[libvirt] [PATCH 38/38] qemu: domain: Add support for TLS for NBD with default TLS env
Ján Tomko
jtomko at redhat.com
Wed May 30 17:48:53 UTC 2018
On Wed, May 30, 2018 at 02:41:34PM +0200, Peter Krempa wrote:
>Use the default TLS env if TLS is required for NBD. The rest of the
>implementation is rather simple since all pieces were in place.
>
>Note that separate configuration knobs in qemu.conf can be added later
>if it's desired to configure them.
>
>Signed-off-by: Peter Krempa <pkrempa at redhat.com>
>---
> docs/schemas/domaincommon.rng | 5 ++++
> src/qemu/qemu_command.c | 5 ++++
> src/qemu/qemu_domain.c | 33 ++++++++++++++++++++--
> .../disk-drive-network-tlsx509.args | 9 +++++-
> .../disk-drive-network-tlsx509.xml | 8 ++++++
> tests/qemuxml2argvtest.c | 2 +-
> .../disk-drive-network-tlsx509.xml | 8 ++++++
> 7 files changed, 66 insertions(+), 4 deletions(-)
>
>diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>index e329cdf958..db7884a9a1 100644
>--- a/src/qemu/qemu_domain.c
>+++ b/src/qemu/qemu_domain.c
>@@ -9937,6 +9937,29 @@ qemuProcessPrepareStorageSourceTlsVxhs(virStorageSourcePtr src,
> }
>
>
>+static int
>+qemuProcessPrepareStorageSourceTlsNbd(virStorageSourcePtr src,
Please, TLSNBD.
>+ virQEMUDriverConfigPtr cfg,
>+ virQEMUCapsPtr qemuCaps)
>+{
>+ /* XXX: for NBD we don't have the qemu.conf knobs for private TLS env */
>+ if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
>+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NBD_TLS)) {
>+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
>+ _("this qemu does not support TLS transport for nbd"));
NBD
>+ return -1;
>+ }
>+
>+ if (VIR_STRDUP(src->tlsCertdir, cfg->defaultTLSx509certdir) < 0)
>+ return -1;
>+
>+ src->tlsVerify = true;
>+ }
>+
>+ return 0;
>+}
>+
>+
Reviewed-by: Ján Tomko <jtomko at redhat.com>
Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180530/545c92c7/attachment-0001.sig>
More information about the libvir-list
mailing list