[libvirt PATCH 1/2] qemu: Disable NBD TLS migration over UNIX socket
Jiri Denemark
jdenemar at redhat.com
Tue Nov 24 22:28:36 UTC 2020
On Wed, Nov 18, 2020 at 21:10:02 +0100, Martin Kletzander wrote:
> Even though it is technically possible, when running the migrations QEMU's
> nbd-server-start errors out with:
>
> "TLS is only supported with IPv4/IPv6"
>
> We can always enable it when QEMU adds this feature, but for now it is safer to
> show our error message rather than rely on QEMU to error out properly.
>
> Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
> ---
> src/qemu/qemu_migration.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
> index fef0be63a1a7..dd44849b1a87 100644
> --- a/src/qemu/qemu_migration.c
> +++ b/src/qemu/qemu_migration.c
> @@ -1100,6 +1100,12 @@ qemuMigrationSrcNBDStorageCopy(virQEMUDriverPtr driver,
> if (uri->port)
> port = uri->port;
> } else if (STREQ(uri->scheme, "unix")) {
> + if (flags & VIR_MIGRATE_TLS) {
> + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> + _("NBD migration with TLS is not supported over UNIX socket"));
> + return -1;
> + }
> +
> if (!uri->path) {
> virReportError(VIR_ERR_INVALID_ARG, "%s",
> _("UNIX disks URI does not include path"));
For this patch with just the hunk above:
Reviewed-by: Jiri Denemark <jdenemar at redhat.com>
> @@ -4330,12 +4336,12 @@ qemuMigrationSrcPerformPeer2Peer3(virQEMUDriverPtr driver,
>
> VIR_DEBUG("driver=%p, sconn=%p, dconn=%p, dconnuri=%s, vm=%p, xmlin=%s, "
> "dname=%s, uri=%s, graphicsuri=%s, listenAddress=%s, "
> - "nmigrate_disks=%zu, migrate_disks=%p, nbdPort=%d, "
> + "nmigrate_disks=%zu, migrate_disks=%p, nbdPort=%d, nbdURI=%s, "
> "bandwidth=%llu, useParams=%d, flags=0x%lx",
> driver, sconn, dconn, NULLSTR(dconnuri), vm, NULLSTR(xmlin),
> NULLSTR(dname), NULLSTR(uri), NULLSTR(graphicsuri),
> NULLSTR(listenAddress), nmigrate_disks, migrate_disks, nbdPort,
> - bandwidth, useParams, flags);
> + NULLSTR(nbdURI), bandwidth, useParams, flags);
>
> /* Unlike the virDomainMigrateVersion3 counterpart, we don't need
> * to worry about auto-setting the VIR_MIGRATE_CHANGE_PROTECTION
This hunk is clearly unrelated and should not be part of this patch.
Jirka
More information about the libvir-list
mailing list