Commit b8a10435 authored by Andrea Spadaccini's avatar Andrea Spadaccini
Browse files

Updated man pages with new SPICE TLS options

* documented the --new-spice-certificate, --spice-certificate and
  --spice-ca-certificate options of renew-crypto.

* documented the spice_use_tls KVM hypervisor option.
Signed-off-by: default avatarAndrea Spadaccini <>
Reviewed-by: default avatarMichael Hanselmann <>
parent b6267745
......@@ -520,6 +520,8 @@ RENEW-CRYPTO
| **renew-crypto** [-f]
| [--new-cluster-certificate] [--new-confd-hmac-key]
| [--new-rapi-certificate] [--rapi-certificate *rapi-cert*]
| [--new-spice-certificate | --spice-certificate *spice-cert*
| -- spice-ca-certificate *spice-ca-cert*]
| [--new-cluster-domain-secret] [--cluster-domain-secret *filename*]
This command will stop all Ganeti daemons in the cluster and start
......@@ -533,6 +535,12 @@ ganeti-rapi(8)) specify ``--new-rapi-certificate``. If you want to
use your own certificate, e.g. one signed by a certificate
authority (CA), pass its filename to ``--rapi-certificate``.
To generate a new self-signed SPICE certificate, used by SPICE
connections to the KVM hypervisor, specify the
``--new-spice-certificate`` option. If you want to provide a
certificate, pass its filename to ``--spice-certificate`` and pass the
signing CA certificate to ``--spice-ca-certificate``.
``--new-cluster-domain-secret`` generates a new, random cluster
domain secret. ``--cluster-domain-secret`` reads the secret from a
file. The cluster domain secret is used to sign information
......@@ -353,6 +353,12 @@ spice\_playback\_compression
Configures whether SPICE should compress audio streams or not.
Valid for the KVM hypervisor.
Specifies that the SPICE server must use TLS to encrypt all the
traffic with the client.
Valid for the Xen HVM and KVM hypervisors.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment