[libvirt] [PATCH v9 4/4] qemu: Add TLS support for Veritas HyperScale (VxHS)

Wed Sep 20 23:32:45 UTC 2017

Hi,

I have done TLS testing with this patch series and the tests passed fine
with the secAlias fix in place.

(1) Applied all the v9 patches.
(2) make install. Reload and restart the libvirtd daemon.
(3) Make sure able to start guest with TLS enabled VxHS disk in the domain
XML.
(4) Try to hot-plug another TLS disk. libvirtd crashes.

[root at audi libvirt] 2017-09-20 15:59:25# virsh attach-device myfc24
../../hotplug_disk_1.xml
error: Disconnected from qemu:///system due to end of file
error: Failed to attach device from ../../hotplug_disk_1.xml
error: End of file while reading data: Input/output error

(5) Now add the secAlias patch

[amittal2 at audi libvirt] 2017-09-20 16:08:37$ git apply
~/20Sep2017_1/0001-Avoid-a-possible-NULL-pointer-dereference-in-qemuDom.patch

[amittal2 at audi libvirt] 2017-09-20 16:09:07$ git diff

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 7751a60..bd96272 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1719,7 +1719,8 @@ qemuDomainGetTLSObjects(virQEMUCapsPtr qemuCaps,
     }

     if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen, tlsVerify,
-                                     *secAlias, qemuCaps, tlsProps) < 0)
+                                     secAlias ? *secAlias : NULL, qemuCaps,
+                                     tlsProps) < 0)
         return -1;

     if (!(*tlsAlias = qemuAliasTLSObjFromSrcAlias(srcAlias)))
[amittal2 at audi libvirt] 2017-09-20 16:09:15$

(6) Run the new libvirtd

[root at audi libvirt] 2017-09-20 16:13:04# make install
...
[root at audi libvirt] 2017-09-20 16:14:05# systemctl daemon-reload
[root at audi libvirt] 2017-09-20 16:14:11# systemctl restart libvirtd.service
[root at audi libvirt] 2017-09-20 16:14:13#

(7) Attached and detached two TLS enabled VxHS disks several times. All
were successful.

[root at audi libvirt] 2017-09-20 16:14:14# virsh attach-device myfc24
../../hotplug_disk_1.xml
Device attached successfully

[root at audi libvirt] 2017-09-20 16:14:24# virsh attach-device myfc24
../../hotplug_disk_2.xml
Device attached successfully

[root at audi libvirt] 2017-09-20 16:14:57# virsh detach-device myfc24
../../hotplug_disk_1.xml
Device detached successfully

[root at audi libvirt] 2017-09-20 16:15:11# virsh detach-device myfc24
../../hotplug_disk_2.xml
Device detached successfully

[root at audi libvirt] 2017-09-20 16:15:16# virsh attach-device myfc24
../../hotplug_disk_2.xml
Device attached successfully

[root at audi libvirt] 2017-09-20 16:15:19# virsh attach-device myfc24
../../hotplug_disk_1.xml
Device attached successfully

[root at audi libvirt] 2017-09-20 16:15:22# virsh attach-device myfc24
../../hotplug_disk_1.xml
error: Failed to attach device from ../../hotplug_disk_1.xml
error: XML error: target 'vdb' duplicated for disk sources
'/tmp/test_vxhs_disk_2' and '/tmp/test_vxhs_disk_2'

[root at audi libvirt] 2017-09-20 16:15:28# virsh detach-device myfc24
../../hotplug_disk_2.xml
Device detached successfully

[root at audi libvirt] 2017-09-20 16:15:51# virsh detach-device myfc24
../../hotplug_disk_1.xml
Device detached successfully

[root at audi libvirt] 2017-09-20 16:15:55#

[root at audi libvirt] 2017-09-20 16:28:23# cat ../../hotplug_disk_1.xml
    <disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <source protocol='vxhs' name='/tmp/test_vxhs_disk_2' tls='yes'>
        <host name='127.0.0.1' port='9999'/>
      </source>
      <target dev='vdb' bus='virtio'/>
      <serial>eb90327c-8302-4725-9e1b-4e85ed4dc252</serial>
    </disk>

[root at audi libvirt] 2017-09-20 16:28:36# cat ../../hotplug_disk_2.xml
    <disk type='network' device='disk'>
      <driver name='qemu' type='raw' cache='none'/>
      <source protocol='vxhs' name='/tmp/test_vxhs_disk_3' tls='yes'>
        <host name='127.0.0.1' port='9999'/>
      </source>
      <target dev='vda' bus='virtio'/>
      <serial>eb90327c-8302-4725-9e1b-4e85ed4dc253</serial>
    </disk>

IMHO, the patches are good to go :)

Thanks,
Ashish

On Tue, Sep 19, 2017 at 6:32 PM, John Ferlan <jferlan at redhat.com> wrote:

> From: Ashish Mittal <Ashish.Mittal at veritas.com>
>
> Alter qemu command line generation in order to possibly add TLS for
> a suitably configured domain.
>
> Sample TLS args generated by libvirt -
>
>     -object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
>     endpoint=client,verify-peer=yes \
>     -drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
>     file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\
>     file.server.type=tcp,file.server.host=192.168.0.1,\
>     file.server.port=9999,format=raw,if=none,\
>     id=drive-virtio-disk0,cache=none \
>     -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
>     id=virtio-disk0
>
> Update the qemuxml2argvtest with a couple of examples. One for a
> simple case and the other a bit more complex where multiple VxHS disks
> are added where at least one uses a VxHS that doesn't require TLS
> credentials and thus sets the domain disk source attribute "tls = 'no'".
>
> Update the hotplug to be able to handle processing the tlsAlias whether
> it's to add the TLS object when hotplugging a disk or to remove the TLS
> object when hot unplugging a disk.  The hot plug/unplug code is largely
> generic, but the addition code does make the VXHS specific checks only
> because it needs to grab the correct config directory and generate the
> object as the command line would do.
>
> Signed-off-by: Ashish Mittal <Ashish.Mittal at veritas.com>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
>  src/qemu/qemu_block.c                              |  8 +++
>  src/qemu/qemu_command.c                            | 33 +++++++++
>  src/qemu/qemu_hotplug.c                            | 79
> ++++++++++++++++++++++
>  ...-disk-drive-network-tlsx509-multidisk-vxhs.args | 43 ++++++++++++
>  ...v-disk-drive-network-tlsx509-multidisk-vxhs.xml | 50 ++++++++++++++
>  ...muxml2argv-disk-drive-network-tlsx509-vxhs.args | 30 ++++++++
>  tests/qemuxml2argvtest.c                           |  7 ++
>  7 files changed, 250 insertions(+)
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.args
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.xml
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-vxhs.args
>
> diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
> index 3437302dd..77ffc6c51 100644
> --- a/src/qemu/qemu_block.c
> +++ b/src/qemu/qemu_block.c
> @@ -529,16 +529,24 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr
> src)
>          return NULL;
>      }
>
> +    if (src->haveTLS == VIR_TRISTATE_BOOL_YES && !src->tlsAlias) {
> +        virReportError(VIR_ERR_INVALID_ARG, "%s",
> +                       _("VxHS disk does not have TLS alias set"));
> +        return NULL;
> +    }
> +
>      if (!(server = qemuBlockStorageSourceBuildJSONSocketAddress(src->hosts,
> true)))
>          return NULL;
>
>      /* VxHS disk specification example:
>       * { driver:"vxhs",
> +     *   tls-creds:"objvirtio-disk0_tls0",
>       *   vdisk-id:"eb90327c-8302-4725-4e85ed4dc251",
>       *   server:{type:"tcp", host:"1.2.3.4", port:9999}}
>       */
>      if (virJSONValueObjectCreate(&ret,
>                                   "s:driver", protocol,
> +                                 "S:tls-creds", src->tlsAlias,
>                                   "s:vdisk-id", src->path,
>                                   "a:server", server, NULL) < 0)
>          virJSONValueFree(server);
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 9b3e3fc04..756bf3836 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -794,6 +794,35 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
>  }
>
>
> +/* qemuBuildDiskSrcTLSx509CommandLine:
> + *
> + * Add TLS object if the disk src uses a secure communication channel
> + *
> + * Returns 0 on success, -1 w/ error on some sort of failure.
> + */
> +static int
> +qemuBuildDiskSrcTLSx509CommandLine(virCommandPtr cmd,
> +                                   virStorageSourcePtr src,
> +                                   const char *srcalias,
> +                                   virQEMUCapsPtr qemuCaps)
> +{
> +
> +
> +    /* other protocols may be added later */
> +    if (src->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS &&
> +        src->haveTLS == VIR_TRISTATE_BOOL_YES) {
> +        if (!(src->tlsAlias = qemuAliasTLSObjFromSrcAlias(srcalias)))
> +            return -1;
> +
> +        return qemuBuildTLSx509CommandLine(cmd, src->tlsCertdir,
> +                                           src->tlsListen, src->tlsVerify,
> +                                           false, srcalias, qemuCaps);
> +    }
> +
> +    return 0;
> +}
> +
> +
>  static char *
>  qemuBuildNetworkDriveURI(virStorageSourcePtr src,
>                           qemuDomainSecretInfoPtr secinfo)
> @@ -2221,6 +2250,10 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd,
>          if (qemuBuildDiskSecinfoCommandLine(cmd, encinfo) < 0)
>              return -1;
>
> +        if (qemuBuildDiskSrcTLSx509CommandLine(cmd, disk->src,
> disk->info.alias,
> +                                               qemuCaps) < 0)
> +            return -1;
> +
>          virCommandAddArg(cmd, "-drive");
>
>          if (!(optstr = qemuBuildDriveStr(disk, cfg, driveBoot, qemuCaps)))
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index 7dd6e5fd9..7751a608d 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
> @@ -156,6 +156,52 @@ qemuDomainPrepareDisk(virQEMUDriverPtr driver,
>
>
>  static int
> +qemuDomainAddDiskSrcTLSObject(virQEMUDriverPtr driver,
> +                              virDomainObjPtr vm,
> +                              virStorageSourcePtr src,
> +                              const char *srcalias)
> +{
> +    int ret = -1;
> +    qemuDomainObjPrivatePtr priv = vm->privateData;
> +    virJSONValuePtr tlsProps = NULL;
> +
> +    /* NB: Initial implementation doesn't require/use a secret to decrypt
> +     * a server certificate, so there's no need to manage a tlsSecAlias
> +     * and tlsSecProps. See qemuDomainAddChardevTLSObjects for the
> +     * methodology required to add a secret object. */
> +
> +    /* Create the TLS object using the source tls* settings */
> +    if (qemuDomainGetTLSObjects(priv->qemuCaps, NULL,
> +                                src->tlsCertdir,
> +                                src->tlsListen,
> +                                src->tlsVerify,
> +                                srcalias, &tlsProps, &src->tlsAlias,
> +                                NULL, NULL) < 0)
> +        goto cleanup;
> +
> +    if (qemuDomainAddTLSObjects(driver, vm, QEMU_ASYNC_JOB_NONE,
> +                                NULL, NULL, src->tlsAlias, &tlsProps) < 0)
> +        goto cleanup;
> +
> +    ret = 0;
> +
> + cleanup:
> +    virJSONValueFree(tlsProps);
> +
> +    return ret;
> +}
> +
> +
> +static void
> +qemuDomainDelDiskSrcTLSObject(virQEMUDriverPtr driver,
> +                              virDomainObjPtr vm,
> +                              virStorageSourcePtr src)
> +{
> +    qemuDomainDelTLSObjects(driver, vm, QEMU_ASYNC_JOB_NONE, NULL,
> src->tlsAlias);
> +}
> +
> +
> +static int
>  qemuHotplugWaitForTrayEject(virQEMUDriverPtr driver,
>                              virDomainObjPtr vm,
>                              virDomainDiskDefPtr disk,
> @@ -376,6 +422,14 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
>      if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0)
>          goto error;
>
> +    if (qemuDomainPrepareDiskSourceTLS(disk->src, disk->info.alias, cfg)
> < 0)
> +        goto error;
> +
> +    if (disk->src->haveTLS &&
> +        qemuDomainAddDiskSrcTLSObject(driver, vm, disk->src,
> +                                      disk->info.alias) < 0)
> +        goto error;
> +
>      if (!(drivestr = qemuBuildDriveStr(disk, cfg, false, priv->qemuCaps)))
>          goto error;
>
> @@ -453,6 +507,8 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn,
>      virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
>
>   error:
> +    qemuDomainDelDiskSrcTLSObject(driver, vm, disk->src);
> +
>      if (releaseaddr)
>          qemuDomainReleaseDeviceAddress(vm, &disk->info, src);
>
> @@ -667,6 +723,14 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
>      if (!(devstr = qemuBuildDriveDevStr(vm->def, disk, 0,
> priv->qemuCaps)))
>          goto error;
>
> +    if (qemuDomainPrepareDiskSourceTLS(disk->src, disk->info.alias, cfg)
> < 0)
> +        goto error;
> +
> +    if (disk->src->haveTLS &&
> +        qemuDomainAddDiskSrcTLSObject(driver, vm, disk->src,
> +                                      disk->info.alias) < 0)
> +        goto error;
> +
>      if (!(drivestr = qemuBuildDriveStr(disk, cfg, false, priv->qemuCaps)))
>          goto error;
>
> @@ -737,6 +801,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
>      virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
>
>   error:
> +    qemuDomainDelDiskSrcTLSObject(driver, vm, disk->src);
> +
>      ignore_value(qemuDomainPrepareDisk(driver, vm, disk, NULL, true));
>      goto cleanup;
>  }
> @@ -777,6 +843,14 @@ qemuDomainAttachUSBMassStorageDevice(virQEMUDriverPtr
> driver,
>      if (qemuAssignDeviceDiskAlias(vm->def, disk, priv->qemuCaps) < 0)
>          goto error;
>
> +    if (qemuDomainPrepareDiskSourceTLS(disk->src, disk->info.alias, cfg)
> < 0)
> +        goto error;
> +
> +    if (disk->src->haveTLS &&
> +        qemuDomainAddDiskSrcTLSObject(driver, vm, disk->src,
> +                                      disk->info.alias) < 0)
> +        goto error;
> +
>      if (!(drivestr = qemuBuildDriveStr(disk, cfg, false, priv->qemuCaps)))
>          goto error;
>
> @@ -827,6 +901,8 @@ qemuDomainAttachUSBMassStorageDevice(virQEMUDriverPtr
> driver,
>      virDomainAuditDisk(vm, NULL, disk->src, "attach", false);
>
>   error:
> +    qemuDomainDelDiskSrcTLSObject(driver, vm, disk->src);
> +
>      ignore_value(qemuDomainPrepareDisk(driver, vm, disk, NULL, true));
>      goto cleanup;
>  }
> @@ -3677,6 +3753,9 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver,
>          ignore_value(qemuMonitorDelObject(priv->mon, encAlias));
>      VIR_FREE(encAlias);
>
> +    if (disk->src->haveTLS)
> +        ignore_value(qemuMonitorDelObject(priv->mon,
> disk->src->tlsAlias));
> +
>      if (qemuDomainObjExitMonitor(driver, vm) < 0)
>          return -1;
>
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.args b/tests/qemuxml2argvdata/
> qemuxml2argv-disk-drive-network-tlsx509-multidisk-vxhs.args
> new file mode 100644
> index 000000000..572c9f36c
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.args
> @@ -0,0 +1,43 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/home/test \
> +USER=test \
> +LOGNAME=test \
> +QEMU_AUDIO_DRV=none \
> +/usr/bin/qemu-system-x86_64 \
> +-name QEMUGuest1 \
> +-S \
> +-M pc \
> +-cpu qemu32 \
> +-m 214 \
> +-smp 1,sockets=1,cores=1,threads=1 \
> +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
> +-nographic \
> +-nodefaults \
> +-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/
> monitor.sock,\
> +server,nowait \
> +-mon chardev=charmonitor,id=monitor,mode=readline \
> +-no-acpi \
> +-boot c \
> +-usb \
> +-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
> +endpoint=client,verify-peer=yes \
> +-drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
> +file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,file.server.type=tcp,\
> +file.server.host=192.168.0.1,file.server.port=9999,format=raw,if=none,\
> +id=drive-virtio-disk0,cache=none \
> +-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
> +id=virtio-disk0 \
> +-object tls-creds-x509,id=objvirtio-disk1_tls0,dir=/etc/pki/qemu,\
> +endpoint=client,verify-peer=yes \
> +-drive file.driver=vxhs,file.tls-creds=objvirtio-disk1_tls0,\
> +file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc252,file.server.type=tcp,\
> +file.server.host=192.168.0.2,file.server.port=9999,format=raw,if=none,\
> +id=drive-virtio-disk1,cache=none \
> +-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\
> +id=virtio-disk1 \
> +-drive file.driver=vxhs,file.vdisk-id=eb90327c-8302-4725-9e1b-
> 4e85ed4dc253,\
> +file.server.type=tcp,file.server.host=192.168.0.3,file.server.port=9999,\
> +format=raw,if=none,id=drive-virtio-disk2,cache=none \
> +-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk2,\
> +id=virtio-disk2
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.xml b/tests/qemuxml2argvdata/
> qemuxml2argv-disk-drive-network-tlsx509-multidisk-vxhs.xml
> new file mode 100644
> index 000000000..a66e81f06
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-multidisk-vxhs.xml
> @@ -0,0 +1,50 @@
> +<domain type='qemu'>
> +  <name>QEMUGuest1</name>
> +  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> +  <memory unit='KiB'>219136</memory>
> +  <currentMemory unit='KiB'>219136</currentMemory>
> +  <vcpu placement='static'>1</vcpu>
> +  <os>
> +    <type arch='i686' machine='pc'>hvm</type>
> +    <boot dev='hd'/>
> +  </os>
> +  <clock offset='utc'/>
> +  <on_poweroff>destroy</on_poweroff>
> +  <on_reboot>restart</on_reboot>
> +  <on_crash>destroy</on_crash>
> +  <devices>
> +    <emulator>/usr/bin/qemu-system-x86_64</emulator>
> +    <disk type='network' device='disk'>
> +      <driver name='qemu' type='raw' cache='none'/>
> +      <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-
> 4e85ed4dc251'>
> +        <host name='192.168.0.1' port='9999'/>
> +      </source>
> +      <target dev='vda' bus='virtio'/>
> +      <serial>eb90327c-8302-4725-9e1b-4e85ed4dc251</serial>
> +      <address type='pci' domain='0x0000' bus='0x00' slot='0x04'
> function='0x0'/>
> +    </disk>
> +    <disk type='network' device='disk'>
> +      <driver name='qemu' type='raw' cache='none'/>
> +      <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-
> 4e85ed4dc252'>
> +        <host name='192.168.0.2' port='9999'/>
> +      </source>
> +      <target dev='vdb' bus='virtio'/>
> +      <serial>eb90327c-8302-4725-9e1b-4e85ed4dc252</serial>
> +      <address type='pci' domain='0x0000' bus='0x00' slot='0x05'
> function='0x0'/>
> +    </disk>
> +    <disk type='network' device='disk'>
> +      <driver name='qemu' type='raw' cache='none'/>
> +      <source protocol='vxhs' name='eb90327c-8302-4725-9e1b-4e85ed4dc253'
> tls='no'>
> +        <host name='192.168.0.3' port='9999'/>
> +      </source>
> +      <target dev='vdc' bus='virtio'/>
> +      <serial>eb90327c-8302-4725-9e1b-4e85ed4dc252</serial>
> +      <address type='pci' domain='0x0000' bus='0x00' slot='0x06'
> function='0x0'/>
> +    </disk>
> +    <controller type='usb' index='0'/>
> +    <controller type='pci' index='0' model='pci-root'/>
> +    <input type='mouse' bus='ps2'/>
> +    <input type='keyboard' bus='ps2'/>
> +    <memballoon model='none'/>
> +  </devices>
> +</domain>
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.args
> b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.args
> new file mode 100644
> index 000000000..aaf88635b
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-
> network-tlsx509-vxhs.args
> @@ -0,0 +1,30 @@
> +LC_ALL=C \
> +PATH=/bin \
> +HOME=/home/test \
> +USER=test \
> +LOGNAME=test \
> +QEMU_AUDIO_DRV=none \
> +/usr/bin/qemu-system-x86_64 \
> +-name QEMUGuest1 \
> +-S \
> +-M pc \
> +-cpu qemu32 \
> +-m 214 \
> +-smp 1,sockets=1,cores=1,threads=1 \
> +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
> +-nographic \
> +-nodefaults \
> +-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/
> monitor.sock,\
> +server,nowait \
> +-mon chardev=charmonitor,id=monitor,mode=readline \
> +-no-acpi \
> +-boot c \
> +-usb \
> +-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
> +endpoint=client,verify-peer=yes \
> +-drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
> +file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,file.server.type=tcp,\
> +file.server.host=192.168.0.1,file.server.port=9999,format=raw,if=none,\
> +id=drive-virtio-disk0,cache=none \
> +-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
> +id=virtio-disk0
> diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
> index bf43beb10..21f057460 100644
> --- a/tests/qemuxml2argvtest.c
> +++ b/tests/qemuxml2argvtest.c
> @@ -934,6 +934,13 @@ mymain(void)
>      DO_TEST("disk-drive-network-rbd-ipv6", NONE);
>      DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE);
>      DO_TEST("disk-drive-network-vxhs", QEMU_CAPS_VXHS);
> +    driver.config->vxhsTLS = 1;
> +    DO_TEST("disk-drive-network-tlsx509-vxhs", QEMU_CAPS_VXHS,
> +            QEMU_CAPS_OBJECT_TLS_CREDS_X509);
> +    DO_TEST("disk-drive-network-tlsx509-multidisk-vxhs", QEMU_CAPS_VXHS,
> +            QEMU_CAPS_OBJECT_TLS_CREDS_X509);
> +    driver.config->vxhsTLS = 0;
> +    VIR_FREE(driver.config->vxhsTLSx509certdir);
>      DO_TEST("disk-drive-no-boot",
>              QEMU_CAPS_BOOTINDEX);
>      DO_TEST_PARSE_ERROR("disk-device-lun-type-invalid",
> --
> 2.13.5
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170920/789fb56b/attachment-0001.htm>
