[pve-devel] qemu-server : spice seamless migration
Alexandre DERUMIER
aderumier at odiso.com
Mon Jul 22 08:31:39 CEST 2013
>>I guess we need to subscript to the spice developer list and try to fix that upstream?
Already done ;) I have send them a mail for ca= value.
I'll try to see if we can fix it by hacking the spicelib. (server side).
I think that the server send new values to the client, so maybe it's possible to send password and ca.
I will try that today.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre Derumier" <aderumier at odiso.com>, pve-devel at pve.proxmox.com
Envoyé: Lundi 22 Juillet 2013 07:55:27
Objet: RE: [pve-devel] qemu-server : spice seamless migration
> - Fixme:
>
> 1)remote-viewer will resend same password to the targetvm, so we need to
> set the last spice password when we start the target vm.
> Is it safe to store on hosts the last spice password used ?
No, I do not want to add such dirty hacks.
Solution: fix remote-viewer
> 2)with tls, ca= option seem to not be keep by the client.
> workaround : cp pve-root-ca.pem to client .spicec/spice_truststore.pem.
>
Solution: fix remote-viewer
> Maybe is is possible to send to the client the ca, and a new password ticket
>
> in spicelib, server/reds.c
>
> /* returns FALSE if info is invalid */
> static int reds_set_migration_dest_info(const char* dest,
> int port, int secure_port,
> const char* cert_subject) {
> RedsMigSpice *spice_migration = NULL;
>
> reds_mig_release();
> if ((port == -1 && secure_port == -1) || !dest) {
> return FALSE;
> }
>
> spice_migration = spice_new0(RedsMigSpice, 1);
> spice_migration->port = port;
> spice_migration->sport = secure_port;
> spice_migration->host = spice_strdup(dest);
> if (cert_subject) {
> spice_migration->cert_subject = spice_strdup(cert_subject);
> }
>
> reds->mig_spice = spice_migration;
>
> return TRUE;
> }
>
I guess we need to subscript to the spice developer list and try to fix that upstream?
More information about the pve-devel
mailing list