1. Patchew
  2. Libvirt
  3. [libvirt] [PATCH 00/38] qemu: Refactor secret/TLS setup and add TLS for nbd
  4. View patch

[libvirt] [PATCH 15/38] qemu: domain: Store and restore TLS object alias of a disk

Peter Krempa posted 38 patches 6 years, 11 months ago
[libvirt] [PATCH 15/38] qemu: domain: Store and restore TLS object alias of a disk
Posted by Peter Krempa 6 years, 11 months ago 
Libvirt uses the stored alias to detach the tlx x509 object on disk
unplug. As the alias was not stored, the object would not be detached
if unplugging disks after libvirtd restart.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_domain.c                    | 5 +++++
 tests/qemustatusxml2xmldata/modern-in.xml | 1 +
 2 files changed, 6 insertions(+)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index d070c013a1..a98424cc62 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -2023,6 +2023,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,

     src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
     src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);
+    src->tlsAlias = virXPathString("string(./objects/tlsX509/@alias)", ctxt);

     if (src->pr)
         src->pr->mgralias = virXPathString("string(./reservations/@mgralias)", ctxt);
@@ -2102,6 +2103,10 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
         qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
     }

+    if (src->tlsAlias)
+        virBufferAsprintf(&tmp, "<tlsX509 alias='%s'/>\n", src->tlsAlias);
+
+
     if (virXMLFormatElement(buf, "objects", NULL, &tmp) < 0)
         goto cleanup;

diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxml2xmldata/modern-in.xml
index 42869261d0..e5c00db6a4 100644
--- a/tests/qemustatusxml2xmldata/modern-in.xml
+++ b/tests/qemustatusxml2xmldata/modern-in.xml
@@ -322,6 +322,7 @@
               <objects>
                 <secret type='auth' alias='test-auth-alias'/>
                 <secret type='encryption' alias='test-encryption-alias'/>
+                <tlsX509 alias='transport-alias'/>
               </objects>
             </privateData>
           </source>
-- 
2.16.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 15/38] qemu: domain: Store and restore TLS object alias of a disk
Posted by Ján Tomko 6 years, 11 months ago 
On Wed, May 30, 2018 at 02:41:11PM +0200, Peter Krempa wrote:
>Libvirt uses the stored alias to detach the tlx x509 object on disk

s/tlx/TLS/

>unplug. As the alias was not stored, the object would not be detached
>if unplugging disks after libvirtd restart.
>
>Signed-off-by: Peter Krempa <pkrempa@redhat.com>
>---
> src/qemu/qemu_domain.c                    | 5 +++++
> tests/qemustatusxml2xmldata/modern-in.xml | 1 +
> 2 files changed, 6 insertions(+)
>
>diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>index d070c013a1..a98424cc62 100644
>--- a/src/qemu/qemu_domain.c
>+++ b/src/qemu/qemu_domain.c
>@@ -2023,6 +2023,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr ctxt,
>
>     src->nodestorage = virXPathString("string(./nodenames/nodename[@type='storage']/@name)", ctxt);
>     src->nodeformat = virXPathString("string(./nodenames/nodename[@type='format']/@name)", ctxt);
>+    src->tlsAlias = virXPathString("string(./objects/tlsX509/@alias)", ctxt);
>
>     if (src->pr)
>         src->pr->mgralias = virXPathString("string(./reservations/@mgralias)", ctxt);
>@@ -2102,6 +2103,10 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePtr src,
>         qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, "encryption");
>     }
>
>+    if (src->tlsAlias)
>+        virBufferAsprintf(&tmp, "<tlsX509 alias='%s'/>\n", src->tlsAlias);
>+
>+

Extra empty line.

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 15/38] qemu: domain: Store and restore TLS object alias of a disk
Posted by John Ferlan 6 years, 11 months ago 

On 05/30/2018 08:41 AM, Peter Krempa wrote:
> Libvirt uses the stored alias to detach the tlx x509 object on disk
> unplug. As the alias was not stored, the object would not be detached
> if unplugging disks after libvirtd restart.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
>  src/qemu/qemu_domain.c                    | 5 +++++
>  tests/qemustatusxml2xmldata/modern-in.xml | 1 +
>  2 files changed, 6 insertions(+)
> 

Could we use TLSx509 instead since that's used more frequently
elsewhere. Makes it far easier to search on just TLSx rather than tlsX
(which isn't used anywhere).

John

[...]

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-8c64711

© 2016 - 2025 Red Hat, Inc.