Re: [libvirt] [PATCH v8 09/11] qemu: Introduce qemuDomainPrepareDiskSource

[John Ferlan]

On 09/19/2017 09:48 AM, Peter Krempa wrote:
> On Thu, Sep 14, 2017 at 08:51:54 -0400, John Ferlan wrote:
>> Introduce a function to setup any TLS needs for a disk source.
>>
>> If there's a configuration or other error setting up the disk source
>> for TLS, then cause the domain startup to fail.
>>
>> For VxHS, follow the chardevTLS model where if the src->haveTLS hasn't
>> been configured, then take the system/global cfg->haveTLS setting for
>> the storage source *and* mark that we've done so via the tlsFromConfig
>> setting in storage source.
>>
>> Next, if we are using TLS, then generate an alias into a virStorageSource
>> 'tlsAlias' field that will be used to create the TLS object and added to
>> the disk object in order to link the two together for QEMU.
>>
>> Signed-off-by: John Ferlan 
>> ---
>>  src/qemu/qemu_domain.c| 71 
>> +++
>>  src/qemu/qemu_domain.h| 11 
>>  src/qemu/qemu_process.c   |  4 +++
>>  src/util/virstoragefile.c |  5 +++-
>>  src/util/virstoragefile.h |  6 
>>  5 files changed, 96 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
>> index 05f8e9488..b93b7de63 100644
>> --- a/src/qemu/qemu_domain.c
>> +++ b/src/qemu/qemu_domain.c
> 
> [...]
> 
>> +
>> +/* qemuProcessPrepareDiskSource:
>> + * @def: live domain definition
>> + * @driver: qemu driver
>> + *
>> + * Iterate through all disk devices to setup/check any that would be
>> + * using TLS.
> 
> Don't add this here. This function is generic.
> 

OK - removed completely.

Tks -

John

>> + *
>> + * Returns 0 on success, -1 on failure
>> + */
>> +int
>> +qemuDomainPrepareDiskSource(virDomainDefPtr def,
>> +virQEMUDriverConfigPtr cfg)
>> +{
>> +size_t i;
>> +
>> +for (i = 0; i < def->ndisks; i++) {
>> +if (qemuDomainPrepareDiskSourceTLS(def->disks[i]->src,
>> +   def->disks[i]->info.alias,
>> +   cfg) < 0)
>> +return -1;
>> +}
>> +
>> +return 0;
>> +}
>> +
>>  
>>  int
>>  qemuDomainPrepareShmemChardev(virDomainShmemDefPtr shmem)
> 
> ACK
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v8 09/11] qemu: Introduce qemuDomainPrepareDiskSource

[Peter Krempa]

On Thu, Sep 14, 2017 at 08:51:54 -0400, John Ferlan wrote:
> Introduce a function to setup any TLS needs for a disk source.
> 
> If there's a configuration or other error setting up the disk source
> for TLS, then cause the domain startup to fail.
> 
> For VxHS, follow the chardevTLS model where if the src->haveTLS hasn't
> been configured, then take the system/global cfg->haveTLS setting for
> the storage source *and* mark that we've done so via the tlsFromConfig
> setting in storage source.
> 
> Next, if we are using TLS, then generate an alias into a virStorageSource
> 'tlsAlias' field that will be used to create the TLS object and added to
> the disk object in order to link the two together for QEMU.
> 
> Signed-off-by: John Ferlan 
> ---
>  src/qemu/qemu_domain.c| 71 
> +++
>  src/qemu/qemu_domain.h| 11 
>  src/qemu/qemu_process.c   |  4 +++
>  src/util/virstoragefile.c |  5 +++-
>  src/util/virstoragefile.h |  6 
>  5 files changed, 96 insertions(+), 1 deletion(-)
> 
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index 05f8e9488..b93b7de63 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c

[...]

> +
> +/* qemuProcessPrepareDiskSource:
> + * @def: live domain definition
> + * @driver: qemu driver
> + *
> + * Iterate through all disk devices to setup/check any that would be
> + * using TLS.

Don't add this here. This function is generic.

> + *
> + * Returns 0 on success, -1 on failure
> + */
> +int
> +qemuDomainPrepareDiskSource(virDomainDefPtr def,
> +virQEMUDriverConfigPtr cfg)
> +{
> +size_t i;
> +
> +for (i = 0; i < def->ndisks; i++) {
> +if (qemuDomainPrepareDiskSourceTLS(def->disks[i]->src,
> +   def->disks[i]->info.alias,
> +   cfg) < 0)
> +return -1;
> +}
> +
> +return 0;
> +}
> +
>  
>  int
>  qemuDomainPrepareShmemChardev(virDomainShmemDefPtr shmem)

ACK


signature.asc
Description: PGP signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v8 09/11] qemu: Introduce qemuDomainPrepareDiskSource

[John Ferlan]

Introduce a function to setup any TLS needs for a disk source.

If there's a configuration or other error setting up the disk source
for TLS, then cause the domain startup to fail.

For VxHS, follow the chardevTLS model where if the src->haveTLS hasn't
been configured, then take the system/global cfg->haveTLS setting for
the storage source *and* mark that we've done so via the tlsFromConfig
setting in storage source.

Next, if we are using TLS, then generate an alias into a virStorageSource
'tlsAlias' field that will be used to create the TLS object and added to
the disk object in order to link the two together for QEMU.

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_domain.c| 71 +++
 src/qemu/qemu_domain.h| 11 
 src/qemu/qemu_process.c   |  4 +++
 src/util/virstoragefile.c |  5 +++-
 src/util/virstoragefile.h |  6 
 5 files changed, 96 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 05f8e9488..b93b7de63 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -7550,6 +7550,77 @@ qemuDomainPrepareChardevSource(virDomainDefPtr def,
 }
 
 
+/* qemuProcessPrepareDiskSourceTLS:
+ * @source: pointer to host interface data for disk device
+ * @diskAlias: alias use for the disk device
+ * @cfg: driver configuration
+ *
+ * Updates host interface TLS encryption setting based on qemu.conf
+ * for disk devices.  This will be presented as "tls='yes|no'" in
+ * live XML of a guest.
+ *
+ * Returns 0 on success, -1 on bad config/failure
+ */
+int
+qemuDomainPrepareDiskSourceTLS(virStorageSourcePtr src,
+   const char *diskAlias,
+   virQEMUDriverConfigPtr cfg)
+{
+
+/* VxHS doesn't utilize a password protected server certificate,
+ * so no need to add a secinfo for a secret UUID. */
+if (src->type == VIR_STORAGE_TYPE_NETWORK &&
+src->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS) {
+
+if (src->haveTLS == VIR_TRISTATE_BOOL_ABSENT) {
+if (cfg->vxhsTLS)
+src->haveTLS = VIR_TRISTATE_BOOL_YES;
+else
+src->haveTLS = VIR_TRISTATE_BOOL_NO;
+src->tlsFromConfig = true;
+}
+
+if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
+if (!diskAlias) {
+virReportError(VIR_ERR_INVALID_ARG, "%s",
+   _("disk does not have an alias"));
+return -1;
+}
+
+if (!(src->tlsAlias = qemuAliasTLSObjFromSrcAlias(diskAlias)))
+return -1;
+}
+}
+
+return 0;
+}
+
+
+/* qemuProcessPrepareDiskSource:
+ * @def: live domain definition
+ * @driver: qemu driver
+ *
+ * Iterate through all disk devices to setup/check any that would be
+ * using TLS.
+ *
+ * Returns 0 on success, -1 on failure
+ */
+int
+qemuDomainPrepareDiskSource(virDomainDefPtr def,
+virQEMUDriverConfigPtr cfg)
+{
+size_t i;
+
+for (i = 0; i < def->ndisks; i++) {
+if (qemuDomainPrepareDiskSourceTLS(def->disks[i]->src,
+   def->disks[i]->info.alias,
+   cfg) < 0)
+return -1;
+}
+
+return 0;
+}
+
 
 int
 qemuDomainPrepareShmemChardev(virDomainShmemDefPtr shmem)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index b291dc308..93db23c2b 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -864,6 +864,17 @@ void qemuDomainPrepareChardevSource(virDomainDefPtr def,
 virQEMUDriverConfigPtr cfg)
 ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
 
+int
+qemuDomainPrepareDiskSourceTLS(virStorageSourcePtr src,
+   const char *diskAlias,
+   virQEMUDriverConfigPtr cfg)
+ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3);
+
+int
+qemuDomainPrepareDiskSource(virDomainDefPtr def,
+virQEMUDriverConfigPtr cfg)
+ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
+
 int qemuDomainPrepareShmemChardev(virDomainShmemDefPtr shmem)
 ATTRIBUTE_NONNULL(1);
 
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 099a770e9..f0691ece6 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -5351,6 +5351,10 @@ qemuProcessPrepareDomain(virConnectPtr conn,
 if (qemuDomainMasterKeyCreate(vm) < 0)
 goto cleanup;
 
+VIR_DEBUG("Prepare disk source backends for TLS");
+if (qemuDomainPrepareDiskSource(vm->def, cfg) < 0)
+goto cleanup;
+
 VIR_DEBUG("Prepare chardev source backends for TLS");
 qemuDomainPrepareChardevSource(vm->def, cfg);
 
diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
index 35f468e35..9cd648d36 100644
--- a/src/util/virstoragefile.c
+++ b/src/util/virstoragefile.c
@@ -2054,7 +2054,8 @@ virStorageSourceCopy(const