Bug 882945
Summary: | RFE: qemu: allow configuring VNC TLS per-VM | ||
---|---|---|---|
Product: | [Community] Virtualization Tools | Reporter: | david.pravec |
Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
Status: | CLOSED DEFERRED | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | unspecified | CC: | berrange, crobinso |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | LibvirtFirstBug | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-17 16:40:08 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
david.pravec
2012-12-03 12:46:27 UTC
Yeah certainly this seems useful, at least if only for testing. The bit in qemu_command.c is: if (cfg->vncTLS) { virBufferAddLit(&opt, ",tls"); if (cfg->vncTLSx509verify) virBufferAsprintf(&opt, ",x509verify=%s", cfg->vncTLSx509certdir); else virBufferAsprintf(&opt, ",x509=%s", cfg->vncTLSx509certdir); } cfg->vncTLS is /etc/libvirt/qemu.conf vnc_tls cfg->vncTLSx509verify is /etc/libvirt/qemu.conf vnc_tls_x509_verify cfg->vncTLSx509certdir is /etc/libvirt/qemu.conf vnc_tls_x509_cert_dir Maybe this could be new XML: <graphics type='vnc'> <tls enable='yes' verify='yes' certdir='/path/to/certdir'/> </graphics> That could also be used to disable tls for a one off VM if qemu.conf vnc_tls=1. Something similar could be done for spice graphics too If anyone wants to take a stab, I suggest discussing on libvir-list to finalize the XML first. See https://bugzilla.redhat.com/show_bug.cgi?id=825939#c3 for an example commit extending the XML format and qemu handling This issue is now tracked at https://gitlab.com/libvirt/libvirt/-/issues/15 |