[libvirt] [PATCH v7 11/11] qemu: Add TLS support for Veritas HyperScale (VxHS)
ashish mittal
ashmit602 at gmail.com
Mon Sep 18 21:25:55 UTC 2017
Hi,
I've done some TLS testing with this patch and results look good. The
following test statically adds a VxHS disk to a guest in the TLS mode.
Boots up the guest and makes sure that we can do read/writes to the VxHS
disk from within the guest with TLS enabled.
(1) Create a backing store file /tmp/test_vxhs_disk_1 and start the VxHS
test server "qnio_server" with TLS enabled.
(2) Client side TLS env was setup as follows -
[root at audi ~] 2017-09-18 13:56:13# grep -i vxhs /etc/libvirt/qemu.conf |
grep -v "^#"
vxhs_tls = 1
vxhs_tls_x509_cert_dir = "/etc/pki/libvirt-vxhs"
[root at audi ~] 2017-09-18 13:56:22# ll /etc/pki/libvirt-vxhs
total 20
-r--r--r--. 1 root root 4062 Sep 17 23:15 ca-cert.pem
-rw-r--r--. 1 root root 1866 Sep 17 22:52 client-cert.pem
-r--------. 1 root root 1679 Sep 17 22:52 client-key.pem
[root at audi ~] 2017-09-18 13:56:35#
(3) virsh edit and add a new VxHS device with tls='yes'
The XML added to existing domain -
<disk type='network' device='disk'>
<driver name='qemu' type='raw' cache='none'/>
<source protocol='vxhs' name='/tmp/test_vxhs_disk_1' tls='yes'>
<host name='127.0.0.1' port='9999'/>
</source>
<backingStore/>
<target dev='vdc' bus='virtio'/>
<serial>eb90327c-8302-4725-9e1b-4e85ed4dc251</serial>
<alias name='virtio-disk2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x0a'
function='0x0'/>
</disk>
(4) Start the domain and check if qemu command is correct
[root at audi ~] 2017-09-18 13:29:01# virsh start myfc24
Domain myfc24 started
[root at audi ~] 2017-09-18 13:29:20# ps -ef | grep qemu
root 9578 1 99 13:29 ? 00:00:20 /usr/bin/qemu-system-x86_64
-machine accel=kvm -name guest=myfc24,debug-threads=on -S -object
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-1-myfc24/master-key.aes
-machine pc-i440fx-2.6,accel=kvm,usb=off,vmport=off,dump-guest-core=off
-cpu Opteron_G3 -m 1024 -realtime mlock=off -smp
2,sockets=2,cores=1,threads=1 -uuid 70454565-8185-4506-b50f-d2cf55d83796
-no-user-config -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-1-myfc24/monitor.sock,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc
base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet
-no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1
-boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x6.0x7
-device
ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x6
-device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x6.0x1
-device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x6.0x2
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive
file=/var/lib/libvirt/images/myfc24_rootdisk.qcow2,format=qcow2,if=none,id=drive-ide0-0-0
-device
ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive
if=none,id=drive-ide0-0-1,readonly=on -device
ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 -object
tls-creds-x509,id=objvirtio-disk2_tls0,dir=/etc/pki/libvirt-vxhs,endpoint=client,verify-peer=yes
-drive
file.driver=vxhs,file.tls-creds=objvirtio-disk2_tls0,file.vdisk-id=/tmp/test_vxhs_disk_1,file.server.type=tcp,file.server.host=127.0.0.1,file.server.port=9999,format=raw,if=none,id=drive-virtio-disk2,serial=eb90327c-8302-4725-9e1b-4e85ed4dc251,cache=none
-device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0xa,drive=drive-virtio-disk2,id=virtio-disk2
-netdev tap,fd=27,id=hostnet0 -device
rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:e4:9e:30,bus=pci.0,addr=0x3
-netdev tap,fd=29,id=hostnet1,vhost=on,vhostfd=30 -device
virtio-net-pci,netdev=hostnet1,id=net1,mac=52:54:00:b1:43:c4,bus=pci.0,addr=0x8
-chardev pty,id=charserial0 -device
isa-serial,chardev=charserial0,id=serial0 -chardev
spicevmc,id=charchannel0,name=vdagent -device
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0
-spice
port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on
-device
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0x2
-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device
hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev
spicevmc,id=charredir0,name=usbredir -device
usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=1 -chardev
spicevmc,id=charredir1,name=usbredir -device
usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=2 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on
(5) Log in to the guest domain and make sure we see this VxHS disk
[root at camshaft ~] 2017-09-18 13:32:22# fdisk -l
...
Disk /dev/vda: 1 MiB, 1048576 bytes, 2048 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk /dev/mapper/fedora-root: 45.4 GiB, 48704258048 bytes, 95125504 sectors
...
(6) Create a disk label and partition. Do mkfs and mount the FS. Copy some
files to the disk and check general read/write operations.
[root at camshaft ~] 2017-09-18 13:32:35# fdisk /dev/vda
....
Created a new partition 1 of type 'Linux' and of size 1023.5 KiB.
Command (m for help): p
Disk /dev/vda: 1 MiB, 1048576 bytes, 2048 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xcfd93e87
Device Boot Start End Sectors Size Id Type
/dev/vda1 1 2047 2047 1023.5K 83 Linux
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
[root at camshaft ~]
[root at camshaft ~] 2017-09-18 13:34:29# mkfs.ext3 /dev/vda1
mke2fs 1.42.13 (17-May-2015)
Filesystem too small for a journal
Creating filesystem with 1020 1k blocks and 128 inodes
Allocating group tables: done
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
[root at camshaft ~] 2017-09-18 13:34:46# mount /dev/vda1 /mnt
[root at camshaft ~] 2017-09-18 13:34:56# cp /boot/System.map-4.* /mnt
cp: error writing '/mnt/System.map-4.5.5-300.fc24.x86_64': No space left on
device
cp: error writing '/mnt/System.map-4.8.8-200.fc24.x86_64': No space left on
device
[root at camshaft ~] 2017-09-18 13:35:08# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 485M 0 485M 0% /dev
tmpfs 497M 472K 496M 1% /dev/shm
tmpfs 497M 1.3M 495M 1% /run
tmpfs 497M 0 497M 0% /sys/fs/cgroup
/dev/mapper/fedora-root 45G 5.1G 38G 12% /
tmpfs 497M 84K 497M 1% /tmp
/dev/mapper/fedora-home 22G 1.7G 19G 9% /home
/dev/sda1 477M 140M 308M 32% /boot
tmpfs 100M 28K 100M 1% /run/user/42
tmpfs 100M 20K 100M 1% /run/user/1000
/dev/vda1 999K 999K 0 100% /mnt
[root at camshaft ~] 2017-09-18 13:35:13#
[root at camshaft ~] 2017-09-18 13:37:07# dd
if=/mnt/System.map-4.5.5-300.fc24.x86_64 of=/dev/null
1952+0 records in
1952+0 records out
999424 bytes (999 kB, 976 KiB) copied, 0.001174 s, 851 MB/s
[root at camshaft ~] 2017-09-18 13:37:14#
Regards,
Ashish
On Fri, Sep 1, 2017 at 10:09 AM, John Ferlan <jferlan at redhat.com> wrote:
> From: Ashish Mittal <Ashish.Mittal at veritas.com>
>
> Alter qemu command line generation in order to possibly add TLS for
> a suitably configured domain.
>
> Sample TLS args generated by libvirt -
>
> -object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
> endpoint=client,verify-peer=yes \
> -drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
> file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\
> file.server.0.type=tcp,file.server.0.host=192.168.0.1,\
> file.server.0.port=9999,format=raw,if=none,\
> id=drive-virtio-disk0,cache=none \
> -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
> id=virtio-disk0
>
> Update the qemuxml2argvtest with a couple of examples. One for a
> simple case and the other a bit more complex where multiple VxHS disks
> are added where at least one uses a VxHS that doesn't require TLS
> credentials and thus sets the domain disk source attribute "tls = 'no'".
>
> Update the hotplug to be able to handle processing the tlsAlias whether
> it's to add the TLS object when hotplugging a disk or to remove the TLS
> object when hot unplugging a disk. The hot plug/unplug code is largely
> generic, but the addition code does make the VXHS specific checks only
> because it needs to grab the correct config directory and generate the
> object as the command line would do.
>
> Signed-off-by: Ashish Mittal <Ashish.Mittal at veritas.com>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> src/qemu/qemu_block.c | 8 +++
> src/qemu/qemu_command.c | 29 +++++++++
> src/qemu/qemu_hotplug.c | 73
> ++++++++++++++++++++++
> ...-disk-drive-network-tlsx509-multidisk-vxhs.args | 43 +++++++++++++
> ...v-disk-drive-network-tlsx509-multidisk-vxhs.xml | 50 +++++++++++++++
> ...muxml2argv-disk-drive-network-tlsx509-vxhs.args | 30 +++++++++
> tests/qemuxml2argvtest.c | 7 +++
> 7 files changed, 240 insertions(+)
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.args
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-vxhs.args
>
> diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
> index f5269fb..be4e8fa 100644
> --- a/src/qemu/qemu_block.c
> +++ b/src/qemu/qemu_block.c
> @@ -495,16 +495,24 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr
> src)
> return NULL;
> }
>
> + if (src->haveTLS == VIR_TRISTATE_BOOL_YES && !src->tlsAlias) {
> + virReportError(VIR_ERR_INVALID_ARG, "%s",
> + _("VxHS disk does not have TLS alias set"));
> + return NULL;
> + }
> +
> if (!(server = qemuBlockStorageSourceBuildHostsJSONSocketAddress(src,
> true)))
> return NULL;
>
> /* VxHS disk specification example:
> * { driver:"vxhs",
> + * [tls-creds:"objvirtio-disk0_tls0",]
> * vdisk-id:"eb90327c-8302-4725-4e85ed4dc251",
> * server:[{type:"tcp", host:"1.2.3.4", port:9999}]}
> */
> if (virJSONValueObjectCreate(&ret,
> "s:driver", protocol,
> + "S:tls-creds", src->tlsAlias,
> "s:vdisk-id", src->path,
> "a:server", server, NULL) < 0)
> virJSONValueFree(server);
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index b9e2ab3..d6b04a3 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -791,6 +791,32 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
> }
>
>
> +/* qemuBuildDiskTLSx509CommandLine:
> + *
> + * Add TLS object if the disk uses a secure communication channel
> + *
> + * Returns 0 on success, -1 w/ error on some sort of failure.
> + */
> +static int
> +qemuBuildDiskTLSx509CommandLine(virCommandPtr cmd,
> + virQEMUDriverConfigPtr cfg,
> + virDomainDiskDefPtr disk,
> + virQEMUCapsPtr qemuCaps)
> +{
> + virStorageSourcePtr src = disk->src;
> +
> + /* other protocols may be added later */
> + if (src->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS &&
> + disk->src->haveTLS == VIR_TRISTATE_BOOL_YES) {
> + return qemuBuildTLSx509CommandLine(cmd, cfg->vxhsTLSx509certdir,
> + false, true, false,
> + disk->info.alias, qemuCaps);
> + }
> +
> + return 0;
> +}
> +
> +
> static char *
> qemuBuildNetworkDriveURI(virStorageSourcePtr src,
> qemuDomainSecretInfoPtr secinfo)
> @@ -2218,6 +2244,9 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd,
> if (qemuBuildDiskSecinfoCommandLine(cmd, encinfo) < 0)
> return -1;
>
> + if (qemuBuildDiskTLSx509CommandLine(cmd, cfg, disk, qemuCaps) <
> 0)
> + return -1;
> +
> virCommandAddArg(cmd, "-drive");
>
> if (!(optstr = qemuBuildDriveStr(disk, cfg, driveBoot, qemuCaps)))
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index 9611df5..4c1074d 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
> @@ -152,6 +152,55 @@ qemuDomainPrepareDisk(virQEMUDriverPtr driver,
>
>
> static int
> +qemuDomainAddDiskTLSObject(virQEMUDriverPtr driver,
> + virDomainObjPtr vm,
> + virDomainDiskDefPtr disk,
> + char **tlsAlias)
> +{
> + int ret = -1;
> + virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
> + qemuDomainObjPrivatePtr priv = vm->privateData;
> + virStorageSourcePtr src = disk->src;
> + virJSONValuePtr tlsProps = NULL;
> +
> + /* NB: This may alter haveTLS based on cfg */
> + qemuDomainPrepareDiskSourceTLS(src, disk->info.alias, cfg);
> +
> + if (src->haveTLS != VIR_TRISTATE_BOOL_YES) {
> + ret = 0;
> + goto cleanup;
> + }
> +
> + /* Initial implementation doesn't require/use a secret to decrypt
> + * a server certificate, so there's no need to manage a tlsSecAlias
> + * and tlsSecProps. See qemuDomainAddChardevTLSObjects for the
> + * methodology required to add a secret object. */
> +
> + /* For a VxHS environment, create a TLS object for the client to
> + * connect to the VxHS server. */
> + if (src->type == VIR_STORAGE_TYPE_NETWORK &&
> + src->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS &&
> + qemuDomainGetTLSObjects(priv->qemuCaps, NULL,
> + cfg->vxhsTLSx509certdir, false, true,
> + disk->info.alias, &tlsProps, tlsAlias,
> + NULL, NULL) < 0)
> + goto cleanup;
> +
> + if (qemuDomainAddTLSObjects(driver, vm, QEMU_ASYNC_JOB_NONE,
> + NULL, NULL, *tlsAlias, &tlsProps) < 0)
> + goto cleanup;
> +
> + ret = 0;
> +
> + cleanup:
> + virJSONValueFree(tlsProps);
> + virObjectUnref(cfg);
> +
> + return ret;
> +}
> +
> +
> +static int
> qemuHotplugWaitForTrayEject(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> virDomainDiskDefPtr disk,
> @@ -315,6 +364,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
> char *devstr = NULL;
> char *drivestr = NULL;
> char *drivealias = NULL;
> + char *tlsAlias = NULL;
> bool releaseaddr = false;
> bool driveAdded = false;
> bool secobjAdded = false;
> @@ -372,6 +422,9 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
> if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0)
> goto error;
>
> + if (qemuDomainAddDiskTLSObject(driver, vm, disk, &tlsAlias) < 0)
> + goto error;
> +
> if (!(drivestr = qemuBuildDriveStr(disk, cfg, false, priv->qemuCaps)))
> goto error;
>
> @@ -422,6 +475,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
> ret = 0;
>
> cleanup:
> + VIR_FREE(tlsAlias);
> virJSONValueFree(secobjProps);
> virJSONValueFree(encobjProps);
> qemuDomainSecretDiskDestroy(disk);
> @@ -453,6 +507,8 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
> virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
>
> error:
> + qemuDomainDelTLSObjects(driver, vm, QEMU_ASYNC_JOB_NONE, NULL,
> tlsAlias);
> +
> if (releaseaddr)
> qemuDomainReleaseDeviceAddress(vm, &disk->info, src);
>
> @@ -611,6 +667,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
> virErrorPtr orig_err;
> char *drivestr = NULL;
> char *devstr = NULL;
> + char *tlsAlias = NULL;
> bool driveAdded = false;
> bool encobjAdded = false;
> bool secobjAdded = false;
> @@ -667,6 +724,9 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
> if (!(devstr = qemuBuildDriveDevStr(vm->def, disk, 0,
> priv->qemuCaps)))
> goto error;
>
> + if (qemuDomainAddDiskTLSObject(driver, vm, disk, &tlsAlias) < 0)
> + goto error;
> +
> if (!(drivestr = qemuBuildDriveStr(disk, cfg, false, priv->qemuCaps)))
> goto error;
>
> @@ -712,6 +772,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
> ret = 0;
>
> cleanup:
> + VIR_FREE(tlsAlias);
> virJSONValueFree(secobjProps);
> virJSONValueFree(encobjProps);
> qemuDomainSecretDiskDestroy(disk);
> @@ -740,6 +801,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
> virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
>
> error:
> + qemuDomainDelTLSObjects(driver, vm, QEMU_ASYNC_JOB_NONE, NULL,
> tlsAlias);
> +
> ignore_value(qemuDomainPrepareDisk(driver, vm, disk, NULL, true));
> goto cleanup;
> }
> @@ -756,6 +819,7 @@ qemuDomainAttachUSBMassStorageDevice(virQEMUDriverPtr
> driver,
> char *drivealias = NULL;
> char *drivestr = NULL;
> char *devstr = NULL;
> + char *tlsAlias = NULL;
> bool driveAdded = false;
> virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
> const char *src = virDomainDiskGetSource(disk);
> @@ -780,6 +844,9 @@ qemuDomainAttachUSBMassStorageDevice(virQEMUDriverPtr
> driver,
> if (qemuAssignDeviceDiskAlias(vm->def, disk, priv->qemuCaps) < 0)
> goto error;
>
> + if (qemuDomainAddDiskTLSObject(driver, vm, disk, &tlsAlias) < 0)
> + goto error;
> +
> if (!(drivestr = qemuBuildDriveStr(disk, cfg, false, priv->qemuCaps)))
> goto error;
>
> @@ -810,6 +877,7 @@ qemuDomainAttachUSBMassStorageDevice(virQEMUDriverPtr
> driver,
> ret = 0;
>
> cleanup:
> + VIR_FREE(tlsAlias);
> if (ret < 0 && releaseaddr)
> virDomainUSBAddressRelease(priv->usbaddrs, &disk->info);
> VIR_FREE(devstr);
> @@ -833,6 +901,8 @@ qemuDomainAttachUSBMassStorageDevice(virQEMUDriverPtr
> driver,
> virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
>
> error:
> + qemuDomainDelTLSObjects(driver, vm, QEMU_ASYNC_JOB_NONE, NULL,
> tlsAlias);
> +
> ignore_value(qemuDomainPrepareDisk(driver, vm, disk, NULL, true));
> goto cleanup;
> }
> @@ -3710,6 +3780,9 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
> ignore_value(qemuMonitorDelObject(priv->mon, encAlias));
> VIR_FREE(encAlias);
>
> + if (disk->src->tlsAlias)
> + ignore_value(qemuMonitorDelObject(priv->mon,
> disk->src->tlsAlias));
> +
> if (qemuDomainObjExitMonitor(driver, vm) < 0)
> return -1;
>
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.args b/tests/qemuxml2argvdata/
> qemuxml2argv-disk-drive-network-tlsx509-multidisk-vxhs.args
> new file mode 100644
> index 0000000..dceae52
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.args
> @@ -0,0 +1,43 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/home/test \
> +USER=test \
> +LOGNAME=test \
> +QEMU_AUDIO_DRV=none \
> +/usr/bin/qemu-system-x86_64 \
> +-name QEMUGuest1 \
> +-S \
> +-M pc \
> +-cpu qemu32 \
> +-m 214 \
> +-smp 1,sockets=1,cores=1,threads=1 \
> +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
> +-nographic \
> +-nodefaults \
> +-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/
> monitor.sock,\
> +server,nowait \
> +-mon chardev=charmonitor,id=monitor,mode=readline \
> +-no-acpi \
> +-boot c \
> +-usb \
> +-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
> +endpoint=client,verify-peer=yes \
> +-drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
> +file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,file.
> server.0.type=tcp,\
> +file.server.0.host=192.168.0.1,file.server.0.port=9999,
> format=raw,if=none,\
> +id=drive-virtio-disk0,cache=none \
> +-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
> +id=virtio-disk0 \
> +-object tls-creds-x509,id=objvirtio-disk1_tls0,dir=/etc/pki/qemu,\
> +endpoint=client,verify-peer=yes \
> +-drive file.driver=vxhs,file.tls-creds=objvirtio-disk1_tls0,\
> +file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc252,file.
> server.0.type=tcp,\
> +file.server.0.host=192.168.0.2,file.server.0.port=9999,
> format=raw,if=none,\
> +id=drive-virtio-disk1,cache=none \
> +-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\
> +id=virtio-disk1 \
> +-drive file.driver=vxhs,file.vdisk-id=eb90327c-8302-4725-9e1b-
> 4e85ed4dc253,\
> +file.server.0.type=tcp,file.server.0.host=192.168.0.3,
> file.server.0.port=9999,\
> +format=raw,if=none,id=drive-virtio-disk2,cache=none \
> +-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk2,\
> +id=virtio-disk2
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.xml b/tests/qemuxml2argvdata/
> qemuxml2argv-disk-drive-network-tlsx509-multidisk-vxhs.xml
> new file mode 100644
> index 0000000..a66e81f
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.xml
> @@ -0,0 +1,50 @@
> +<domain type='qemu'>
> + <name>QEMUGuest1</name>
> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> + <memory unit='KiB'>219136</memory>
> + <currentMemory unit='KiB'>219136</currentMemory>
> + <vcpu placement='static'>1</vcpu>
> + <os>
> + <type arch='i686' machine='pc'>hvm</type>
> + <boot dev='hd'/>
> + </os>
> + <clock offset='utc'/>
> + <on_poweroff>destroy</on_poweroff>
> + <on_reboot>restart</on_reboot>
> + <on_crash>destroy</on_crash>
> + <devices>
> + <emulator>/usr/bin/qemu-system-x86_64</emulator>
> + <disk type='network' device='disk'>
> + <driver name='qemu' type='raw' cache='none'/>
> + <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-
> 4e85ed4dc251'>
> + <host name='192.168.0.1' port='9999'/>
> + </source>
> + <target dev='vda' bus='virtio'/>
> + <serial>eb90327c-8302-4725-9e1b-4e85ed4dc251</serial>
> + <address type='pci' domain='0x0000' bus='0x00' slot='0x04'
> function='0x0'/>
> + </disk>
> + <disk type='network' device='disk'>
> + <driver name='qemu' type='raw' cache='none'/>
> + <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-
> 4e85ed4dc252'>
> + <host name='192.168.0.2' port='9999'/>
> + </source>
> + <target dev='vdb' bus='virtio'/>
> + <serial>eb90327c-8302-4725-9e1b-4e85ed4dc252</serial>
> + <address type='pci' domain='0x0000' bus='0x00' slot='0x05'
> function='0x0'/>
> + </disk>
> + <disk type='network' device='disk'>
> + <driver name='qemu' type='raw' cache='none'/>
> + <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-4e85ed4dc253'
> tls='no'>
> + <host name='192.168.0.3' port='9999'/>
> + </source>
> + <target dev='vdc' bus='virtio'/>
> + <serial>eb90327c-8302-4725-9e1b-4e85ed4dc252</serial>
> + <address type='pci' domain='0x0000' bus='0x00' slot='0x06'
> function='0x0'/>
> + </disk>
> + <controller type='usb' index='0'/>
> + <controller type='pci' index='0' model='pci-root'/>
> + <input type='mouse' bus='ps2'/>
> + <input type='keyboard' bus='ps2'/>
> + <memballoon model='none'/>
> + </devices>
> +</domain>
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.args
> b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.args
> new file mode 100644
> index 0000000..5308a16
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-vxhs.args
> @@ -0,0 +1,30 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/home/test \
> +USER=test \
> +LOGNAME=test \
> +QEMU_AUDIO_DRV=none \
> +/usr/bin/qemu-system-x86_64 \
> +-name QEMUGuest1 \
> +-S \
> +-M pc \
> +-cpu qemu32 \
> +-m 214 \
> +-smp 1,sockets=1,cores=1,threads=1 \
> +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
> +-nographic \
> +-nodefaults \
> +-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/
> monitor.sock,\
> +server,nowait \
> +-mon chardev=charmonitor,id=monitor,mode=readline \
> +-no-acpi \
> +-boot c \
> +-usb \
> +-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
> +endpoint=client,verify-peer=yes \
> +-drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
> +file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,file.
> server.0.type=tcp,\
> +file.server.0.host=192.168.0.1,file.server.0.port=9999,
> format=raw,if=none,\
> +id=drive-virtio-disk0,cache=none \
> +-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
> +id=virtio-disk0
> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
> index b92ded8..0366dc3 100644
> --- a/tests/qemuxml2argvtest.c
> +++ b/tests/qemuxml2argvtest.c
> @@ -932,6 +932,13 @@ mymain(void)
> DO_TEST("disk-drive-network-rbd-ipv6", NONE);
> DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE);
> DO_TEST("disk-drive-network-vxhs", QEMU_CAPS_VXHS);
> + driver.config->vxhsTLS = 1;
> + DO_TEST("disk-drive-network-tlsx509-vxhs", QEMU_CAPS_VXHS,
> + QEMU_CAPS_OBJECT_TLS_CREDS_X509);
> + DO_TEST("disk-drive-network-tlsx509-multidisk-vxhs", QEMU_CAPS_VXHS,
> + QEMU_CAPS_OBJECT_TLS_CREDS_X509);
> + driver.config->vxhsTLS = 0;
> + VIR_FREE(driver.config->vxhsTLSx509certdir);
> DO_TEST("disk-drive-no-boot",
> QEMU_CAPS_BOOTINDEX);
> DO_TEST_PARSE_ERROR("disk-device-lun-type-invalid",
> --
> 2.9.5
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170918/784d86a7/attachment-0001.htm>
More information about the libvir-list
mailing list