[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v4 3/3] Add TLS support for Veritas HyperScale (VxHS) block device protocol




On 06/30/2017 04:56 AM, Peter Krempa wrote:
> On Fri, Jun 30, 2017 at 10:44:39 +0200, Peter Krempa wrote:
>> On Thu, Jun 29, 2017 at 19:02:41 -0700, Ashish Mittal wrote:
>>> From: Ashish Mittal <ashish mittal veritas com>
> 
> [...]
> 
>>> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
>>> index 7525a2a..909af50 100644
>>> --- a/docs/schemas/domaincommon.rng
>>> +++ b/docs/schemas/domaincommon.rng
>>> @@ -1622,6 +1622,11 @@
>>>        </attribute>
>>>        <attribute name="name"/>
>>>          <ref name="diskSourceNetworkHost"/>
>>> +      <optional>
>>> +        <attribute name="tls">
>>> +          <ref name="virYesNo"/>
>>> +        </attribute>
>>
>> Make this a definition for future reuse. Additionally I think that the
>> TLS part should be a separate element here. Something like
>>
>> <disk>
>>  <source>
> 
> I forgot to finish my thought before sending. I think we want a separate
> element with an attribute at this point. This allows adding other TLS
> related stuff to it if such need arises.
> 
> <disk type='network' device='disk'>
>   <driver name='qemu' type='raw' cache='none'/>
>   <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-4e85ed4dc251'>
>     <host name='192.168.0.1' port='9999'/>
>     <tls enabled='yes'/>
>   </source>
>   [...]
> </disk>
> 

I don't like a separate <tls ...> element. What do you mean by other TLS
related stuff such as 'verify' or 'secret'?  Those would be qemu.conf
type settings - they wouldn't change on a disk by disk or domain by
domain basis.

Why not as a <source> or perhaps more precisely a <host> attribute? If
you compare with others it's related to the port as I would assume would
be the case for storage as well. If my understanding from the cover
letter is valid, then this is how QEMU is going to communicate with some
remote host/server in order to provide TLS credentials.

John

For comparison, other consumers of TLS and their XML:

VNC:

  <devices>
  ...
    <graphics type='vnc' port='5904' .../>
  ...

   Configured only via qemu.conf AFAICT

Spice:
  <devices>
  ...
    <graphics type='spice' port='-1' tlsPort='-1' autoport='yes'>
  ...


Chardev:
...
  <devices>
    <serial type="tcp">
      <source mode='connect' host="127.0.0.1" service="5555" tls="yes"/>
...


> 
> 
> 
> --
> libvir-list mailing list
> libvir-list redhat com
> https://www.redhat.com/mailman/listinfo/libvir-list
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]