Re: [CentOS] virt-install message regarding Spice and TLS
On Thu, Sep 3, 2015 at 11:56 AM, Leonard den Ottolander < leon...@den.ottolander.nl> wrote: > On Thu, 2015-09-03 at 09:53 -0400, Mike - st257 wrote: > > Any other thoughts? :-/ > > I can't be the only person that wants to use Spice with out TLS for some > > testing/labbing. ;-) > > Personally I only have experience with virt-manager or virt-install with > --nographics over a serial tty. > > Quite a bit can be found when googling for "Auto allocation of spice TLS > port requested but spice TLS is disabled in qemu.conf" (with quotes). It > appears the issue is known and addressed for RHEL 7, but RHEL 6 seems to > be ignored, a bit like the MySQL vs SSL breakage was fixed for RHEL 6 > but not RHEL 5 (https://bugzilla.redhat.com/show_bug.cgi?id=1231960 is > still open even though the issues for RHEL 5 and 6 are identical). > > Sadly the communication between the development teams of the different > versions of RHEL seems sub optimal :S . I suggest you open a bug report > for RHEL 6 specifically. > > Thanks Leonard! I'll gather some references for a bug report so I present other people's reports too. -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] virt-install message regarding Spice and TLS
On Thu, 2015-09-03 at 09:53 -0400, Mike - st257 wrote: > Any other thoughts? :-/ > I can't be the only person that wants to use Spice with out TLS for some > testing/labbing. ;-) Personally I only have experience with virt-manager or virt-install with --nographics over a serial tty. Quite a bit can be found when googling for "Auto allocation of spice TLS port requested but spice TLS is disabled in qemu.conf" (with quotes). It appears the issue is known and addressed for RHEL 7, but RHEL 6 seems to be ignored, a bit like the MySQL vs SSL breakage was fixed for RHEL 6 but not RHEL 5 (https://bugzilla.redhat.com/show_bug.cgi?id=1231960 is still open even though the issues for RHEL 5 and 6 are identical). Sadly the communication between the development teams of the different versions of RHEL seems sub optimal :S . I suggest you open a bug report for RHEL 6 specifically. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] virt-install message regarding Spice and TLS
On 09/03/2015 06:53 AM, Mike - st257 wrote: > On Wed, Sep 2, 2015 at 1:59 PM, Leonard den Ottolander < > leon...@den.ottolander.nl> wrote: > >> Hello Mike, >> >> On Wed, 2015-09-02 at 13:05 -0400, Mike - st257 wrote: >>> I've been through the virt-install manpage a few times now to no avail. >>> What is wrong with my syntax here (seen below)? >> >>> ~]# virt-install --connect qemu:///system -n blahhost -r2048 --vcpus=4 >>> --arch=x86_64 --video qxl --graphics spice,port=5931 --noautoconsole >>> --os-type linux --accelerate --network=bridge:kickstart_br0 --hvm --disk >>> path=/dev/vmdisks/fedora-test2,bus=virtio --cdrom /tmp/fedora.iso >> >> > To also reply to nevis2us: > I have the Spice TLS config commented presently so it is not active (afaik). > At one point I did try switching the value from 1 to 0 when I did have it > uncommented. > > >> See if adding tlsport=0 to the --graphics option fixes your problem? >> >> --graphics spice,port=5931,tlsport=0 >> > > I did try that before (though didn't note it in my first message). > > ERRORError in graphics device parameters: TLS port must be a number > between 5900 and 65535, or -1 for auto allocation > > ~]# cat /etc/redhat-release > CentOS release 6.7 (Final) > ~]# yum info libvirt | egrep 'Name|Version|Release' > Name: libvirt > Version : 0.10.2 > Release : 54.el6 > > >> >> Compare >> http://www.spice-space.org/page/Features/Xspice#--tls-port_0_required >> > > > Any other thoughts? :-/ > I can't be the only person that wants to use Spice with out TLS for some > testing/labbing. ;-) > > Thanks! > I am also seeing this issue. I've managed it by checking auto for spice. This has the unfortunate issue that it is possible for a port to a particular VM to change from reboot to reboot. But it does allow the VM to start without problems. We don't use, or need, TLS because these VMs are accessed only form the local network. We are using CentOS seven for all VM hosts, and 90% of the guests are now on CentOS 7 as well. Emmett ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] virt-install message regarding Spice and TLS
On Wed, Sep 2, 2015 at 1:59 PM, Leonard den Ottolander < leon...@den.ottolander.nl> wrote: > Hello Mike, > > On Wed, 2015-09-02 at 13:05 -0400, Mike - st257 wrote: > > I've been through the virt-install manpage a few times now to no avail. > > What is wrong with my syntax here (seen below)? > > > ~]# virt-install --connect qemu:///system -n blahhost -r2048 --vcpus=4 > > --arch=x86_64 --video qxl --graphics spice,port=5931 --noautoconsole > > --os-type linux --accelerate --network=bridge:kickstart_br0 --hvm --disk > > path=/dev/vmdisks/fedora-test2,bus=virtio --cdrom /tmp/fedora.iso > > To also reply to nevis2us: I have the Spice TLS config commented presently so it is not active (afaik). At one point I did try switching the value from 1 to 0 when I did have it uncommented. > See if adding tlsport=0 to the --graphics option fixes your problem? > > --graphics spice,port=5931,tlsport=0 > I did try that before (though didn't note it in my first message). ERRORError in graphics device parameters: TLS port must be a number between 5900 and 65535, or -1 for auto allocation ~]# cat /etc/redhat-release CentOS release 6.7 (Final) ~]# yum info libvirt | egrep 'Name|Version|Release' Name: libvirt Version : 0.10.2 Release : 54.el6 > > Compare > http://www.spice-space.org/page/Features/Xspice#--tls-port_0_required > Any other thoughts? :-/ I can't be the only person that wants to use Spice with out TLS for some testing/labbing. ;-) Thanks! -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] virt-install message regarding Spice and TLS
Hello Mike, On Wed, 2015-09-02 at 13:05 -0400, Mike - st257 wrote: > I've been through the virt-install manpage a few times now to no avail. > What is wrong with my syntax here (seen below)? > ~]# virt-install --connect qemu:///system -n blahhost -r2048 --vcpus=4 > --arch=x86_64 --video qxl --graphics spice,port=5931 --noautoconsole > --os-type linux --accelerate --network=bridge:kickstart_br0 --hvm --disk > path=/dev/vmdisks/fedora-test2,bus=virtio --cdrom /tmp/fedora.iso See if adding tlsport=0 to the --graphics option fixes your problem? --graphics spice,port=5931,tlsport=0 Compare http://www.spice-space.org/page/Features/Xspice#--tls-port_0_required Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] virt-install message regarding Spice and TLS
Is TLS required for the usage of Spice with KVM/libvirtd? No. I had a similar problem several years back and ended up manually removing tlsPort= from /etc/libvirt/qemu/xxx.xml ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] virt-install message regarding Spice and TLS
Is TLS required for the usage of Spice with KVM/libvirtd? I've been through the virt-install manpage a few times now to no avail. What is wrong with my syntax here (seen below)? Thanks. ~]# virt-install --connect qemu:///system -n blahhost -r2048 --vcpus=4 --arch=x86_64 --video qxl --graphics spice,port=5931 --noautoconsole --os-type linux --accelerate --network=bridge:kickstart_br0 --hvm --disk path=/dev/vmdisks/fedora-test2,bus=virtio --cdrom /tmp/fedora.iso Starting install... ERRORunsupported configuration: Auto allocation of spice TLS port requested but spice TLS is disabled in qemu.conf Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect qemu:///system start blahhost otherwise, please restart your installation. -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos