[PATCH 2/2] docs: formatdomain: Mention nbd_tls_x509_secret_uuid
Daniel P. Berrangé
berrange at redhat.com
Wed Sep 16 08:59:55 UTC 2020
On Wed, Sep 16, 2020 at 09:12:34AM +0200, Peter Krempa wrote:
> On Wed, Sep 16, 2020 at 13:49:27 +0800, Han Han wrote:
> > Signed-off-by: Han Han <hhan at redhat.com>
> > ---
> > docs/formatdomain.rst | 7 +++++--
> > 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
> > index 49713a12d4..73ca4e009f 100644
> > --- a/docs/formatdomain.rst
> > +++ b/docs/formatdomain.rst
> > @@ -2518,8 +2518,11 @@ paravirtualized driver is specified via the ``disk`` element.
> > For "nbd", the ``name`` attribute is optional. TLS transport for NBD can
> > be enabled by setting the ``tls`` attribute to ``yes``. For the QEMU
> > hypervisor, usage of a TLS environment can also be globally controlled on
> > - the host by the ``nbd_tls`` and ``nbd_tls_x509_cert_dir`` in
> > - /etc/libvirt/qemu.conf. ('tls' :since:`Since 4.5.0` )
> > + the host by the ``nbd_tls`` and ``nbd_tls_x509_cert_dir``
> > + ('tls' :since:`Since 4.5.0` ), and the ``nbd_tls_x509_secret_uuid`` to
> > + use a secret to store the passphrase for TLS client
> > + ( :since:`Since 6.6.0` ). All these nbd configurations for QEMU is in
> > + /etc/libvirt/qemu.conf .
>
> I must say I'm not particularly a fan of mentioning qemu.conf options at
> all in the XML docs.
>
> We do have it there at this point. I'd vote for getting rid of it but
> let's leave some space to discuss it.
Yeah, the formatdomain.rst is supposed to be talking about the standard
XML schema which is hypervisor agnostic. It is not the place to start
talking about QEMU driver specific host level config options.
Also TLS is a pretty complex topic, covering multiple different aspects.
It is not a good fit for the formatdomain.rst which is really a reference
documenting each option in isolation.
Really this points strongly towards the need for for kbase file that
talks about TLS setup for QEMU devices as a general topic.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list