[PATCH devel-2.5 4/4] Updated man pages with new SPICE TLS options

Tue, 06 Sep 2011 10:48:45 -0700 

man/gnt-cluster.rst:
* documented the --new-spice-certificate, --spice-certificate and
  --spice-ca-certificate options of renew-crypto.

man/gnt-instance.rst:
* documented the spice_use_tls KVM hypervisor option.

Signed-off-by: Andrea Spadaccini <[email protected]>
---
 man/gnt-cluster.rst  |    8 ++++++++
 man/gnt-instance.rst |    6 ++++++
 2 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/man/gnt-cluster.rst b/man/gnt-cluster.rst
index c821cd7..60034b9 100644
--- a/man/gnt-cluster.rst
+++ b/man/gnt-cluster.rst
@@ -520,6 +520,8 @@ RENEW-CRYPTO
 | **renew-crypto** [-f]
 | [--new-cluster-certificate] [--new-confd-hmac-key]
 | [--new-rapi-certificate] [--rapi-certificate *rapi-cert*]
+| [--new-spice-certificate] [--spice-certificate *spice-cert*]
+| [--spice-ca-certificate *spice-ca-cert*]
 | [--new-cluster-domain-secret] [--cluster-domain-secret *filename*]
 
 This command will stop all Ganeti daemons in the cluster and start
@@ -533,6 +535,12 @@ ganeti-rapi(8)) specify ``--new-rapi-certificate``. If you 
want to
 use your own certificate, e.g. one signed by a certificate
 authority (CA), pass its filename to ``--rapi-certificate``.
 
+To generate a new self-signed SPICE certificate, used by SPICE
+connections to the KVM hypervisor, specify the
+``--new-spice-certificate`` option. If you want to provide a
+certificate, pass its filename to ``--spice-certificate`` and pass the
+signing CA certificate to ``--spice-ca-certificate``.
+
 ``--new-cluster-domain-secret`` generates a new, random cluster
 domain secret. ``--cluster-domain-secret`` reads the secret from a
 file. The cluster domain secret is used to sign information
diff --git a/man/gnt-instance.rst b/man/gnt-instance.rst
index c3a0c92..87298de 100644
--- a/man/gnt-instance.rst
+++ b/man/gnt-instance.rst
@@ -307,6 +307,12 @@ spice\_password\_file
     connecting via the SPICE protocol. If the option is not specified,
     passwordless connections are allowed.
 
+spice\_use\_tls
+    Valid for the KVM hypervisor.
+
+    Specifies that the SPICE server must use TLS to encrypt all the
+    traffic with the client.
+
 acpi
     Valid for the Xen HVM and KVM hypervisors.
 
-- 
1.7.3.1

Reply via email to