From nobody Tue May 13 22:11:32 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527792718709987.7566311023984;
 Thu, 31 May 2018 11:51:58 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id EA95C30A6CF8;
	Thu, 31 May 2018 18:51:56 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A288860BE3;
	Thu, 31 May 2018 18:51:56 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 36F264CA81;
	Thu, 31 May 2018 18:51:56 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4VIpTPP010834 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 31 May 2018 14:51:29 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id BC4C610006EC; Thu, 31 May 2018 18:51:29 +0000 (UTC)
Received: from angien.brq.redhat.com (unknown [10.43.2.136])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 5F536112D198
	for <libvir-list@redhat.com>; Thu, 31 May 2018 18:51:29 +0000 (UTC)
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 31 May 2018 20:51:12 +0200
Message-Id: 
 <a741306d77576a992c6a6400a64cd611961d36bb.1527792547.git.pkrempa@redhat.com>
In-Reply-To: <cover.1527792547.git.pkrempa@redhat.com>
References: <cover.1527792547.git.pkrempa@redhat.com>
In-Reply-To: <cover.1527792547.git.pkrempa@redhat.com>
References: <cover.1527792547.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 1/3] qemu: conf: Add qemu.conf knobs for
	setting up TLS for NBD
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]);
 Thu, 31 May 2018 18:51:57 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: J=EF=BF=BDn Tomko <jtomko@redhat.com>
---
 src/qemu/libvirtd_qemu.aug         |  4 ++++
 src/qemu/qemu.conf                 | 34 ++++++++++++++++++++++++++++++++++
 src/qemu/qemu_conf.c               | 15 +++++++++++++++
 src/qemu/qemu_conf.h               |  3 +++
 src/qemu/test_libvirtd_qemu.aug.in |  2 ++
 5 files changed, 58 insertions(+)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 2dc16e91fd..679f48cbca 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -119,6 +119,9 @@ module Libvirtd_qemu =3D
    let vxhs_entry =3D bool_entry "vxhs_tls"
                  | str_entry "vxhs_tls_x509_cert_dir"

+   let nbd_entry =3D bool_entry "nbd_tls"
+                | str_entry "nbd_tls_x509_cert_dir"
+
    (* Each entry in the config is one of the following ... *)
    let entry =3D default_tls_entry
              | vnc_entry
@@ -138,6 +141,7 @@ module Libvirtd_qemu =3D
              | gluster_debug_level_entry
              | memory_entry
              | vxhs_entry
+             | nbd_entry

    let comment =3D [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \=
t\n][^\n]*)?/ . del /\n/ "\n" ]
    let empty =3D [ label "#empty" . eol ]
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 31738ff19c..c8e1a62d1c 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -297,6 +297,40 @@
 #vxhs_tls_x509_cert_dir =3D "/etc/pki/libvirt-vxhs"


+
+# Enable use of TLS encryption for all NBD disk devices that don't
+# specifically disable it.
+#
+# When the NBD server is set up appropriately, x509 certificates are requi=
red
+# for authentication between the client and the remote NBD server.
+#
+# It is necessary to setup CA and issue the client certificate before
+# enabling this.
+#
+#nbd_tls =3D 1
+
+
+# In order to override the default TLS certificate location for NBD
+# backed storage, supply a valid path to the certificate directory.
+# This is used to authenticate the NBD block device clients to the NBD
+# server.
+#
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but nbd_tls =3D 1, then the
+# default_tls_x509_cert_dir path will be used.
+#
+# NBD block device clients expect the client certificate and key to be
+# present in the certificate directory along with the CA certificate.
+# Since this is only a client the server-key.pem certificate is not needed.
+# Thus a NBD directory must contain the following:
+#
+#  ca-cert.pem - the CA master certificate
+#  client-cert.pem - the client certificate signed with the ca-cert.pem
+#  client-key.pem - the client private key
+#
+#nbd_tls_x509_cert_dir =3D "/etc/pki/libvirt-nbd"
+
+
 # In order to override the default TLS certificate location for migration
 # certificates, supply a valid path to the certificate directory. If the
 # provided path does not exist, libvirtd will fail to start. If the path is
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 277ab833a8..5f35a49e91 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -279,6 +279,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool priv=
ileged)
     SET_TLS_X509_CERT_DEFAULT(chardev);
     SET_TLS_X509_CERT_DEFAULT(migrate);
     SET_TLS_X509_CERT_DEFAULT(vxhs);
+    SET_TLS_X509_CERT_DEFAULT(nbd);

 #undef SET_TLS_X509_CERT_DEFAULT

@@ -378,6 +379,7 @@ static void virQEMUDriverConfigDispose(void *obj)
     VIR_FREE(cfg->chardevTLSx509secretUUID);

     VIR_FREE(cfg->vxhsTLSx509certdir);
+    VIR_FREE(cfg->nbdTLSx509certdir);

     VIR_FREE(cfg->migrateTLSx509certdir);
     VIR_FREE(cfg->migrateTLSx509secretUUID);
@@ -458,6 +460,7 @@ virQEMUDriverConfigTLSDirResetDefaults(virQEMUDriverCon=
figPtr cfg)
     CHECK_RESET_CERT_DIR_DEFAULT(chardev);
     CHECK_RESET_CERT_DIR_DEFAULT(migrate);
     CHECK_RESET_CERT_DIR_DEFAULT(vxhs);
+    CHECK_RESET_CERT_DIR_DEFAULT(nbd);

     return 0;
 }
@@ -561,6 +564,10 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr=
 cfg,
         goto cleanup;
     if (virConfGetValueString(conf, "vxhs_tls_x509_cert_dir", &cfg->vxhsTL=
Sx509certdir) < 0)
         goto cleanup;
+    if (virConfGetValueBool(conf, "nbd_tls", &cfg->nbdTLS) < 0)
+        goto cleanup;
+    if (virConfGetValueString(conf, "nbd_tls_x509_cert_dir", &cfg->nbdTLSx=
509certdir) < 0)
+        goto cleanup;

 #define GET_CONFIG_TLS_CERTINFO(val) \
     do { \
@@ -992,6 +999,14 @@ virQEMUDriverConfigValidate(virQEMUDriverConfigPtr cfg)
         return -1;
     }

+    if (STRNEQ(cfg->nbdTLSx509certdir, SYSCONFDIR "/pki/qemu") &&
+        !virFileExists(cfg->nbdTLSx509certdir)) {
+        virReportError(VIR_ERR_CONF_SYNTAX,
+                       _("nbd_tls_x509_cert_dir directory '%s' does not ex=
ist"),
+                       cfg->nbdTLSx509certdir);
+        return -1;
+    }
+
     return 0;
 }

diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 7a63780c48..6d25c3e74f 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -207,6 +207,9 @@ struct _virQEMUDriverConfig {

     bool vxhsTLS;
     char *vxhsTLSx509certdir;
+
+    bool nbdTLS;
+    char *nbdTLSx509certdir;
 };

 /* Main driver state */
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe=
mu.aug.in
index 95885e9f06..912161c272 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -27,6 +27,8 @@ module Test_libvirtd_qemu =3D
 { "chardev_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000=
" }
 { "vxhs_tls" =3D "1" }
 { "vxhs_tls_x509_cert_dir" =3D "/etc/pki/libvirt-vxhs" }
+{ "nbd_tls" =3D "1" }
+{ "nbd_tls_x509_cert_dir" =3D "/etc/pki/libvirt-nbd" }
 { "migrate_tls_x509_cert_dir" =3D "/etc/pki/libvirt-migrate" }
 { "migrate_tls_x509_verify" =3D "1" }
 { "migrate_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000=
" }
--=20
2.16.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Tue May 13 22:11:32 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 152779272725841.48295846777398;
 Thu, 31 May 2018 11:52:07 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com
 [10.5.11.27])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 5A633C03BD51;
	Thu, 31 May 2018 18:52:05 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 147E3B16F3;
	Thu, 31 May 2018 18:52:05 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9075D4BB78;
	Thu, 31 May 2018 18:52:04 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4VIpUsU010842 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 31 May 2018 14:51:30 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 5ECE1112D198; Thu, 31 May 2018 18:51:30 +0000 (UTC)
Received: from angien.brq.redhat.com (unknown [10.43.2.136])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 02638112D169
	for <libvir-list@redhat.com>; Thu, 31 May 2018 18:51:29 +0000 (UTC)
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 31 May 2018 20:51:13 +0200
Message-Id: 
 <13f5421dd9fa69be90d634eda660d4affd7987da.1527792547.git.pkrempa@redhat.com>
In-Reply-To: <cover.1527792547.git.pkrempa@redhat.com>
References: <cover.1527792547.git.pkrempa@redhat.com>
In-Reply-To: <cover.1527792547.git.pkrempa@redhat.com>
References: <cover.1527792547.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 2/3] qemu: domain: Add support for TLS for NBD
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]);
 Thu, 31 May 2018 18:52:06 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.redhat.com/show_bug.cgi?id=3D1544869

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: J=EF=BF=BDn Tomko <jtomko@redhat.com>
---
 docs/formatdomain.html.in                          |  8 ++++-
 docs/schemas/domaincommon.rng                      |  5 +++
 src/qemu/qemu_command.c                            |  5 +++
 src/qemu/qemu_domain.c                             | 38 ++++++++++++++++++=
++--
 .../disk-drive-network-tlsx509.args                |  9 ++++-
 .../disk-drive-network-tlsx509.xml                 |  8 +++++
 tests/qemuxml2argvtest.c                           |  2 +-
 .../disk-drive-network-tlsx509.xml                 |  8 +++++
 8 files changed, 78 insertions(+), 5 deletions(-)

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index b5a6e33bfe..dccabe7f35 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2786,7 +2786,13 @@
               is mandatory to specify which volume/image will be used.
               </p>

-              <p>For "nbd", the <code>name</code> attribute is optional.
+              <p>For "nbd", the <code>name</code> attribute is optional. T=
LS
+              transport for NBD can be enabled by using the <code>tls</cod=
e>
+              attribute. For the QEMU hypervisor, usage of a TLS environme=
nt can
+              lso be globally controlled on the host by the
+              <code>nbd_tls</code> and <code>nbd_tls_x509_cert_dir</code> =
in
+              /etc/libvirt/qemu.conf.
+              ('tls' <span class=3D"since">Since 4.5.0</span>)
               </p>

               <p>For "iscsi" (<span class=3D"since">since 1.0.4</span>), t=
he
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 703a1bb6f8..ce2d1e91e0 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1706,6 +1706,11 @@
       <optional>
         <attribute name=3D"name"/>
       </optional>
+      <optional>
+        <attribute name=3D"tls">
+          <ref name=3D"virYesNo"/>
+        </attribute>
+      </optional>
       <ref name=3D"diskSourceNetworkHost"/>
       <optional>
         <ref name=3D"encryption"/>
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index c75595ca6d..75c05f9e9a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1388,6 +1388,11 @@ qemuDiskSourceNeedsProps(virStorageSourcePtr src,
         virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET))
         return true;

+    if (actualType =3D=3D VIR_STORAGE_TYPE_NETWORK &&
+        src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_NBD &&
+        src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES)
+        return true;
+
     return false;
 }

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 873bcec50d..1bfa6a926a 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -9934,6 +9934,34 @@ qemuProcessPrepareStorageSourceTLSVxhs(virStorageSou=
rcePtr src,
 }


+static int
+qemuProcessPrepareStorageSourceTLSNBD(virStorageSourcePtr src,
+                                      virQEMUDriverConfigPtr cfg,
+                                      virQEMUCapsPtr qemuCaps)
+{
+    if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_ABSENT) {
+        if (cfg->nbdTLS)
+            src->haveTLS =3D VIR_TRISTATE_BOOL_YES;
+        else
+            src->haveTLS =3D VIR_TRISTATE_BOOL_NO;
+        src->tlsFromConfig =3D true;
+    }
+
+    if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) {
+        if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NBD_TLS)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("this qemu does not support TLS transport for=
 NBD"));
+            return -1;
+        }
+
+        if (VIR_STRDUP(src->tlsCertdir, cfg->nbdTLSx509certdir) < 0)
+            return -1;
+    }
+
+    return 0;
+}
+
+
 /* qemuProcessPrepareStorageSourceTLS:
  * @source: source for a disk
  * @cfg: driver configuration
@@ -9948,7 +9976,8 @@ qemuProcessPrepareStorageSourceTLSVxhs(virStorageSour=
cePtr src,
 static int
 qemuDomainPrepareStorageSourceTLS(virStorageSourcePtr src,
                                   virQEMUDriverConfigPtr cfg,
-                                  const char *parentAlias)
+                                  const char *parentAlias,
+                                  virQEMUCapsPtr qemuCaps)
 {
     if (virStorageSourceGetActualType(src) !=3D VIR_STORAGE_TYPE_NETWORK)
         return 0;
@@ -9960,6 +9989,10 @@ qemuDomainPrepareStorageSourceTLS(virStorageSourcePt=
r src,
         break;

     case VIR_STORAGE_NET_PROTOCOL_NBD:
+        if (qemuProcessPrepareStorageSourceTLSNBD(src, cfg, qemuCaps) < 0)
+            return -1;
+        break;
+
     case VIR_STORAGE_NET_PROTOCOL_RBD:
     case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG:
     case VIR_STORAGE_NET_PROTOCOL_GLUSTER:
@@ -12502,7 +12535,8 @@ qemuDomainPrepareDiskSourceLegacy(virDomainDiskDefP=
tr disk,
     if (qemuDomainPrepareStorageSourcePR(disk->src, priv, disk->info.alias=
) < 0)
         return -1;

-    if (qemuDomainPrepareStorageSourceTLS(disk->src, cfg, disk->info.alias=
) < 0)
+    if (qemuDomainPrepareStorageSourceTLS(disk->src, cfg, disk->info.alias,
+                                          priv->qemuCaps) < 0)
         return -1;

     return 0;
diff --git a/tests/qemuxml2argvdata/disk-drive-network-tlsx509.args b/tests=
/qemuxml2argvdata/disk-drive-network-tlsx509.args
index 91d3a8a70a..970b8a32a6 100644
--- a/tests/qemuxml2argvdata/disk-drive-network-tlsx509.args
+++ b/tests/qemuxml2argvdata/disk-drive-network-tlsx509.args
@@ -43,4 +43,11 @@ id=3Dvirtio-disk1 \
 file.server.host=3D192.168.0.3,file.server.port=3D9999,format=3Draw,if=3Dn=
one,\
 id=3Ddrive-virtio-disk2,serial=3Deb90327c-8302-4725-9e1b-4e85ed4dc252,cach=
e=3Dnone \
 -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Ddrive-virtio-disk2,\
-id=3Dvirtio-disk2
+id=3Dvirtio-disk2 \
+-object tls-creds-x509,id=3Dobjvirtio-disk3_tls0,dir=3D/etc/pki/qemu,\
+endpoint=3Dclient,verify-peer=3Dyes \
+-drive file.driver=3Dnbd,file.server.type=3Dinet,file.server.host=3Dexampl=
e.com,\
+file.server.port=3D1234,file.tls-creds=3Dobjvirtio-disk3_tls0,format=3Draw=
,if=3Dnone,\
+id=3Ddrive-virtio-disk3,cache=3Dnone \
+-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x7,drive=3Ddrive-virtio-disk3,\
+id=3Dvirtio-disk3
diff --git a/tests/qemuxml2argvdata/disk-drive-network-tlsx509.xml b/tests/=
qemuxml2argvdata/disk-drive-network-tlsx509.xml
index a66e81f065..9f6f298b54 100644
--- a/tests/qemuxml2argvdata/disk-drive-network-tlsx509.xml
+++ b/tests/qemuxml2argvdata/disk-drive-network-tlsx509.xml
@@ -41,6 +41,14 @@
       <serial>eb90327c-8302-4725-9e1b-4e85ed4dc252</serial>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x06' f=
unction=3D'0x0'/>
     </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw' cache=3D'none'/>
+      <source protocol=3D'nbd' tls=3D'yes'>
+        <host name=3D'example.com' port=3D'1234'/>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x07' f=
unction=3D'0x0'/>
+    </disk>
     <controller type=3D'usb' index=3D'0'/>
     <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
     <input type=3D'mouse' bus=3D'ps2'/>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 2d41f78f8b..1d588e5dd1 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1052,7 +1052,7 @@ mymain(void)
     DO_TEST("disk-drive-network-vxhs", QEMU_CAPS_VXHS);
     driver.config->vxhsTLS =3D 1;
     DO_TEST("disk-drive-network-tlsx509", QEMU_CAPS_VXHS,
-            QEMU_CAPS_OBJECT_TLS_CREDS_X509);
+            QEMU_CAPS_OBJECT_TLS_CREDS_X509, QEMU_CAPS_NBD_TLS);
     driver.config->vxhsTLS =3D 0;
     VIR_FREE(driver.config->vxhsTLSx509certdir);
     DO_TEST("disk-drive-no-boot",
diff --git a/tests/qemuxml2xmloutdata/disk-drive-network-tlsx509.xml b/test=
s/qemuxml2xmloutdata/disk-drive-network-tlsx509.xml
index 7053affd17..a9b8d32646 100644
--- a/tests/qemuxml2xmloutdata/disk-drive-network-tlsx509.xml
+++ b/tests/qemuxml2xmloutdata/disk-drive-network-tlsx509.xml
@@ -41,6 +41,14 @@
       <serial>eb90327c-8302-4725-9e1b-4e85ed4dc252</serial>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x06' f=
unction=3D'0x0'/>
     </disk>
+    <disk type=3D'network' device=3D'disk'>
+      <driver name=3D'qemu' type=3D'raw' cache=3D'none'/>
+      <source protocol=3D'nbd' tls=3D'yes'>
+        <host name=3D'example.com' port=3D'1234'/>
+      </source>
+      <target dev=3D'vdd' bus=3D'virtio'/>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x07' f=
unction=3D'0x0'/>
+    </disk>
     <controller type=3D'usb' index=3D'0'>
       <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
     </controller>
--=20
2.16.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Tue May 13 22:11:32 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1527792734561127.81227838072448;
 Thu, 31 May 2018 11:52:14 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id B23DF307D841;
	Thu, 31 May 2018 18:52:12 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 7EFCA1A8F9;
	Thu, 31 May 2018 18:52:12 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2F3714CA83;
	Thu, 31 May 2018 18:52:12 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w4VIpVYq010847 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 31 May 2018 14:51:31 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 004EE10006EC; Thu, 31 May 2018 18:51:31 +0000 (UTC)
Received: from angien.brq.redhat.com (unknown [10.43.2.136])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 988D11006EAC
	for <libvir-list@redhat.com>; Thu, 31 May 2018 18:51:30 +0000 (UTC)
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Date: Thu, 31 May 2018 20:51:14 +0200
Message-Id: 
 <8d41b607a35a428b568bbd0c8d170cbb09b36fae.1527792547.git.pkrempa@redhat.com>
In-Reply-To: <cover.1527792547.git.pkrempa@redhat.com>
References: <cover.1527792547.git.pkrempa@redhat.com>
In-Reply-To: <cover.1527792547.git.pkrempa@redhat.com>
References: <cover.1527792547.git.pkrempa@redhat.com>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v2 3/3] tests: qemublock: Test NBD with TLS in the
	JSON generator
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]);
 Thu, 31 May 2018 18:52:13 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: J=EF=BF=BDn Tomko <jtomko@redhat.com>
---
 tests/qemublocktest.c                                 |  1 +
 tests/qemublocktestdata/xml2json/network-nbd-tls.json | 19 +++++++++++++++=
++++
 tests/qemublocktestdata/xml2json/network-nbd-tls.xml  | 18 +++++++++++++++=
+++
 3 files changed, 38 insertions(+)
 create mode 100644 tests/qemublocktestdata/xml2json/network-nbd-tls.json
 create mode 100644 tests/qemublocktestdata/xml2json/network-nbd-tls.xml

diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c
index d0cd834b05..0c335abc5b 100644
--- a/tests/qemublocktest.c
+++ b/tests/qemublocktest.c
@@ -486,6 +486,7 @@ mymain(void)
     TEST_DISK_TO_JSON("file-backing_basic-cache-unsafe");
     TEST_DISK_TO_JSON("network-qcow2-backing-chain-cache-unsafe");
     TEST_DISK_TO_JSON("dir-fat-cache");
+    TEST_DISK_TO_JSON("network-nbd-tls");

     TEST_DISK_TO_JSON("block-raw-noopts");
     TEST_DISK_TO_JSON("block-raw-reservations");
diff --git a/tests/qemublocktestdata/xml2json/network-nbd-tls.json b/tests/=
qemublocktestdata/xml2json/network-nbd-tls.json
new file mode 100644
index 0000000000..a1529a6c44
--- /dev/null
+++ b/tests/qemublocktestdata/xml2json/network-nbd-tls.json
@@ -0,0 +1,19 @@
+{
+  "node-name": "node-b-f",
+  "read-only": false,
+  "driver": "qcow2",
+  "file": "node-a-s",
+  "backing": null
+}
+{
+  "driver": "nbd",
+  "server": {
+    "type": "inet",
+    "host": "host1.example.com",
+    "port": "10809"
+  },
+  "tls-creds": "node-a-s-tls0",
+  "node-name": "node-a-s",
+  "read-only": false,
+  "discard": "unmap"
+}
diff --git a/tests/qemublocktestdata/xml2json/network-nbd-tls.xml b/tests/q=
emublocktestdata/xml2json/network-nbd-tls.xml
new file mode 100644
index 0000000000..1330a5acc7
--- /dev/null
+++ b/tests/qemublocktestdata/xml2json/network-nbd-tls.xml
@@ -0,0 +1,18 @@
+<disk type=3D'network' device=3D'disk'>
+  <driver name=3D'qemu' type=3D'qcow2'/>
+  <source protocol=3D'nbd' tls=3D'yes'>
+    <host name=3D'host1.example.com'/>
+    <privateData>
+      <nodenames>
+        <nodename type=3D'storage' name=3D'node-a-s'/>
+        <nodename type=3D'format' name=3D'node-b-f'/>
+      </nodenames>
+      <objects>
+        <TLSx509 alias=3D'node-a-s-tls0'/>
+      </objects>
+    </privateData>
+  </source>
+  <backingStore/>
+  <target dev=3D'vda' bus=3D'virtio'/>
+  <alias name=3D'virtio-disk0'/>
+</disk>
--=20
2.16.2

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list