Re: [libvirt] [PATCH v2 00/14] Add TLS support for migration

On Thu, 2017-02-23 at 13:42 -0500, John Ferlan wrote: > v1: http://www.redhat.com/archives/libvir-list/2017-February/msg00897.html > v1 cover letter reiterated: > > Patches 1, 3 -> 9 are primarily quite a bit of code motion in order to allow > reuse of the "core" of the chardev TLS code. > > Theoretically speaking of course, these patches should work - I don't > have a TLS and migration environment to test with, so between following > the qemu command model on Daniel's blog and prior experience with the > chardev TLS would > > I added the saving of a flag to the private qemu domain state, although > I'm not 100% sure it was necessary. At one time I created the source TLS > objects during the Begin phase, but later decided to wait until just > before the migration is run. I think the main reason to have the flag > would be a restart of libvirtd to let 'something' know migration using > TLS was configured. I think it may only be "necessary" in order to > repopulate the migSecinfo after libvirtd restart, but it's not entirely > clear. By the time I started thinking more about while writing this cover > letter it was too late to just remove. > > Also rather than create the destination host TLS objects on the fly, > I modified the command line generation. That model could change to adding > the TLS objects once the destination is started and before the params are > set for the migration. > > This 'model' is also going to be used for the NBD, but I figured I'd get > this posted now since it was already too long of a series. These changes are user-visible, and should be documented in the release notes accordingly.

-- Andrea Bolognani / Red Hat / Virtualization