Introduce a new migration flag VIR_MIGRATE_TLS_PSK, that enables the use of the TLS-PSK-based authentication mechanism for encrypted migration.
Suggested-by: Tejus GK <[email protected]> Signed-off-by: Abhisek Panda <[email protected]> --- include/libvirt/libvirt-domain.h | 17 ++++++++++++++--- src/qemu/qemu_migration.h | 1 + tools/virsh-domain.c | 5 +++++ 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h index 1066a0b3f1..88eb3e55aa 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -1089,9 +1089,9 @@ typedef enum { VIR_MIGRATE_POSTCOPY = (1 << 15), /* Setting the VIR_MIGRATE_TLS flag will cause the migration to attempt - * to use the TLS environment configured by the hypervisor in order to - * perform the migration. If incorrectly configured on either source or - * destination, the migration will fail. + * to use the X.509-based TLS authentication configured by the hypervisor. + * If incorrectly configured on either source or destination, the migration + * will fail. * * Since: 3.2.0 */ @@ -1131,6 +1131,17 @@ typedef enum { * Since: 8.5.0 */ VIR_MIGRATE_ZEROCOPY = (1 << 20), + + /* Setting the VIR_MIGRATE_TLS_PSK flag will cause the migration to attempt + * to use the pre-shared key-based TLS authentication configured + * by the hypervisor. Setting both VIR_MIGRATE_TLS_PSK and VIR_MIGRATE_TLS flags + * simultaneously will result in migration failure because both the flags represent + * different types of TLS authentication schemes. If incorrectly configured on either + * source or destination, the migration will fail. + * + * Since: 12.4.0 + */ + VIR_MIGRATE_TLS_PSK = (1 << 21), } virDomainMigrateFlags; diff --git a/src/qemu/qemu_migration.h b/src/qemu/qemu_migration.h index 7e9410e1f7..7fbf959ee6 100644 --- a/src/qemu/qemu_migration.h +++ b/src/qemu/qemu_migration.h @@ -62,6 +62,7 @@ VIR_MIGRATE_NON_SHARED_SYNCHRONOUS_WRITES | \ VIR_MIGRATE_POSTCOPY_RESUME | \ VIR_MIGRATE_ZEROCOPY | \ + VIR_MIGRATE_TLS_PSK | \ 0) /* All supported migration parameters and their types. */ diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 76369e8694..286abd2f1c 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -11327,6 +11327,10 @@ static const vshCmdOptDef opts_migrate[] = { .type = VSH_OT_INT, .help = N_("bandwidth (in MiB/s) available for the final phase of migration") }, + {.name = "tls-psk", + .type = VSH_OT_BOOL, + .help = N_("use tls-psk for migration") + }, {.name = NULL} }; @@ -11376,6 +11380,7 @@ doMigrate(void *opaque) { "tls", VIR_MIGRATE_TLS }, { "parallel", VIR_MIGRATE_PARALLEL }, { "suspend", VIR_MIGRATE_PAUSED }, + { "tls-psk", VIR_MIGRATE_TLS_PSK }, }; #ifndef WIN32 -- 2.39.3
