Commit 3e40b587 authored by Andrea Spadaccini's avatar Andrea Spadaccini
Browse files

Add tls_ciphers and use_vdagent options


Signed-off-by: default avatarAndrea Spadaccini <spadaccio@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
parent b8a10435
......@@ -687,6 +687,8 @@ HV_KVM_SPICE_ZLIB_GLZ_IMG_COMPR = "spice_zlib_glz_wan_compression"
HV_KVM_SPICE_STREAMING_VIDEO_DETECTION = "spice_streaming_video"
HV_KVM_SPICE_AUDIO_COMPR = "spice_playback_compression"
HV_KVM_SPICE_USE_TLS = "spice_use_tls"
HV_KVM_SPICE_TLS_CIPHERS = "spice_tls_ciphers"
HV_KVM_SPICE_USE_VDAGENT = "spice_use_vdagent"
HV_ACPI = "acpi"
HV_PAE = "pae"
HV_USE_BOOTLOADER = "use_bootloader"
......@@ -739,6 +741,8 @@ HVS_PARAMETER_TYPES = {
HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: VTYPE_STRING,
HV_KVM_SPICE_AUDIO_COMPR: VTYPE_BOOL,
HV_KVM_SPICE_USE_TLS: VTYPE_BOOL,
HV_KVM_SPICE_TLS_CIPHERS: VTYPE_STRING,
HV_KVM_SPICE_USE_VDAGENT: VTYPE_BOOL,
HV_ACPI: VTYPE_BOOL,
HV_PAE: VTYPE_BOOL,
HV_USE_BOOTLOADER: VTYPE_BOOL,
......@@ -1365,6 +1369,8 @@ HVC_DEFAULTS = {
HV_KVM_SPICE_STREAMING_VIDEO_DETECTION: "",
HV_KVM_SPICE_AUDIO_COMPR: True,
HV_KVM_SPICE_USE_TLS: False,
HV_KVM_SPICE_TLS_CIPHERS: OPENSSL_CIPHERS,
HV_KVM_SPICE_USE_VDAGENT: True,
HV_KVM_FLOPPY_IMAGE_PATH: "",
HV_CDROM_IMAGE_PATH: "",
HV_KVM_CDROM2_IMAGE_PATH: "",
......
......@@ -433,6 +433,8 @@ class KVMHypervisor(hv_base.BaseHypervisor):
constants.HT_KVM_SPICE_VALID_VIDEO_STREAM_DETECTION_OPTIONS),
constants.HV_KVM_SPICE_AUDIO_COMPR: hv_base.NO_CHECK,
constants.HV_KVM_SPICE_USE_TLS: hv_base.NO_CHECK,
constants.HV_KVM_SPICE_TLS_CIPHERS: hv_base.NO_CHECK,
constants.HV_KVM_SPICE_USE_VDAGENT: hv_base.NO_CHECK,
constants.HV_KVM_FLOPPY_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
constants.HV_CDROM_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
constants.HV_KVM_CDROM2_IMAGE_PATH: hv_base.OPT_FILE_CHECK,
......@@ -1037,6 +1039,9 @@ class KVMHypervisor(hv_base.BaseHypervisor):
instance.network_port, constants.SPICE_CACERT_FILE)
spice_arg = "%s,x509-key-file=%s,x509-cert-file=%s" % (spice_arg,
constants.SPICE_CERT_FILE, constants.SPICE_CERT_FILE)
tls_ciphers = hvp[constants.HV_KVM_SPICE_TLS_CIPHERS]
if tls_ciphers:
spice_arg = "%s,tls-ciphers=%s" % (spice_arg, tls_ciphers)
else:
spice_arg = "%s,port=%s" % (spice_arg, instance.network_port)
......@@ -1065,6 +1070,8 @@ class KVMHypervisor(hv_base.BaseHypervisor):
# Audio compression, by default in qemu-kvm it is on
if not hvp[constants.HV_KVM_SPICE_AUDIO_COMPR]:
spice_arg = "%s,playback-compression=off" % spice_arg
if not hvp[constants.HV_KVM_SPICE_USE_VDAGENT]:
spice_arg = "%s,agent-mouse=off" % spice_arg
logging.info("KVM: SPICE will listen on port %s", instance.network_port)
kvm_cmd.extend(["-spice", spice_arg])
......
......@@ -359,6 +359,17 @@ spice\_use\_tls
Specifies that the SPICE server must use TLS to encrypt all the
traffic with the client.
spice\_tls\_ciphers
Valid for the KVM hypervisor.
Specifies a list of comma-separated ciphers that SPICE should use
for TLS connections. For the format, see man cipher(1).
spice\_use\_vdagent
Valid for the KVM hypervisor.
Enables or disables passing mouse events via SPICE vdagent.
acpi
Valid for the Xen HVM and KVM hypervisors.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment