[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v7 0/4] VNC-related HMP/QMP fixes
From: |
Fabian Ebner |
Subject: |
Re: [PATCH v7 0/4] VNC-related HMP/QMP fixes |
Date: |
Mon, 31 Jan 2022 10:45:08 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 |
Am 25.01.22 um 16:06 schrieb Daniel P. Berrangé:
> On Mon, Jan 24, 2022 at 02:50:39PM +0100, Markus Armbruster wrote:
>> Stefan Reiter <s.reiter@proxmox.com> writes:
>>
>>> Since the removal of the generic 'qmp_change' command, one can no longer
>>> replace
>>> the 'default' VNC display listen address at runtime (AFAIK). For our users
>>> who
>>> need to set up a secondary VNC access port, this means configuring a second
>>> VNC
>>> display (in addition to our standard one for web-access), but it turns out
>>> one
>>> cannot set a password on this second display at the moment, as the
>>> 'set_password' call only operates on the 'default' display.
>>>
>>> Additionally, using secret objects, the password is only read once at
>>> startup.
>>> This could be considered a bug too, but is not touched in this series and
>>> left
>>> for a later date.
>>
>> Related: Vladimir recently posted a patch to add a new command for
>> changing VNC server listening addresses. Daniel asked him to work it
>> into display-reload instead[1]. Vladimir complied[2].
>>
>> Daniel, what do you think about this one? Should it also use
>> display-reload?
>
> I'd ultimately intend to deprecate & remove the direct setting of
> passwords on the CLI, and exclusively rely on the 'secret' object
> for passing in passwords. With this in mind, I'd not be enthusiastic
> about adding new commands for changing passwords in QMP directly,
> rather I think we should have a way to change the 'secret' object
> in use.
>
How should I proceed with this series then? Does adding the new argument
for the display ID count as "adding new commands"?
If what I should do is switching to only using secret objects, would the
plan be something like the following?
1. Add an option to display-reload for switching the display's
password-secret while adding SPICE as a valid display type.
2. Also include the set password action (i.e. disconnect/fail/keep) and
expiration time as part of that option.
3. Extend display-reload to also take an optional display ID for VNC.
4. Deprecate expire_password and set_password.
> Regards,
> Daniel