From 7c14dcae1f5fd63e5c4f288cca28cb827c787024 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 24 Jul 2013 12:13:16 +0200
Subject: [PATCH] use STDIN to pass spice ticket

---
 PVE/API2/Qemu.pm   | 11 ++++++++++-
 PVE/QemuMigrate.pm |  8 +++++---
 changelog.Debian   |  2 ++
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index a5e38e13..11119701 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1534,6 +1534,14 @@ __PACKAGE__->register_method({
 	raise_param_exc({ migratedfrom => "Only root may use this option." })
 	    if $migratedfrom && $authuser ne 'root@pam';
 
+	# read spice ticket from STDIN
+	my $spice_ticket;
+	if ($stateuri && ($stateuri eq 'tcp') && $migratedfrom && ($rpcenv->{type} eq 'cli')) {
+	    my $line = <>;
+	    chomp $line;
+	    $spice_ticket = $line if $line;
+	}
+
 	my $storecfg = PVE::Storage::config();
 
 	if (&$vm_is_ha_managed($vmid) && !$stateuri &&
@@ -1562,7 +1570,8 @@ __PACKAGE__->register_method({
 
 		syslog('info', "start VM $vmid: $upid\n");
 
-		PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef, $machine);
+		PVE::QemuServer::vm_start($storecfg, $vmid, $stateuri, $skiplock, $migratedfrom, undef, 
+					  $machine, $spice_ticket);
 
 		return;
 	    };
diff --git a/PVE/QemuMigrate.pm b/PVE/QemuMigrate.pm
index bcc11b83..01d41855 100644
--- a/PVE/QemuMigrate.pm
+++ b/PVE/QemuMigrate.pm
@@ -314,21 +314,23 @@ sub phase2 {
     ## start on remote node
     my $cmd = [@{$self->{rem_ssh}}];
 
+    my $spice_ticket;
     if (PVE::QemuServer::vga_conf_has_spice($conf->{vga})) {
 	my $res = PVE::QemuServer::vm_mon_cmd($vmid, 'query-spice');
-	push @$cmd, 'SPICETICKET='.$res->{ticket} if $res->{ticket};
+	$spice_ticket = $res->{ticket};
     }
 
     push @$cmd , 'qm', 'start', $vmid, '--stateuri', 'tcp', '--skiplock', '--migratedfrom', $nodename;
 
-
     if ($self->{forcemachine}) {
 	push @$cmd, '--machine', $self->{forcemachine};
     }
 
     my $spice_port;
 
-    PVE::Tools::run_command($cmd, outfunc => sub {
+    # Note: We try to keep $spice_ticket secret (do not pass via command line parameter)
+    # instead we pipe it through STDIN
+    PVE::Tools::run_command($cmd, input => $spice_ticket, outfunc => sub {
 	my $line = shift;
 
 	if ($line =~ m/^migration listens on port (\d+)$/) {
diff --git a/changelog.Debian b/changelog.Debian
index 1a4b9bc3..ef03223a 100644
--- a/changelog.Debian
+++ b/changelog.Debian
@@ -1,6 +1,8 @@
 qemu-server (3.0-26) unstable; urgency=low
 
   * remove spice cert paths (depend on pve-qemu-kvm >= 1.4-16)
+  
+  * implement spice seamless migration
 
  -- Proxmox Support Team <support@proxmox.com>  Tue, 23 Jul 2013 10:08:33 +0200