Bug 825600

Summary: spice client could not disconnect after update graphics with connected='disconnect'
Product: Red Hat Enterprise Linux 6 Reporter: yanbing du <ydu>
Component: libvirtAssignee: Peter Krempa <pkrempa>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3CC: acathrow, dallan, dyasny, dyuan, mzhan, zhpeng, zpeng
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-0.9.13-3.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 07:15:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description yanbing du 2012-05-28 03:03:43 UTC 
Description of problem:
set attribute connected='disconnect' of <graphics> element. Then with the same password, after updating device , spice client could not disconnect.


Version-Release number of selected component (if applicable):
libvirt-0.9.10-21.el6
spice-server-0.10.1-6.el6.x86_64
spice-glib-0.11-9.el6.x86_64
spice-gtk-0.11-9.el6.x86_64
spice-client-0.8.2-15.el6.x86_64
spice-gtk-python-0.11-9.el6.x86_64


How reproducible:
100%

Steps to Reproduce:
# virsh dumpxml --security-info spice-test
<graphics type='spice' port='5900' autoport='yes' listen='0.0.0.0' passwd='aaabbb' connected='disconnect'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
2. Start the guest and open the spice client.
# spicec -h 127.0.0.1 -p 5900 -w aaabbb
3. Prepare a graphics xml file for guest update
#cat spice-new.xml
<graphics type='spice' port='5900' autoport='yes' listen='0.0.0.0' passwd='aaabbb' connected='disconnect'/>
4. update the guest with the xml 
# virsh update-device spice-test spcie-new.xml 
Device updated successfully
  
Actual results:
spice client could not disconnect

Expected results:
with the same password , after updating device , spice console gets disconnected

Additional info:
In bug 707212, this problem is covered and verified.
https://bugzilla.redhat.com/show_bug.cgi?id=707212#c13
Comment 2 Andrew Cathrow 2012-05-28 19:33:47 UTC 
Are we sure this is libvirt specific, eg does this work with commandline/qemu -
Comment 4 yanbing du 2012-06-01 02:49:53 UTC 
(In reply to comment #2)
> Are we sure this is libvirt specific, eg does this work with
> commandline/qemu -

In fact, this feature work with qemu, you can reference to bug 707212 - support connected paramater in set_password.
"when issueing a setVmTicket with a spice connection there is an additional parameter available in qemu that determines the behavior with an existing client."
libvirt add this parameter to export it in libvirt side. In fact, it works well when update the graphics with different password, but fail with the same password.
Comment 5 Peter Krempa 2012-06-14 13:21:54 UTC 
Fixed upstream:

commit e0f0131d33e283f1b76c05eb7bef4bbbb3f2fd72
Author: Peter Krempa <pkrempa>
Date:   Thu Jun 14 14:48:42 2012 +0200

    qemu: Enable disconnecting SPICE clients without changing password
    
    Libvirt updates the configuration of SPICE server only when something
    changes. This is unfortunate when the user wants to disconnect a
    existing spice session when the connected attribute is already
    "disconnect".
    
    This patch modifies the conditions for calling the password updater to
    be called when nothing changes, but the connected attribute is already
    "disconnect".
Comment 7 zhe peng 2012-07-24 06:00:57 UTC 
can reproduce with libvirt-0.9.10-21.el6

verify with:
libvirt-0.9.13-3.el6.x86_64
spice-gtk-0.11-11.el6.x86_64
spice-server-0.10.1-10.el6.x86_64

step:
  1:prepare a guest with spice,and set spice password to 'redhat'
  2:virsh dumpxml $guest --security-info
  ......
  <graphics type='spice' port='5900' tlsPort='5907' autoport='yes' listen='0.0.0.0' keymap='en-us' passwd='redhat' passwdValidTo='2022-02-27T19:46:10' connected='disconnect'>
      <listen type='address' address='0.0.0.0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>
  ......
  3:start the guest and connect the console with virt-viewer or spicec:
   remote-viewer spice://127.0.0.1/?port=5900\&tls-port=5907 --spice-host-subject="C=IL,L=Raanana,O=Red Hat,CN=my server" --spice-ca-file='/etc/pki/libvirt-spice/ca-cert.pem' or
   spicec -h 127.0.0.1 -p 5900 -s 5907 -w redhat --host-subject "C=IL,L=Raanana,O=Red Hat,CN=my server" --ca-file '/etc/pki/libvirt-spice/ca-cert.pem'
  4:prepare a xml
  #cat spice-new.xml
  <graphics type='spice' port='5900' tlsPort='5907' autoport='yes' listen='0.0.0.0' keymap='en-us' passwd='redhat' passwdValidTo='2022-02-27T19:46:10' connected='disconnect'>
      <listen type='address' address='0.0.0.0'/>
            <channel name='main' mode='secure'/>
                  <channel name='inputs' mode='secure'/>
                      </graphics>
  5:update the guest with the xml 
   # virsh update-device $guest spcie-new.xml 
   Device updated successfully

  with the same password , after updating device , spice console gets disconnected. verification passed.
Comment 8 errata-xmlrpc 2013-02-21 07:15:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html