[libvirt] [PATCH 32/38] qemu: migration: Don't pass around secAlias
Peter Krempa
pkrempa at redhat.com
Wed May 30 12:41:28 UTC 2018
The alias of the secret for decrypting the TLS passphrase is useless
besides for TLS setup. Stop passing it around.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/qemu/qemu_migration.c | 8 ++------
src/qemu/qemu_migration_params.c | 21 +++++++++++----------
src/qemu/qemu_migration_params.h | 1 -
3 files changed, 13 insertions(+), 17 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 68663eac47..5cf9be56b4 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -2296,7 +2296,6 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
bool relabel = false;
int rv;
char *tlsAlias = NULL;
- char *secAlias = NULL;
virNWFilterReadLockFilterUpdates();
@@ -2505,7 +2504,7 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
if (flags & VIR_MIGRATE_TLS) {
if (qemuMigrationParamsEnableTLS(driver, vm, true,
QEMU_ASYNC_JOB_MIGRATION_IN,
- &tlsAlias, &secAlias, NULL,
+ &tlsAlias, NULL,
migParams) < 0)
goto stopjob;
} else {
@@ -2596,7 +2595,6 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
cleanup:
VIR_FREE(tlsAlias);
- VIR_FREE(secAlias);
qemuProcessIncomingDefFree(incoming);
VIR_FREE(xmlout);
VIR_FORCE_CLOSE(dataFD[0]);
@@ -3371,7 +3369,6 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
qemuDomainObjPrivatePtr priv = vm->privateData;
qemuMigrationCookiePtr mig = NULL;
char *tlsAlias = NULL;
- char *secAlias = NULL;
qemuMigrationIOThreadPtr iothread = NULL;
int fd = -1;
unsigned long migrate_speed = resource ? resource : priv->migMaxBandwidth;
@@ -3455,7 +3452,7 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
if (qemuMigrationParamsEnableTLS(driver, vm, false,
QEMU_ASYNC_JOB_MIGRATION_OUT,
- &tlsAlias, &secAlias, hostname,
+ &tlsAlias, hostname,
migParams) < 0)
goto error;
} else {
@@ -3675,7 +3672,6 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
cleanup:
VIR_FREE(tlsAlias);
- VIR_FREE(secAlias);
VIR_FORCE_CLOSE(fd);
virDomainDefFree(persistDef);
qemuMigrationCookieFree(mig);
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index 578cd6671f..f3c62f26f0 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -809,7 +809,6 @@ qemuMigrationParamsSetString(qemuMigrationParamsPtr migParams,
* @tlsListen: server or client
* @asyncJob: Migration job to join
* @tlsAlias: alias to be generated for TLS object
- * @secAlias: alias to be generated for a secinfo object
* @hostname: hostname of the migration destination
* @migParams: migration parameters to set
*
@@ -825,7 +824,6 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
bool tlsListen,
int asyncJob,
char **tlsAlias,
- char **secAlias,
const char *hostname,
qemuMigrationParamsPtr migParams)
{
@@ -833,6 +831,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
virJSONValuePtr tlsProps = NULL;
virJSONValuePtr secProps = NULL;
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+ const char *secAlias = NULL;
int ret = -1;
if (!cfg->migrateTLSx509certdir) {
@@ -849,26 +848,28 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
}
/* If there's a secret, then grab/store it now using the connection */
- if (cfg->migrateTLSx509secretUUID &&
- !(priv->migSecinfo =
- qemuDomainSecretInfoTLSNew(priv, QEMU_MIGRATION_TLS_ALIAS_BASE,
- cfg->migrateTLSx509secretUUID)))
- goto error;
+ if (cfg->migrateTLSx509secretUUID) {
+ if (!(priv->migSecinfo =
+ qemuDomainSecretInfoTLSNew(priv, QEMU_MIGRATION_TLS_ALIAS_BASE,
+ cfg->migrateTLSx509secretUUID)))
+ goto error;
+ secAlias = priv->migSecinfo->s.aes.alias;
+ }
if (qemuDomainGetTLSObjects(priv->qemuCaps, priv->migSecinfo,
cfg->migrateTLSx509certdir, tlsListen,
cfg->migrateTLSx509verify,
QEMU_MIGRATION_TLS_ALIAS_BASE,
- &tlsProps, tlsAlias, &secProps, secAlias) < 0)
+ &tlsProps, tlsAlias, &secProps, NULL) < 0)
goto error;
/* Ensure the domain doesn't already have the TLS objects defined...
* This should prevent any issues just in case some cleanup wasn't
* properly completed (both src and dst use the same alias) or
* some other error path between now and perform . */
- qemuDomainDelTLSObjects(driver, vm, asyncJob, *secAlias, *tlsAlias);
+ qemuDomainDelTLSObjects(driver, vm, asyncJob, secAlias, *tlsAlias);
- if (qemuDomainAddTLSObjects(driver, vm, asyncJob, *secAlias, &secProps,
+ if (qemuDomainAddTLSObjects(driver, vm, asyncJob, secAlias, &secProps,
*tlsAlias, &tlsProps) < 0)
goto error;
diff --git a/src/qemu/qemu_migration_params.h b/src/qemu/qemu_migration_params.h
index 9a865b19f3..da4c734e3a 100644
--- a/src/qemu/qemu_migration_params.h
+++ b/src/qemu/qemu_migration_params.h
@@ -98,7 +98,6 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
bool tlsListen,
int asyncJob,
char **tlsAlias,
- char **secAlias,
const char *hostname,
qemuMigrationParamsPtr migParams);
--
2.16.2
More information about the libvir-list
mailing list