Updated man pages with new SPICE TLS options

man/gnt-cluster.rst:
* documented the --new-spice-certificate, --spice-certificate and
  --spice-ca-certificate options of renew-crypto.

man/gnt-instance.rst:
* documented the spice_use_tls KVM hypervisor option.

Signed-off-by: Andrea Spadaccini <spadaccio@google.com>
Reviewed-by: Michael Hanselmann <hansmi@google.com>

man/gnt-cluster.rst

@@ -520,6 +520,8 @@ RENEW-CRYPTO
 | **renew-crypto** [-f]
 | [--new-cluster-certificate] [--new-confd-hmac-key]
 | [--new-rapi-certificate] [--rapi-certificate *rapi-cert*]
+| [--new-spice-certificate | --spice-certificate *spice-cert*
+| -- spice-ca-certificate *spice-ca-cert*]
 | [--new-cluster-domain-secret] [--cluster-domain-secret *filename*]
 
 This command will stop all Ganeti daemons in the cluster and start
@@ -533,6 +535,12 @@ ganeti-rapi(8)) specify ``--new-rapi-certificate``. If you want to
 use your own certificate, e.g. one signed by a certificate
 authority (CA), pass its filename to ``--rapi-certificate``.
 
+To generate a new self-signed SPICE certificate, used by SPICE
+connections to the KVM hypervisor, specify the
+``--new-spice-certificate`` option. If you want to provide a
+certificate, pass its filename to ``--spice-certificate`` and pass the
+signing CA certificate to ``--spice-ca-certificate``.
+
 ``--new-cluster-domain-secret`` generates a new, random cluster
 domain secret. ``--cluster-domain-secret`` reads the secret from a
 file. The cluster domain secret is used to sign information

man/gnt-instance.rst

@@ -353,6 +353,12 @@ spice\_playback\_compression
 
     Configures whether SPICE should compress audio streams or not.
 
+spice\_use\_tls
+    Valid for the KVM hypervisor.
+
+    Specifies that the SPICE server must use TLS to encrypt all the
+    traffic with the client.
+
 acpi
     Valid for the Xen HVM and KVM hypervisors.