From nobody Thu May 15 19:13:27 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 15041335473411004.6791152474777; Wed, 30 Aug 2017 15:52:27 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4A3B6C047B6F; Wed, 30 Aug 2017 22:52:23 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 27537173D7; Wed, 30 Aug 2017 22:52:23 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DB558180610F; Wed, 30 Aug 2017 22:52:22 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v7UMkNJJ022337 for ; Wed, 30 Aug 2017 18:46:23 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7AE9677709; Wed, 30 Aug 2017 22:46:23 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-88.phx2.redhat.com [10.3.116.88]) by smtp.corp.redhat.com (Postfix) with ESMTP id 34E467093F; Wed, 30 Aug 2017 22:46:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4A3B6C047B6F Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Wed, 30 Aug 2017 18:46:08 -0400 Message-Id: <20170830224613.24738-9-jferlan@redhat.com> In-Reply-To: <20170830224613.24738-1-jferlan@redhat.com> References: <20170830224613.24738-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: ashish.mittal@veritas.com Subject: [libvirt] [PATCH v6 08/13] util: Add haveTLS to virStorageSource X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 30 Aug 2017 22:52:23 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Ashish Mittal Add an optional virTristateBool haveTLS to virStorageSource to manage whether a storage source will be using TLS. Sample XML for a VxHS disk: Update the qemuxml2xmltest in order to add a test to show the proper parsing. Also update the docs to describe the tls attribute plus clean up the description in the surrounding area to make the information a bit more readable rather than one winding paragraph. Signed-off-by: Ashish Mittal Signed-off-by: John Ferlan --- This is part of the v5 patch5 that deals with the domain XML changes to add TLS support, plus the formatdomain.html.in from the previous patch, and the XML examples taken from v5 patch6 but only for the qemuxml2xmltest.c needs. Differences here: * Moved the text in format domain from under the section for the ports to where it should be in the section desribing the source element and protocol and disk attributes. Reformatted things a bit to make it easier to read. * Altered where the attribute was placed in the domaincommon.rng to be before since that's where it falls in the domain XML. * Updated the description of the haveTLS value. * Remove the addTLS boolean * Cleaned up the XML examples, generated the output XML, and added the xml2xml test. docs/formatdomain.html.in | 41 ++++++++++++++++--= ---- docs/schemas/domaincommon.rng | 5 +++ src/conf/domain_conf.c | 19 ++++++++++ src/util/virstoragefile.c | 12 +++++++ src/util/virstoragefile.h | 3 ++ ...emuxml2argv-disk-drive-network-tlsx509-vxhs.xml | 32 +++++++++++++++++ ...uxml2xmlout-disk-drive-network-tlsx509-vxhs.xml | 34 ++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 8 files changed, 137 insertions(+), 10 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= tlsx509-vxhs.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-netw= ork-tlsx509-vxhs.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 446ffff..bf8debb 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2520,19 +2520,40 @@
The protocol attribute specifies the protocol to access to the requested image. Possible values are "nbd", - "iscsi", "rbd", "sheepdog", "gluster" or "vxhs". If the - protocol attribute is "rbd", "sheepdog", "glust= er" - or "vxhs", an additional attribute name is - mandatory to specify which volume/image will be used. For "n= bd", - the name attribute is optional. For "iscsi" - (since 1.0.4), the name - attribute may include a logical unit number, separated from = the - target's name by a slash (e.g., + "iscsi", "rbd", "sheepdog", "gluster" or "vxhs". + +

If the protocol attribute is "rbd", "sheepdo= g", + "gluster", or "vxhs", an additional attribute name + is mandatory to specify which volume/image will be used. +

+ +

For "nbd", the name attribute is optional. +

+ +

For "iscsi" (since 1.0.4), t= he + name attribute may include a logical unit numbe= r, + separated from the target's name by a slash (e.g., iqn.2013-07.com.example:iscsi-pool/1). If not specified, the default LUN is zero. - For "vxhs" (since 3.8.0), the +

+ +

For "vxhs" (since 3.8.0), the name is the UUID of the volume, assigned by the - HyperScale server. + HyperScale server. Additionally, an optional attribute + tls (QEMU only) can be used to control whether a + VxHS block device would utilize a hypervisor configured TLS + X.509 certificate environment in order to encrypt the data + channel. For the QEMU hypervisor, usage of a TLS environment= can + be controlled on the host by the vxhs_tls and + vxhs_tls_x509_cert_dir or + default_tls_x509_cert_dir settings in the file + /etc/libvirt/qemu.conf. If vxhs_tls is enabled, + then unless the domain tls attribute is set to = "no", + libvirt will use the host configured TLS environment. + It will be considered a configuration error if + vxhs_tls is disabled, but the tls + attribute is set to "yes". +

Since 0.8.7
volume
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 7fe4e21..520c235 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1650,6 +1650,11 @@ + + + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index f7574d7..76d1a77 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -8039,6 +8039,7 @@ virDomainDiskSourceParse(xmlNodePtr node, int ret =3D -1; char *protocol =3D NULL; xmlNodePtr saveNode =3D ctxt->node; + char *haveTLS =3D NULL; =20 ctxt->node =3D node; =20 @@ -8072,6 +8073,19 @@ virDomainDiskSourceParse(xmlNodePtr node, goto cleanup; } =20 + /* Check tls=3Dyes|no domain setting for the block device + * At present only VxHS. Other block devices may be added later */ + if (src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_VXHS && + (haveTLS =3D virXMLPropString(node, "tls"))) { + if ((src->haveTLS =3D + virTristateBoolTypeFromString(haveTLS)) <=3D 0) { + virReportError(VIR_ERR_XML_ERROR, + _("unknown disk source 'tls' setting '%s'"), + haveTLS); + goto cleanup; + } + } + /* for historical reasons the volume name for gluster volume is st= ored * as a part of the path. This is hard to work with when dealing w= ith * relative names. Split out the volume into a separate variable */ @@ -8127,6 +8141,7 @@ virDomainDiskSourceParse(xmlNodePtr node, =20 cleanup: VIR_FREE(protocol); + VIR_FREE(haveTLS); ctxt->node =3D saveNode; return ret; } @@ -21623,6 +21638,10 @@ virDomainDiskSourceFormatNetwork(virBufferPtr buf, =20 VIR_FREE(path); =20 + if (src->haveTLS !=3D VIR_TRISTATE_BOOL_ABSENT) + virBufferAsprintf(buf, " tls=3D'%s'", + virTristateBoolTypeToString(src->haveTLS)); + if (src->nhosts =3D=3D 0 && !src->snapshot && !src->configFile) { virBufferAddLit(buf, "/>\n"); } else { diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index f3fe529..bf00d0c 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2039,6 +2039,7 @@ virStorageSourceCopy(const virStorageSource *src, ret->physical =3D src->physical; ret->readonly =3D src->readonly; ret->shared =3D src->shared; + ret->haveTLS =3D src->haveTLS; =20 /* storage driver metadata are not copied */ ret->drv =3D NULL; @@ -3220,6 +3221,7 @@ virStorageSourceParseBackingJSONVxHS(virStorageSource= Ptr src, { const char *vdisk_id =3D virJSONValueObjectGetString(json, "vdisk-id"); virJSONValuePtr server =3D virJSONValueObjectGetObject(json, "server"); + const char *haveTLS =3D virJSONValueObjectGetString(json, "tls"); =20 if (!vdisk_id || !server) { virReportError(VIR_ERR_INVALID_ARG, "%s", @@ -3228,6 +3230,16 @@ virStorageSourceParseBackingJSONVxHS(virStorageSourc= ePtr src, return -1; } =20 + if (haveTLS) { + if ((src->haveTLS =3D + virTristateBoolTypeFromString(haveTLS)) <=3D 0) { + virReportError(VIR_ERR_INVALID_ARG, + _("unknown VxHS 'tls' setting '%s'"), + haveTLS); + return -1; + } + } + src->type =3D VIR_STORAGE_TYPE_NETWORK; src->protocol =3D VIR_STORAGE_NET_PROTOCOL_VXHS; =20 diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index f7e897f..1d63555 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -281,6 +281,9 @@ struct _virStorageSource { /* metadata that allows identifying given storage source */ char *nodeformat; /* name of the format handler object */ char *nodestorage; /* name of the storage object */ + + /* An optional setting to enable usage of TLS for the storage source */ + int haveTLS; /* enum virTristateBool */ }; =20 =20 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509= -vxhs.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-= vxhs.xml new file mode 100644 index 0000000..61b5e2e --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.x= ml @@ -0,0 +1,32 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + eb90327c-8302-4725-9e1b-4e85ed4dc251 +
+ + + + + + + + diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-tls= x509-vxhs.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-= tlsx509-vxhs.xml new file mode 100644 index 0000000..16f0883 --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-tlsx509-vx= hs.xml @@ -0,0 +1,34 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + eb90327c-8302-4725-9e1b-4e85ed4dc251 +
+ + +
+ + + + + + + diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 82db8cc..4d1c175 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -475,6 +475,7 @@ mymain(void) DO_TEST("disk-drive-network-rbd-ceph-env", NONE); DO_TEST("disk-drive-network-sheepdog", NONE); DO_TEST("disk-drive-network-vxhs", NONE); + DO_TEST("disk-drive-network-tlsx509-vxhs", NONE); DO_TEST("disk-scsi-device", QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_SCSI_LSI); DO_TEST("disk-scsi-vscsi", NONE); --=20 2.9.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list