[libvirt] [PATCH v6 11/13] qemu: Add TLS support for Veritas HyperScale (VxHS)
Peter Krempa
pkrempa at redhat.com
Thu Aug 31 14:17:07 UTC 2017
On Wed, Aug 30, 2017 at 18:46:11 -0400, John Ferlan wrote:
> From: Ashish Mittal <Ashish.Mittal at veritas.com>
[...]
> src/qemu/qemu_block.c | 29 ++++++++++++++++++--
> src/qemu/qemu_block.h | 3 +-
> src/qemu/qemu_command.c | 32 +++++++++++++++++++++-
> ...muxml2argv-disk-drive-network-tlsx509-vxhs.args | 30 ++++++++++++++++++++
> tests/qemuxml2argvtest.c | 5 ++++
> 5 files changed, 94 insertions(+), 5 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.args
This won't work with disk hotplug. You either need to add code for it
to work properly or add code that specifically disables it.
> diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
> index cb765ab..5e65692 100644
> --- a/src/qemu/qemu_block.c
> +++ b/src/qemu/qemu_block.c
> @@ -18,6 +18,7 @@
>
> #include <config.h>
>
> +#include "qemu_alias.h"
> #include "qemu_block.h"
> #include "qemu_domain.h"
>
> @@ -484,9 +485,12 @@ qemuBlockStorageSourceGetGlusterProps(virStorageSourcePtr src)
>
> static virJSONValuePtr
> qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src,
> - virQEMUCapsPtr qemuCaps)
> + virQEMUCapsPtr qemuCaps,
> + const char *diskAlias)
As I've pointed out elsewhere, the disk alias should not be passed here,
but rather stored in the disk source structure.
> const char *protocol = virStorageNetProtocolTypeToString(src->protocol);
> + char *objalias = NULL;
> virJSONValuePtr server = NULL;
> virJSONValuePtr ret = NULL;
>
> @@ -506,17 +510,34 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src,
> if (!(server = qemuBlockStorageSourceBuildHostsJSONSocketAddress(src, true)))
> return NULL;
>
> + if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
> + if (!diskAlias) {
> + virReportError(VIR_ERR_INVALID_ARG, "%s",
> + _("disk does not have an alias"));
> + return NULL;
> + }
> +
> + if (!(objalias = qemuAliasTLSObjFromSrcAlias(diskAlias))) {
> + virJSONValueFree(server);
> + return NULL;
> + }
> + }
> +
> /* VxHS disk specification example:
> * { driver:"vxhs",
> + * [tls-creds:"objvirtio-disk0_tls0",]
> * vdisk-id:"eb90327c-8302-4725-4e85ed4dc251",
> * server:[{type:"tcp", host:"1.2.3.4", port:9999}]}
> */
> if (virJSONValueObjectCreate(&ret,
> "s:driver", protocol,
> + "S:tls-creds", objalias,
> "s:vdisk-id", src->path,
> "a:server", server, NULL) < 0)
> virJSONValueFree(server);
>
> + VIR_FREE(objalias);
> +
> return ret;
> }
>
> @@ -530,7 +551,8 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src,
> */
> virJSONValuePtr
> qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src,
> - virQEMUCapsPtr qemuCaps)
> + virQEMUCapsPtr qemuCaps,
> + const char *diskAlias)
> {
> int actualType = virStorageSourceGetActualType(src);
> virJSONValuePtr fileprops = NULL;
> @@ -553,7 +575,8 @@ qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src,
> break;
>
> case VIR_STORAGE_NET_PROTOCOL_VXHS:
> - if (!(fileprops = qemuBlockStorageSourceGetVxHSProps(src, qemuCaps)))
> + if (!(fileprops = qemuBlockStorageSourceGetVxHSProps(src, qemuCaps,
> + diskAlias)))
> goto cleanup;
> break;
>
[...]
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 3205a59..b94ed11 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -791,6 +791,32 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
> }
>
>
> +/* qemuBuildDiskTLSx509CommandLine:
> + *
> + * Add TLS object if the disk uses a secure communication channel
> + *
> + * Returns 0 on success, -1 w/ error on some sort of failure.
> + */
> +static int
> +qemuBuildDiskTLSx509CommandLine(virCommandPtr cmd,
> + virQEMUDriverConfigPtr cfg,
> + virDomainDiskDefPtr disk,
> + virQEMUCapsPtr qemuCaps)
> +{
> + virStorageSourcePtr src = disk->src;
Here it looks like a nice place to allocate the secret alias and set it
into disk->src.
> +
> + /* other protocols may be added later */
> + if (src->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS &&
> + disk->src->haveTLS == VIR_TRISTATE_BOOL_YES) {
> + return qemuBuildTLSx509CommandLine(cmd, cfg->vxhsTLSx509certdir,
> + false, true, false,
> + disk->info.alias, qemuCaps);
> + }
> +
> + return 0;
> +}
> +
> +
> static char *
> qemuBuildNetworkDriveURI(virStorageSourcePtr src,
> qemuDomainSecretInfoPtr secinfo)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170831/fb8acf5d/attachment-0001.sig>
More information about the libvir-list
mailing list