Re: [libvirt] [PATCH v8 09/11] qemu: Introduce qemuDomainPrepareDiskSource
On 09/19/2017 09:48 AM, Peter Krempa wrote: > On Thu, Sep 14, 2017 at 08:51:54 -0400, John Ferlan wrote: >> Introduce a function to setup any TLS needs for a disk source. >> >> If there's a configuration or other error setting up the disk source >> for TLS, then cause the domain startup to fail. >> >> For VxHS, follow the chardevTLS model where if the src->haveTLS hasn't >> been configured, then take the system/global cfg->haveTLS setting for >> the storage source *and* mark that we've done so via the tlsFromConfig >> setting in storage source. >> >> Next, if we are using TLS, then generate an alias into a virStorageSource >> 'tlsAlias' field that will be used to create the TLS object and added to >> the disk object in order to link the two together for QEMU. >> >> Signed-off-by: John Ferlan>> --- >> src/qemu/qemu_domain.c| 71 >> +++ >> src/qemu/qemu_domain.h| 11 >> src/qemu/qemu_process.c | 4 +++ >> src/util/virstoragefile.c | 5 +++- >> src/util/virstoragefile.h | 6 >> 5 files changed, 96 insertions(+), 1 deletion(-) >> >> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c >> index 05f8e9488..b93b7de63 100644 >> --- a/src/qemu/qemu_domain.c >> +++ b/src/qemu/qemu_domain.c > > [...] > >> + >> +/* qemuProcessPrepareDiskSource: >> + * @def: live domain definition >> + * @driver: qemu driver >> + * >> + * Iterate through all disk devices to setup/check any that would be >> + * using TLS. > > Don't add this here. This function is generic. > OK - removed completely. Tks - John >> + * >> + * Returns 0 on success, -1 on failure >> + */ >> +int >> +qemuDomainPrepareDiskSource(virDomainDefPtr def, >> +virQEMUDriverConfigPtr cfg) >> +{ >> +size_t i; >> + >> +for (i = 0; i < def->ndisks; i++) { >> +if (qemuDomainPrepareDiskSourceTLS(def->disks[i]->src, >> + def->disks[i]->info.alias, >> + cfg) < 0) >> +return -1; >> +} >> + >> +return 0; >> +} >> + >> >> int >> qemuDomainPrepareShmemChardev(virDomainShmemDefPtr shmem) > > ACK > -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v8 09/11] qemu: Introduce qemuDomainPrepareDiskSource
On Thu, Sep 14, 2017 at 08:51:54 -0400, John Ferlan wrote: > Introduce a function to setup any TLS needs for a disk source. > > If there's a configuration or other error setting up the disk source > for TLS, then cause the domain startup to fail. > > For VxHS, follow the chardevTLS model where if the src->haveTLS hasn't > been configured, then take the system/global cfg->haveTLS setting for > the storage source *and* mark that we've done so via the tlsFromConfig > setting in storage source. > > Next, if we are using TLS, then generate an alias into a virStorageSource > 'tlsAlias' field that will be used to create the TLS object and added to > the disk object in order to link the two together for QEMU. > > Signed-off-by: John Ferlan> --- > src/qemu/qemu_domain.c| 71 > +++ > src/qemu/qemu_domain.h| 11 > src/qemu/qemu_process.c | 4 +++ > src/util/virstoragefile.c | 5 +++- > src/util/virstoragefile.h | 6 > 5 files changed, 96 insertions(+), 1 deletion(-) > > diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c > index 05f8e9488..b93b7de63 100644 > --- a/src/qemu/qemu_domain.c > +++ b/src/qemu/qemu_domain.c [...] > + > +/* qemuProcessPrepareDiskSource: > + * @def: live domain definition > + * @driver: qemu driver > + * > + * Iterate through all disk devices to setup/check any that would be > + * using TLS. Don't add this here. This function is generic. > + * > + * Returns 0 on success, -1 on failure > + */ > +int > +qemuDomainPrepareDiskSource(virDomainDefPtr def, > +virQEMUDriverConfigPtr cfg) > +{ > +size_t i; > + > +for (i = 0; i < def->ndisks; i++) { > +if (qemuDomainPrepareDiskSourceTLS(def->disks[i]->src, > + def->disks[i]->info.alias, > + cfg) < 0) > +return -1; > +} > + > +return 0; > +} > + > > int > qemuDomainPrepareShmemChardev(virDomainShmemDefPtr shmem) ACK signature.asc Description: PGP signature -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH v8 09/11] qemu: Introduce qemuDomainPrepareDiskSource
Introduce a function to setup any TLS needs for a disk source. If there's a configuration or other error setting up the disk source for TLS, then cause the domain startup to fail. For VxHS, follow the chardevTLS model where if the src->haveTLS hasn't been configured, then take the system/global cfg->haveTLS setting for the storage source *and* mark that we've done so via the tlsFromConfig setting in storage source. Next, if we are using TLS, then generate an alias into a virStorageSource 'tlsAlias' field that will be used to create the TLS object and added to the disk object in order to link the two together for QEMU. Signed-off-by: John Ferlan--- src/qemu/qemu_domain.c| 71 +++ src/qemu/qemu_domain.h| 11 src/qemu/qemu_process.c | 4 +++ src/util/virstoragefile.c | 5 +++- src/util/virstoragefile.h | 6 5 files changed, 96 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 05f8e9488..b93b7de63 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -7550,6 +7550,77 @@ qemuDomainPrepareChardevSource(virDomainDefPtr def, } +/* qemuProcessPrepareDiskSourceTLS: + * @source: pointer to host interface data for disk device + * @diskAlias: alias use for the disk device + * @cfg: driver configuration + * + * Updates host interface TLS encryption setting based on qemu.conf + * for disk devices. This will be presented as "tls='yes|no'" in + * live XML of a guest. + * + * Returns 0 on success, -1 on bad config/failure + */ +int +qemuDomainPrepareDiskSourceTLS(virStorageSourcePtr src, + const char *diskAlias, + virQEMUDriverConfigPtr cfg) +{ + +/* VxHS doesn't utilize a password protected server certificate, + * so no need to add a secinfo for a secret UUID. */ +if (src->type == VIR_STORAGE_TYPE_NETWORK && +src->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS) { + +if (src->haveTLS == VIR_TRISTATE_BOOL_ABSENT) { +if (cfg->vxhsTLS) +src->haveTLS = VIR_TRISTATE_BOOL_YES; +else +src->haveTLS = VIR_TRISTATE_BOOL_NO; +src->tlsFromConfig = true; +} + +if (src->haveTLS == VIR_TRISTATE_BOOL_YES) { +if (!diskAlias) { +virReportError(VIR_ERR_INVALID_ARG, "%s", + _("disk does not have an alias")); +return -1; +} + +if (!(src->tlsAlias = qemuAliasTLSObjFromSrcAlias(diskAlias))) +return -1; +} +} + +return 0; +} + + +/* qemuProcessPrepareDiskSource: + * @def: live domain definition + * @driver: qemu driver + * + * Iterate through all disk devices to setup/check any that would be + * using TLS. + * + * Returns 0 on success, -1 on failure + */ +int +qemuDomainPrepareDiskSource(virDomainDefPtr def, +virQEMUDriverConfigPtr cfg) +{ +size_t i; + +for (i = 0; i < def->ndisks; i++) { +if (qemuDomainPrepareDiskSourceTLS(def->disks[i]->src, + def->disks[i]->info.alias, + cfg) < 0) +return -1; +} + +return 0; +} + int qemuDomainPrepareShmemChardev(virDomainShmemDefPtr shmem) diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index b291dc308..93db23c2b 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -864,6 +864,17 @@ void qemuDomainPrepareChardevSource(virDomainDefPtr def, virQEMUDriverConfigPtr cfg) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); +int +qemuDomainPrepareDiskSourceTLS(virStorageSourcePtr src, + const char *diskAlias, + virQEMUDriverConfigPtr cfg) +ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3); + +int +qemuDomainPrepareDiskSource(virDomainDefPtr def, +virQEMUDriverConfigPtr cfg) +ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); + int qemuDomainPrepareShmemChardev(virDomainShmemDefPtr shmem) ATTRIBUTE_NONNULL(1); diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 099a770e9..f0691ece6 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -5351,6 +5351,10 @@ qemuProcessPrepareDomain(virConnectPtr conn, if (qemuDomainMasterKeyCreate(vm) < 0) goto cleanup; +VIR_DEBUG("Prepare disk source backends for TLS"); +if (qemuDomainPrepareDiskSource(vm->def, cfg) < 0) +goto cleanup; + VIR_DEBUG("Prepare chardev source backends for TLS"); qemuDomainPrepareChardevSource(vm->def, cfg); diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index 35f468e35..9cd648d36 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2054,7 +2054,8 @@ virStorageSourceCopy(const