Commit eca3fdf inadvertantly caused a failure to start for any domain with the following in its config: <graphics type='spice' autoport='yes'/> The problem is that when tlsPort == 0 and defaultMode == "any" (which is the default for defaultMode), this would be flagged in the code as "needTLSPort", and if there was then no spice tls config, the new error+fail would happen. This patch checks for the case of defaultMode == "any", and in that case simply doesn't allocate a TLS port (since that's probably not what the user wanted, and it would have failed later anyway.). It does leave the error in place for cases when the user specifically asked to use tls in one way or another, though. --- src/qemu/qemu_process.c | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index e75c8c9..58f64b7 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3294,23 +3294,34 @@ qemuProcessSPICEAllocatePorts(virQEMUDriverPtr driver, if (needTLSPort || graphics->data.spice.tlsPort == -1) { if (!cfg->spiceTLS) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("Auto allocation of spice TLS port requested " - "but spice TLS is disabled in qemu.conf")); - goto error; - } - - if (virPortAllocatorAcquire(driver->remotePorts, &tlsPort) < 0) - goto error; + /* log an error and fail if tls was specifically + * requested, or simply ignore (don't allocate a port) + * if we're here due to "defaultMode='any'" + * (aka unspecified). + */ + if ((graphics->data.spice.tlsPort == -1) || + (graphics->data.spice.defaultMode + == VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Auto allocation of spice TLS port requested " + "but spice TLS is disabled in qemu.conf")); + goto error; + } + } else { + /* cfg->spiceTLS *is* in place, so it makes sense to + * allocate a port. + */ + if (virPortAllocatorAcquire(driver->remotePorts, &tlsPort) < 0) + goto error; - if (tlsPort == 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Unable to find an unused port for SPICE TLS")); - virPortAllocatorRelease(driver->remotePorts, port); - goto error; + if (tlsPort == 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Unable to find an unused port for SPICE TLS")); + virPortAllocatorRelease(driver->remotePorts, port); + goto error; + } + graphics->data.spice.tlsPort = tlsPort; } - - graphics->data.spice.tlsPort = tlsPort; } return 0; -- 1.7.11.7 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list