[PATCH 2/4] qemu: add new driver API for reload TLS certs
Zheng Yan
yanzheng759 at huawei.com
Tue May 11 14:05:19 UTC 2021
The 'display-reload' QMP command had been introduced from QEMU 6.0.0:
https://gitlab.com/qemu-project/qemu/-/commit/9cc07651655ee86eca41059f5ead8c4e5607c734
TO support the new QMP command, we added a new internal API
'virDrvDomainReloadTlsCertificates' to virHypervisorDriver, and
implemented the qemu driver.
Only QEMU VNC TLS certificates are supported currenly.
Signed-off-by: Zheng Yan <yanzheng759 at huawei.com>
---
src/driver-hypervisor.h | 8 ++++++++
src/qemu/qemu_driver.c | 40 ++++++++++++++++++++++++++++++++++++
src/qemu/qemu_hotplug.c | 17 +++++++++++++++
src/qemu/qemu_hotplug.h | 4 ++++
src/qemu/qemu_monitor.c | 27 ++++++++++++++++++++++++
src/qemu/qemu_monitor.h | 3 +++
src/qemu/qemu_monitor_json.c | 27 ++++++++++++++++++++++++
src/qemu/qemu_monitor_json.h | 4 ++++
8 files changed, 130 insertions(+)
diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index d642af8a37..d0d4976441 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1410,6 +1410,13 @@ typedef int
int seconds,
unsigned int flags);
+typedef int
+(*virDrvDomainReloadTlsCertificates)(virDomainPtr domain,
+ unsigned int type,
+ virTypedParameterPtr params,
+ int nparams,
+ unsigned int flags);
+
typedef struct _virHypervisorDriver virHypervisorDriver;
/**
@@ -1676,4 +1683,5 @@ struct _virHypervisorDriver {
virDrvDomainAuthorizedSSHKeysSet domainAuthorizedSSHKeysSet;
virDrvDomainGetMessages domainGetMessages;
virDrvDomainStartDirtyRateCalc domainStartDirtyRateCalc;
+ virDrvDomainReloadTlsCertificates domainReloadTlsCertificates;
};
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index c90d52edc0..422a350c65 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20449,6 +20449,45 @@ qemuDomainStartDirtyRateCalc(virDomainPtr dom,
return ret;
}
+static int
+qemuDomainReloadTlsCertificates(virDomainPtr domain,
+ unsigned int type,
+ virTypedParameterPtr params,
+ int nparams,
+ unsigned int flags)
+{
+ int ret = -1;
+ virQEMUDriver *driver = domain->conn->privateData;
+ virDomainObj *vm = qemuDomObjFromDomain(domain);
+
+ if (!vm)
+ goto cleanup;
+
+ virCheckNonNullArgGoto(params, cleanup);
+ if (nparams != 0) {
+ virReportInvalidZeroArg(nparams);
+ goto cleanup;
+ }
+ virCheckFlagsGoto(0, cleanup);
+
+ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+ goto cleanup;
+
+ if (!virDomainObjIsActive(vm)) {
+ virReportError(VIR_ERR_OPERATION_INVALID,
+ "%s", _("domain is not running"));
+ goto endjob;
+ }
+
+ ret = qemuDomainReloadTLSCerts(driver, vm, type);
+
+ endjob:
+ qemuDomainObjEndJob(driver, vm);
+
+ cleanup:
+ virDomainObjEndAPI(&vm);
+ return ret;
+}
static virHypervisorDriver qemuHypervisorDriver = {
.name = QEMU_DRIVER_NAME,
@@ -20693,6 +20732,7 @@ static virHypervisorDriver qemuHypervisorDriver = {
.domainAuthorizedSSHKeysSet = qemuDomainAuthorizedSSHKeysSet, /* 6.10.0 */
.domainGetMessages = qemuDomainGetMessages, /* 7.1.0 */
.domainStartDirtyRateCalc = qemuDomainStartDirtyRateCalc, /* 7.2.0 */
+ .domainReloadTlsCertificates = qemuDomainReloadTlsCertificates, /* 7.4.0 */
};
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index a64cddb9e7..34dc035d73 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -6704,3 +6704,20 @@ qemuDomainSetVcpuInternal(virQEMUDriver *driver,
virBitmapFree(livevcpus);
return ret;
}
+
+int qemuDomainReloadTLSCerts(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ unsigned int type)
+{
+ int ret = -1;
+ qemuDomainObjPrivate *priv = vm->privateData;
+
+ qemuDomainObjEnterMonitor(driver, vm);
+
+ ret = qemuMonitorDisplayReloadTLSCerts(priv->mon, type);
+
+ if (qemuDomainObjExitMonitor(driver, vm) < 0)
+ ret = -1;
+
+ return ret;
+}
diff --git a/src/qemu/qemu_hotplug.h b/src/qemu/qemu_hotplug.h
index df8f76f8d6..411741a688 100644
--- a/src/qemu/qemu_hotplug.h
+++ b/src/qemu/qemu_hotplug.h
@@ -160,3 +160,7 @@ int qemuHotplugAttachDBusVMState(virQEMUDriver *driver,
int qemuHotplugRemoveDBusVMState(virQEMUDriver *driver,
virDomainObj *vm,
qemuDomainAsyncJob asyncJob);
+
+int qemuDomainReloadTLSCerts(virQEMUDriverPtr driver,
+ virDomainObjPtr vm,
+ unsigned int type);
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 1e6f892e08..11f8cc8670 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4746,3 +4746,30 @@ qemuMonitorQueryDirtyRate(qemuMonitor *mon,
return qemuMonitorJSONQueryDirtyRate(mon, info);
}
+
+static const char *
+qemuMonitorTLSCertificateTypeToString(unsigned int type)
+{
+ switch (type) {
+ /* for now, only VNC is supported */
+ case VIR_DOMAIN_TLS_CERT_GRAPHICS_VNC:
+ return "vnc";
+ default:
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("unsupported qemu certificate type %u"),
+ type);
+ return NULL;
+ }
+}
+
+int
+qemuMonitorDisplayReloadTLSCerts(qemuMonitorPtr mon, unsigned int type)
+{
+ const char *certType = qemuMonitorTLSCertificateTypeToString(type);
+ if (!certType)
+ return -1;
+
+ QEMU_CHECK_MONITOR(mon);
+
+ return qemuMonitorJSONDisplayReload(mon, certType, true);
+}
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 6a25def78b..f26f92fb51 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1496,3 +1496,6 @@ struct _qemuMonitorDirtyRateInfo {
int
qemuMonitorQueryDirtyRate(qemuMonitor *mon,
qemuMonitorDirtyRateInfo *info);
+
+int qemuMonitorDisplayReloadTLSCerts(qemuMonitorPtr mon,
+ unsigned int type);
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 46aa3330a8..9934613cc2 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -9446,3 +9446,30 @@ qemuMonitorJSONQueryDirtyRate(qemuMonitor *mon,
return qemuMonitorJSONExtractDirtyRateInfo(data, info);
}
+
+int qemuMonitorJSONDisplayReload(qemuMonitorPtr mon,
+ const char *type,
+ bool tlsCerts)
+{
+ int ret = -1;
+ virJSONValuePtr reply = NULL;
+ virJSONValuePtr cmd = qemuMonitorJSONMakeCommand("display-reload",
+ "s:type", type,
+ "b:tls-certs", tlsCerts,
+ NULL);
+ if (!cmd)
+ return -1;
+
+ if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+ goto cleanup;
+
+ if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+ goto cleanup;
+
+ ret = 0;
+
+ cleanup:
+ virJSONValueFree(cmd);
+ virJSONValueFree(reply);
+ return ret;
+}
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 01a3ba25f1..73761d54f8 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -706,3 +706,7 @@ qemuMonitorJSONStartDirtyRateCalc(qemuMonitor *mon,
int
qemuMonitorJSONQueryDirtyRate(qemuMonitor *mon,
qemuMonitorDirtyRateInfo *info);
+
+int qemuMonitorJSONDisplayReload(qemuMonitorPtr mon,
+ const char *type,
+ bool tlsCerts);
--
2.25.1
More information about the libvir-list
mailing list