[libvirt] [vdsm] non-TLS spice connections

Dan Kenigsberg danken at redhat.com
Wed Feb 22 15:41:57 UTC 2012


On Tue, Feb 21, 2012 at 05:17:50PM +0100, Christophe Fergeau wrote:
> Hi,
> 
> On Tue, Feb 21, 2012 at 06:09:06PM +0200, Dan Kenigsberg wrote:
> > Please note Bug 788092 - VDSM: Disable vdsm's ssl'ability influence
> > spice ssl'ability and prevent VM from starting
> > https://bugzilla.redhat.com/show_bug.cgi?id=788092#c1
> > 
> > Could it be that you have ssl=false in your vdsm.conf?
> 
> I've got ssl=true in my vdsm.conf, and the VM starts properly (qemu is
> running after I start it in the web interface) so it's probably a slightly
> different issue I'm hitting.

I understand that the issue appears to be a former Vdsm configuring
listen_tls=0 in qemu.conf, but Vdsm being asked to start a VM with
secure spice channels.

>From Vdsm's point of view, it would be nice if libvirt/qemu protected us
from this situation, by not letting such a VM to start. But as I think of
this further, I'm not sure - if a iron-made computer has a broken
screen, I would still expect it to boot and answer the network. Would it
similarly make sense for a VM to start when its qxl device is
inaccessible to the world?

Anyway, I believe that once Vdsm stops messing with spice's listen_tls
just because Vdsm has ssl=false, the problem at hand would disappear.

Dan.




More information about the libvir-list mailing list