Bug 667624

Summary: libvirt: adapt to set password monitor command changes
Product: Red Hat Enterprise Linux 6 Reporter: Gerd Hoffmann <kraxel>
Component: libvirtAssignee: Michal Privoznik <mprivozn>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: low    
Version: 6.1CC: berrange, dallan, dyuan, eblake, gren, jdenemar, mzhan, vbian, xen-maint, yoyzhang
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-0.9.4-rc2-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: QEMU has changed monitor command to change password on VNC/SPICE sessions Consequence: Libvirt would be unable to set any password Fix: Libivrt adapted to this change and use the new command instead Result: Users can continue to set passwords on VNC/SPICE sessions
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 10:53:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gerd Hoffmann 2011-01-06 09:34:15 UTC 
Description of problem:

The set_password monitor command wasn't accepted upstream as-is.
qemu will switch to the upstream version when going
from rhel 6.0 to rhel 6.1, libvirt needs to adapt.

Additional info:

From QMP/qmp-commands.txt:

set_password
------------

Set the password for vnc/spice protocols.

Arguments:

- "protocol": protocol name (json-string)
- "password": password (json-string)
- "connected": [ keep | disconnect | fail ] (josn-string, optional)

Example:

-> { "execute": "set_password", "arguments": { "protocol": "vnc",
                                               "password": "secret" } }
<- { "return": {} }

expire_password
---------------

Set the password expire time for vnc/spice protocols.

Arguments:

- "protocol": protocol name (json-string)
- "time": [ now | never | +secs | secs ] (json-string)

Example:

-> { "execute": "expire_password", "arguments": { "protocol": "vnc",
                                                  "time": "+60" } }
<- { "return": {} }
Comment 3 RHEL Program Management 2011-04-04 01:49:06 UTC 
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 7 Vivian Bian 2011-08-02 08:09:27 UTC 
tested with 
libvirt-0.9.4-0rc1.2.el6.x86_64
vdsm-4.9-86.el6.x86_64

Steps:

==== spice passwd ====

1. start guest on RHEVM
2. virsh dumpxml --security-info guest |grep grap
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='redhat' passwdValidTo='2011-08-02T07:51:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>
3. vim spice-new.xml
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='hatred' passwdValidTo='2011-08-02T08:00:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>
4. virsh update-device guest spice-new.xml
Device updated successfully
5. virsh dumpxml --security-info guest |grep grap
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='hatred' passwdValidTo='2011-08-02T08:00:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>

6. vdsClient -s 0 list table 
b077daf2-e59f-43bd-8c72-bd9827e195c2   8068  vbian-test1          Up       

7.  vdsClient -s 0   setVmTicket b077daf2-e59f-43bd-8c72-bd9827e195c2 aaabbb 120 keep
	code = 0
	message = Done
8. virsh dumpxml --security-info guest |grep grap
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='aaabbb' passwdValidTo='2011-08-02T08:04:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>




==== vnc passwd ====

1. start guest on RHEVM
2. virsh dumpxml --security-info guest |grep grap
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='hatred' passwdValidTo='2011-08-02T08:04:39'>
      <listen type='address' address='0'/>
    </graphics>

3. vim spice-new.xml
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='aaabbb' passwdValidTo='2011-08-02T08:10:39'>
      <listen type='address' address='0'/>
    </graphics>
4. virsh update-device guest spice-new.xml
Device updated successfully
5. virsh dumpxml --security-info guest |grep grap
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='aaabbb' passwdValidTo='2011-08-02T08:10:39'>
      <listen type='address' address='0'/>
    </graphics>

6. vdsClient -s 0 list table 
b077daf2-e59f-43bd-8c72-bd9827e195c2   8068  vbian-test1          Up       

7.  vdsClient -s 0   setVmTicket b077daf2-e59f-43bd-8c72-bd9827e195c2 cccddd 120 keep
	code = 0
	message = Done
8. virsh dumpxml --security-info guest |grep grap
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='cccddd' passwdValidTo='2011-08-02T08:14:39'>
      <listen type='address' address='0'/>
    </graphics>

According to above result, set bug status to VERIFIED
Comment 8 Michal Privoznik 2011-11-11 09:53:35 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: QEMU has changed monitor command to change password on VNC/SPICE sessions

Consequence: Libvirt would be unable to set any password

Fix: Libivrt adapted to this change and use the new command instead

Result: Users can continue to set passwords on VNC/SPICE sessions
Comment 9 errata-xmlrpc 2011-12-06 10:53:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1513.html