[libvirt] [PATCH 38/38] qemu: domain: Add support for TLS for NBD with default TLS env

Wed May 30 17:48:53 UTC 2018

On Wed, May 30, 2018 at 02:41:34PM +0200, Peter Krempa wrote:
>Use the default TLS env if TLS is required for NBD. The rest of the
>implementation is rather simple since all pieces were in place.
>
>Note that separate configuration knobs in qemu.conf can be added later
>if it's desired to configure them.
>
>Signed-off-by: Peter Krempa <pkrempa at redhat.com>
>---
> docs/schemas/domaincommon.rng                      |  5 ++++
> src/qemu/qemu_command.c                            |  5 ++++
> src/qemu/qemu_domain.c                             | 33 ++++++++++++++++++++--
> .../disk-drive-network-tlsx509.args                |  9 +++++-
> .../disk-drive-network-tlsx509.xml                 |  8 ++++++
> tests/qemuxml2argvtest.c                           |  2 +-
> .../disk-drive-network-tlsx509.xml                 |  8 ++++++
> 7 files changed, 66 insertions(+), 4 deletions(-)
>

>diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>index e329cdf958..db7884a9a1 100644
>--- a/src/qemu/qemu_domain.c
>+++ b/src/qemu/qemu_domain.c
>@@ -9937,6 +9937,29 @@ qemuProcessPrepareStorageSourceTlsVxhs(virStorageSourcePtr src,
> }
>
>
>+static int
>+qemuProcessPrepareStorageSourceTlsNbd(virStorageSourcePtr src,

Please, TLSNBD.

>+                                      virQEMUDriverConfigPtr cfg,
>+                                      virQEMUCapsPtr qemuCaps)
>+{
>+    /* XXX: for NBD we don't have the qemu.conf knobs for private TLS env */
>+    if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
>+        if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NBD_TLS)) {
>+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
>+                           _("this qemu does not support TLS transport for nbd"));

NBD

>+            return -1;
>+        }
>+
>+        if (VIR_STRDUP(src->tlsCertdir, cfg->defaultTLSx509certdir) < 0)
>+            return -1;
>+
>+        src->tlsVerify = true;
>+    }
>+
>+    return 0;
>+}
>+
>+

Reviewed-by: Ján Tomko <jtomko at redhat.com>

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180530/545c92c7/attachment-0001.sig>