Bug 667624 - libvirt: adapt to set password monitor command changes
Summary: libvirt: adapt to set password monitor command changes
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.1
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: rc
: ---
Assignee: Michal Privoznik
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-01-06 09:34 UTC by Gerd Hoffmann
Modified: 2011-12-06 10:53 UTC (History)
10 users (show)

Fixed In Version: libvirt-0.9.4-rc2-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: QEMU has changed monitor command to change password on VNC/SPICE sessions Consequence: Libvirt would be unable to set any password Fix: Libivrt adapted to this change and use the new command instead Result: Users can continue to set passwords on VNC/SPICE sessions
Clone Of:
Environment:
Last Closed: 2011-12-06 10:53:18 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1513 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2011-12-06 01:23:30 UTC

Description Gerd Hoffmann 2011-01-06 09:34:15 UTC
Description of problem:

The set_password monitor command wasn't accepted upstream as-is.
qemu will switch to the upstream version when going
from rhel 6.0 to rhel 6.1, libvirt needs to adapt.

Additional info:

From QMP/qmp-commands.txt:

set_password
------------

Set the password for vnc/spice protocols.

Arguments:

- "protocol": protocol name (json-string)
- "password": password (json-string)
- "connected": [ keep | disconnect | fail ] (josn-string, optional)

Example:

-> { "execute": "set_password", "arguments": { "protocol": "vnc",
                                               "password": "secret" } }
<- { "return": {} }

expire_password
---------------

Set the password expire time for vnc/spice protocols.

Arguments:

- "protocol": protocol name (json-string)
- "time": [ now | never | +secs | secs ] (json-string)

Example:

-> { "execute": "expire_password", "arguments": { "protocol": "vnc",
                                                  "time": "+60" } }
<- { "return": {} }

Comment 3 RHEL Program Management 2011-04-04 01:49:06 UTC
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 7 Vivian Bian 2011-08-02 08:09:27 UTC
tested with 
libvirt-0.9.4-0rc1.2.el6.x86_64
vdsm-4.9-86.el6.x86_64

Steps:

==== spice passwd ====

1. start guest on RHEVM
2. virsh dumpxml --security-info guest |grep grap
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='redhat' passwdValidTo='2011-08-02T07:51:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>
3. vim spice-new.xml
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='hatred' passwdValidTo='2011-08-02T08:00:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>
4. virsh update-device guest spice-new.xml
Device updated successfully
5. virsh dumpxml --security-info guest |grep grap
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='hatred' passwdValidTo='2011-08-02T08:00:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>

6. vdsClient -s 0 list table 
b077daf2-e59f-43bd-8c72-bd9827e195c2   8068  vbian-test1          Up       

7.  vdsClient -s 0   setVmTicket b077daf2-e59f-43bd-8c72-bd9827e195c2 aaabbb 120 keep
	code = 0
	message = Done
8. virsh dumpxml --security-info guest |grep grap
    <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' listen='0' keymap='en-us' passwd='aaabbb' passwdValidTo='2011-08-02T08:04:35'>
      <listen type='address' address='0'/>
      <channel name='main' mode='secure'/>
      <channel name='inputs' mode='secure'/>
    </graphics>




==== vnc passwd ====

1. start guest on RHEVM
2. virsh dumpxml --security-info guest |grep grap
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='hatred' passwdValidTo='2011-08-02T08:04:39'>
      <listen type='address' address='0'/>
    </graphics>

3. vim spice-new.xml
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='aaabbb' passwdValidTo='2011-08-02T08:10:39'>
      <listen type='address' address='0'/>
    </graphics>
4. virsh update-device guest spice-new.xml
Device updated successfully
5. virsh dumpxml --security-info guest |grep grap
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='aaabbb' passwdValidTo='2011-08-02T08:10:39'>
      <listen type='address' address='0'/>
    </graphics>

6. vdsClient -s 0 list table 
b077daf2-e59f-43bd-8c72-bd9827e195c2   8068  vbian-test1          Up       

7.  vdsClient -s 0   setVmTicket b077daf2-e59f-43bd-8c72-bd9827e195c2 cccddd 120 keep
	code = 0
	message = Done
8. virsh dumpxml --security-info guest |grep grap
    <graphics type='vnc' port='5900' autoport='yes' listen='0' keymap='en-us' passwd='cccddd' passwdValidTo='2011-08-02T08:14:39'>
      <listen type='address' address='0'/>
    </graphics>

According to above result, set bug status to VERIFIED

Comment 8 Michal Privoznik 2011-11-11 09:53:35 UTC
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: QEMU has changed monitor command to change password on VNC/SPICE sessions

Consequence: Libvirt would be unable to set any password

Fix: Libivrt adapted to this change and use the new command instead

Result: Users can continue to set passwords on VNC/SPICE sessions

Comment 9 errata-xmlrpc 2011-12-06 10:53:18 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1513.html


Note You need to log in before you can comment on or make changes to this bug.