On 07/22/2013 12:50 PM, Marc-André Lureau wrote:
Hi
----- Mensaje original -----
Hi,
On 07/22/2013 08:04 AM, Alexandre DERUMIER wrote:
Hi,
I'm trying to do migration, and I have a question about password on target
vm.
If I understand, client try to connect to target vm with same password
(temporary ticket) used to connect to source vm.
But, we need to configure this password to target vm, as I think that qemu
migration process don't copy the password between both spice server right
?
So we need to store this password somewhere on the host, which seem to be
bad for security. (Seem that libvirt store it in guest config xml)
ovirt's vdsm sets to the destination host the same ticket that was set
upon the original connection.
Is it possible to generate a new ticket for target vm, and send it to the
client ? (I don't see any option in qmp client_migrate_info )
I don't think there is a way to do it without changing
client_migrate_info and the protocol. Even if we would have a password
option in client_migrate_info, I don't know if libvirt can retrieve this
information.
So upon migration, libvirt/ovirt will set the dest VM with the same old password? That sounds sane to me in general, but looks kinda against an expiry-based ticket. It would be worth asking the ovirt folks.
Yes, they reset the same password, with the same expiration time, at the
moment the destination is up (the expiration time is one of the reasons
why we need to connect to the destination before migration really begins).
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel