6:25 a.m.
The NBD connection for non-shared storage migration can have the same
issue regarding TLS certificate name match as the migration connection
itself.
Propagate the configured name also for the NBD connections.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1901448
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu_migration.c | 21 +++++++++++++++++----
src/qemu/qemu_migration_params.c | 17 +++++++++++++++++
src/qemu/qemu_migration_params.h | 3 +++
3 files changed, 37 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 42fc5c5d62..3650de3de8 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -883,7 +883,8 @@ qemuMigrationSrcNBDStorageCopyBlockdevPrepareSource(virDomainDiskDef
*disk,
const char *host,
int port,
const char *socket,
- const char *tlsAlias)
+ const char *tlsAlias,
+ const char *tlsHostname)
{
g_autoptr(virStorageSource) copysrc = NULL;
@@ -910,6 +911,7 @@ qemuMigrationSrcNBDStorageCopyBlockdevPrepareSource(virDomainDiskDef
*disk,
}
copysrc->tlsAlias = g_strdup(tlsAlias);
+ copysrc->tlsHostname = g_strdup(tlsHostname);
copysrc->nodestorage = g_strdup_printf("migration-%s-storage",
disk->dst);
copysrc->nodeformat = g_strdup_printf("migration-%s-format",
disk->dst);
@@ -931,6 +933,7 @@ qemuMigrationSrcNBDStorageCopyBlockdev(virQEMUDriver *driver,
unsigned long long mirror_speed,
unsigned int mirror_shallow,
const char *tlsAlias,
+ const char *tlsHostname,
bool syncWrites)
{
g_autoptr(qemuBlockStorageSourceAttachData) data = NULL;
@@ -940,7 +943,8 @@ qemuMigrationSrcNBDStorageCopyBlockdev(virQEMUDriver *driver,
VIR_DEBUG("starting blockdev mirror for disk=%s to host=%s", disk->dst,
host);
- if (!(copysrc = qemuMigrationSrcNBDStorageCopyBlockdevPrepareSource(disk, host, port,
socket, tlsAlias)))
+ if (!(copysrc = qemuMigrationSrcNBDStorageCopyBlockdevPrepareSource(disk, host, port,
socket,
+ tlsAlias,
tlsHostname)))
return -1;
/* Migration via blockdev-mirror was supported sooner than the auto-read-only
@@ -1025,6 +1029,7 @@ qemuMigrationSrcNBDStorageCopyOne(virQEMUDriver *driver,
unsigned long long mirror_speed,
bool mirror_shallow,
const char *tlsAlias,
+ const char *tlsHostname,
unsigned int flags)
{
qemuDomainObjPrivate *priv = vm->privateData;
@@ -1065,6 +1070,7 @@ qemuMigrationSrcNBDStorageCopyOne(virQEMUDriver *driver,
mirror_speed,
mirror_shallow,
tlsAlias,
+ tlsHostname,
syncWrites);
} else {
rc = qemuMigrationSrcNBDStorageCopyDriveMirror(driver, vm, diskAlias,
@@ -1114,6 +1120,7 @@ qemuMigrationSrcNBDStorageCopy(virQEMUDriver *driver,
const char **migrate_disks,
virConnectPtr dconn,
const char *tlsAlias,
+ const char *tlsHostname,
const char *nbdURI,
unsigned int flags)
{
@@ -1137,6 +1144,11 @@ qemuMigrationSrcNBDStorageCopy(virQEMUDriver *driver,
}
mirror_speed <<= 20;
+ /* If qemu doesn't support overriding of TLS hostname for NBD connections
+ * we won't attempt it */
+ if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV_NBD_TLS_HOSTNAME))
+ tlsHostname = NULL;
+
/* steal NBD port and thus prevent its propagation back to destination */
port = mig->nbd->port;
mig->nbd->port = 0;
@@ -1185,7 +1197,7 @@ qemuMigrationSrcNBDStorageCopy(virQEMUDriver *driver,
if (qemuMigrationSrcNBDStorageCopyOne(driver, vm, disk, host, port,
socket,
mirror_speed, mirror_shallow,
- tlsAlias, flags) < 0)
+ tlsAlias, tlsHostname, flags) < 0)
return -1;
if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) {
@@ -4138,6 +4150,7 @@ qemuMigrationSrcRun(virQEMUDriver *driver,
if (storageMigration) {
if (mig->nbd) {
const char *host = "";
+ const char *tlsHostname = qemuMigrationParamsGetTLSHostname(migParams);
if (spec->destType == MIGRATION_DEST_HOST ||
spec->destType == MIGRATION_DEST_CONNECT_HOST) {
@@ -4157,7 +4170,7 @@ qemuMigrationSrcRun(virQEMUDriver *driver,
priv->migMaxBandwidth,
nmigrate_disks,
migrate_disks,
- dconn, tlsAlias,
+ dconn, tlsAlias, tlsHostname,
nbdURI, flags) < 0) {
goto error;
}
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index 7b225fdf4b..e30fd04ada 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -1464,3 +1464,20 @@ qemuMigrationCapsGet(virDomainObj *vm,
return enabled;
}
+
+
+/**
+ * qemuMigrationParamsGetTLSHostname:
+ * @migParams: Migration params object
+ *
+ * Fetches the value of the QEMU_MIGRATION_PARAM_TLS_HOSTNAME parameter which is
+ * passed from the user as VIR_MIGRATE_PARAM_TLS_DESTINATION
+ */
+const char *
+qemuMigrationParamsGetTLSHostname(qemuMigrationParams *migParams)
+{
+ if (!migParams->params[QEMU_MIGRATION_PARAM_TLS_HOSTNAME].set)
+ return NULL;
+
+ return migParams->params[QEMU_MIGRATION_PARAM_TLS_HOSTNAME].value.s;
+}
diff --git a/src/qemu/qemu_migration_params.h b/src/qemu/qemu_migration_params.h
index b4de8dda7b..4a8815e776 100644
--- a/src/qemu/qemu_migration_params.h
+++ b/src/qemu/qemu_migration_params.h
@@ -167,3 +167,6 @@ qemuMigrationCapsCheck(virQEMUDriver *driver,
bool
qemuMigrationCapsGet(virDomainObj *vm,
qemuMigrationCapability cap);
+
+const char *
+qemuMigrationParamsGetTLSHostname(qemuMigrationParams *migParams);
--
2.35.1