control
which will be necessary, so you'll be maintaining a private branch.

Ian.

Re: Is it possible to access XenStore remotely?

[Tim Post]

Hi,

On Thu, 2009-08-20 at 10:00 -0400, weiming wrote:
> Hi VIncent,
> 
> Yes, I'm considering adding a TCP socket for xenstored. 
> 
> Since xen apis can be called remotely, there's no reason to prevent
> accessing xenstore in the same way.

We did this when working on an experiment to use Xen on a single system
image. Our implementation utilized a private back-end LAN which was not
exposed to dom-u's that faced the public, so no authentication mechanism
was needed. We needed to set up remote watches to facilitate a sort of
'cluster wide upstart for xen'. 

I would warn you, XenStore is fragile and often fickle, I've crashed it
many times within a guest while working on split drivers for various
character devices.

If you expose it via sockets, without having the API as a buffer to take
most 'brute force' abuse, be sure to code very defensively and utilize
iptables to restrict access. While xend can be re-started , xenstored
can not.

Yes, API's can be called remotely, however some diligence prevails
before the API actually talks to xenstore.

Cheers,
--Tim



> 
> thanks,
> Weiming
> 
> On Thu, Aug 20, 2009 at 5:24 AM, Vincent Hanquez
> <vincent.hanquez@eu.citrix.com> wrote:
>         
>         weiming wrote:
>                 Hi,
>                 
>                 Is it possible to read/write the xenstore from another
>                 physical machine?
>                 
>                 I know it uses Unix socket. So it looks hard to access
>                 it remotely, isn't it?
>         Hi weiming,
>         
>         whilst it's not possible at the moment and certainly a bad
>         idea security wise, make xenstored listen on a tcp socket
>         along with the unix socket is very easy.
>         
>         cheers,
>         --
>         Vincent
>         
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
-- 
Monkey + Typewriter = Echoreply ( http://echoreply.us )

Re: [Xen-devel] Is it possible to access XenStore remotely?

[Ian Jackson]

Tim Post writes ("Re: [Xen-devel] Is it possible to access XenStore remotely?"):
> I would warn you, XenStore is fragile and often fickle, I've crashed it
> many times within a guest while working on split drivers for various
> character devices.

If xenstored can be crashed then we should fix it.  Can you remember
any of the things which caused it to fall over ?

Ian.

Re: [Xen-devel] Is it possible to access XenStore remotely?

[Vincent Hanquez]

Ian Jackson wrote:
> Tim Post writes ("Re: [Xen-devel] Is it possible to access XenStore remotely?"):
>   
>> I would warn you, XenStore is fragile and often fickle, I've crashed it
>> many times within a guest while working on split drivers for various
>> character devices.
>>     
>
> If xenstored can be crashed then we should fix it.  Can you remember
> any of the things which caused it to fall over ?
>   
or we could just install the ocaml implementation by default.
it has already proven to be a lot better security wise.

(it's still interesting to know what caused the crash, so we can 
probably add that to some kind of harness)

-- 
Vincent

Re: Is it possible to access XenStore remotely?

[Tim Post]

Ian,

On Mon, 2009-08-24 at 17:05 +0100, Ian Jackson wrote:
> Tim Post writes ("Re: [Xen-devel] Is it possible to access XenStore remotely?"):
> > I would warn you, XenStore is fragile and often fickle, I've crashed it
> > many times within a guest while working on split drivers for various
> > character devices.
> 
> If xenstored can be crashed then we should fix it.  Can you remember
> any of the things which caused it to fall over ?

Mostly, it was run away writers caught in a brain dead loop. It was not
difficult to DoS the store from within a guest accidentally or
deliberately.

I also remember using watches on a single key that changed frequently
without using xs_read_watch() since I already knew what fired, that
caused a total crash of xenstored.

I've also had xs_transaction_end() return -EAGAIN frequently on busy
systems.

The ocaml version of xenstored is much more resilient to abuse, be it
accidental or deliberate.

Cheers,
--Tim


-- 
Monkey + Typewriter = Echoreply ( http://echoreply.us )