[libvirt] [PATCH v9 2/5] conf: Introduce {default|chardev}_tls_x509_secret_uuid

John Ferlan jferlan at redhat.com
Mon Oct 17 13:56:14 UTC 2016 


On 10/17/2016 06:52 AM, Pavel Hrdina wrote:
> On Fri, Oct 14, 2016 at 04:23:05PM -0400, John Ferlan wrote:
>> Add a new qemu.conf variables to store the UUID for the secret that could
>> be used to present credentials to access the TLS chardev.  Since this will
>> be a server level and it's possible to use some sort of default, introduce
>> both the default and chardev logic at the same time making the setting of
>> the chardev check for it's own value, then if not present checking whether
>> the default value had been set.
>>
>> Signed-off-by: John Ferlan <jferlan at redhat.com>
>> ---
>>  src/qemu/libvirtd_qemu.aug         |  2 ++
>>  src/qemu/qemu.conf                 | 24 ++++++++++++++++++++++++
>>  src/qemu/qemu_conf.c               | 14 ++++++++++++++
>>  src/qemu/qemu_conf.h               |  2 ++
>>  src/qemu/test_libvirtd_qemu.aug.in |  2 ++
>>  5 files changed, 44 insertions(+)
>>
>> diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
>> index 988201e..73ebeda 100644
>> --- a/src/qemu/libvirtd_qemu.aug
>> +++ b/src/qemu/libvirtd_qemu.aug
>> @@ -29,6 +29,7 @@ module Libvirtd_qemu =
>>     (* Config entry grouped by function - same order as example config *)
>>     let default_tls_entry = str_entry "default_tls_x509_cert_dir"
>>                   | bool_entry "default_tls_x509_verify"
>> +                 | str_entry "default_tls_x509_secret_uuid"
>>  
>>     let vnc_entry = str_entry "vnc_listen"
>>                   | bool_entry "vnc_auto_unix_socket"
>> @@ -51,6 +52,7 @@ module Libvirtd_qemu =
>>     let chardev_entry = bool_entry "chardev_tls"
>>                   | str_entry "chardev_tls_x509_cert_dir"
>>                   | bool_entry "chardev_tls_x509_verify"
>> +                 | str_entry "chardev_tls_x509_secret_uuid"
>>  
>>     let nogfx_entry = bool_entry "nographics_allow_host_audio"
>>  
>> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
>> index e4c2aae..493c171 100644
>> --- a/src/qemu/qemu.conf
>> +++ b/src/qemu/qemu.conf
>> @@ -28,6 +28,20 @@
>>  #
>>  #default_tls_x509_verify = 1
>>  
>> +#
>> +# Libvirt assumes the server-key.pem file is unencrypted by default.
>> +# To use an encrypted server-key.pem file, the password to decrypt the
> 
> You've forgot to remove the extra "the".
> 

Weird - I konw I made the change... where'd it go...


>> +# the PEM file is required. This can be provided by creating a secret
>> +# object in libvirt and then to uncomment this setting to set the UUID
>> +# of the secret.
>> +#
>> +# NB This default all-zeros UUID will not work. Replace it with the
>> +# output from the UUID for the TLS secret from a 'virsh secret-list'
>> +# command and then uncomment the entry
>> +#
>> +#default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
>> +
>> +
>>  # VNC is configured to listen on 127.0.0.1 by default.
>>  # To make it listen on all public interfaces, uncomment
>>  # this next option.
>> @@ -214,6 +228,16 @@
>>  #chardev_tls_x509_verify = 1
>>  
>>  
>> +# Uncomment and use the following option to override the default secret
>> +# uuid provided in the default_tls_x509_secret_uuid parameter.
> 
> s/uuid/UUID/
> 
> ACK
> 

change - thanks

John

[...]

More information about the libvir-list mailing list