Re: [libvirt] [vdsm] non-TLS spice connections
On Tue, Feb 21, 2012 at 05:17:50PM +0100, Christophe Fergeau wrote:
Hi,
On Tue, Feb 21, 2012 at 06:09:06PM +0200, Dan Kenigsberg wrote:
> Please note Bug 788092 - VDSM: Disable vdsm's ssl'ability influence
> spice ssl'ability and prevent VM from starting
> https://bugzilla.redhat.com/show_bug.cgi?id=788092#c1
>
> Could it be that you have ssl=false in your vdsm.conf?
I've got ssl=true in my vdsm.conf, and the VM starts properly (qemu is
running after I start it in the web interface) so it's probably a slightly
different issue I'm hitting.
I understand that the issue appears to be a former Vdsm configuring
listen_tls=0 in qemu.conf, but Vdsm being asked to start a VM with
secure spice channels.
From Vdsm's point of view, it would be nice if libvirt/qemu
protected us
from this situation, by not letting such a VM to start. But as I think
of
this further, I'm not sure - if a iron-made computer has a broken
screen, I would still expect it to boot and answer the network. Would it
similarly make sense for a VM to start when its qxl device is
inaccessible to the world?
Anyway, I believe that once Vdsm stops messing with spice's listen_tls
just because Vdsm has ssl=false, the problem at hand would disappear.
Dan.