qemu: Improve handling of channels when generating SPICE command line

Improve error reporting and generating of SPICE command line arguments according to the need to enable TLS. If TLS is disabled, there's no need to pass the certificate dir to qemu. This patch resolves: https://bugzilla.redhat.com/show_bug.cgi?id=953126

qemu: Improve handling of channels when generating SPICE command line
Improve error reporting and generating of SPICE command line arguments according to the need to enable TLS. If TLS is disabled, there's no need to pass the certificate dir to qemu. This patch resolves: https://bugzilla.redhat.com/show_bug.cgi?id=953126
20cb7f3a · Peter Krempa · 7b4a6304 · 20cb7f3a · 20cb7f3a · 20cb7f3a
3 changed file
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -5718,9 +5718,8 @@ qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg,
        !cfg->spicePassword)
        virBufferAddLit(&opt, ",disable-ticketing");

-    if (cfg->spiceTLS)
-        virBufferAsprintf(&opt, ",x509-dir=%s",
-                          cfg->spiceTLSx509certdir);
+    if (tlsPort > 0)
+        virBufferAsprintf(&opt, ",x509-dir=%s", cfg->spiceTLSx509certdir);

    switch (defaultMode) {
    case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE:
@@ -5735,24 +5734,56 @@ qemuBuildGraphicsSPICECommandLine(virQEMUDriverConfigPtr cfg,
    }

    for (i = 0 ; i < VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_LAST ; i++) {
-        int mode = graphics->data.spice.channels[i];
-        switch (mode) {
+        switch (graphics->data.spice.channels[i]) {
        case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE:
-            if (!cfg->spiceTLS) {
+            if (tlsPort <= 0) {
                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                               _("spice secure channels set in XML configuration, "
-                                 "but TLS is disabled in qemu.conf"));
+                                 "but TLS port is not provided"));
                goto error;
            }
            virBufferAsprintf(&opt, ",tls-channel=%s",
                              virDomainGraphicsSpiceChannelNameTypeToString(i));
            break;
+
        case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_INSECURE:
+            if (port <= 0) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("spice insecure channels set in XML "
+                                 "configuration, but plain port is not provided"));
+                goto error;
+            }
            virBufferAsprintf(&opt, ",plaintext-channel=%s",
                              virDomainGraphicsSpiceChannelNameTypeToString(i));
            break;
+
+        case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY:
+            switch (defaultMode) {
+            case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE:
+                if (tlsPort <= 0) {
+                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                   _("spice defaultMode secure requested in XML "
+                                     "configuration but TLS port not provided"));
+                    goto error;
+                }
+                break;
+
+            case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_INSECURE:
+                if (port <= 0) {
+                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                   _("spice defaultMode insecure requested in XML "
+                                     "configuration but plain port not provided"));
+                    goto error;
+                }
+                break;
+
+            case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY:
+                /* don't care */
+            break;
+            }
        }
    }
+
    if (graphics->data.spice.image)
        virBufferAsprintf(&opt, ",image-compression=%s",
                          virDomainGraphicsSpiceImageCompressionTypeToString(graphics->data.spice.image));

--- a/tests/qemuxml2argvdata/qemuxml2argv-controller-order.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-controller-order.args
@@ -21,7 +21,7 @@ isa-serial,chardev=charserial0,id=serial0 -chardev \
 spicevmc,id=charchannel0,name=vdagent -device \
 virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 \
 -device usb-tablet,id=input0 -spice \
-port=0,addr=0.0.0.0,x509-dir=/etc/pki/libvirt-spice -device \
+port=0,addr=0.0.0.0 -device \
 intel-hda,id=sound0,bus=pci.0,addr=0x4 -device \
 hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device \
 usb-host,hostbus=14,hostaddr=6,id=hostdev0 -device \

--- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-timeout.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-timeout.args
@@ -10,6 +10,6 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=spice \
 -device rtl8139,vlan=0,id=net0,mac=52:54:00:71:70:89,bus=pci.0,addr=0x7 \
 -net tap,script=/etc/qemu-ifup,vlan=0,name=hostnet0 -serial pty \
 -device usb-tablet,id=input0 \
-spice port=5900,x509-dir=/etc/pki/libvirt-spice -vga std \
+-spice port=5900 -vga std \
 -device AC97,id=sound0,bus=pci.0,addr=0x3 \
 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5