From nobody Sat Jul 12 05:43:23 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
as permitted sender) client-ip=209.132.183.28;
envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zoho.com;
dkim=fail
spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path:
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
mx.zohomail.com
with SMTPS id 1498788295259513.1955039652436;
Thu, 29 Jun 2017 19:04:55 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
[10.5.11.11])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id 5232CEB9CB;
Fri, 30 Jun 2017 02:04:53 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
(colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 2D1A47E67D;
Fri, 30 Jun 2017 02:04:53 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
(lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
by colo-mx.corp.redhat.com (Postfix) with ESMTP id CBCAF1853E2F;
Fri, 30 Jun 2017 02:04:52 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
[10.5.11.11])
by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id v5U23ZGT023079 for ;
Thu, 29 Jun 2017 22:03:35 -0400
Received: by smtp.corp.redhat.com (Postfix)
id 166E07E67E; Fri, 30 Jun 2017 02:03:35 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com
[10.5.110.26])
by smtp.corp.redhat.com (Postfix) with ESMTPS id 410247E679;
Fri, 30 Jun 2017 02:03:33 +0000 (UTC)
Received: from mail-pg0-f68.google.com (mail-pg0-f68.google.com
[74.125.83.68])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by mx1.redhat.com (Postfix) with ESMTPS id D6B17DAD10;
Fri, 30 Jun 2017 02:03:30 +0000 (UTC)
Received: by mail-pg0-f68.google.com with SMTP id j186so13715722pge.1;
Thu, 29 Jun 2017 19:03:30 -0700 (PDT)
Received: from localhost.localdomain.localdomain ([172.56.38.136])
by smtp.gmail.com with ESMTPSA id
u194sm12741850pgb.24.2017.06.29.19.03.27
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 29 Jun 2017 19:03:29 -0700 (PDT)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 5232CEB9CB
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com;
spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 5232CEB9CB
Authentication-Results: mx1.redhat.com;
dkim=fail reason="signature verification failed" (2048-bit key)
header.d=gmail.com header.i=@gmail.com header.b="VxFsMwYe"
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D6B17DAD10
Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com;
dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com;
spf=pass smtp.mailfrom=ashmit602@gmail.com
DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com D6B17DAD10
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=from:to:subject:date:message-id:in-reply-to:references;
bh=UR2Vv7O3dBzU6QsSbUY6j3/WMs2yhLyfsFMcW2cMJNI=;
b=VxFsMwYeXSu+3yDwYE3l6E/kuoeIQIbON9ItpgpxyesG1Pkd8PjkwxFeqbCbcBUpto
CjDr6MMwxTAsUcIg5IGPrH5SvdwsTi8+g/qPOL8Jxo+LTuuCsl44tbH3q+FNoQuz/Hpq
6/Oa08aHX1dDlJyCEIprhwO3g2Vymoj7urZNkFLuu9aD7c/rH6SkW7ZTi97aCR5lrdxC
N40p633To4155T7gG/2FtYO/MQXpOB6rBFAcXW2pLiPmwsOEWEMV718v2EBIPtLfzdh+
1mHmfobnwrivzLyMByvUxeI1oar6mUjqE7iYfcMwZTrwNj3VM1gH2Agib1Zh8Ml/ZQbu
KGOA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
:references;
bh=UR2Vv7O3dBzU6QsSbUY6j3/WMs2yhLyfsFMcW2cMJNI=;
b=KP6K8DI+O/wW0zu1plmWYjwwGmdH9vAKNkcdyRVmvqJtZs1M/WlXgloSVUyujfmXFZ
YufyfGLryZVeTSaz/aR1AuI0+XrkUV9GxCZhgMaLqnqpr+ClcxRxQIy7RooofndnduvR
SBHhTlTeg2KQZxjaRVpkj0O7wQR8n3nb+ldX4ljKE6aM/By/Y1afOrECfWz80H3vJFFc
YyF/PzgjHq7oYa72DlBHHbHYKH+aGMeFa7KtSV7jr191CRI3/8c8fP3VsYc4BOjpb1V5
zTjlwhC6XPkDCx1LIYawlQZibeYBePjbK9OVIzfGzWMI5h47y/hr3HW5V5w4KWAxhQuG
0Cvg==
X-Gm-Message-State: AKS2vOxLHaMwg8qShz3QgEUeI5WOGp3YjBHc/EPn+fhUVVOmU/UK9M1r
9EKlWzPe0OHwMTh5ZsY=
X-Received: by 10.98.220.218 with SMTP id c87mr5414465pfl.73.1498788209751;
Thu, 29 Jun 2017 19:03:29 -0700 (PDT)
From: Ashish Mittal
X-Google-Original-From: Ashish Mittal
To: libvir-list@redhat.com, jferlan@redhat.com, pbonzini@redhat.com,
berrange@redhat.com, jcody@redhat.com, ashish.mittal@veritas.com,
stefanha@gmail.com, Ketan.Nilangekar@veritas.com,
Nitin.Jerath@veritas.com, venkatesha.mg@veritas.com,
pkrempa@redhat.com, areis@redhat.com, pchavva@redhat.com,
ashmit602@gmail.com
Date: Thu, 29 Jun 2017 19:02:41 -0700
Message-Id: <1498788161-46841-4-git-send-email-Ashish.Mittal@veritas.com>
In-Reply-To: <1498788161-46841-1-git-send-email-Ashish.Mittal@veritas.com>
References: <1498788161-46841-1-git-send-email-Ashish.Mittal@veritas.com>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
(mx1.redhat.com [10.5.110.26]);
Fri, 30 Jun 2017 02:03:31 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
[10.5.110.26]);
Fri, 30 Jun 2017 02:03:31 +0000 (UTC) for IP:'74.125.83.68'
DOMAIN:'mail-pg0-f68.google.com' HELO:'mail-pg0-f68.google.com'
FROM:'ashmit602@gmail.com' RCPT:''
X-RedHat-Spam-Score: 1.42 * (BAYES_50, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU,
FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, RCVD_IN_SORBS_SPAM,
SPF_PASS) 74.125.83.68 mail-pg0-f68.google.com 74.125.83.68
mail-pg0-f68.google.com
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.26
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v4 3/3] Add TLS support for Veritas HyperScale
(VxHS) block device protocol
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
Fri, 30 Jun 2017 02:04:53 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"
From: Ashish Mittal
The following describes the behavior of TLS for VxHS block device:
(1) Two new options have been added in /etc/libvirt/qemu.conf
to control TLS behavior with VxHS block devices
"vxhs_tls" and "vxhs_tls_x509_cert_dir".
(2) Setting "vxhs_tls=3D1" in /etc/libvirt/qemu.conf will enable
TLS for VxHS block devices.
(3) "vxhs_tls_x509_cert_dir" can be set to the full path where the
TLS certificates and keys are saved. If this value is missing,
the "default_tls_x509_cert_dir" will be used instead.
(4) If the value of "vxhs_tls" is set to 1, TLS creds will be added
automatically on the qemu command line for every VxHS
block device.
(5) With "vxhs_tls=3D1", TLS may selectively be disabled on individual
VxHS disks by specifying tls=3D'no' in the device domain
specification.
(6) Valid values for domain TLS setting are tls=3D'yes|no'.
(7) tls=3D'yes' can only be specified if "vxhs_tls" is enabled.
Specifying tls=3D'yes' when "vxhs_tls=3D0" results in an error.
(8) Test cases have been added to validate points (4), (5) and (7).
Test case also added to confirm that JSON arguments containing
tls attribute are parsed correctly.
QEMU changes for VxHS (including TLS support) are already upstream.
Sample TLS args generated by libvirt -
-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\
endpoint=3Dclient,verify-peer=3Dyes \
-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\
file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc251,\
file.server.host=3D192.168.0.1,file.server.port=3D9999,format=3Draw,if=3Dno=
ne,\
id=3Ddrive-virtio-disk0,cache=3Dnone \
-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\
id=3Dvirtio-disk0
Signed-off-by: Ashish Mittal
---
docs/formatdomain.html.in | 18 +++-
docs/schemas/domaincommon.rng | 5 +
src/conf/domain_conf.c | 19 ++++
src/qemu/qemu_command.c | 107 +++++++++++++++++=
+---
src/util/virstoragefile.c | 13 +++
src/util/virstoragefile.h | 9 ++
...ml2argv-disk-drive-network-tlsx509-err-vxhs.xml | 34 +++++++
...-disk-drive-network-tlsx509-multidisk-vxhs.args | 41 ++++++++
...k-drive-network-tlsx509-multidisk-vxhs.args.new | 41 ++++++++
...v-disk-drive-network-tlsx509-multidisk-vxhs.xml | 56 +++++++++++
...muxml2argv-disk-drive-network-tlsx509-vxhs.args | 28 ++++++
...emuxml2argv-disk-drive-network-tlsx509-vxhs.xml | 34 +++++++
tests/qemuxml2argvtest.c | 9 ++
tests/virstoragetest.c | 11 +++
14 files changed, 413 insertions(+), 12 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-=
tlsx509-err-vxhs.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-=
tlsx509-multidisk-vxhs.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-=
tlsx509-multidisk-vxhs.args.new
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-=
tlsx509-multidisk-vxhs.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-=
tlsx509-vxhs.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-=
tlsx509-vxhs.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 62d67f4..86808e5 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2511,7 +2511,7 @@
target's name by a slash (e.g.,
iqn.2013-07.com.example:iscsi-pool/1). If not
specified, the default LUN is zero.
- For "vxhs" (since 3.3.0), the
+ For "vxhs" (since 3.3.1), the
name is the UUID of the volume, assigned by the
HyperScale sever.
Since 0.8.7
@@ -2630,6 +2630,22 @@
transport is "unix", the socket attribute specifies the path t=
o an
AF_UNIX socket.
+
+ Since 3.3.1, the optional attribu=
te
+ tls (QEMU only) can be used to control whether a =
vxhs
+ network block device would utilize a hypervisor configured
+ TLS X.509 certificate environment in order to encrypt the data
+ channel. For the QEMU hypervisor, usage of a TLS environment c=
an
+ be controlled on the host by the vxhs_tls and
+ vxhs_tls_x509_cert_dir or
+ default_tls_x509_cert_dir settings in the file
+ /etc/libvirt/qemu.conf. If vxhs_tls is enabled,
+ then unless the domain tls attribute is set to "n=
o",
+ libvirt will use the host configured TLS environment.
+ If vxhs_tls is disabled, but the tls
+ attribute is set to "yes" in the device domain specification,
+ then libvirt will throw an error.
+
snapshot
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 7525a2a..909af50 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1622,6 +1622,11 @@
+
+
+
+
+
=20
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c3149f9..34d8451 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7745,6 +7745,7 @@ virDomainDiskSourceParse(xmlNodePtr node,
int ret =3D -1;
char *protocol =3D NULL;
xmlNodePtr saveNode =3D ctxt->node;
+ char *haveTLS =3D NULL;
=20
ctxt->node =3D node;
=20
@@ -7778,6 +7779,19 @@ virDomainDiskSourceParse(xmlNodePtr node,
goto cleanup;
}
=20
+ /* Check tls=3Dyes|no domain setting for the block device */
+ /* At present only VxHS. Other block devices may be added later */
+ if ((haveTLS =3D virXMLPropString(node, "tls")) &&
+ src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_VXHS) {
+ if ((src->haveTLS =3D
+ virTristateBoolTypeFromString(haveTLS)) <=3D 0) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("unknown VxHS 'tls' setting '%s'"),
+ haveTLS);
+ goto cleanup;
+ }
+ }
+
/* for historical reasons the volume name for gluster volume is st=
ored
* as a part of the path. This is hard to work with when dealing w=
ith
* relative names. Split out the volume into a separate variable */
@@ -7830,6 +7844,7 @@ virDomainDiskSourceParse(xmlNodePtr node,
=20
cleanup:
VIR_FREE(protocol);
+ VIR_FREE(haveTLS);
ctxt->node =3D saveNode;
return ret;
}
@@ -21266,6 +21281,10 @@ virDomainDiskSourceFormatNetwork(virBufferPtr buf,
=20
VIR_FREE(path);
=20
+ if (src->haveTLS !=3D VIR_TRISTATE_BOOL_ABSENT)
+ virBufferAsprintf(buf, " tls=3D'%s'",
+ virTristateBoolTypeToString(src->haveTLS));
+
if (src->nhosts =3D=3D 0 && !src->snapshot && !src->configFile) {
virBufferAddLit(buf, "/>\n");
} else {
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 8e00782..99bc94f 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -931,6 +931,68 @@ qemuBuildGlusterDriveJSON(virStorageSourcePtr src)
return ret;
}
=20
+/* qemuBuildDiskVxHSTLSinfoCommandLine:
+ * @cmd: Pointer to the command string
+ * @cfg: Pointer to the qemu driver config
+ * @disk: The disk we are processing
+ * @qemuCaps: qemu capabilities object
+ *
+ * Check if the VxHS disk meets all the criteria to enable TLS.
+ * If yes, add a new TLS object and mention it's ID on the disk
+ * command line.
+ *
+ * Returns 0 on success, -1 w/ error on some sort of failure.
+ */
+static int
+qemuBuildDiskVxHSTLSinfoCommandLine(virCommandPtr cmd,
+ virQEMUDriverConfigPtr cfg,
+ virDomainDiskDefPtr disk,
+ virQEMUCapsPtr qemuCaps)
+{
+ int ret =3D 0;
+
+ if (cfg->vxhsTLS =3D=3D true && disk->src->haveTLS !=3D VIR_TRISTATE_=
BOOL_NO) {
+ disk->src->addTLS =3D true;
+ ret =3D qemuBuildTLSx509CommandLine(cmd, cfg->vxhsTLSx509certd=
ir,
+ false,
+ true,
+ false,
+ "vxhs",
+ qemuCaps);
+ } else if (cfg->vxhsTLS =3D=3D false &&
+ disk->src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("Please enable VxHS specific TLS options in the q=
emu "
+ "conf file before using TLS in VxHS device domain=
"
+ "specification"));
+ ret =3D -1;
+ }
+
+ return ret;
+}
+
+
+/* qemuBuildDiskTLSinfoCommandLine:
+ *
+ * Add TLS object if the disk uses a secure communication channel
+ *
+ * Returns 0 on success, -1 w/ error on some sort of failure.
+ */
+static int
+qemuBuildDiskTLSinfoCommandLine(virCommandPtr cmd,
+ virQEMUDriverConfigPtr cfg,
+ virDomainDiskDefPtr disk,
+ virQEMUCapsPtr qemuCaps)
+{
+ virStorageSourcePtr src =3D disk->src;
+
+ /* other protocols may be added later */
+ if (src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_VXHS)
+ return qemuBuildDiskVxHSTLSinfoCommandLine(cmd, cfg, disk, qemuCap=
s);
+
+ return 0;
+}
+
=20
#define QEMU_DEFAULT_VXHS_PORT "9999"
=20
@@ -975,18 +1037,38 @@ qemuBuildVxHSDriveJSON(virStorageSourcePtr src)
if (!(server =3D qemuBuildVxHSDriveJSONHost(src)))
return NULL;
=20
- /* VxHS disk specification example:
- * { driver:"vxhs",
- * vdisk-id:"eb90327c-8302-4725-4e85ed4dc251",
- * server.host:"1.2.3.4",
- * server.port:1234}
- */
- if (virJSONValueObjectCreate(&ret,
- "s:driver", protocol,
- "s:vdisk-id", src->path,
- "a:server", server, NULL) < 0)
- virJSONValueFree(server);
+ if (src->addTLS =3D=3D true) {
+ char *objalias =3D NULL;
=20
+ if (!(objalias =3D qemuAliasTLSObjFromSrcAlias("vxhs")))
+ goto cleanup;
+
+ if (virJSONValueObjectCreate(&ret,
+ "s:driver", protocol,
+ "s:tls-creds", objalias,
+ "s:vdisk-id", src->path,
+ "a:server", server, NULL) < 0) {
+ virJSONValueFree(server);
+ ret =3D NULL;
+ }
+ VIR_FREE(objalias);
+ } else {
+ /* VxHS disk specification example:
+ * { driver:"vxhs",
+ * vdisk-id:"eb90327c-8302-4725-4e85ed4dc251",
+ * server.host:"1.2.3.4",
+ * server.port:1234}
+ */
+ if (virJSONValueObjectCreate(&ret,
+ "s:driver", protocol,
+ "s:vdisk-id", src->path,
+ "a:server", server, NULL) < 0) {
+ virJSONValueFree(server);
+ ret =3D NULL;
+ }
+ }
+
+ cleanup:
return ret;
}
=20
@@ -2438,6 +2520,9 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd,
if (qemuBuildDiskSecinfoCommandLine(cmd, encinfo) < 0)
return -1;
=20
+ if (qemuBuildDiskTLSinfoCommandLine(cmd, cfg, disk, qemuCaps) < 0)
+ return -1;
+
virCommandAddArg(cmd, "-drive");
=20
if (!(optstr =3D qemuBuildDriveStr(disk, cfg, driveBoot, qemuCaps)=
))
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index eb36694..449ace4 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -2042,6 +2042,8 @@ virStorageSourceCopy(const virStorageSource *src,
ret->physical =3D src->physical;
ret->readonly =3D src->readonly;
ret->shared =3D src->shared;
+ ret->haveTLS =3D src->haveTLS;
+ ret->addTLS =3D src->addTLS;
=20
/* storage driver metadata are not copied */
ret->drv =3D NULL;
@@ -3231,6 +3233,7 @@ virStorageSourceParseBackingJSONVxHS(virStorageSource=
Ptr src,
const char *uri =3D virJSONValueObjectGetString(json, "filename");
const char *vdisk_id =3D virJSONValueObjectGetString(json, "vdisk-id");
virJSONValuePtr server =3D virJSONValueObjectGetObject(json, "server");
+ const char *haveTLS =3D virJSONValueObjectGetString(json, "tls");
const char *hostname;
const char *port;
=20
@@ -3258,6 +3261,16 @@ virStorageSourceParseBackingJSONVxHS(virStorageSourc=
ePtr src,
return -1;
}
=20
+ if (haveTLS) {
+ if ((src->haveTLS =3D
+ virTristateBoolTypeFromString(haveTLS)) <=3D 0) {
+ virReportError(VIR_ERR_INVALID_ARG,
+ _("unknown VxHS 'tls' setting '%s'"),
+ haveTLS);
+ return -1;
+ }
+ }
+
if (!port)
port =3D QEMU_DEFAULT_VXHS_PORT;
=20
diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h
index 0b6e409..e586170 100644
--- a/src/util/virstoragefile.h
+++ b/src/util/virstoragefile.h
@@ -281,6 +281,15 @@ struct _virStorageSource {
/* metadata that allows identifying given storage source */
char *nodeformat; /* name of the format handler object */
char *nodebacking; /* name of the backing storage object */
+
+ /* This is the domain specific setting.
+ * It may be absent */
+ int haveTLS; /* enum virTristateBool */
+
+ /* This should be set to "true" only when TLS creds are to be added for
+ * the device. For e.g. this could be based on a combination of
+ * global conf setting + domain specific setting */
+ bool addTLS;
};
=20
=20
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509=
-err-vxhs.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx=
509-err-vxhs.xml
new file mode 100644
index 0000000..951ad4e
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-err-vx=
hs.xml
@@ -0,0 +1,34 @@
+
+ QEMUGuest1
+ c7a5fdbd-edaf-9455-926a-d65c16db1809
+ 219136
+ 219136
+ 1
+
+ hvm
+
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+ eb90327c-8302-4725-9e1b-4e85ed4dc251
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509=
-multidisk-vxhs.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-netwo=
rk-tlsx509-multidisk-vxhs.args
new file mode 100644
index 0000000..960960d
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-multid=
isk-vxhs.args
@@ -0,0 +1,41 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/home/test \
+USER=3Dtest \
+LOGNAME=3Dtest \
+QEMU_AUDIO_DRV=3Dnone \
+/usr/bin/qemu-system-x86_64 \
+-name QEMUGuest1 \
+-S \
+-M pc \
+-cpu qemu32 \
+-m 214 \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-nographic \
+-nodefaults \
+-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
+-no-acpi \
+-boot c \
+-usb \
+-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\
+endpoint=3Dclient,verify-peer=3Dyes \
+-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\
+file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc251,\
+file.server.host=3D192.168.0.1,file.server.port=3D9999,format=3Draw,if=3Dn=
one,\
+id=3Ddrive-virtio-disk0,cache=3Dnone \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\
+id=3Dvirtio-disk0 \
+-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\
+endpoint=3Dclient,verify-peer=3Dyes \
+-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\
+file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc252,\
+file.server.host=3D192.168.0.2,file.server.port=3D9999,format=3Draw,if=3Dn=
one,\
+id=3Ddrive-virtio-disk1,cache=3Dnone \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Ddrive-virtio-disk1,\
+id=3Dvirtio-disk1 \
+-drive file.driver=3Dvxhs,file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4d=
c253,\
+file.server.host=3D192.168.0.3,file.server.port=3D9999,format=3Draw,if=3Dn=
one,\
+id=3Ddrive-virtio-disk2,cache=3Dnone \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Ddrive-virtio-disk2,\
+id=3Dvirtio-disk2
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509=
-multidisk-vxhs.args.new b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-n=
etwork-tlsx509-multidisk-vxhs.args.new
new file mode 100644
index 0000000..960960d
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-multid=
isk-vxhs.args.new
@@ -0,0 +1,41 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/home/test \
+USER=3Dtest \
+LOGNAME=3Dtest \
+QEMU_AUDIO_DRV=3Dnone \
+/usr/bin/qemu-system-x86_64 \
+-name QEMUGuest1 \
+-S \
+-M pc \
+-cpu qemu32 \
+-m 214 \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-nographic \
+-nodefaults \
+-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
+-no-acpi \
+-boot c \
+-usb \
+-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\
+endpoint=3Dclient,verify-peer=3Dyes \
+-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\
+file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc251,\
+file.server.host=3D192.168.0.1,file.server.port=3D9999,format=3Draw,if=3Dn=
one,\
+id=3Ddrive-virtio-disk0,cache=3Dnone \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\
+id=3Dvirtio-disk0 \
+-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\
+endpoint=3Dclient,verify-peer=3Dyes \
+-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\
+file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc252,\
+file.server.host=3D192.168.0.2,file.server.port=3D9999,format=3Draw,if=3Dn=
one,\
+id=3Ddrive-virtio-disk1,cache=3Dnone \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Ddrive-virtio-disk1,\
+id=3Dvirtio-disk1 \
+-drive file.driver=3Dvxhs,file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4d=
c253,\
+file.server.host=3D192.168.0.3,file.server.port=3D9999,format=3Draw,if=3Dn=
one,\
+id=3Ddrive-virtio-disk2,cache=3Dnone \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Ddrive-virtio-disk2,\
+id=3Dvirtio-disk2
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509=
-multidisk-vxhs.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-networ=
k-tlsx509-multidisk-vxhs.xml
new file mode 100644
index 0000000..3d28958
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-multid=
isk-vxhs.xml
@@ -0,0 +1,56 @@
+
+ QEMUGuest1
+ c7a5fdbd-edaf-9455-926a-d65c16db1809
+ 219136
+ 219136
+ 1
+
+ hvm
+
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+ eb90327c-8302-4725-9e1b-4e85ed4dc251
+
+
+
+
+
+
+
+
+
+
+ eb90327c-8302-4725-9e1b-4e85ed4dc252
+
+
+
+
+
+
+
+
+
+
+ eb90327c-8302-4725-9e1b-4e85ed4dc252
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509=
-vxhs.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509=
-vxhs.args
new file mode 100644
index 0000000..e1ad36e
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.a=
rgs
@@ -0,0 +1,28 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/home/test \
+USER=3Dtest \
+LOGNAME=3Dtest \
+QEMU_AUDIO_DRV=3Dnone \
+/usr/bin/qemu-system-x86_64 \
+-name QEMUGuest1 \
+-S \
+-M pc \
+-cpu qemu32 \
+-m 214 \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+-nographic \
+-nodefaults \
+-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
+-no-acpi \
+-boot c \
+-usb \
+-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\
+endpoint=3Dclient,verify-peer=3Dyes \
+-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\
+file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc251,\
+file.server.host=3D192.168.0.1,file.server.port=3D9999,format=3Draw,if=3Dn=
one,\
+id=3Ddrive-virtio-disk0,cache=3Dnone \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\
+id=3Dvirtio-disk0
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509=
-vxhs.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-=
vxhs.xml
new file mode 100644
index 0000000..a488770
--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.x=
ml
@@ -0,0 +1,34 @@
+
+ QEMUGuest1
+ c7a5fdbd-edaf-9455-926a-d65c16db1809
+ 219136
+ 219136
+ 1
+
+ hvm
+
+
+
+ destroy
+ restart
+ destroy
+
+ /usr/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+ eb90327c-8302-4725-9e1b-4e85ed4dc251
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 0a1ef01..7459522 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -904,6 +904,15 @@ mymain(void)
DO_TEST("disk-drive-network-rbd-ipv6", NONE);
DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE);
DO_TEST("disk-drive-network-vxhs", NONE);
+ DO_TEST_FAILURE("disk-drive-network-tlsx509-err-vxhs",
+ QEMU_CAPS_OBJECT_TLS_CREDS_X509);
+ driver.config->vxhsTLS =3D 1;
+ DO_TEST("disk-drive-network-tlsx509-vxhs",
+ QEMU_CAPS_OBJECT_TLS_CREDS_X509);
+ DO_TEST("disk-drive-network-tlsx509-multidisk-vxhs",
+ QEMU_CAPS_OBJECT_TLS_CREDS_X509);
+ driver.config->vxhsTLS =3D 0;
+ VIR_FREE(driver.config->vxhsTLSx509certdir);
DO_TEST("disk-drive-no-boot",
QEMU_CAPS_BOOTINDEX);
DO_TEST_PARSE_ERROR("disk-device-lun-type-invalid",
diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c
index 3a4e03b..28747ff 100644
--- a/tests/virstoragetest.c
+++ b/tests/virstoragetest.c
@@ -1594,6 +1594,17 @@ mymain(void)
TEST_BACKING_PARSE("json:{\"file.driver\":\"vxhs\","
"\"file.filename\":\"vxhs://192.168.0.1:9999/=
c6718f6b-0401-441d-a8c3-1f0064d75ee0\""
"}", NULL);
+ TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"vxhs\","
+ "\"vdisk-id\":\"c6718f6b-0401-441d-=
a8c3-1f0064d75ee0\","
+ "\"server\": { \"host\":\"example.c=
om\","
+ "\"port\":\"1234\""
+ "},"
+ "\"tls\":\"yes\""
+ "}"
+ "}",
+ "\n"
+ " \n"
+ "\n");
#endif /* WITH_YAJL */
=20
cleanup:
--=20
2.5.5
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list