[libvirt] [PATCH v8 07/11] conf: Introduce TLS options for VxHS block device clients
Peter Krempa
pkrempa at redhat.com
Tue Sep 19 13:38:30 UTC 2017
On Thu, Sep 14, 2017 at 08:51:52 -0400, John Ferlan wrote:
> From: Ashish Mittal <Ashish.Mittal at veritas.com>
>
> Add a new TLS X.509 certificate type - "vxhs". This will handle the
> creation of a TLS certificate capability for properly configured
> VxHS network block device clients.
>
> The following describes the behavior of TLS for VxHS block device:
>
> (1) Two new options have been added in /etc/libvirt/qemu.conf
> to control TLS behavior with VxHS block devices
> "vxhs_tls" and "vxhs_tls_x509_cert_dir".
> (2) Setting "vxhs_tls=1" in /etc/libvirt/qemu.conf will enable
> TLS for VxHS block devices.
> (3) "vxhs_tls_x509_cert_dir" can be set to the full path where the
> TLS CA certificate and the client certificate and keys are saved.
> If this value is missing, the "default_tls_x509_cert_dir" will be
> used instead. If the environment is not configured properly the
> authentication to the VxHS server will fail.
>
> Signed-off-by: Ashish Mittal <Ashish.Mittal at veritas.com>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> src/qemu/libvirtd_qemu.aug | 4 ++++
> src/qemu/qemu.conf | 34 ++++++++++++++++++++++++++++++++++
> src/qemu/qemu_conf.c | 16 ++++++++++++++++
> src/qemu/qemu_conf.h | 3 +++
> src/qemu/test_libvirtd_qemu.aug.in | 2 ++
> 5 files changed, 59 insertions(+)
ACK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170919/58bb30b0/attachment-0001.sig>
More information about the libvir-list
mailing list