1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-04-01 20:05:19 +00:00

qemu: add qemu RDP configuration

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
This commit is contained in:
Marc-André Lureau 2025-03-16 12:18:27 +04:00 committed by Martin Kletzander
parent 12d7b9fe26
commit bd5f4d3237
6 changed files with 90 additions and 0 deletions

View File

@ -50,6 +50,11 @@ module Libvirtd_qemu =
| bool_entry "spice_sasl"
| str_entry "spice_sasl_dir"
let rdp_entry = str_entry "rdp_listen"
| str_entry "rdp_tls_x509_cert_dir"
| str_entry "rdp_username"
| str_entry "rdp_password"
let chardev_entry = bool_entry "chardev_tls"
| str_entry "chardev_tls_x509_cert_dir"
| bool_entry "chardev_tls_x509_verify"
@ -103,6 +108,7 @@ module Libvirtd_qemu =
| str_entry "bridge_helper"
| str_entry "pr_helper"
| str_entry "slirp_helper"
| str_entry "qemu_rdp"
| str_entry "dbus_daemon"
| bool_entry "set_process_name"
| int_entry "max_processes"
@ -156,6 +162,7 @@ module Libvirtd_qemu =
let entry = default_tls_entry
| vnc_entry
| spice_entry
| rdp_entry
| chardev_entry
| migrate_entry
| backup_entry

View File

@ -229,6 +229,31 @@
#
#spice_sasl_dir = "/some/directory/sasl2"
# RDP is configured to listen on 127.0.0.1 by default.
# To make it listen on all public interfaces, uncomment
# this next option.
#
#rdp_listen = "0.0.0.0"
# In order to override the default TLS certificate location for
# RDP certificates, supply a valid path to the certificate directory.
# If the path is not provided, then the default_tls_x509_cert_dir path
# will be used.
#
#rdp_tls_x509_cert_dir = "/etc/pki/libvirt-rdp"
# The default RDP username. This parameter is only used if the
# per-domain XML config does not already provide a username.
#
#rdp_username = "user"
# The default RDP password. This parameter is only used if the
# per-domain XML config does not already provide a password.
# By default, RDP server will not allow password-less connections.
# Obviously change this example here before you set this.
#
#rdp_password = "RDP12345"
# Enable use of TLS encryption on the chardev TCP transports.
#
# It is necessary to setup CA and issue a server certificate
@ -923,6 +948,12 @@
# Path to the SLIRP networking helper.
#slirp_helper = "/usr/bin/slirp-helper"
# Path to qemu-rdp
# If this is not an absolute path, the program will be searched for
# in $PATH.
#qemu_rdp = "qemu-rdp"
# Path to the dbus-daemon
# If this is not an absolute path, the program will be searched for
# in $PATH.

View File

@ -104,6 +104,7 @@ VIR_ONCE_GLOBAL_INIT(virQEMUConfig);
#define QEMU_BRIDGE_HELPER "qemu-bridge-helper"
#define QEMU_PR_HELPER "qemu-pr-helper"
#define QEMU_RDP "qemu-rdp"
#define QEMU_DBUS_DAEMON "dbus-daemon"
@ -241,6 +242,7 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privileged,
}
cfg->vncListen = g_strdup(VIR_LOOPBACK_IPV4_ADDR);
cfg->rdpListen = g_strdup(VIR_LOOPBACK_IPV4_ADDR);
cfg->spiceListen = g_strdup(VIR_LOOPBACK_IPV4_ADDR);
cfg->remotePortMin = QEMU_REMOTE_PORT_MIN;
@ -266,6 +268,7 @@ virQEMUDriverConfig *virQEMUDriverConfigNew(bool privileged,
cfg->prHelperName = g_strdup(QEMU_PR_HELPER);
cfg->slirpHelperName = g_strdup(QEMU_SLIRP_HELPER);
cfg->dbusDaemonName = g_strdup(QEMU_DBUS_DAEMON);
cfg->qemuRdpName = g_strdup(QEMU_RDP);
cfg->securityDefaultConfined = true;
cfg->securityRequireConfined = false;
@ -352,6 +355,11 @@ static void virQEMUDriverConfigDispose(void *obj)
g_free(cfg->spicePassword);
g_free(cfg->spiceSASLdir);
g_free(cfg->rdpTLSx509certdir);
g_free(cfg->rdpListen);
g_free(cfg->rdpUsername);
g_free(cfg->rdpPassword);
g_free(cfg->chardevTLSx509certdir);
g_free(cfg->chardevTLSx509secretUUID);
@ -376,6 +384,7 @@ static void virQEMUDriverConfigDispose(void *obj)
g_free(cfg->prHelperName);
g_free(cfg->slirpHelperName);
g_free(cfg->dbusDaemonName);
g_free(cfg->qemuRdpName);
g_free(cfg->autoDumpPath);
@ -500,6 +509,21 @@ virQEMUDriverConfigLoadSPICEEntry(virQEMUDriverConfig *cfg,
return 0;
}
static int
virQEMUDriverConfigLoadRDPEntry(virQEMUDriverConfig *cfg,
virConf *conf)
{
if (virConfGetValueString(conf, "rdp_tls_x509_cert_dir", &cfg->rdpTLSx509certdir) < 0)
return -1;
if (virConfGetValueString(conf, "rdp_listen", &cfg->rdpListen) < 0)
return -1;
if (virConfGetValueString(conf, "rdp_username", &cfg->rdpUsername) < 0)
return -1;
if (virConfGetValueString(conf, "rdp_password", &cfg->rdpPassword) < 0)
return -1;
return 0;
}
static int
virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverConfig *cfg,
@ -714,6 +738,9 @@ virQEMUDriverConfigLoadProcessEntry(virQEMUDriverConfig *cfg,
if (virConfGetValueString(conf, "dbus_daemon", &cfg->dbusDaemonName) < 0)
return -1;
if (virConfGetValueString(conf, "qemu_rdp", &cfg->qemuRdpName) < 0)
return -1;
if (virConfGetValueBool(conf, "set_process_name", &cfg->setProcessName) < 0)
return -1;
if (virConfGetValueUInt(conf, "max_processes", &cfg->maxProcesses) < 0)
@ -1184,6 +1211,9 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfig *cfg,
if (virQEMUDriverConfigLoadSPICEEntry(cfg, conf) < 0)
return -1;
if (virQEMUDriverConfigLoadRDPEntry(cfg, conf) < 0)
return -1;
if (virQEMUDriverConfigLoadSpecificTLSEntry(cfg, conf) < 0)
return -1;
@ -1271,6 +1301,14 @@ virQEMUDriverConfigValidate(virQEMUDriverConfig *cfg)
return -1;
}
if (cfg->rdpTLSx509certdir &&
!virFileExists(cfg->rdpTLSx509certdir)) {
virReportError(VIR_ERR_CONF_SYNTAX,
_("rdp_tls_x509_cert_dir directory '%1$s' does not exist"),
cfg->rdpTLSx509certdir);
return -1;
}
if (cfg->chardevTLSx509certdir &&
!virFileExists(cfg->chardevTLSx509certdir)) {
virReportError(VIR_ERR_CONF_SYNTAX,
@ -1356,6 +1394,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfig *cfg)
SET_TLS_X509_CERT_DEFAULT(vnc);
SET_TLS_X509_CERT_DEFAULT(spice);
SET_TLS_X509_CERT_DEFAULT(rdp);
SET_TLS_X509_CERT_DEFAULT(chardev);
SET_TLS_X509_CERT_DEFAULT(migrate);
SET_TLS_X509_CERT_DEFAULT(backup);

View File

@ -136,6 +136,11 @@ struct _virQEMUDriverConfig {
char *spicePassword;
bool spiceAutoUnixSocket;
char *rdpTLSx509certdir;
char *rdpListen;
char *rdpUsername;
char *rdpPassword;
bool chardevTLS;
char *chardevTLSx509certdir;
bool chardevTLSx509verify;
@ -174,6 +179,7 @@ struct _virQEMUDriverConfig {
char *prHelperName;
char *slirpHelperName;
char *dbusDaemonName;
char *qemuRdpName;
bool macFilter;

View File

@ -22,6 +22,10 @@ module Test_libvirtd_qemu =
{ "spice_password" = "XYZ12345" }
{ "spice_sasl" = "1" }
{ "spice_sasl_dir" = "/some/directory/sasl2" }
{ "rdp_listen" = "0.0.0.0" }
{ "rdp_tls_x509_cert_dir" = "/etc/pki/libvirt-rdp" }
{ "rdp_username" = "user" }
{ "rdp_password" = "RDP12345" }
{ "chardev_tls" = "1" }
{ "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" }
{ "chardev_tls_x509_verify" = "1" }
@ -111,6 +115,7 @@ module Test_libvirtd_qemu =
{ "memory_backing_dir" = "/var/lib/libvirt/qemu/ram" }
{ "pr_helper" = "qemu-pr-helper" }
{ "slirp_helper" = "/usr/bin/slirp-helper" }
{ "qemu_rdp" = "qemu-rdp" }
{ "dbus_daemon" = "dbus-daemon" }
{ "swtpm_user" = "tss" }
{ "swtpm_group" = "tss" }

View File

@ -382,6 +382,8 @@ int qemuTestDriverInit(virQEMUDriver *driver)
cfg->vncTLSx509certdir = g_strdup("/etc/pki/libvirt-vnc");
VIR_FREE(cfg->spiceTLSx509certdir);
cfg->spiceTLSx509certdir = g_strdup("/etc/pki/libvirt-spice");
VIR_FREE(cfg->rdpTLSx509certdir);
cfg->rdpTLSx509certdir = g_strdup("/etc/pki/libvirt-rdp");
VIR_FREE(cfg->chardevTLSx509certdir);
cfg->chardevTLSx509certdir = g_strdup("/etc/pki/libvirt-chardev");
VIR_FREE(cfg->vxhsTLSx509certdir);