[Spice-devel] seamless spice migration : question about password/ticket for target vm
Marc-André Lureau
mlureau at redhat.com
Mon Jul 22 09:50:43 PDT 2013
Hi
----- Mensaje original -----
> Hi,
> On 07/22/2013 08:04 AM, Alexandre DERUMIER wrote:
> > Hi,
> >
> > I'm trying to do migration, and I have a question about password on target
> > vm.
> >
> >
> > If I understand, client try to connect to target vm with same password
> > (temporary ticket) used to connect to source vm.
> >
> >
> > But, we need to configure this password to target vm, as I think that qemu
> > migration process don't copy the password between both spice server right
> > ?
> > So we need to store this password somewhere on the host, which seem to be
> > bad for security. (Seem that libvirt store it in guest config xml)
> ovirt's vdsm sets to the destination host the same ticket that was set
> upon the original connection.
> >
> > Is it possible to generate a new ticket for target vm, and send it to the
> > client ? (I don't see any option in qmp client_migrate_info )
> >
> I don't think there is a way to do it without changing
> client_migrate_info and the protocol. Even if we would have a password
> option in client_migrate_info, I don't know if libvirt can retrieve this
> information.
>
So upon migration, libvirt/ovirt will set the dest VM with the same old password? That sounds sane to me in general, but looks kinda against an expiry-based ticket. It would be worth asking the ovirt folks.
More information about the Spice-devel
mailing list