RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 875729 - add possibility to autoconfigure and set tls-port only
Summary: add possibility to autoconfigure and set tls-port only
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Peter Krempa
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-11-12 13:39 UTC by David Jaša
Modified: 2013-12-05 23:33 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-12-05 23:33:15 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description David Jaša 2012-11-12 13:39:50 UTC
Description of problem:
add possibility to autoconfigure and set tls-port only.

plaintext port is redundant in configurations with all channels secured so it should be possible to autoconfigure just it. tlsPort="-1" is ignored and autoport="yes" will configure both ports (which may take ports unnecessarily on larger hosts).

Version-Release number of selected component (if applicable):
libvirt-0.10.2-7.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 2 Martin Kletzander 2013-04-15 08:07:44 UTC
This should be possible with autoport='no' and tlsPort='-1' for a while now (sorry, can't find the right upstream commit).  This was dealt with in Bug #913244.  If that solves the issue, I believe this BZ can be CLOSED as DUP of that bug.  Could you please confirm your issue is solved in latest package?

Comment 3 David Jaša 2013-04-15 11:37:26 UTC
No, it does not in libvirt 0.10 / RHEL 6.4:

# rpm -q libvirt
libvirt-0.10.2-18.el6.x86_64

# cat tls-only.xml
<?xml version="1.0"?>
<domain type="kvm" xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0">
  <name>tls-only</name>
  <memory>32768</memory>
  <os>
    <type arch="x86_64" machine="pc">hvm</type>
  </os>
  <devices>
    <graphics type="spice" autoport="no" tlsPort="-1" passwd="123" >
      <listen type="address" address="::" />
    </graphics>
    <video>
      <model type="qxl" vram="32768" heads="1"/>
    </video>
  </devices>
</domain>

# virsh domxml-to-native qemu-argv tls-only.xml
LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin QEMU_AUDIO_DRV=spice /usr/libexec/qemu-kvm -name tls-only -S -M pc -enable-kvm -m 32 -smp 1,sockets=1,cores=1,threads=1 -uuid d2423437-abe7-52e7-c768-741920bd13a3 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/tls-only.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -no-acpi -device piix3-usb-uhci,id=usb -spice port=0,addr=::,x509-dir=/etc/pki/libvirt-spice,seamless-migration=on -vga qxl -global qxl-vga.vram_size=33554432 -device virtio-balloon-pci,id=balloon0

Comment 4 Martin Kletzander 2013-04-16 13:05:02 UTC
Please try version >=libvirt-0.10.2-18.el6_4.1 where this should have been fixed.

Comment 5 David Jaša 2013-04-16 16:11:48 UTC
I tried and the behaviour is the same, port=0 is still given to the CLI.

Comment 6 Martin Kletzander 2013-04-17 06:45:06 UTC
Specifying "port=0" has the same meaning for qemu as not specifying the port at all.  The "tls-port=", however, should be specified and allocated automatically.  Could you post your output of the command:

virsh domxml-to-native qemu-argv tls-only.xml

With the libvirt version from comment #4?  Thanks

Comment 7 David Jaša 2013-04-17 09:20:56 UTC
(In reply to comment #6)
> Specifying "port=0" has the same meaning for qemu as not specifying the port
> at all.

I know that qemu behaves that way but is it documented somewhere? I didn't see it and I've read some concerns that the very presence of port=0 would mean auto-allocation of a port...

> The "tls-port=", however, should be specified and allocated
> automatically.  Could you post your output of the command:
> 
> virsh domxml-to-native qemu-argv tls-only.xml
> 
> With the libvirt version from comment #4?  Thanks

Exactly the same as in #c3:
LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin QEMU_AUDIO_DRV=spice /usr/libexec/qemu-kvm -name tls-only -S -M pc -enable-kvm -m 32 -smp 1,sockets=1,cores=1,threads=1 -uuid 0b855b8d-c8d1-88b9-5414-525cbe771cc2 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/tls-only.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -no-acpi -device piix3-usb-uhci,id=usb -spice port=0,addr=::,disable-ticketing,seamless-migration=on -vga qxl -global qxl-vga.ram_size=67108864 -global qxl-vga.vram_size=33554432 -device virtio-balloon-pci,id=balloon0

Comment 8 Peter Krempa 2013-04-29 09:48:17 UTC
I believe that the patches that were meant to fix https://bugzilla.redhat.com/show_bug.cgi?id=953126 are solving this issue too. I'm reassigning this to me and I'll verify that it's the case.

Comment 9 Peter Krempa 2013-05-06 21:08:49 UTC
The code generating the qemu commandline when a machine is run under libvirt's control was indeed fixed by patches for bug 953126.

commit 246d0068ac34d1937ecffa91e59db3288607f552
Author: Peter Krempa <pkrempa>
Date:   Mon Apr 29 14:12:59 2013 +0200

    qemu: Do fake auto-allocation of ports when generating native command
    
    When attempting to generate the native command line from an XML file
    that uses graphics port auto allocation, the generated commandline
    wouldn't be valid.
    
    This patch adds fake autoallocation of ports as done when starting the
    actual machine.

fixes the output of domxml-to-native virsh command and the underlying API that was used in reproducer examples in this bugreport. The domxml-to-native returns fake port numbers if auto allocation is requested as libvirt can't be responsible for processes run out of it's control.

v1.0.5-36-g246d006

Comment 11 David Jaša 2013-12-05 23:33:15 UTC
This bug is fixed in RHEL 6.5/libvirt-0.10.2-29.el6.x86_64


Note You need to log in before you can comment on or make changes to this bug.