| **renew-crypto** [-f]
| [--new-cluster-certificate] [--new-confd-hmac-key]
| [--new-rapi-certificate] [--rapi-certificate *rapi-cert*]
+| [--new-spice-certificate | --spice-certificate *spice-cert*
+| -- spice-ca-certificate *spice-ca-cert*]
| [--new-cluster-domain-secret] [--cluster-domain-secret *filename*]
This command will stop all Ganeti daemons in the cluster and start
use your own certificate, e.g. one signed by a certificate
authority (CA), pass its filename to ``--rapi-certificate``.
+To generate a new self-signed SPICE certificate, used by SPICE
+connections to the KVM hypervisor, specify the
+``--new-spice-certificate`` option. If you want to provide a
+certificate, pass its filename to ``--spice-certificate`` and pass the
+signing CA certificate to ``--spice-ca-certificate``.
+
``--new-cluster-domain-secret`` generates a new, random cluster
domain secret. ``--cluster-domain-secret`` reads the secret from a
file. The cluster domain secret is used to sign information
Configures whether SPICE should compress audio streams or not.
+spice\_use\_tls
+ Valid for the KVM hypervisor.
+
+ Specifies that the SPICE server must use TLS to encrypt all the
+ traffic with the client.
+
acpi
Valid for the Xen HVM and KVM hypervisors.