During an encrypted migration, the parties negotiate a unique identifier, then QEMU parses the key file and extracts the matching key. By default, the key file’s location is defined in either "migrate_tls_psk_dir" or "default_tls_psk_dir" in qemu.conf.
To use a different key file for a particular migration session, a user can provide custom directory path of the key file using the "VIR_MIGRATE_PARAM_TLS_PSK_DIRECTORY" migration parameter. If this parameter is set, the defined path supersedes the "migrate_tls_psk_dir" or "default_tls_psk_dir" configurations provided in qemu.conf. Suggested-by: Tejus GK <[email protected]> Signed-off-by: Abhisek Panda <[email protected]> --- include/libvirt/libvirt-domain.h | 14 ++++++ src/qemu/qemu_driver.c | 24 ++++++---- src/qemu/qemu_migration.c | 78 ++++++++++++++++++++------------ src/qemu/qemu_migration.h | 2 + src/qemu/qemu_migration_params.c | 41 +++++++++++++---- src/qemu/qemu_migration_params.h | 5 ++ tools/virsh-domain.c | 7 +++ 7 files changed, 127 insertions(+), 44 deletions(-) diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h index 88eb3e55aa..f600771c08 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -1479,6 +1479,20 @@ typedef enum { */ # define VIR_MIGRATE_PARAM_TLS_DESTINATION "tls.destination" +/** + * VIR_MIGRATE_PARAM_TLS_PSK_DIRECTORY: + * + * virDomainMigrate* params field: override the path of the directory containing + * the pre-shared key files. + * + * Normally the pre-shared key files on a host is stored at a specific path specified + * in the configuration file. When a user wants to use a unique or custom pre-shared key + * for migration, this parameter can be used to override the pre-shared key files' path. + * + * Since: 12.4.0 + */ +# define VIR_MIGRATE_PARAM_TLS_PSK_DIRECTORY "tls.psk_directory" + /* Domain migration. */ virDomainPtr virDomainMigrate (virDomainPtr domain, virConnectPtr dconn, unsigned long flags, const char *dname, diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index eda1f42054..8e4d415874 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -11004,7 +11004,7 @@ qemuDomainMigratePrepare2(virConnectPtr dconn, return qemuMigrationDstPrepareDirect(driver, dconn, NULL, 0, NULL, NULL, /* No cookies */ uri_in, uri_out, - &def, origname, NULL, NULL, 0, NULL, + &def, origname, NULL, NULL, 0, NULL, NULL, migParams, flags); } @@ -11055,7 +11055,7 @@ qemuDomainMigratePerform(virDomainPtr dom, */ ret = qemuMigrationSrcPerform(driver, dom->conn, vm, NULL, NULL, dconnuri, uri, NULL, NULL, NULL, NULL, NULL, 0, - NULL, + NULL, NULL, migParams, cookie, cookielen, NULL, NULL, /* No output cookies in v2 */ flags, dname, bandwidth, false); @@ -11230,7 +11230,7 @@ qemuDomainMigratePrepare3(virConnectPtr dconn, cookieout, cookieoutlen, uri_in, uri_out, &def, origname, NULL, NULL, 0, - NULL, migParams, flags); + NULL, NULL, migParams, flags); } static int @@ -11256,6 +11256,7 @@ qemuDomainMigratePrepare3Params(virConnectPtr dconn, g_autofree char *origname = NULL; g_autoptr(qemuMigrationParams) migParams = NULL; const char *nbdURI = NULL; + const char *tls_psk_directory = NULL; virCheckFlags(QEMU_MIGRATION_FLAGS, -1); if (virTypedParamsValidateTemplate(params, nparams, qemuMigrationParametersValidation) < 0) @@ -11278,7 +11279,10 @@ qemuDomainMigratePrepare3Params(virConnectPtr dconn, &nbdURI) < 0 || virTypedParamsGetInt(params, nparams, VIR_MIGRATE_PARAM_DISKS_PORT, - &nbdPort) < 0) + &nbdPort) < 0 || + virTypedParamsGetString(params, nparams, + VIR_MIGRATE_PARAM_TLS_PSK_DIRECTORY, + &tls_psk_directory) < 0) return -1; virTypedParamsGetStringList(params, nparams, VIR_MIGRATE_PARAM_MIGRATE_DISKS, @@ -11333,7 +11337,7 @@ qemuDomainMigratePrepare3Params(virConnectPtr dconn, uri_in, uri_out, &def, origname, listenAddress, migrate_disks, nbdPort, - nbdURI, migParams, flags); + nbdURI, tls_psk_directory, migParams, flags); } @@ -11461,7 +11465,7 @@ qemuDomainMigratePerform3(virDomainPtr dom, ret = qemuMigrationSrcPerform(driver, dom->conn, vm, xmlin, NULL, dconnuri, uri, NULL, NULL, NULL, NULL, NULL, 0, - NULL, migParams, + NULL, NULL, migParams, cookiein, cookieinlen, cookieout, cookieoutlen, flags, dname, bandwidth, true); @@ -11489,6 +11493,7 @@ qemuDomainMigratePerform3Params(virDomainPtr dom, const char *dname = NULL; const char *uri = NULL; const char *graphicsuri = NULL; + const char *tls_psk_directory = NULL; const char *listenAddress = NULL; g_autofree const char **migrate_disks = NULL; g_autofree const char **migrate_disks_detect_zeroes = NULL; @@ -11529,7 +11534,10 @@ qemuDomainMigratePerform3Params(virDomainPtr dom, &nbdURI) < 0 || virTypedParamsGetString(params, nparams, VIR_MIGRATE_PARAM_PERSIST_XML, - &persist_xml) < 0) + &persist_xml) < 0 || + virTypedParamsGetString(params, nparams, + VIR_MIGRATE_PARAM_TLS_PSK_DIRECTORY, + &tls_psk_directory) < 0) goto cleanup; @@ -11580,7 +11588,7 @@ qemuDomainMigratePerform3Params(virDomainPtr dom, migrate_disks, migrate_disks_detect_zeroes, migrate_disks_target_zero, - nbdPort, nbdURI, migParams, + nbdPort, nbdURI, tls_psk_directory, migParams, cookiein, cookieinlen, cookieout, cookieoutlen, flags, dname, bandwidth, true); cleanup: diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 239d547bb0..79d11732a7 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -3320,6 +3320,7 @@ qemuMigrationDstPrepareActive(virQEMUDriver *driver, const char **migrate_disks, int nbdPort, const char *nbdURI, + const char *tls_psk_directory, qemuMigrationParams *migParams, unsigned int flags) { @@ -3432,7 +3433,7 @@ qemuMigrationDstPrepareActive(virQEMUDriver *driver, if (qemuMigrationParamsEnableTLSPSK(driver, vm, true, VIR_ASYNC_JOB_MIGRATION_IN, &tlsPSKAlias, NULL, - migParams) < 0) + tls_psk_directory, migParams) < 0) goto error; break; case VIR_MIGRATE_TLS | VIR_MIGRATE_TLS_PSK: @@ -3533,6 +3534,7 @@ qemuMigrationDstPrepareFresh(virQEMUDriver *driver, const char **migrate_disks, int nbdPort, const char *nbdURI, + const char *tls_psk_directory, qemuMigrationParams *migParams, unsigned int flags) { @@ -3546,9 +3548,10 @@ qemuMigrationDstPrepareFresh(virQEMUDriver *driver, bool taint_hook = false; VIR_DEBUG("name=%s, origname=%s, protocol=%s, port=%hu, " - "listenAddress=%s, nbdPort=%d, nbdURI=%s, flags=0x%x", + "listenAddress=%s, nbdPort=%d, nbdURI=%s," + "tls_psk_directory=%s, flags=0x%x", (*def)->name, NULLSTR(origname), protocol, port, - listenAddress, nbdPort, NULLSTR(nbdURI), flags); + listenAddress, nbdPort, NULLSTR(nbdURI), NULLSTR(tls_psk_directory), flags); if (!(flags & VIR_MIGRATE_OFFLINE)) { cookieFlags = QEMU_MIGRATION_COOKIE_GRAPHICS | @@ -3641,6 +3644,7 @@ qemuMigrationDstPrepareFresh(virQEMUDriver *driver, protocol, port, listenAddress, migrate_disks, nbdPort, nbdURI, + tls_psk_directory, migParams, flags) < 0) { goto stopjob; } @@ -3806,6 +3810,7 @@ qemuMigrationDstPrepareAny(virQEMUDriver *driver, const char **migrate_disks, int nbdPort, const char *nbdURI, + const char *tls_psk_directory, qemuMigrationParams *migParams, unsigned int flags) { @@ -3867,6 +3872,7 @@ qemuMigrationDstPrepareAny(virQEMUDriver *driver, port, autoPort, listenAddress, migrate_disks, nbdPort, nbdURI, + tls_psk_directory, migParams, flags); } @@ -3903,7 +3909,7 @@ qemuMigrationDstPrepareTunnel(virQEMUDriver *driver, return qemuMigrationDstPrepareAny(driver, dconn, cookiein, cookieinlen, cookieout, cookieoutlen, def, origname, st, NULL, 0, false, NULL, NULL, 0, - NULL, migParams, flags); + NULL, NULL, migParams, flags); } @@ -3944,6 +3950,7 @@ qemuMigrationDstPrepareDirect(virQEMUDriver *driver, const char **migrate_disks, int nbdPort, const char *nbdURI, + const char *tls_psk_directory, qemuMigrationParams *migParams, unsigned int flags) { @@ -3959,12 +3966,12 @@ qemuMigrationDstPrepareDirect(virQEMUDriver *driver, "cookieout=%p, cookieoutlen=%p, uri_in=%s, uri_out=%p, " "def=%p, origname=%s, listenAddress=%s, " "migrate_disks=%p, nbdPort=%d, " - "nbdURI=%s, flags=0x%x", + "nbdURI=%s, tls_psk_directory=%s, flags=0x%x", driver, dconn, NULLSTR(cookiein), cookieinlen, cookieout, cookieoutlen, NULLSTR(uri_in), uri_out, *def, origname, NULLSTR(listenAddress), migrate_disks, nbdPort, NULLSTR(nbdURI), - flags); + NULLSTR(tls_psk_directory), flags); *uri_out = NULL; @@ -4072,7 +4079,7 @@ qemuMigrationDstPrepareDirect(virQEMUDriver *driver, NULL, uri ? uri->scheme : "tcp", port, autoPort, listenAddress, migrate_disks, nbdPort, - nbdURI, migParams, flags); + nbdURI, tls_psk_directory, migParams, flags); cleanup: if (ret != 0) { VIR_FREE(*uri_out); @@ -4993,7 +5000,8 @@ qemuMigrationSrcRun(virQEMUDriver *driver, const char **migrate_disks_detect_zeroes, const char **migrate_disks_target_zero, qemuMigrationParams *migParams, - const char *nbdURI) + const char *nbdURI, + const char *tls_psk_directory) { int ret = -1; qemuDomainObjPrivate *priv = vm->privateData; @@ -5114,7 +5122,7 @@ qemuMigrationSrcRun(virQEMUDriver *driver, if (qemuMigrationParamsEnableTLSPSK(driver, vm, false, VIR_ASYNC_JOB_MIGRATION_OUT, &tlsPSKAlias, spec->dest.host.username, - migParams) < 0) + tls_psk_directory, migParams) < 0) goto error; break; } @@ -5444,7 +5452,8 @@ qemuMigrationSrcPerformNative(virQEMUDriver *driver, const char **migrate_disks_detect_zeroes, const char **migrate_disks_target_zero, qemuMigrationParams *migParams, - const char *nbdURI) + const char *nbdURI, + const char *tls_psk_directory) { g_autoptr(virURI) uribits = NULL; int ret = -1; @@ -5521,7 +5530,7 @@ qemuMigrationSrcPerformNative(virQEMUDriver *driver, &spec, dconn, graphicsuri, migrate_disks, migrate_disks_detect_zeroes, migrate_disks_target_zero, - migParams, nbdURI); + migParams, nbdURI, tls_psk_directory); } if (spec.destType == MIGRATION_DEST_FD) @@ -5584,7 +5593,7 @@ qemuMigrationSrcPerformTunnel(virQEMUDriver *driver, ret = qemuMigrationSrcRun(driver, vm, persist_xml, cookiein, cookieinlen, cookieout, cookieoutlen, flags, bandwidth, &spec, dconn, graphicsuri, NULL, NULL, NULL, - migParams, NULL); + migParams, NULL, NULL); cleanup: VIR_FORCE_CLOSE(spec.dest.fd.qemu); @@ -5623,7 +5632,7 @@ qemuMigrationSrcPerformResume(virQEMUDriver *driver, ret = qemuMigrationSrcPerformNative(driver, vm, NULL, uri, cookiein, cookieinlen, cookieout, cookieoutlen, flags, - 0, NULL, NULL, NULL, NULL, NULL, migParams, NULL); + 0, NULL, NULL, NULL, NULL, NULL, migParams, NULL, NULL); virCloseCallbacksDomainAdd(vm, conn, qemuMigrationAnyConnectionClosed); @@ -5731,7 +5740,7 @@ qemuMigrationSrcPerformPeer2Peer2(virQEMUDriver *driver, cookie, cookielen, NULL, NULL, /* No out cookie with v2 migration */ flags, bandwidth, dconn, NULL, NULL, NULL, - NULL, migParams, NULL); + NULL, migParams, NULL, NULL); /* Perform failed. Make sure Finish doesn't overwrite the error */ if (ret < 0) @@ -5798,6 +5807,7 @@ qemuMigrationSrcPerformPeer2Peer3(virQEMUDriver *driver, const char **migrate_disks_target_zero, int nbdPort, const char *nbdURI, + const char *tls_psk_directory, qemuMigrationParams *migParams, unsigned long long bandwidth, bool useParams, @@ -5824,12 +5834,12 @@ qemuMigrationSrcPerformPeer2Peer3(virQEMUDriver *driver, "dname=%s, uri=%s, graphicsuri=%s, listenAddress=%s, " "migrate_disks=%p, migrate_disks_detect_zeroes=%p, " "migrate_disks_target_zero=%p, nbdPort=%d, nbdURI=%s, " - "bandwidth=%llu, useParams=%d, flags=0x%x", + "tls_psk_directory=%s, bandwidth=%llu, useParams=%d, flags=0x%x", driver, sconn, dconn, NULLSTR(dconnuri), vm, NULLSTR(xmlin), NULLSTR(dname), NULLSTR(uri), NULLSTR(graphicsuri), NULLSTR(listenAddress), migrate_disks, migrate_disks_detect_zeroes, migrate_disks_target_zero, nbdPort, - NULLSTR(nbdURI), bandwidth, useParams, flags); + NULLSTR(nbdURI), NULLSTR(tls_psk_directory), bandwidth, useParams, flags); /* Unlike the virDomainMigrateVersion3 counterpart, we don't need * to worry about auto-setting the VIR_MIGRATE_CHANGE_PROTECTION @@ -5919,6 +5929,12 @@ qemuMigrationSrcPerformPeer2Peer3(virQEMUDriver *driver, nbdURI) < 0) goto cleanup; + if (tls_psk_directory && + virTypedParamsAddString(¶ms, &nparams, &maxparams, + VIR_MIGRATE_PARAM_TLS_PSK_DIRECTORY, + tls_psk_directory) < 0) + goto cleanup; + if (qemuMigrationParamsDump(migParams, ¶ms, &nparams, &maxparams, &flags) < 0) goto cleanup; @@ -6022,7 +6038,7 @@ qemuMigrationSrcPerformPeer2Peer3(virQEMUDriver *driver, flags, bandwidth, dconn, graphicsuri, migrate_disks, migrate_disks_detect_zeroes, migrate_disks_target_zero, - migParams, nbdURI); + migParams, nbdURI, tls_psk_directory); } if (ret == 0) @@ -6199,6 +6215,7 @@ qemuMigrationSrcPerformPeer2Peer(virQEMUDriver *driver, const char **migrate_disks_target_zero, int nbdPort, const char *nbdURI, + const char *tls_psk_directory, qemuMigrationParams *migParams, unsigned int flags, const char *dname, @@ -6217,11 +6234,12 @@ qemuMigrationSrcPerformPeer2Peer(virQEMUDriver *driver, VIR_DEBUG("driver=%p, sconn=%p, vm=%p, xmlin=%s, dconnuri=%s, uri=%s, " "graphicsuri=%s, listenAddress=%s, " - "migrate_disks=%p, nbdPort=%d, nbdURI=%s, flags=0x%x, " - "dname=%s, bandwidth=%lu", + "migrate_disks=%p, nbdPort=%d, nbdURI=%s, tls_psk_directory=%s, " + "flags=0x%x, dname=%s, bandwidth=%lu", driver, sconn, vm, NULLSTR(xmlin), NULLSTR(dconnuri), NULLSTR(uri), NULLSTR(graphicsuri), NULLSTR(listenAddress), migrate_disks, nbdPort, NULLSTR(nbdURI), + NULLSTR(tls_psk_directory), flags, NULLSTR(dname), bandwidth); if (flags & VIR_MIGRATE_TUNNELLED && uri) { @@ -6323,7 +6341,7 @@ qemuMigrationSrcPerformPeer2Peer(virQEMUDriver *driver, persist_xml, dname, uri, graphicsuri, listenAddress, migrate_disks, migrate_disks_detect_zeroes, migrate_disks_target_zero, - nbdPort, nbdURI, migParams, bandwidth, + nbdPort, nbdURI, tls_psk_directory, migParams, bandwidth, !!useParams, flags); } else { ret = qemuMigrationSrcPerformPeer2Peer2(driver, sconn, dconn, vm, @@ -6363,6 +6381,7 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver, const char **migrate_disks_target_zero, int nbdPort, const char *nbdURI, + const char *tls_psk_directory, qemuMigrationParams *migParams, const char *cookiein, int cookieinlen, @@ -6412,7 +6431,7 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver, dconnuri, uri, graphicsuri, listenAddress, migrate_disks, migrate_disks_detect_zeroes, migrate_disks_target_zero, - nbdPort, nbdURI, + nbdPort, nbdURI, tls_psk_directory, migParams, flags, dname, bandwidth, &v3proto); } else { @@ -6422,7 +6441,7 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver, ret = qemuMigrationSrcPerformNative(driver, vm, persist_xml, uri, cookiein, cookieinlen, cookieout, cookieoutlen, flags, bandwidth, NULL, NULL, NULL, NULL, NULL, - migParams, nbdURI); + migParams, nbdURI, tls_psk_directory); } if (ret < 0) goto endjob; @@ -6497,7 +6516,8 @@ qemuMigrationSrcPerformPhase(virQEMUDriver *driver, int *cookieoutlen, unsigned int flags, unsigned long bandwidth, - const char *nbdURI) + const char *nbdURI, + const char *tls_psk_directory) { qemuDomainObjPrivate *priv = vm->privateData; qemuDomainJobPrivate *jobPriv = vm->job->privateData; @@ -6527,7 +6547,7 @@ qemuMigrationSrcPerformPhase(virQEMUDriver *driver, flags, bandwidth, NULL, graphicsuri, migrate_disks, migrate_disks_detect_zeroes, migrate_disks_target_zero, - migParams, nbdURI) < 0) + migParams, nbdURI, tls_psk_directory) < 0) goto cleanup; virCloseCallbacksDomainAdd(vm, conn, qemuMigrationAnyConnectionClosed); @@ -6573,6 +6593,7 @@ qemuMigrationSrcPerform(virQEMUDriver *driver, const char **migrate_disks_target_zero, int nbdPort, const char *nbdURI, + const char *tls_psk_directory, qemuMigrationParams *migParams, const char *cookiein, int cookieinlen, @@ -6588,12 +6609,13 @@ qemuMigrationSrcPerform(virQEMUDriver *driver, VIR_DEBUG("driver=%p, conn=%p, vm=%p, xmlin=%s, dconnuri=%s, " "uri=%s, graphicsuri=%s, listenAddress=%s, " "migrate_disks=%p, nbdPort=%d, " - "nbdURI=%s, " + "nbdURI=%s, tls_psk_directory=%s, " "cookiein=%s, cookieinlen=%d, cookieout=%p, cookieoutlen=%p, " "flags=0x%x, dname=%s, bandwidth=%lu, v3proto=%d", driver, conn, vm, NULLSTR(xmlin), NULLSTR(dconnuri), NULLSTR(uri), NULLSTR(graphicsuri), NULLSTR(listenAddress), migrate_disks, nbdPort, NULLSTR(nbdURI), + NULLSTR(tls_psk_directory), NULLSTR(cookiein), cookieinlen, cookieout, cookieoutlen, flags, NULLSTR(dname), bandwidth, v3proto); @@ -6616,7 +6638,7 @@ qemuMigrationSrcPerform(virQEMUDriver *driver, graphicsuri, listenAddress, migrate_disks, migrate_disks_detect_zeroes, migrate_disks_target_zero, - nbdPort, nbdURI, migParams, + nbdPort, nbdURI, tls_psk_directory, migParams, cookiein, cookieinlen, cookieout, cookieoutlen, flags, dname, bandwidth, v3proto); @@ -6636,14 +6658,14 @@ qemuMigrationSrcPerform(virQEMUDriver *driver, migParams, cookiein, cookieinlen, cookieout, cookieoutlen, - flags, bandwidth, nbdURI); + flags, bandwidth, nbdURI, tls_psk_directory); } return qemuMigrationSrcPerformJob(driver, conn, vm, xmlin, persist_xml, NULL, uri, graphicsuri, listenAddress, migrate_disks, migrate_disks_detect_zeroes, migrate_disks_target_zero, - nbdPort, nbdURI, migParams, + nbdPort, nbdURI, tls_psk_directory, migParams, cookiein, cookieinlen, cookieout, cookieoutlen, flags, dname, bandwidth, v3proto); diff --git a/src/qemu/qemu_migration.h b/src/qemu/qemu_migration.h index 7fbf959ee6..6154037c0d 100644 --- a/src/qemu/qemu_migration.h +++ b/src/qemu/qemu_migration.h @@ -140,6 +140,7 @@ qemuMigrationDstPrepareDirect(virQEMUDriver *driver, const char **migrate_disks, int nbdPort, const char *nbdURI, + const char *tls_psk_directory, qemuMigrationParams *migParams, unsigned int flags); @@ -158,6 +159,7 @@ qemuMigrationSrcPerform(virQEMUDriver *driver, const char **migrate_disks_target_zero, int nbdPort, const char *nbdURI, + const char *tls_psk_directory, qemuMigrationParams *migParams, const char *cookiein, int cookieinlen, diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c index 1c6ab6fc8a..d6099894c5 100644 --- a/src/qemu/qemu_migration_params.c +++ b/src/qemu/qemu_migration_params.c @@ -1258,17 +1258,13 @@ qemuMigrationParamsEnableTLSPSK(virQEMUDriver *driver, int asyncJob, char **tlsPSKAlias, const char *username, + const char *tls_psk_directory, qemuMigrationParams *migParams) { qemuDomainJobPrivate *jobPriv = vm->job->privateData; g_autoptr(virJSONValue) tlsPSKProps = NULL; g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); - - if (!cfg->migrateTLSPSKdir) { - virReportError(VIR_ERR_OPERATION_INVALID, "%s", - _("host migration TLS-PSK directory not configured")); - return -1; - } + const char *pskDirectory = qemuMigrationParamsGetTLSPSKDirectory(driver, tls_psk_directory); if (!jobPriv->migParams->params[QEMU_MIGRATION_PARAM_TLS_CREDS].set) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", @@ -1279,8 +1275,8 @@ qemuMigrationParamsEnableTLSPSK(virQEMUDriver *driver, if (!(*tlsPSKAlias = qemuAliasTLSPSKObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE))) return -1; - if (qemuDomainGetTLSPSKObjects(cfg->migrateTLSPSKdir, tlsListen, - username, *tlsPSKAlias, &tlsPSKProps) < 0) + if (qemuDomainGetTLSPSKObjects(pskDirectory, tlsListen, + username, *tlsPSKAlias, &tlsPSKProps) < 0) return -1; /* Ensure the domain doesn't already have the TLS-PSK objects defined... @@ -1847,3 +1843,32 @@ qemuMigrationParamsGetTLSHostname(qemuMigrationParams *migParams) return hostname; } + + +/** + * qemuMigrationParamsGetTLSPSKDirectory: + * @migParams: Migration params object + * @tls_psk_directory: path containing the TLS-PSK key file provided by the client + * + * Identifies the correct value of the directory that stores the pre-shared keys + * required for the TLS-based authentication based on the precedence. + */ +const char * +qemuMigrationParamsGetTLSPSKDirectory(virQEMUDriver *driver, + const char *tls_psk_directory) +{ + const char *pskDirectory = NULL; + g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); + + if (tls_psk_directory) { + pskDirectory = tls_psk_directory; + } else { + if (!cfg->migrateTLSPSKdir) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("host migration TLS-PSK directory not configured")); + return NULL; + } + pskDirectory = cfg->migrateTLSPSKdir; + } + return pskDirectory; +} diff --git a/src/qemu/qemu_migration_params.h b/src/qemu/qemu_migration_params.h index 07f5812065..eec08f3c69 100644 --- a/src/qemu/qemu_migration_params.h +++ b/src/qemu/qemu_migration_params.h @@ -130,6 +130,7 @@ qemuMigrationParamsEnableTLSPSK(virQEMUDriver *driver, int asyncJob, char **tlsPSKAlias, const char *username, + const char *tls_psk_directory, qemuMigrationParams *migParams); int @@ -199,3 +200,7 @@ qemuMigrationCapsGet(virDomainObj *vm, const char * qemuMigrationParamsGetTLSHostname(qemuMigrationParams *migParams); + +const char * +qemuMigrationParamsGetTLSPSKDirectory(virQEMUDriver *driver, + const char *tls_psk_directory); diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 286abd2f1c..c939274881 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -11667,6 +11667,13 @@ doMigrate(void *opaque) VIR_MIGRATE_PARAM_TLS_DESTINATION, opt) < 0) goto save_error; + if (vshCommandOptString(ctl, cmd, "tls-psk-directory", &opt) < 0) + goto out; + if (opt && + virTypedParamsAddString(¶ms, &nparams, &maxparams, + VIR_MIGRATE_PARAM_TLS_PSK_DIRECTORY, opt) < 0) + goto save_error; + if ((rv = vshCommandOptULongLong(ctl, cmd, "available-switchover-bandwidth", &ullOpt)) < 0) { goto out; } else if (rv > 0) { -- 2.39.3
