[libvirt] [PATCH v9 2/5] conf: Introduce {default|chardev}_tls_x509_secret_uuid
John Ferlan
jferlan at redhat.com
Mon Oct 17 13:56:14 UTC 2016
On 10/17/2016 06:52 AM, Pavel Hrdina wrote:
> On Fri, Oct 14, 2016 at 04:23:05PM -0400, John Ferlan wrote:
>> Add a new qemu.conf variables to store the UUID for the secret that could
>> be used to present credentials to access the TLS chardev. Since this will
>> be a server level and it's possible to use some sort of default, introduce
>> both the default and chardev logic at the same time making the setting of
>> the chardev check for it's own value, then if not present checking whether
>> the default value had been set.
>>
>> Signed-off-by: John Ferlan <jferlan at redhat.com>
>> ---
>> src/qemu/libvirtd_qemu.aug | 2 ++
>> src/qemu/qemu.conf | 24 ++++++++++++++++++++++++
>> src/qemu/qemu_conf.c | 14 ++++++++++++++
>> src/qemu/qemu_conf.h | 2 ++
>> src/qemu/test_libvirtd_qemu.aug.in | 2 ++
>> 5 files changed, 44 insertions(+)
>>
>> diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
>> index 988201e..73ebeda 100644
>> --- a/src/qemu/libvirtd_qemu.aug
>> +++ b/src/qemu/libvirtd_qemu.aug
>> @@ -29,6 +29,7 @@ module Libvirtd_qemu =
>> (* Config entry grouped by function - same order as example config *)
>> let default_tls_entry = str_entry "default_tls_x509_cert_dir"
>> | bool_entry "default_tls_x509_verify"
>> + | str_entry "default_tls_x509_secret_uuid"
>>
>> let vnc_entry = str_entry "vnc_listen"
>> | bool_entry "vnc_auto_unix_socket"
>> @@ -51,6 +52,7 @@ module Libvirtd_qemu =
>> let chardev_entry = bool_entry "chardev_tls"
>> | str_entry "chardev_tls_x509_cert_dir"
>> | bool_entry "chardev_tls_x509_verify"
>> + | str_entry "chardev_tls_x509_secret_uuid"
>>
>> let nogfx_entry = bool_entry "nographics_allow_host_audio"
>>
>> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
>> index e4c2aae..493c171 100644
>> --- a/src/qemu/qemu.conf
>> +++ b/src/qemu/qemu.conf
>> @@ -28,6 +28,20 @@
>> #
>> #default_tls_x509_verify = 1
>>
>> +#
>> +# Libvirt assumes the server-key.pem file is unencrypted by default.
>> +# To use an encrypted server-key.pem file, the password to decrypt the
>
> You've forgot to remove the extra "the".
>
Weird - I konw I made the change... where'd it go...
>> +# the PEM file is required. This can be provided by creating a secret
>> +# object in libvirt and then to uncomment this setting to set the UUID
>> +# of the secret.
>> +#
>> +# NB This default all-zeros UUID will not work. Replace it with the
>> +# output from the UUID for the TLS secret from a 'virsh secret-list'
>> +# command and then uncomment the entry
>> +#
>> +#default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
>> +
>> +
>> # VNC is configured to listen on 127.0.0.1 by default.
>> # To make it listen on all public interfaces, uncomment
>> # this next option.
>> @@ -214,6 +228,16 @@
>> #chardev_tls_x509_verify = 1
>>
>>
>> +# Uncomment and use the following option to override the default secret
>> +# uuid provided in the default_tls_x509_secret_uuid parameter.
>
> s/uuid/UUID/
>
> ACK
>
change - thanks
John
[...]
More information about the libvir-list
mailing list