在客户机中访问 qemu 监视器的方法

tag-icon tag-icon qemu
在客户机中访问 qemu 监视器的方法

除了按 Ctrl+Alt+2 键之外,还有哪些方法可以访问客户机(即 VM)内的 qemu 监视器?我们有没有办法从客户机使用 telnet 访问 qemu 监视器?

答案1

是的,但请记住,访问 QEMU 监视器等于访问主机

许多公开的命令将指示 QEMU 访问主机文件系统上的内容和/或触发外部进程的生成。

因此考虑加密、身份验证,看看https://www.berrange.com/posts/2016/08/16/improving-qemu-security-part-6-tls-support-for-character-devices/。因此它只允许 TLS 身份验证。

qemu-system-x86_64 -chardev socket,help | sed 's/^/    /'
chardev options:
  abstract=<bool (on/off)>
  append=<bool (on/off)>
  backend=<str>
  chardev=<str>
  cols=<num>
  debug=<num>
  delay=<bool (on/off)>
  fd=<str>
  height=<num>
  host=<str>
  ipv4=<bool (on/off)>
  ipv6=<bool (on/off)>
  localaddr=<str>
  localport=<str>
  logappend=<bool (on/off)>
  logfile=<str>
  mux=<bool (on/off)>
  name=<str>
  path=<str>
  port=<str>
  reconnect=<num>
  rows=<num>
  server=<bool (on/off)>
  signal=<bool (on/off)>
  size=<size>
  telnet=<bool (on/off)>
  tight=<bool (on/off)>
  tls-authz=<str>
  tls-creds=<str>
  tn3270=<bool (on/off)>
  to=<num>
  wait=<bool (on/off)>
  websocket=<bool (on/off)>
  width=<num>

如果您希望多用户访问 QEMU 监视器,可以考虑使用 conserver(https://www.conserver.com/) 在单独的 QEMU 监视控制台中,这样您就可以定义用户/组等……

也可以看看:https://qemu.readthedocs.io/en/latest/system/invocation.html#hxtool-6或者https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-qemu-monitor.html

快速示例,通过 GTK GUI 显示,使用用户空间网络,监视绑定的 TCP 端口 192.168.1.194:1234。

qemu-system-x86_64 \
  -mon chardev=monitor0 \
  -chardev socket,id=monitor0,server=on,wait=off,telnet=on,host=192.168.1.194,port=1234,ipv4=on,ipv6=off \
  -netdev user,id=network1,ipv6=off \
  -device e1000,netdev=network1 \
  -cdrom /tmp/alpine-virt-3.13.3-x86_64.iso \
  -display gtk

并通过 netcat 从 Alpine 访问监视器 TCP(是的,纯文本,应该是 TLS!这只是一个例子)。

nc 192.168.1.194 1234
QEMU 5.2.0 monitor - type 'help' for more information
(qemu) info version
5.2.0openSUSE Tumbleweed
(qemu) info status
VM status: running
(qemu) info block
ide1-cd0 (#block192): /tmp/alpine-virt-3.13.3-x86_64.iso (raw, read-only)
    Attached to:      /machine/unattached/device[22]
    Removable device: locked, tray closed
    Cache mode:       writeback

floppy0: [not inserted]
    Attached to:      /machine/unattached/device[16]
    Removable device: not locked, tray closed

sd0: [not inserted]
    Removable device: not locked, tray closed

相关内容