Is TLS required for the usage of Spice with KVM/libvirtd?
I've been through the virt-install manpage a few times now to no avail. What is wrong with my syntax here (seen below)?
Thanks.
~]# virt-install --connect qemu:///system -n blahhost -r2048 --vcpus=4 --arch=x86_64 --video qxl --graphics spice,port=5931 --noautoconsole --os-type linux --accelerate --network=bridge:kickstart_br0 --hvm --disk path=/dev/vmdisks/fedora-test2,bus=virtio --cdrom /tmp/fedora.iso
Starting install... ERROR unsupported configuration: Auto allocation of spice TLS port requested but spice TLS is disabled in qemu.conf Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect qemu:///system start blahhost otherwise, please restart your installation.
Hello Mike,
On Wed, 2015-09-02 at 13:05 -0400, Mike - st257 wrote:
I've been through the virt-install manpage a few times now to no avail. What is wrong with my syntax here (seen below)?
~]# virt-install --connect qemu:///system -n blahhost -r2048 --vcpus=4 --arch=x86_64 --video qxl --graphics spice,port=5931 --noautoconsole --os-type linux --accelerate --network=bridge:kickstart_br0 --hvm --disk path=/dev/vmdisks/fedora-test2,bus=virtio --cdrom /tmp/fedora.iso
See if adding tlsport=0 to the --graphics option fixes your problem?
--graphics spice,port=5931,tlsport=0
Compare http://www.spice-space.org/page/Features/Xspice#--tls-port_0_required
Regards, Leonard.
On Wed, Sep 2, 2015 at 1:59 PM, Leonard den Ottolander < leonard@den.ottolander.nl> wrote:
Hello Mike,
On Wed, 2015-09-02 at 13:05 -0400, Mike - st257 wrote:
I've been through the virt-install manpage a few times now to no avail. What is wrong with my syntax here (seen below)?
~]# virt-install --connect qemu:///system -n blahhost -r2048 --vcpus=4 --arch=x86_64 --video qxl --graphics spice,port=5931 --noautoconsole --os-type linux --accelerate --network=bridge:kickstart_br0 --hvm --disk path=/dev/vmdisks/fedora-test2,bus=virtio --cdrom /tmp/fedora.iso
To also reply to nevis2us: I have the Spice TLS config commented presently so it is not active (afaik). At one point I did try switching the value from 1 to 0 when I did have it uncommented.
See if adding tlsport=0 to the --graphics option fixes your problem?
--graphics spice,port=5931,tlsport=0
I did try that before (though didn't note it in my first message).
ERROR Error in graphics device parameters: TLS port must be a number between 5900 and 65535, or -1 for auto allocation
~]# cat /etc/redhat-release CentOS release 6.7 (Final) ~]# yum info libvirt | egrep 'Name|Version|Release' Name : libvirt Version : 0.10.2 Release : 54.el6
Compare http://www.spice-space.org/page/Features/Xspice#--tls-port_0_required
Any other thoughts? :-/ I can't be the only person that wants to use Spice with out TLS for some testing/labbing. ;-)
Thanks!
On 09/03/2015 06:53 AM, Mike - st257 wrote:
On Wed, Sep 2, 2015 at 1:59 PM, Leonard den Ottolander < leonard@den.ottolander.nl> wrote:
Hello Mike,
On Wed, 2015-09-02 at 13:05 -0400, Mike - st257 wrote:
I've been through the virt-install manpage a few times now to no avail. What is wrong with my syntax here (seen below)?
~]# virt-install --connect qemu:///system -n blahhost -r2048 --vcpus=4 --arch=x86_64 --video qxl --graphics spice,port=5931 --noautoconsole --os-type linux --accelerate --network=bridge:kickstart_br0 --hvm --disk path=/dev/vmdisks/fedora-test2,bus=virtio --cdrom /tmp/fedora.iso
To also reply to nevis2us: I have the Spice TLS config commented presently so it is not active (afaik). At one point I did try switching the value from 1 to 0 when I did have it uncommented.
See if adding tlsport=0 to the --graphics option fixes your problem?
--graphics spice,port=5931,tlsport=0
I did try that before (though didn't note it in my first message).
ERROR Error in graphics device parameters: TLS port must be a number between 5900 and 65535, or -1 for auto allocation
~]# cat /etc/redhat-release CentOS release 6.7 (Final) ~]# yum info libvirt | egrep 'Name|Version|Release' Name : libvirt Version : 0.10.2 Release : 54.el6
Compare http://www.spice-space.org/page/Features/Xspice#--tls-port_0_required
Any other thoughts? :-/ I can't be the only person that wants to use Spice with out TLS for some testing/labbing. ;-)
Thanks!
I am also seeing this issue. I've managed it by checking auto for spice. This has the unfortunate issue that it is possible for a port to a particular VM to change from reboot to reboot. But it does allow the VM to start without problems.
We don't use, or need, TLS because these VMs are accessed only form the local network.
We are using CentOS seven for all VM hosts, and 90% of the guests are now on CentOS 7 as well.
Emmett
On Thu, 2015-09-03 at 09:53 -0400, Mike - st257 wrote:
Any other thoughts? :-/ I can't be the only person that wants to use Spice with out TLS for some testing/labbing. ;-)
Personally I only have experience with virt-manager or virt-install with --nographics over a serial tty.
Quite a bit can be found when googling for "Auto allocation of spice TLS port requested but spice TLS is disabled in qemu.conf" (with quotes). It appears the issue is known and addressed for RHEL 7, but RHEL 6 seems to be ignored, a bit like the MySQL vs SSL breakage was fixed for RHEL 6 but not RHEL 5 (https://bugzilla.redhat.com/show_bug.cgi?id=1231960 is still open even though the issues for RHEL 5 and 6 are identical).
Sadly the communication between the development teams of the different versions of RHEL seems sub optimal :S . I suggest you open a bug report for RHEL 6 specifically.
Regards, Leonard.
On Thu, Sep 3, 2015 at 11:56 AM, Leonard den Ottolander < leonard@den.ottolander.nl> wrote:
On Thu, 2015-09-03 at 09:53 -0400, Mike - st257 wrote:
Any other thoughts? :-/ I can't be the only person that wants to use Spice with out TLS for some testing/labbing. ;-)
Personally I only have experience with virt-manager or virt-install with --nographics over a serial tty.
Quite a bit can be found when googling for "Auto allocation of spice TLS port requested but spice TLS is disabled in qemu.conf" (with quotes). It appears the issue is known and addressed for RHEL 7, but RHEL 6 seems to be ignored, a bit like the MySQL vs SSL breakage was fixed for RHEL 6 but not RHEL 5 (https://bugzilla.redhat.com/show_bug.cgi?id=1231960 is still open even though the issues for RHEL 5 and 6 are identical).
Sadly the communication between the development teams of the different versions of RHEL seems sub optimal :S . I suggest you open a bug report for RHEL 6 specifically.
Thanks Leonard! I'll gather some references for a bug report so I present other people's reports too.
-
Emmett Culley -
Leonard den Ottolander -
Mike - st257 -
Александр Кириллов