Latest revision as of 19:00, 28 September 2011

Description

Setup

Make sure you have a guest, which could be started successfully

How to test

force off the running guest
go the guest detail pannel, remove the "Display VNC" device
click the "Add Hardware" button at the left bottom
Add "Graphics" -> Type "SPICE server"
Check OFF the "Automatically allocation"
Specify the Port to 5901 TLS port to 5902
Click Finish , and back to guest detail overview panel, click Apply button

modify the followings in /etc/libvirt/qemu.conf

-# spice_tls = 1
+ spice_tls = 1

-# spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
+ spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"

perform the following script, to generate the cert files for ssl , and then copy *.pem file info /etc/pkil/libvirt-spice directory

#!/bin/bash

SERVER_KEY=server-key.pem

# creating a key for our ca
if [ ! -e ca-key.pem ]; then
 openssl genrsa -des3 -out ca-key.pem 1024
fi
# creating a ca
if [ ! -e ca-cert.pem ]; then
 openssl req -new -x509 -days 1095 -key ca-key.pem -out ca-cert.pem  -subj "/C=IL/L=Raanana/O=Red Hat/CN=my CA"
fi
# create server key
if [ ! -e $SERVER_KEY ]; then
 openssl genrsa -out $SERVER_KEY 1024
fi
# create a certificate signing request (csr)
if [ ! -e server-key.csr ]; then
 openssl req -new -key $SERVER_KEY -out server-key.csr -subj "/C=IL/L=Raanana/O=Red Hat/CN=my server"
fi
# signing our server certificate with this ca
if [ ! -e server-cert.pem ]; then
 openssl x509 -req -days 1095 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
fi

# now create a key that doesn't require a passphrase
openssl rsa -in $SERVER_KEY -out $SERVER_KEY.insecure
mv $SERVER_KEY $SERVER_KEY.secure
mv $SERVER_KEY.insecure $SERVER_KEY

# show the results (no other effect)
openssl rsa -noout -text -in $SERVER_KEY
openssl rsa -noout -text -in ca-key.pem
openssl req -noout -text -in server-key.csr
openssl x509 -noout -text -in server-cert.pem
openssl x509 -noout -text -in ca-cert.pem

# copy *.pem file to /etc/pki/libvirt-spice
if [[ -d "/etc/pki/libvirt-spice" ]] 
then
 cp ./*.pem /etc/pki/libvirt-spice
else
 mkdir /etc/pki/libvirt-spice
     cp ./*.pem /etc/pki/libvirt-spice
fi

# echo --host-subject
echo "your --host-subject is" \" `openssl x509 -noout -text -in server-cert.pem | grep Subject: | cut -f 10- -d " "` \"

restart libvirtd to rescan the configuration: service libvirtd restart
Start the guest: virsh start <guest>

Access the guest via following command line

spicec -h 127.0.0.1 -p 5901 -s 5902 --host-subject "C=IL,L=Raanana,O=Red Hat,CN=my CA"

Expected Results

Make sure you CAN access the spice interface via private 127.0.0.1 with TLS port set

@@ Line 1: / Line 1: @@
 {{QA/Test_Case
 |description=
-|setup=Make sure you have a guest , which could be started successfully
+|setup=Make sure you have a guest, which could be started successfully
 |actions=
 <ol>
 <li> force off the running guest
-<li> go the guest detail pannel , remove the ''Display VNC '' device
+<li> go the guest detail pannel, remove the "Display VNC" device
-<li> click the ''Add Hardware'' button at the left bottom
+<li> click the "Add Hardware" button at the left bottom
-<li> Add ''Graphics'' -> Type ''SPICE server ''
+<li> Add "Graphics" -> Type "SPICE server"
-<li> Check OFF the ''Automatically allocation''
+<li> Check OFF the "Automatically allocation"
 <li> Specify the Port to 5901 TLS port to 5902
-<li> Click Finish , and back to guest detail overview pannel , click Apply button
+<li> Click Finish , and back to guest detail overview panel, click Apply button
 <li> modify the followings in /etc/libvirt/qemu.conf
 <pre>
@@ Line 16: / Line 16: @@
 + spice_tls = 1
--# spice_tls_x509_cert_dir = ''/etc/pki/libvirt-spice''
+-# spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
-+ spice_tls_x509_cert_dir = ''/etc/pki/libvirt-spice''
++ spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
 </pre>
 <li> perform the following script, to generate the cert files for ssl , and then copy *.pem file info {{filename|/etc/pkil/libvirt-spice}} directory
@@ Line 31: / Line 31: @@
 # creating a ca
 if [ ! -e ca-cert.pem ]; then
-  openssl req -new -x509 -days 1095 -key ca-key.pem -out ca-cert.pem  -subj ''/C=IL/L=Raanana/O=Red Hat/CN=my CA''
+  openssl req -new -x509 -days 1095 -key ca-key.pem -out ca-cert.pem  -subj "/C=IL/L=Raanana/O=Red Hat/CN=my CA"
 fi
 # create server key
@@ Line 39: / Line 39: @@
 # create a certificate signing request (csr)
 if [ ! -e server-key.csr ]; then
-  openssl req -new -key $SERVER_KEY -out server-key.csr -subj ''/C=IL/L=Raanana/O=Red Hat/CN=my server''
+  openssl req -new -key $SERVER_KEY -out server-key.csr -subj "/C=IL/L=Raanana/O=Red Hat/CN=my server"
 fi
 # signing our server certificate with this ca
@@ Line 59: / Line 59: @@
 # copy *.pem file to /etc/pki/libvirt-spice
-if [[ -d ''/etc/pki/libvirt-spice'' ]]
+if [[ -d "/etc/pki/libvirt-spice" ]]
 then
   cp ./*.pem /etc/pki/libvirt-spice
@@ Line 68: / Line 68: @@
 # echo --host-subject
-echo ''your --host-subject is'' \'' `openssl x509 -noout -text -in server-cert.pem | grep Subject: | cut -f 10- -d '' ''` \''
+echo "your --host-subject is" \" `openssl x509 -noout -text -in server-cert.pem | grep Subject: | cut -f 10- -d " "` \"
   </pre>
 <li> restart libvirtd to rescan the configuration: {{command|service libvirtd restart}}
 <li> Start the guest: {{command|virsh start <guest>}}
 <li> Access the guest via following command line
-<pre>spicec -h 127.0.0.1 -p 5901 -s 5902 --host-subject ''C=IL,L=Raanana,O=Red Hat,CN=my CA''</pre>
+<pre>spicec -h 127.0.0.1 -p 5901 -s 5902 --host-subject "C=IL,L=Raanana,O=Red Hat,CN=my CA"</pre>
 </ol>
 |results=

Search

QA:Testcase Virtualization Manually set spice listening port with TLS port set: Difference between revisions

Latest revision as of 19:00, 28 September 2011

Contents

Description

Setup

How to test

Expected Results