On Wed, Apr 24, 2013 at 10:38:26AM +0200, Peter Krempa wrote:
> On 04/24/13 10:19, Daniel P. Berrange wrote:
> >On Tue, Apr 23, 2013 at 08:57:10PM +0200, Peter Krempa wrote:
> >>On 04/23/13 18:21, Daniel P. Berrange wrote:
> >>>On Tue, Apr 23, 2013 at 03:46:12PM +0200, Peter Krempa wrote:
> >>>>With autoport enabled, both ports were alocated. With enabling
> >>>>defaultMode or setting separate channel modes one of the ports may not
> >>>>be needed. This will allow later on doing this kind of change.
> >>>>---
> >>>> docs/formatdomain.html.in | 2 +-
> >>>> src/conf/domain_conf.c | 5 -----
> >>>> 2 files changed, 1 insertion(+), 6 deletions(-)
> >>>>
> >>>>diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> >>>>index 888c005..bb75943 100644
> >>>>--- a/docs/formatdomain.html.in
> >>>>+++ b/docs/formatdomain.html.in
> >>>>@@ -3470,7 +3470,7 @@ qemu-kvm -net nic,model=? /dev/null
> >>>> while <code>tlsPort</code> gives an alternative secure
> >>>> port number. The <code>autoport</code> attribute is the
> >>>> new preferred syntax for indicating autoallocation of
> >>>>- both port numbers. The <code>listen</code> attribute is
> >>>>+ needed port numbers. The <code>listen</code> attribute is
> >>>> an IP address for the server to listen
> >>>> on. The <code>passwd</code> attribute provides a SPICE
> >>>> password in clear text. The <code>keymap</code>
> >>>>diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> >>>>index dc0ecaa..86a444c 100644
> >>>>--- a/src/conf/domain_conf.c
> >>>>+++ b/src/conf/domain_conf.c
> >>>>@@ -7595,11 +7595,6 @@ virDomainGraphicsDefParseXML(xmlNodePtr node,
> >>>> VIR_FREE(defaultMode);
> >>>> }
> >>>>
> >>>>- if (def->data.spice.port == -1 && def->data.spice.tlsPort == -1) {
> >>>>- /* Legacy compat syntax, used -1 for auto-port */
> >>>>- def->data.spice.autoport = true;
> >>>>- }
> >>>
> >>>I'm not clear why this is safe. The idea is that if the user sends XML
> >>>
> >>> <graphics port='-1' tlsPort='-1'/>
> >>>
> >>>then libvirt would turn it into
> >>>
> >>> <graphics port='-1' tlsPort='-1' autoport='yes'/>
> >>>
> >>>with this removed, won't we be instead outputting
> >>>
> >>> <graphics port='-1' tlsPort='-1' autoport='no'/>
> >>>
> >>>despite the fact that it is auto-allocating the ports?
> >>
> >>Later on this will slightly change semantics:
> >>
> >><graphics port='-1' tlsPort='-1' autoport='no'/>
> >>
> >>Will allocate both ports every time, even if one isn't needed
> >>because of other configuration (eg defaultMode="insecure")
> >
> >That is certainly not right.
> >
> >If we're allocating ports then we *must* be setting autoport='yes'.
> >Having port='1' and tlsPort='-1' and autoport='no' is a non-sensical
> >configuration.
>
> Okay, that is fair enough.
>
> In that case, is it okay not to allocate both ports if the
> configuration doesn't require it even if we did so before? Or do we
> need to have an option to force allocation of both TLS and non-tls
> port even if it's not needed?
Sure, we don't need to allocate both ports, if TLS is disabled in
libvirtd, or if the configuration does not otherwise require it
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list