Use host FQDN in VM console URLs

[pdonias]

Hello! Console objects have a location field, which is the URL to connect to the VM's console. That URL contains the IP address of the host. The issue is that when the host is using an SSL certificate, it's not possible to verify the certificate, as it is bound to the host's FQDN.

So my question is: would there be any way to get the host's FQDN instead of its IP address in the location field?

Maybe it could rely on the host's hostname, or the user could set it explicitly, or even via a DHCP call if that's possible?

[psafont]

The issue is that when the host is using an SSL certificate, it's not possible to verify the certificate, as it is bound to the host's FQDN.

I don't think this is the case for the default certificates in XS8. They contain a CN field, which contains an IP unless a user has forced a new certificate using the API. This field is given for backwards-compatibility with old clients. The certificate also contains Subject Alternate Names, with both DNS and IP Subjects. An example from the lab:

# openssl x509 -in /etc/xensource/xapi-ssl.pem -noout -subject
subject= /CN=10.10.41.7
# openssl x509 -in /etc/xensource/xapi-ssl.pem -noout -text | grep -B2 -i dns
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:r41s07, DNS:r41s07.xenserverlab, IP Address:10.10.41.7

Clients should be able to match against the IP as well as the DNS names. If the IP in the certificate doesn't match the host IP, then it's possible the network configuration changed after the certificate was generated, and a new one needs to be generated. If this is valid, however, the client should be fixed to use SAN to verify the connection.

In any case, it should be possible to link the same console with several URLs, in fact that's something that should be done for hosts with a management network interface with more than a single IP.