From: Ashish Mittal
Add an optional virTristateBool haveTLS to virStorageSource to
manage whether a storage source will be using TLS.
Sample XML for a VxHS disk:
Additionally add a tlsFromConfig boolean to control whether the TLS
setting was due to domain configuration or qemu.conf global setting
in order to decide whether to Format the haveTLS setting for either
a live or saved domain configuration file.
Update the qemuxml2xmltest in order to add a test to show the proper
parsing.
Also update the docs to describe the tls attribute plus clean up the
description in the surrounding area to make the information a bit more
readable rather than one winding paragraph.
Signed-off-by: Ashish Mittal
Signed-off-by: John Ferlan
---
docs/formatdomain.html.in | 40 --
docs/schemas/domaincommon.rng | 5 +++
src/conf/domain_conf.c | 28 +--
src/util/virstoragefile.c | 2 ++
src/util/virstoragefile.h | 7
...emuxml2argv-disk-drive-network-tlsx509-vxhs.xml | 32 +
...uxml2xmlout-disk-drive-network-tlsx509-vxhs.xml | 34 ++
tests/qemuxml2xmltest.c| 1 +
8 files changed, 137 insertions(+), 12 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.xml
create mode 100644
tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-tlsx509-vxhs.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 4464c..26c00674a 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -2520,19 +2520,39 @@
The protocol attribute specifies the protocol to
access to the requested image. Possible values are "nbd",
- "iscsi", "rbd", "sheepdog", "gluster" or "vxhs". If the
- protocol attribute is "rbd", "sheepdog", "gluster"
- or "vxhs", an additional attribute name is
- mandatory to specify which volume/image will be used. For "nbd",
- the name attribute is optional. For "iscsi"
- (since 1.0.4), the name
- attribute may include a logical unit number, separated from the
- target's name by a slash (e.g.,
+ "iscsi", "rbd", "sheepdog", "gluster" or "vxhs".
+
+ If the protocol attribute is "rbd", "sheepdog",
+ "gluster", or "vxhs", an additional attribute name
+ is mandatory to specify which volume/image will be used.
+
+
+ For "nbd", the name attribute is optional.
+
+
+ For "iscsi" (since 1.0.4), the
+ name attribute may include a logical unit number,
+ separated from the target's name by a slash (e.g.,
iqn.2013-07.com.example:iscsi-pool/1). If not
specified, the default LUN is zero.
- For "vxhs" (since 3.8.0), the
+
+
+ For "vxhs" (since 3.8.0), the
name is the UUID of the volume, assigned by the
- HyperScale server.
+ HyperScale server. Additionally, an optional attribute
+ tls (QEMU only) can be used to control whether a
+ VxHS block device would utilize a hypervisor configured TLS
+ X.509 certificate environment in order to encrypt the data
+ channel. For the QEMU hypervisor, usage of a TLS environment can
+ also be globally controlled on the host by the
+ vxhs_tls and vxhs_tls_x509_cert_dir or
+ default_tls_x509_cert_dir settings in the file
+ /etc/libvirt/qemu.conf. If vxhs_tls is enabled,
+ then unless the domain tls attribute is set to "no",
+ libvirt will use the host configured TLS environment. If the
+ tls attribute is set to "yes", then regardless of
+ the qemu.conf setting, TLS authentication will be attempted.
+
Since 0.8.7
volume
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 76852abb3..bac371ea3 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1644,6 +1644,11 @@
+
+
+
+
+
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index a43b25c31..3684454e8 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -8114,6 +8114,7 @@ virDomainDiskSourceParse(xmlNodePtr node,
int ret = -1;
char *protocol = NULL;
xmlNodePtr saveNode = ctxt->node;
+char *haveTLS = NULL;
ctxt->node = node;
@@ -8147,6 +8148,19 @@