[libvirt] [PATCH v5 4/9] qemu: Add the ability to hotplug the TLS X.509 environment
Daniel P. Berrange
berrange at redhat.com
Fri Aug 5 08:23:52 UTC 2016
On Thu, Aug 04, 2016 at 11:21:22AM -0400, John Ferlan wrote:
> If the incoming XML defined a path to a TLS X.509 certificate environment,
> add the necessary 'tls-creds-x509' object to the VIR_DOMAIN_CHR_TYPE_TCP
> character device.
>
> Likewise, if the environment exists the hot unplug needs adjustment as
> well. Note that all the return ret were changed to goto cleanup since
> the cfg needs to be unref'd
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> src/conf/domain_conf.h | 1 +
> src/qemu/qemu_command.c | 2 +-
> src/qemu/qemu_command.h | 8 ++++++
> src/qemu/qemu_hotplug.c | 59 ++++++++++++++++++++++++++++++++++++++------
> src/qemu/qemu_monitor_json.c | 9 +++++++
> 5 files changed, 71 insertions(+), 8 deletions(-)
>
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index b2e905d..b25e219 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -1091,6 +1091,7 @@ struct _virDomainChrSourceDef {
> char *service;
> bool listen;
> int protocol;
> + bool tlscreds;
> } tcp;
> struct {
> char *bindHost;
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 33cc451..2295175 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -690,7 +690,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
> *
> * Returns 0 on success, -1 on failure with error set.
> */
> -static int
> +int
> qemuBuildTLSx509BackendProps(const char *tlspath,
> bool listen,
> bool verifypeer,
> diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
> index dcf9ba6..583f35d 100644
> --- a/src/qemu/qemu_command.h
> +++ b/src/qemu/qemu_command.h
> @@ -60,10 +60,18 @@ virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr driver,
> const char *domainLibDir)
> ATTRIBUTE_NONNULL(15);
>
> +
> /* Generate the object properties for a secret */
> int qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
> virJSONValuePtr *propsret);
>
> +/* Generate the object properties for a tls-creds-x509 */
> +int qemuBuildTLSx509BackendProps(const char *tlspath,
> + bool listen,
> + bool verifypeer,
> + virQEMUCapsPtr qemuCaps,
> + virJSONValuePtr *propsret);
> +
> /* Generate '-device' string for chardev device */
> int
> qemuBuildChrDeviceStr(char **deviceStr,
> @@ -4286,32 +4318,40 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
> virDomainChrDefPtr chr)
> {
> int ret = -1;
> + virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
> qemuDomainObjPrivatePtr priv = vm->privateData;
> virDomainDefPtr vmdef = vm->def;
> virDomainChrDefPtr tmpChr;
> + char *objAlias = NULL;
> char *devstr = NULL;
>
> if (!(tmpChr = virDomainChrFind(vmdef, chr))) {
> virReportError(VIR_ERR_OPERATION_INVALID, "%s",
> _("device not present in domain configuration"));
> - return ret;
> + goto cleanup;
> }
>
> if (!tmpChr->info.alias && qemuAssignDeviceChrAlias(vmdef, tmpChr, -1) < 0)
> - return ret;
> + goto cleanup;
>
> sa_assert(tmpChr->info.alias);
>
> + if (cfg->chardevTLS &&
> + !(objAlias = qemuAliasTLSObjFromChardevAlias(tmpChr->info.alias)))
> + goto cleanup;
> +
> if (qemuBuildChrDeviceStr(&devstr, vmdef, chr, priv->qemuCaps) < 0)
> - return ret;
> + goto cleanup;
>
> qemuDomainMarkDeviceForRemoval(vm, &tmpChr->info);
>
> qemuDomainObjEnterMonitor(driver, vm);
> - if (devstr && qemuMonitorDelDevice(priv->mon, tmpChr->info.alias) < 0) {
> - ignore_value(qemuDomainObjExitMonitor(driver, vm));
> - goto cleanup;
> - }
> + if (objAlias && qemuMonitorDelObject(priv->mon, objAlias) < 0)
> + goto exit_monitor;
> +
> + if (devstr && qemuMonitorDelDevice(priv->mon, tmpChr->info.alias) < 0)
> + goto exit_monitor;
We should really detach the device before the tls object, due
to their dependancy order
ACK with that swapped
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list