Bug 688586 - Errors in man page: [un]supported tls-channels for Spice
Errors in man page: [un]supported tls-channels for Spice
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm (Show other bugs)
6.1
Unspecified Linux
medium Severity high
: rc
: ---
Assigned To: Alon Levy
Virtualization Bugs
: ManPageChange
Depends On:
Blocks: 767897
  Show dependency treegraph
 
Reported: 2011-03-17 08:29 EDT by Michal Haško
Modified: 2015-03-01 22:59 EST (History)
11 users (show)

See Also:
Fixed In Version: qemu-kvm-0.12.1.2-2.238.el6
Doc Type: Bug Fix
Doc Text:
No Documentation Needed
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 07:32:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Haško 2011-03-17 08:29:06 EDT
Description of problem:
The qemu-kvm man page shows, that supported tls-channels are:
    tls-channel=[main|display|inputs|record|playback|tunnel]
But if the tls-channel=tunnel is supplied, it fails with:
    spice: failed to set channel security for tunnel
Moreover, if tls-channel=cursor (legacy?) is supplied, it doesn't fail, although it is not specified in the man page.

Version-Release number of selected component (if applicable):
$ rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.150.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
$ /usr/libexec/qemu-kvm -spice tls-port=3001,tls-channel=cursor,tls-channel=tunnel
(this is not the actual nor correct usage of the options, but the minimal set to reproduce the issue)

Actual results:
spice: failed to set channel security for tunnel

Expected results:
The man page should not list tunnel channel and should list cursor channel instead?
Comment 1 Michal Haško 2011-03-22 08:54:07 EDT
More man page errors:

in man page:
"-soundhw hda" -> that is not the correct way of adding the intel hda sound card

this works:
"-device intel-hda,id=sound0,bus=pci.0,addr=0x5 -device hda-duplex"
Comment 2 Alon Levy 2011-03-24 09:46:06 EDT
regarding comment #1 - cursor is not legacy, tunnel is compiled out in our spec, and we also support a smartcard channel now which is also not mentioned.

I'm not sure how to proceed, because it seems the correct fix is to have a qemu.1.template and build the full one based on compile time options (maybe can be done with qemu.1.in, I'm not familiar enough with autotools to know, but I guess it can). So I'll take this upstream.

Alon
Comment 6 Andrew Cathrow 2011-09-19 14:56:15 EDT
Moving to 6.3
Comment 9 Alon Levy 2012-02-26 05:28:34 EST
upstream commit d70d6b31091ab522ce793a52559e3dd9f9913b32 .
Comment 12 daiwei 2012-03-22 08:54:34 EDT
Reproduced this issue with steps and environment as follows: 

# uname -r ; rpm -q qemu-kvm
2.6.32-220.el6.x86_64
qemu-kvm-0.12.1.2-2.209.el6.x86_64

1. Boot guest

/usr/libexec/qemu-kvm -cpu cpu64-rhel6,+x2apic,family=0xf -rtc base=localtime,clock=host,driftfix=slew -M rhel6.2.0 -enable-kvm -name win7_x64 -smp 2 -m 2G -uuid bd85c229-6384-446d-bedd-c111008ecfce -boot menu=on -drive file=/nfs/win7sp1.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=native,media=disk,werror=stop,rerror=stop -device virtio-blk-pci,drive=drive-virtio-disk0,id=virtio-blk-pci0,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net0,mac=44:37:E6:5E:A3:F7 -spice port=9000,disable-ticketing,tls-channel=cursor,tls-port=3001,tls-channel=tunnel -balloon none -monitor stdio -usb -device usb-tablet,id=input1

spice: failed to set channel security for tunnel

2. On host ,check man manual

# man qemu-kvm      -----we can find
tls-port=<nr>
               Set the TCP port spice is listening on for encrypted channels.
tls-channel=[main|display|inputs|record|playback|tunnel]

Verified this issue with steps and environment as follows: 

# uname -r;rpm -q qemu-kvm
2.6.32-251.el6.x86_64
qemu-kvm-0.12.1.2-2.255.el6.x86_64

1. boot guest
 /usr/libexec/qemu-kvm -cpu cpu64-rhel6,+x2apic,family=0xf -rtc base=localtime,clock=host,driftfix=slew -M rhel6.2.0 -enable-kvm -name win7_x64 -smp 2 -m 2G -uuid bd85c229-6384-446d-bedd-c111008ecfce -boot menu=on -drive file=/nfs/win7sp1.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=native,media=disk,werror=stop,rerror=stop -device virtio-blk-pci,drive=drive-virtio-disk0,id=virtio-blk-pci0,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net0,mac=44:37:E6:5E:A3:F7 -spice port=9000,disable-ticketing,tls-channel=cursor,tls-port=3001,tls-channel=main,tls-channel=display,tls-channel=inputs,tls-channel=record,tls-channel=playback -balloon none -monitor stdio -usb -device usb-tablet,id=input1


(qemu) info spice
Server:
     address: 0.0.0.0:9000
     address: 0.0.0.0:3001 [tls]
        auth: none
Channels: none



2. On host ,check man manual

# man qemu-kvm      -----we can find
tls-channel=[main|display|cursor|inputs|record|playback]

So,this bug had been fixed.
Comment 14 Michal Novotny 2012-05-03 13:05:29 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No Documentation Needed
Comment 15 errata-xmlrpc 2012-06-20 07:32:55 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0746.html

Note You need to log in before you can comment on or make changes to this bug.