Bug 801443 – Libvirt shouldn't fail on tlsPort setting if none set

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 801443 - Libvirt shouldn't fail on tlsPort setting if none set

Summary:	Libvirt shouldn't fail on tlsPort setting if none set

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libvirt (Show other bugs)
Sub Component:
Version:	6.3
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	beta
Target Release:	6.3
Assigned To:	Michal Privoznik
QA Contact:	Virtualization Bugs
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:	790436
Blocks:
	Show dependency tree / graph

Reported:	2012-03-08 09:45 EST by Michal Privoznik
Modified:	2012-06-20 02:49 EDT (History)
CC List:	15 users (show)

See Also:
Fixed In Version:	libvirt-0.9.10-6.el6
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:	790436
Environment:
Last Closed:	2012-06-20 02:49:50 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0748	normal	SHIPPED_LIVE	Low: libvirt security, bug fix, and enhancement update	2012-06-19 15:31:38 EDT

Groups: None (edit)

Description Michal Privoznik 2012-03-08 09:45:34 EST

+++ This bug was initially created as a clone of Bug #790436 +++

--- Additional comment from djasa@redhat.com on 2012-03-08 06:35:41 EST ---

Back to ASSIGNED, current check stops qemu even in case when 

$ grep -A2 'graphics type' rhel6.xml 
    <graphics type='spice' port='3005' autoport='no' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
$ LANG= virsh domxml-to-native --format qemu-argv --xml rhel6.xml 
error: unsupported configuration: spice TLS port set in XML configuration, but TLS is disabled in qemu.conf

The behaviour is the same under root and libvirtd.log doesn't provide any insight even with debug = 1.

--- Additional comment from djasa@redhat.com on 2012-03-08 06:37:41 EST ---

Version information:
$ rpm -qa | grep 'libvirt*\|qemu-kvm*'
qemu-kvm-0.12.1.2-2.236.el6.x86_64
libvirt-0.9.10-3.el6.x86_64
qemu-kvm-debuginfo-0.12.1.2-2.236.el6.x86_64
qemu-kvm-tools-0.12.1.2-2.236.el6.x86_64
libvirt-python-0.9.10-3.el6.x86_64
libvirt-client-0.9.10-3.el6.x86_64

--- Additional comment from whuang@redhat.com on 2012-03-08 07:06:52 EST ---

If set autoport='no' and not set tlsPort in domain xml ,in this case the tlsPort is  automatic allocated , so it reports TLS error message.

--- Additional comment from djasa@redhat.com on 2012-03-08 07:21:19 EST ---

(In reply to comment #19)
> If set autoport='no' and not set tlsPort in domain xml ,in this case the
> tlsPort is  automatic allocated , so it reports TLS error message.

Hi Wenlong,

Is this behaviour documented somewhere? I can not find it in libvirt documentation and when writing the configuration with no mention of tlsPort, I would expect libvirt not to care about it.

--- Additional comment from whuang@redhat.com on 2012-03-08 07:30:56 EST ---

(In reply to comment #20)
> (In reply to comment #19)
> > If set autoport='no' and not set tlsPort in domain xml ,in this case the
> > tlsPort is  automatic allocated , so it reports TLS error message.
> 
> Hi Wenlong,
> 
> Is this behaviour documented somewhere? I can not find it in libvirt
> documentation and when writing the configuration with no mention of tlsPort, I
> would expect libvirt not to care about it.

Hi,David

Sorry ，I can not find document about this,you'd better needinfo developer of libvirt .

Wenlong

--- Additional comment from mprivozn@redhat.com on 2012-03-08 08:31:05 EST ---

I think this is clearly a bug;

From our parsing code:

src/conf/domain_conf.c:5992:        tlsPort = virXMLPropString(node, "tlsPort");
src/conf/domain_conf.c:5993:        if (tlsPort) {
src/conf/domain_conf.c:5994:            if (virStrToLong_i(tlsPort, NULL, 10, &def->data.spice.tlsPort) < 0) {
src/conf/domain_conf.c-5995-                virDomainReportError(VIR_ERR_INTERNAL_ERROR,
src/conf/domain_conf.c:5996:                                     _("cannot parse spice tlsPort %s"), tlsPort);
src/conf/domain_conf.c:5997:                VIR_FREE(tlsPort);
src/conf/domain_conf.c-5998-                goto error;
src/conf/domain_conf.c-5999-            }
src/conf/domain_conf.c:6000:            VIR_FREE(tlsPort);
src/conf/domain_conf.c-6001-        } else {
src/conf/domain_conf.c:6002:            def->data.spice.tlsPort = 0;
src/conf/domain_conf.c-6003-        }

However, if we build qemu command line we test tlsPort against -1:

src/qemu/qemu_command.c:5377:        if (def->graphics[0]->data.spice.tlsPort != -1) {
src/qemu/qemu_command.c-5378-            if (!driver->spiceTLS) {
src/qemu/qemu_command.c-5379-                qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED,
src/qemu/qemu_command.c-5380-                                _("spice TLS port set in XML configuration,"
src/qemu/qemu_command.c-5381-                                  " but TLS is disabled in qemu.conf"));
src/qemu/qemu_command.c-5382-                goto error;
src/qemu/qemu_command.c-5383-            }
src/qemu/qemu_command.c-5384-            virBufferAsprintf(&opt, ",tls-port=%u",
src/qemu/qemu_command.c:5385:                              def->graphics[0]->data.spice.tlsPort);
src/qemu/qemu_command.c-5386-        }


I've proposed patch upstream:

https://www.redhat.com/archives/libvir-list/2012-March/msg00332.html

--- Additional comment from mprivozn@redhat.com on 2012-03-08 08:36:53 EST ---

Sorry for bad formatting. Maybe this time I've leaned Bugzilla gods onto my side:

From our parsing code:

tlsPort = virXMLPropString(node, "tlsPort");
if (tlsPort) {
    if (virStrToLong_i(tlsPort, NULL, 10, &def->data.spice.tlsPort) < 0) {
        virDomainReportError(VIR_ERR_INTERNAL_ERROR,
                             _("cannot parse spice tlsPort %s"), tlsPort);
        VIR_FREE(tlsPort);
        goto error;
    }
    VIR_FREE(tlsPort);
} else {
    def->data.spice.tlsPort = 0;
}

However, if we build qemu command line we test tlsPort against -1:

if (def->graphics[0]->data.spice.tlsPort != -1) {
    if (!driver->spiceTLS) {
        qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                        _("spice TLS port set in XML configuration,"
                          " but TLS is disabled in qemu.conf"));
        goto error;
    }
    virBufferAsprintf(&opt, ",tls-port=%u",
                      def->graphics[0]->data.spice.tlsPort);
}

Comment 1 Michal Privoznik 2012-03-09 03:38:43 EST

Moving to POST:

http://post-office.corp.redhat.com/archives/rhvirt-patches/2012-March/msg01059.html

Comment 5 Michal Privoznik 2012-03-14 04:28:11 EDT

Yeah, we need to backport another patch:

http://post-office.corp.redhat.com/archives/rhvirt-patches/2012-March/msg01265.html

Comment 6 zhe peng 2012-03-19 02:01:14 EDT

Verify on:
libvirt-0.9.10-6.el6.x86_64
qemu-kvm-0.12.1.2-2.241.el6.x86_64
kernel-2.6.32-244.el6.x86_64

try guest with xml:
<graphics type='spice' port='5900' autoport='no' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
and 
 <graphics type='spice' autoport='yes' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>

the guests all can be started without error,use virt-viewer can connect the guest ,
verification passed.

Comment 8 errata-xmlrpc 2012-06-20 02:49:50 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0748.html

Note You need to log in before you can comment on or make changes to this bug.