1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
From: Apollon Oikonomopoulos <apoikos@dmesg.gr>
Date: Tue, 19 Feb 2019 13:30:42 +0200
Subject: KVM: fix VNC TLS handling for QEMU 3.1
Since QEMU 2.5, VNC TLS handling has been refactored using the `-object
tls-creds-*` parameters. QEMU 3.1 completely removed the support for
`-vnc tls`, so we need to switch to the new syntax.
Note that this places a lower bound on QEMU 2.5 for those wishing to use
VNC + TLS. 2.5.0 was released more than 3 years ago, so people should be
using it already and it doesn't make sense to try to be backwards
compatible here.
This is part of #1338.
Signed-off-by: Apollon Oikonomopoulos <apoikos@dmesg.gr>
---
lib/hypervisor/hv_kvm/__init__.py | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/lib/hypervisor/hv_kvm/__init__.py b/lib/hypervisor/hv_kvm/__init__.py
index b4d7ec8..713bac6 100644
--- a/lib/hypervisor/hv_kvm/__init__.py
+++ b/lib/hypervisor/hv_kvm/__init__.py
@@ -1217,13 +1217,21 @@ class KVMHypervisor(hv_base.BaseHypervisor):
# kvm/qemu gets confused otherwise about the filename to use.
vnc_append = ""
if hvp[constants.HV_VNC_TLS]:
- vnc_append = "%s,tls" % vnc_append
+ vnc_append = "%s,tls-creds=vnctls0" % vnc_append
+ tls_obj = "tls-creds-anon"
+ tls_obj_options = ["id=vnctls0", "endpoint=server"]
if hvp[constants.HV_VNC_X509_VERIFY]:
- vnc_append = "%s,x509verify=%s" % (vnc_append,
- hvp[constants.HV_VNC_X509])
+ tls_obj = "tls-creds-x509"
+ tls_obj_options.extend(["dir=%s" %
+ hvp[constants.HV_VNC_X509],
+ "verify-peer=yes"])
elif hvp[constants.HV_VNC_X509]:
- vnc_append = "%s,x509=%s" % (vnc_append,
- hvp[constants.HV_VNC_X509])
+ tls_obj = "tls-creds-x509"
+ tls_obj_options.extend(["dir=%s" %
+ hvp[constants.HV_VNC_X509],
+ "verify-peer=no"])
+ kvm_cmd.extend(["-object",
+ "%s,%s" % (tls_obj, ",".join(tls_obj_options))])
if hvp[constants.HV_VNC_PASSWORD_FILE]:
vnc_append = "%s,password" % vnc_append
|
