qemu: fix failure to start with spice graphics and no tls

Commit eca3fdf inadvertantly caused a failure to start for any domain
with the following in its config:

    <graphics type='spice' autoport='yes'/>

The problem is that when tlsPort == 0 and defaultMode == "any" (which
is the default for defaultMode), this would be flagged in the code as
"needTLSPort", and if there was then no spice tls config, the new
error+fail would happen.

This patch checks for the case of defaultMode == "any", and in that
case simply doesn't allocate a TLS port (since that's probably not
what the user wanted, and it would have failed later anyway.). It does
leave the error in place for cases when the user specifically asked to
use tls in one way or another, though.

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index e75c8c9bdf4a981d528c9d1e92c6da84067e43f5..58f64b7310f24489a4d3d9dccdc1935808804e59 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3294,23 +3294,34 @@ qemuProcessSPICEAllocatePorts(virQEMUDriverPtr driver,
 
     if (needTLSPort || graphics->data.spice.tlsPort == -1) {
         if (!cfg->spiceTLS) {
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                           _("Auto allocation of spice TLS port requested "
-                             "but spice TLS is disabled in qemu.conf"));
-            goto error;
-        }
-
-        if (virPortAllocatorAcquire(driver->remotePorts, &tlsPort) < 0)
-            goto error;
+            /* log an error and fail if tls was specifically
+             * requested, or simply ignore (don't allocate a port)
+             * if we're here due to "defaultMode='any'"
+             * (aka unspecified).
+             */
+            if ((graphics->data.spice.tlsPort == -1) ||
+                (graphics->data.spice.defaultMode
+                 == VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE)) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("Auto allocation of spice TLS port requested "
+                                 "but spice TLS is disabled in qemu.conf"));
+                goto error;
+            }
+        } else {
+            /* cfg->spiceTLS *is* in place, so it makes sense to
+             * allocate a port.
+             */
+            if (virPortAllocatorAcquire(driver->remotePorts, &tlsPort) < 0)
+                goto error;
 
-        if (tlsPort == 0) {
-            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
-                           _("Unable to find an unused port for SPICE TLS"));
-            virPortAllocatorRelease(driver->remotePorts, port);
-            goto error;
+            if (tlsPort == 0) {
+                virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                               _("Unable to find an unused port for SPICE TLS"));
+                virPortAllocatorRelease(driver->remotePorts, port);
+                goto error;
+            }
+            graphics->data.spice.tlsPort = tlsPort;
         }
-
-        graphics->data.spice.tlsPort = tlsPort;
     }
 
     return 0;