Re: [libvirt] [PATCH 02/13] conf: Introduce migrate_tls_x509_cert_dir

>>> The problem is chardevs and migration are quite different. While you can >>> easily have a default configuration for chardevs and use tls="yes|no" to >>> override it (no tls attribute will just tell libvirt to use the >>> default), it's not really possible with migration API. API flags have >>> not two states (in contrast to three-state boolean attributes in XML). >>> Setting VIR_MIGRATE_TLS flag turns TLS on and using the flag turns TLS >>> off. That is the default value is not used anywhere. If VIR_MIGRATE_TLS >>> flag is used, the code checks migrate_tls is 1. Which translates to >>> "yes, I configured TLS for migration" semantics of the configuration >>> option. >>> >>> In other words, it makes sense to have the configuration option for >>> devices defined in the XML, but using it for migration doesn't make any >>> sense. This would of course mean its parsing would need to be moved out >>> of the macro introduced in 1/13 and used for chardevs only. >>> >>> Jirka >>> >> >> So I've circled back around to this... It seems like you're advocating >> the removal of the VIR_MIGRATE_TLS flag - which is fine. The only > > No. We definitely need VIR_MIGRATE_TLS. I'm advocating the removal of > the migrate_tls configuration option. > > Jirka > For me it's a consistency thing - whenever TLS is used elsewhere in the code the qemu.conf variables are referenced.

Now for migration we're going to assume the configuration is set up and can be used.

I can drop the migrate_tls variable, the others would seem to be needed though. That just means the first patch is dropped and the second one removes the migrate_tls, but keeps certDir, verify, and secret uuid.