RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 667624 - libvirt: adapt to set password monitor command changes
Summary: libvirt: adapt to set password monitor command changes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.1
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: rc
: ---
Assignee: Michal Privoznik
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-06 09:34 UTC by Gerd Hoffmann
Modified: 2011-12-06 10:53 UTC (History)
10 users (show)

Fixed In Version: libvirt-0.9.4-rc2-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: QEMU has changed monitor command to change password on VNC/SPICE sessions Consequence: Libvirt would be unable to set any password Fix: Libivrt adapted to this change and use the new command instead Result: Users can continue to set passwords on VNC/SPICE sessions
Clone Of:
Environment:
Last Closed: 2011-12-06 10:53:18 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1513 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2011-12-06 01:23:30 UTC

Description Gerd Hoffmann 2011-01-06 09:34:15 UTC 
Description of problem:

The set_password monitor command wasn't accepted upstream as-is.
qemu will switch to the upstream version when going
from rhel 6.0 to rhel 6.1, libvirt needs to adapt.

Additional info:

From QMP/qmp-commands.txt:

set_password
------------

Set the password for vnc/spice protocols.

Arguments:

- "protocol": protocol name (json-string)
- "password": password (json-string)
- "connected": [ keep | disconnect | fail ] (josn-string, optional)

Example:

-> { "execute": "set_password", "arguments": { "protocol": "vnc",
                                               "password": "secret" } }
<- { "return": {} }

expire_password
---------------

Set the password expire time for vnc/spice protocols.

Arguments:

- "protocol": protocol name (json-string)
- "time": [ now | never | +secs | secs ] (json-string)

Example:

-> { "execute": "expire_password", "arguments": { "protocol": "vnc",
                                                  "time": "+60" } }
<- { "return": {} }
Comment 3 RHEL Program Management 2011-04-04 01:49:06 UTC 
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 7 Vivian Bian 2011-08-02 08:09:27 UTC 
tested with 
libvirt-0.9.4-0rc1.2.el6.x86_64
vdsm-4.9-86.el6.x86_64

Steps:

==== spice passwd ====

1. start guest on RHEVM
2. virsh dumpxml --security-info guest |grep grap
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='redhat' passwdValidTo='2011-08-02T07:51:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>
3. vim spice-new.xml
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='hatred' passwdValidTo='2011-08-02T08:00:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>
4. virsh update-device guest spice-new.xml
Device updated successfully
5. virsh dumpxml --security-info guest |grep grap
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='hatred' passwdValidTo='2011-08-02T08:00:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>

6. vdsClient -s 0 list table 
b077daf2-e59f-43bd-8c72-bd9827e195c2   8068  vbian-test1          Up       

7.  vdsClient -s 0   setVmTicket b077daf2-e59f-43bd-8c72-bd9827e195c2 aaabbb 120 keep
	code = 0
	message = Done
8. virsh dumpxml --security-info guest |grep grap
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='aaabbb' passwdValidTo='2011-08-02T08:04:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>




==== vnc passwd ====

1. start guest on RHEVM
2. virsh dumpxml --security-info guest |grep grap
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='hatred' passwdValidTo='2011-08-02T08:04:39'>
      <listen type='address' address='0'/>
    </graphics>

3. vim spice-new.xml
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='aaabbb' passwdValidTo='2011-08-02T08:10:39'>
      <listen type='address' address='0'/>
    </graphics>
4. virsh update-device guest spice-new.xml
Device updated successfully
5. virsh dumpxml --security-info guest |grep grap
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='aaabbb' passwdValidTo='2011-08-02T08:10:39'>
      <listen type='address' address='0'/>
    </graphics>

6. vdsClient -s 0 list table 
b077daf2-e59f-43bd-8c72-bd9827e195c2   8068  vbian-test1          Up       

7.  vdsClient -s 0   setVmTicket b077daf2-e59f-43bd-8c72-bd9827e195c2 cccddd 120 keep
	code = 0
	message = Done
8. virsh dumpxml --security-info guest |grep grap
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='cccddd' passwdValidTo='2011-08-02T08:14:39'>
      <listen type='address' address='0'/>
    </graphics>

According to above result, set bug status to VERIFIED
Comment 8 Michal Privoznik 2011-11-11 09:53:35 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: QEMU has changed monitor command to change password on VNC/SPICE sessions

Consequence: Libvirt would be unable to set any password

Fix: Libivrt adapted to this change and use the new command instead

Result: Users can continue to set passwords on VNC/SPICE sessions
Comment 9 errata-xmlrpc 2011-12-06 10:53:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1513.html
Note You need to log in before you can comment on or make changes to this bug.