On 7/2/20 9:39 AM, Peter Krempa wrote:
Add infrastructure for hot- and cold-plug of the secret object holding
decryption key for the TLS key.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_block.c | 12
src/qemu/qemu_block.h | 2 ++
src/qemu/qemu_command.c | 11 ++-
On 7/2/20 9:39 AM, Peter Krempa wrote:
Store the required data in the private data of a storage source and
ensure that the 'alias' of the secret is formatted in the status XML.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_domain.c| 10 +-
src/qemu/qemu_domain.h
On 7/2/20 9:39 AM, Peter Krempa wrote:
Setup the TLS secret when preparing a virStorageSource for use.
https://bugzilla.redhat.com/show_bug.cgi?id=1602328
Signed-off-by: Peter Krempa
---
src/qemu/qemu_domain.c | 44 +-
1 file changed, 31 insertions(+)
On 7/2/20 9:39 AM, Peter Krempa wrote:
Until now libvirt didn't allow using encrypted TLS key for disk clients.
Add fields for configuring the secret and propagate defaults.
Signed-off-by: Peter Krempa
---
src/qemu/libvirtd_qemu.aug | 2 ++
src/qemu/qemu.conf | 19 +
On 7/2/20 9:39 AM, Peter Krempa wrote:
The '*_tls_x509_verify' options are relevant only when we are going to
expose a server socket as client sockets always enable verification.
Split up the macro to separate the common bits from the server bits so
that when we'll later extend support of 'nbd'
On 7/2/20 9:39 AM, Peter Krempa wrote:
Add a dummy secret so that we see what command line is generated.
Signed-off-by: Peter Krempa
---
.../disk-network-tlsx509.x86_64-2.12.0.args| 15 ---
.../disk-network-tlsx509.x86_64-latest.args| 18 +++---
tests/qemuxml
On 7/2/20 9:39 AM, Peter Krempa wrote:
Users may want to use this to create a full backup or even incremental
if the checkpoints are pre existing. We still will not allow to create a
pre-existing
checkpoint on a read-only disk as that makes no sense.
https://bugzilla.redhat.com/show_bug.cgi?
On 7/2/20 9:39 AM, Peter Krempa wrote:
Switch to the new format for easier extension.
Signed-off-by: Peter Krempa
---
docs/formatbackup.html.in | 191 --
docs/formatbackup.rst | 149 +
2 files changed, 149 insertions(+), 19
On 7/2/20 9:40 AM, Peter Krempa wrote:
The semantics of the backup operation don't strictly require that all
disks being backed up are part of the same incremental part (when a disk
was checkpointed/backed up separately or in a different VM), or even
they may not have an previous checkpoint at al
On 7/2/20 9:40 AM, Peter Krempa wrote:
Merge the bitmaps when finalizing a block pull job so that backups work
properly afterwards.
https://bugzilla.redhat.com/show_bug.cgi?id=1799010
Signed-off-by: Peter Krempa
---
src/qemu/qemu_blockjob.c | 37 +
1 file
On 7/2/20 9:40 AM, Peter Krempa wrote:
Switch to the new format for easier extension.
Signed-off-by: Peter Krempa
---
docs/formatcheckpoint.html.in | 198 --
docs/formatcheckpoint.rst | 162
2 files changed, 162 insertions(+),
On 7/2/20 9:40 AM, Peter Krempa wrote:
Avoid printing '0' size in case when we weren't able to determine the
backup size by adding a flag whether the size is valid and interlock
printing of the field according to the flag.
Signed-off-by: Peter Krempa
---
src/conf/checkpoint_conf.c
On 7/2/20 9:40 AM, Peter Krempa wrote:
Introduce code which merges the appropriate bitmaps and queries the
final size of the backup, so that we can print the XML with size
information.
Signed-off-by: Peter Krempa
---
src/qemu/qemu_checkpoint.c | 143 -
1 f
On 7/2/20 9:40 AM, Peter Krempa wrote:
There are few internal fields of the backup XML. Propagate the
'internal' flag so that the test can verify the XML infrastructure.
Signed-off-by: Peter Krempa
---
tests/genericxml2xmltest.c | 30 --
1 file changed, 24 inserti
On 7/2/20 9:40 AM, Peter Krempa wrote:
Data is valid only when queried as guest writes may increase the backup
size.
Signed-off-by: Peter Krempa
---
docs/formatcheckpoint.rst | 4
src/libvirt-domain-checkpoint.c | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
Reviewed
On 7/2/20 9:40 AM, Peter Krempa wrote:
Add fields for storing the aliases necessary to clean up the TLS env for
a backup job after it finishes.
Signed-off-by: Peter Krempa
---
+++ b/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml
@@ -0,0 +1,36 @@
+
+ 1525889631
+
Are you al
On 7/2/20 9:40 AM, Peter Krempa wrote:
TLS is required to transport backed-up data securely when using
pull-mode backups.
Signed-off-by: Peter Krempa
---
docs/formatbackup.rst | 4
src/qemu/libvirtd_qemu.aug | 5
src/qemu/qemu.conf | 37 +
On 7/2/20 9:40 AM, Peter Krempa wrote:
Allow enabling TLS for the NBD server used to do pull-mode backups. Note
that documentation already mentions 'tls', so this just implements the
schema and XML bits.
Signed-off-by: Peter Krempa
---
+++ b/tests/domainbackupxml2xmlin/backup-pull-encrypted.
On 7/2/20 9:40 AM, Peter Krempa wrote:
Use the configured TLS env to setup encryption of the TLS transport.
https://bugzilla.redhat.com/show_bug.cgi?id=1822631
Signed-off-by: Peter Krempa
---
src/qemu/qemu_backup.c | 80 +++---
1 file changed, 76 insertio
101 - 119 of 119 matches
Mail list logo
