Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-24 Thread Jiri Denemark
On Thu, Feb 23, 2017 at 12:19:46 -0500, John Ferlan wrote: > >>> The problem is chardevs and migration are quite different. While you can > >>> easily have a default configuration for chardevs and use tls="yes|no" to > >>> override it (no tls attribute will just tell libvirt to use the > >>>

Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-23 Thread John Ferlan
On 02/23/2017 09:19 AM, Jiri Denemark wrote: > On Thu, Feb 23, 2017 at 08:10:18 -0500, John Ferlan wrote: >> >> >> On 02/21/2017 06:43 AM, Jiri Denemark wrote: >>> On Mon, Feb 20, 2017 at 14:28:42 -0500, John Ferlan wrote: On 02/20/2017 11:03 AM, Jiri Denemark wrote: > On Fri, Feb 17,

Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-23 Thread Jiri Denemark
On Thu, Feb 23, 2017 at 08:10:18 -0500, John Ferlan wrote: > > > On 02/21/2017 06:43 AM, Jiri Denemark wrote: > > On Mon, Feb 20, 2017 at 14:28:42 -0500, John Ferlan wrote: > >> On 02/20/2017 11:03 AM, Jiri Denemark wrote: > >>> On Fri, Feb 17, 2017 at 14:39:19 -0500, John Ferlan wrote: >

Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-23 Thread John Ferlan
On 02/21/2017 06:43 AM, Jiri Denemark wrote: > On Mon, Feb 20, 2017 at 14:28:42 -0500, John Ferlan wrote: >> On 02/20/2017 11:03 AM, Jiri Denemark wrote: >>> On Fri, Feb 17, 2017 at 14:39:19 -0500, John Ferlan wrote: +# Enable use of TLS encryption for migration +# +# It is

Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-21 Thread Jiri Denemark
On Mon, Feb 20, 2017 at 14:28:42 -0500, John Ferlan wrote: > On 02/20/2017 11:03 AM, Jiri Denemark wrote: > > On Fri, Feb 17, 2017 at 14:39:19 -0500, John Ferlan wrote: > >> +# Enable use of TLS encryption for migration > >> +# > >> +# It is necessary to setup CA and issue a server certificate >

Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-20 Thread John Ferlan
On 02/20/2017 11:03 AM, Jiri Denemark wrote: > On Fri, Feb 17, 2017 at 14:39:19 -0500, John Ferlan wrote: >> Add a new TLS X.509 certificate type - "migrate". This will handle the >> creation of a TLS certificate capability (and possibly repository) to >> be used for migrations. Similar to

Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-20 Thread Jiri Denemark
On Fri, Feb 17, 2017 at 14:39:19 -0500, John Ferlan wrote: > Add a new TLS X.509 certificate type - "migrate". This will handle the > creation of a TLS certificate capability (and possibly repository) to > be used for migrations. Similar to chardev's, credentials will be handled > via a libvirt

Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-20 Thread Daniel P. Berrange
On Mon, Feb 20, 2017 at 03:30:26PM +, Daniel P. Berrange wrote: > On Mon, Feb 20, 2017 at 10:26:16AM -0500, John Ferlan wrote: > > > > > > On 02/20/2017 10:13 AM, Jiri Denemark wrote: > > > On Fri, Feb 17, 2017 at 14:39:19 -0500, John Ferlan wrote: > > >> Add a new TLS X.509 certificate type

Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-20 Thread Daniel P. Berrange
On Mon, Feb 20, 2017 at 10:26:16AM -0500, John Ferlan wrote: > > > On 02/20/2017 10:13 AM, Jiri Denemark wrote: > > On Fri, Feb 17, 2017 at 14:39:19 -0500, John Ferlan wrote: > >> Add a new TLS X.509 certificate type - "migrate". This will handle the > >> creation of a TLS certificate capability

Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-20 Thread John Ferlan
On 02/20/2017 10:13 AM, Jiri Denemark wrote: > On Fri, Feb 17, 2017 at 14:39:19 -0500, John Ferlan wrote: >> Add a new TLS X.509 certificate type - "migrate". This will handle the >> creation of a TLS certificate capability (and possibly repository) to >> be used for migrations. Similar to

Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-20 Thread Jiri Denemark
On Fri, Feb 17, 2017 at 14:39:19 -0500, John Ferlan wrote: > Add a new TLS X.509 certificate type - "migrate". This will handle the > creation of a TLS certificate capability (and possibly repository) to > be used for migrations. Similar to chardev's, credentials will be handled > via a libvirt

[libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

2017-02-17 Thread John Ferlan
Add a new TLS X.509 certificate type - "migrate". This will handle the creation of a TLS certificate capability (and possibly repository) to be used for migrations. Similar to chardev's, credentials will be handled via a libvirt secrets. Signed-off-by: John Ferlan ---