Bug 688586 - Errors in man page: [un]supported tls-channels for Spice
Summary: Errors in man page: [un]supported tls-channels for Spice
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm
Version: 6.1
Hardware: Unspecified
OS: Linux
medium
high
Target Milestone: rc
: ---
Assignee: Alon Levy
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 767897
TreeView+ depends on / blocked
 
Reported: 2011-03-17 12:29 UTC by Michal Haško
Modified: 2015-03-02 03:59 UTC (History)
11 users (show)

Fixed In Version: qemu-kvm-0.12.1.2-2.238.el6
Doc Type: Bug Fix
Doc Text:
No Documentation Needed
Clone Of:
Environment:
Last Closed: 2012-06-20 11:32:55 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0746 0 normal SHIPPED_LIVE qemu-kvm bug fix and enhancement update 2012-06-19 19:31:48 UTC

Description Michal Haško 2011-03-17 12:29:06 UTC 
Description of problem:
The qemu-kvm man page shows, that supported tls-channels are:
    tls-channel=[main|display|inputs|record|playback|tunnel]
But if the tls-channel=tunnel is supplied, it fails with:
    spice: failed to set channel security for tunnel
Moreover, if tls-channel=cursor (legacy?) is supplied, it doesn't fail, although it is not specified in the man page.

Version-Release number of selected component (if applicable):
$ rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.150.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
$ /usr/libexec/qemu-kvm -spice tls-port=3001,tls-channel=cursor,tls-channel=tunnel
(this is not the actual nor correct usage of the options, but the minimal set to reproduce the issue)

Actual results:
spice: failed to set channel security for tunnel

Expected results:
The man page should not list tunnel channel and should list cursor channel instead?
Comment 1 Michal Haško 2011-03-22 12:54:07 UTC 
More man page errors:

in man page:
"-soundhw hda" -> that is not the correct way of adding the intel hda sound card

this works:
"-device intel-hda,id=sound0,bus=pci.0,addr=0x5 -device hda-duplex"
Comment 2 Alon Levy 2011-03-24 13:46:06 UTC 
regarding comment #1 - cursor is not legacy, tunnel is compiled out in our spec, and we also support a smartcard channel now which is also not mentioned.

I'm not sure how to proceed, because it seems the correct fix is to have a qemu.1.template and build the full one based on compile time options (maybe can be done with qemu.1.in, I'm not familiar enough with autotools to know, but I guess it can). So I'll take this upstream.

Alon
Comment 6 Andrew Cathrow 2011-09-19 18:56:15 UTC 
Moving to 6.3
Comment 9 Alon Levy 2012-02-26 10:28:34 UTC 
upstream commit d70d6b31091ab522ce793a52559e3dd9f9913b32 .
Comment 12 daiwei 2012-03-22 12:54:34 UTC 
Reproduced this issue with steps and environment as follows: 

# uname -r ; rpm -q qemu-kvm
2.6.32-220.el6.x86_64
qemu-kvm-0.12.1.2-2.209.el6.x86_64

1. Boot guest

/usr/libexec/qemu-kvm -cpu cpu64-rhel6,+x2apic,family=0xf -rtc base=localtime,clock=host,driftfix=slew -M rhel6.2.0 -enable-kvm -name win7_x64 -smp 2 -m 2G -uuid bd85c229-6384-446d-bedd-c111008ecfce -boot menu=on -drive file=/nfs/win7sp1.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=native,media=disk,werror=stop,rerror=stop -device virtio-blk-pci,drive=drive-virtio-disk0,id=virtio-blk-pci0,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net0,mac=44:37:E6:5E:A3:F7 -spice port=9000,disable-ticketing,tls-channel=cursor,tls-port=3001,tls-channel=tunnel -balloon none -monitor stdio -usb -device usb-tablet,id=input1

spice: failed to set channel security for tunnel

2. On host ,check man manual

# man qemu-kvm      -----we can find
tls-port=<nr>
               Set the TCP port spice is listening on for encrypted channels.
tls-channel=[main|display|inputs|record|playback|tunnel]

Verified this issue with steps and environment as follows: 

# uname -r;rpm -q qemu-kvm
2.6.32-251.el6.x86_64
qemu-kvm-0.12.1.2-2.255.el6.x86_64

1. boot guest
 /usr/libexec/qemu-kvm -cpu cpu64-rhel6,+x2apic,family=0xf -rtc base=localtime,clock=host,driftfix=slew -M rhel6.2.0 -enable-kvm -name win7_x64 -smp 2 -m 2G -uuid bd85c229-6384-446d-bedd-c111008ecfce -boot menu=on -drive file=/nfs/win7sp1.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=native,media=disk,werror=stop,rerror=stop -device virtio-blk-pci,drive=drive-virtio-disk0,id=virtio-blk-pci0,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net0,mac=44:37:E6:5E:A3:F7 -spice port=9000,disable-ticketing,tls-channel=cursor,tls-port=3001,tls-channel=main,tls-channel=display,tls-channel=inputs,tls-channel=record,tls-channel=playback -balloon none -monitor stdio -usb -device usb-tablet,id=input1


(qemu) info spice
Server:
     address: 0.0.0.0:9000
     address: 0.0.0.0:3001 [tls]
        auth: none
Channels: none



2. On host ,check man manual

# man qemu-kvm      -----we can find
tls-channel=[main|display|cursor|inputs|record|playback]

So,this bug had been fixed.
Comment 14 Michal Novotny 2012-05-03 17:05:29 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No Documentation Needed
Comment 15 errata-xmlrpc 2012-06-20 11:32:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0746.html
Note You need to log in before you can comment on or make changes to this bug.