[pve-devel] qemu-server : spice seamless migration

Dietmar Maurer dietmar at proxmox.com
Mon Jul 22 07:55:27 CEST 2013


> - Fixme:
> 
> 1)remote-viewer will resend same password to the targetvm, so we need to
> set the last spice password when we start the target vm.
> Is it safe to store on hosts the last spice password used ?

No, I do not want to add such dirty hacks.

Solution: fix remote-viewer
 
> 2)with tls, ca= option seem to not be keep by the client.
> workaround : cp pve-root-ca.pem to client .spicec/spice_truststore.pem.
> 

Solution: fix remote-viewer

> Maybe is is possible to send to the client the ca, and a new password ticket
> 
> in spicelib, server/reds.c
> 
> /* returns FALSE if info is invalid */
> static int reds_set_migration_dest_info(const char* dest,
>                                         int port, int secure_port,
>                                         const char* cert_subject) {
>     RedsMigSpice *spice_migration = NULL;
> 
>     reds_mig_release();
>     if ((port == -1 && secure_port == -1) || !dest) {
>         return FALSE;
>     }
> 
>     spice_migration = spice_new0(RedsMigSpice, 1);
>     spice_migration->port = port;
>     spice_migration->sport = secure_port;
>     spice_migration->host = spice_strdup(dest);
>     if (cert_subject) {
>         spice_migration->cert_subject = spice_strdup(cert_subject);
>     }
> 
>     reds->mig_spice = spice_migration;
> 
>     return TRUE;
> }
> 

I guess we need to subscript to the spice developer list and try to fix that upstream?



More information about the pve-devel mailing list