I am using virt-install
(see below) to create a guest. All seems fine up to the point where it complains about auto-allocation of the SPICE TLS port.
Here's what I am running and the full output:
# sudo virt-install --name vmname --ram 1024 --os-type=linux --os-variant=ubuntutrusty --disk path=/data/vm/vmname_sda.qcow2,bus=virtio,size=10,sparse=false --noautoconsole --console pty,target_type=virtio --accelerate --hvm --network=network:default --graphics spice,port=20001,listen=127.0.0.1
Starting install...
Retrieving file MANIFEST... | 2.1 kB 00:00 ...
Retrieving file MANIFEST... | 2.1 kB 00:00 ...
Retrieving file linux... | 11 MB 00:00 ...
Retrieving file initrd.gz... | 41 MB 00:00 ...
ERROR unsupported configuration: Auto allocation of spice TLS port requested but spice TLS is disabled in qemu.conf
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect qemu:///system start vmname
otherwise, please restart your installation.
The error is:
ERROR unsupported configuration: Auto allocation of spice TLS port requested but spice TLS is disabled in qemu.conf
and indeed in my /etc/libvirt/qemu.conf
I have:
spice_tls = 0
(and intentionally so).
So how can I create a KVM guest using the SPICE protocol for graphics, but with TLS disabled?
I doubt it is of relevance, but the reason I want to disable TLS is because I am tunneling the connection to SPICE via SSH already. No need for an extra layer of encryption.
The host system is Ubuntu 14.04.1. Package versions are:
- virtinst: 0.600.4-3ubuntu2
- qemu-kvm: 2.0.0+dfsg-2ubuntu1.2
(all up to date as far as apt-get
is concerned)
Best Answer
Okay, I worked around it on my own. In the option:
remove the
port
parameter such that it becomes:You need to configure the
<graphics />
element in thelibvirt
XML configuration file then. My invocation ofvirt-install
gave me this:There is one caveat. I finished the installation while SPICE was still connected to the default auto-connected port (5900 in my case). If you shut down the guest prior to finishing the installation the whole process initiated by
virt-install
will be interrupted.In order to change it one should shut down the guest and the edit the XML to something like the following, using
virsh edit vmname
(wherevmname
should be replaced with your name):Possible workaround for "port in use" conflicts. Use any of the local net addresses other than 127.0.0.1 from 127.0.0.0/24, e.g. 127.0.0.2 etc to listen on.
NOTE: If someone can come up with a better (i.e. actual) solution, I'll accept that other answer. This writeup is mostly for others that may run into the same issue.