9:41 a.m.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/qemu/qemu_migration.c | 31 ++++++++++++-------------------
src/qemu/qemu_migration_params.c | 9 +++++++--
src/qemu/qemu_migration_params.h | 1 +
3 files changed, 20 insertions(+), 21 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 9a9a881f9b..c2cd937743 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -2454,13 +2454,9 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
cfg = virQEMUDriverGetConfig(driver);
if (qemuMigrationParamsEnableTLS(driver, vm, cfg, true,
QEMU_ASYNC_JOB_MIGRATION_IN,
- &tlsAlias, &secAlias, migParams) <
0)
+ &tlsAlias, &secAlias, NULL,
+ migParams) < 0)
goto stopjob;
-
- /* Force reset of 'tls-hostname', it's a source only parameter */
- if (VIR_STRDUP(migParams->params.tlsHostname, "") < 0)
- goto stopjob;
-
} else {
if (qemuMigrationParamsDisableTLS(vm, migParams) < 0)
goto stopjob;
@@ -3406,23 +3402,20 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
VIR_WARN("unable to provide data for graphics client relocation");
if (flags & VIR_MIGRATE_TLS) {
- cfg = virQEMUDriverGetConfig(driver);
- if (qemuMigrationParamsEnableTLS(driver, vm, cfg, false,
- QEMU_ASYNC_JOB_MIGRATION_OUT,
- &tlsAlias, &secAlias, migParams) <
0)
- goto error;
+ const char *hostname = NULL;
/* We need to add tls-hostname whenever QEMU itself does not
* connect directly to the destination. */
if (spec->destType == MIGRATION_DEST_CONNECT_HOST ||
- spec->destType == MIGRATION_DEST_FD) {
- if (VIR_STRDUP(migParams->params.tlsHostname, spec->dest.host.name)
< 0)
- goto error;
- } else {
- /* Be sure there's nothing from a previous migration */
- if (VIR_STRDUP(migParams->params.tlsHostname, "") < 0)
- goto error;
- }
+ spec->destType == MIGRATION_DEST_FD)
+ hostname = spec->dest.host.name;
+
+ cfg = virQEMUDriverGetConfig(driver);
+ if (qemuMigrationParamsEnableTLS(driver, vm, cfg, false,
+ QEMU_ASYNC_JOB_MIGRATION_OUT,
+ &tlsAlias, &secAlias, hostname,
+ migParams) < 0)
+ goto error;
} else {
if (qemuMigrationParamsDisableTLS(vm, migParams) < 0)
goto error;
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index bb3bbc30f3..476687aae2 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -141,9 +141,12 @@ qemuMigrationParamsSet(virQEMUDriverPtr driver,
* @asyncJob: Migration job to join
* @tlsAlias: alias to be generated for TLS object
* @secAlias: alias to be generated for a secinfo object
+ * @hostname: hostname of the migration destination
* @migParams: migration parameters to set
*
- * Create the TLS objects for the migration and set the migParams value
+ * Create the TLS objects for the migration and set the migParams value.
+ * If QEMU itself does not connect to the destination @hostname must be
+ * provided for certificate verification.
*
* Returns 0 on success, -1 on failure
*/
@@ -155,6 +158,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
int asyncJob,
char **tlsAlias,
char **secAlias,
+ const char *hostname,
qemuMigrationParamsPtr migParams)
{
qemuDomainObjPrivatePtr priv = vm->privateData;
@@ -198,7 +202,8 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
*tlsAlias, &tlsProps) < 0)
goto error;
- if (VIR_STRDUP(migParams->params.tlsCreds, *tlsAlias) < 0)
+ if (VIR_STRDUP(migParams->params.tlsCreds, *tlsAlias) < 0 ||
+ VIR_STRDUP(migParams->params.tlsHostname, hostname ? hostname : "")
< 0)
goto error;
return 0;
diff --git a/src/qemu/qemu_migration_params.h b/src/qemu/qemu_migration_params.h
index 6f3fb67949..6535c3af47 100644
--- a/src/qemu/qemu_migration_params.h
+++ b/src/qemu/qemu_migration_params.h
@@ -79,6 +79,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
int asyncJob,
char **tlsAlias,
char **secAlias,
+ const char *hostname,
qemuMigrationParamsPtr migParams);
int
--
2.17.0