20.16.12. Graphical framebuffers
A graphics device allows for graphical interaction with the guest virtual machine OS. A guest virtual machine will typically have either a framebuffer or a text console configured to allow interaction with the admin.
To specify the graphical framebuffer devices configuration settings, use a management tool to make the following changes to the domain XML:
... <devices> <graphics type='sdl' display=':0.0'/> <graphics type='vnc' port='5904'> <listen type='address' address='192.0.2.1'/> </graphics> <graphics type='rdp' autoport='yes' multiUser='yes' /> <graphics type='desktop' fullscreen='yes'/> <graphics type='spice'> <listen type='network' network='rednet'/> </graphics> </devices> ...
Figure 20.56. Graphical Framebuffers
The
graphics
element has a mandatory type
attribute which takes the value sdl
, vnc
, rdp
or desktop
as explained below:
Parameter | Description |
---|---|
sdl | This displays a window on the host physical machine desktop, it can take 3 optional arguments: a display attribute for the display to use, an xauth attribute for the authentication identifier, and an optional fullscreen attribute accepting values yes or no |
vnc | Starts a VNC server. The port attribute specifies the TCP port number (with -1 as legacy syntax indicating that it should be auto-allocated). The autoport attribute is the new preferred syntax for indicating autoallocation of the TCP port to use. The listen attribute is an IP address for the server to listen on. The passwd attribute provides a VNC password in clear text. The keymap attribute specifies the keymap to use. It is possible to set a limit on the validity of the password be giving an timestamp passwdValidTo='2010-04-09T15:51:00' assumed to be in UTC. The connected attribute allows control of connected client during password changes. VNC accepts keep value only and note that it may not be supported by all hypervisors. Rather than using listen/port, QEMU supports a socket attribute for listening on a unix domain socket path. |
spice | Starts a SPICE server. The port attribute specifies the TCP port number (with -1 as legacy syntax indicating that it should be auto-allocated), while tlsPort gives an alternative secure port number. The autoport attribute is the new preferred syntax for indicating auto-allocation of both port numbers. The listen attribute is an IP address for the server to listen on. The passwd attribute provides a SPICE password in clear text. The keymap attribute specifies the keymap to use. It is possible to set a limit on the validity of the password be giving an timestamp passwdValidTo='2010-04-09T15:51:00' assumed to be in UTC. The connected attribute allows control of connected client during password changes. SPICE accepts keep to keep client connected, disconnect to disconnect client and fail to fail changing password. Note it is not be supported by all hypervisors. The defaultMode attribute sets the default channel security policy, valid values are secure , insecure and the default any (which is secure if possible, but falls back to insecure rather than erroring out if no secure path is available). |
When SPICE has both a normal and TLS secured TCP port configured, it may be desirable to restrict what channels can be run on each port. This is achieved by adding one or more
channel
elements inside the main graphics
element. Valid channel names include main
, display
, inputs
, cursor
, playback
, record
; smartcard
; and usbredir
.
To specify the SPICE configuration settings, use a mangement tool to make the following changes to the domain XML:
<graphics type='spice' port='-1' tlsPort='-1' autoport='yes'> <channel name='main' mode='secure'/> <channel name='record' mode='insecure'/> <image compression='auto_glz'/> <streaming mode='filter'/> <clipboard copypaste='no'/> <mouse mode='client'/> </graphics>
Figure 20.57. SPICE configuration
SPICE supports variable compression settings for audio, images and streaming. These settings are accessible by using the compression attribute in all following elements:
image
to set image compression (accepts auto_glz, auto_lz, quick, glz, lz, off), jpeg
for JPEG compression for images over wan (accepts auto, never, always), zlib
for configuring wan image compression (accepts auto, never, always) and playback
for enabling audio stream compression (accepts on or off).
Streaming mode is set by the
streaming
element, settings its mode
attribute to one of filter
, all
or off
.
In addition, Copy and paste functionality (using the SPICE agent) is set by the
clipboard
element. It is enabled by default, and can be disabled by setting the copypaste
property to no
.
Mouse mode is set by the
mouse
element, setting its mode
attribute to one of server
or client
. If no mode is specified, the qemu default will be used (client
mode).
Additional elements include:
Parameter | Description |
---|---|
rdp | Starts a RDP server. The port attribute specifies the TCP port number (with -1 as legacy syntax indicating that it should be auto-allocated). The autoport attribute is the new preferred syntax for indicating autoallocation of the TCP port to use. The replaceUser attribute is a boolean deciding whether multiple simultaneous connections to the VM are permitted. The multiUser whether the existing connection must be dropped and a new connection must be established by the VRDP server, when a new client connects in single connection mode. |
desktop | This value is reserved for VirtualBox domains for the moment. It displays a window on the host physical machine desktop, similarly to "sdl", but uses the VirtualBox viewer. Just like "sdl", it accepts the optional attributes display and fullscreen. |
listen | Rather than putting the address information used to set up the listening socket for graphics types vnc and spice in the graphics , the listen attribute, a separate subelement of graphics , called listen can be specified (see the examples above). listen accepts the following attributes:
|