3:53 p.m.
v9: http://www.redhat.com/archives/libvir-list/2016-October/msg00726.html
"Theorically speaking" patch #2 is "separate" from patches 1, 3, &
4. That
is patch 3 and 4 are adding the secret uuid processing handling which is
different than the enable/disable property logic for patch 2. I've left
them all together though since just to be consistent with previous series.
Differences in v10
... Pushed the previous series 2/5 and 3/5 since they were ACK'd
... Create a new patch 1 to have helper qemuDomainSupportTLSChardevTCP
It's mostly unnecessary without patch 2 though, but it made adding
or "separating" patch 2 from patches 3 & 4 a whole lot easier...
... Modified former patch 1 (now patch 2) to accommodate for a paradigm
where tls='yes' and chardev_tls=0 might be possible. The new helper
is used to whether to add the TLS information or not.
... Modified former patch 4 (now patch 3) to accommodate for the
changes Pavel has made to the code and to generate the secalias
using the "charAlias"
... Modified former patch 4 (now patch 4) to use the "charAlias" as well
and merge in Pavel's changes
NOTE: Even though 'yes' is a now possibility, it is an option that's assuming
chardev_tls=0 so I don't feel the issues raised during review of v8
regarding needing to consider a currently running 2.3.0 domain that
still needs to work when 2.4.0 is applied. I believe it will be with
the way the optional property is being used, thus with respect to
the points in:
http://www.redhat.com/archives/libvir-list/2016-October/msg00732.html
The proposed qemuProcessPrepareDomain change is invalid since haveTLS
is a tristate and chardevTLS is a bistate. This is what I meant about being
a bit dangerous (e.g. BOOL_NO=2, BOOL_YES=1, and BOOL_ABSENT=0); however,
"chardevTLS=1" is enabled (yes) and "chardevTLS=0" is disabled
(absent).
While it looks good when typing, when you get down to the details sometimes
you find those 'gotchas'. Even if the shorthand logic were fixed, it's
not going to be good to assume that setting the domain property or
disabling the domain property is the desired action.
The qemuProcessAttach is for qemu-attach and not the path that libvirt
uses to reconnect to running domains (which is qemuProcessReconnect).
There's so much broken from the qemu-attach right now - I doubt it
really works at all.
With respect to the reconnect processing (since that's really what you
were thinking about)... There is no "options" provided/found in that code.
New code could possibly "read" the '/proc/$pid/cmdline' file and look
for
'tls-creds', but the only purpose of that would be to manage
'assumptions'
with how the "tls='{yes|no}'" property is used.
Altering virDomainChrSourceDefParseXML and virDomainChrSourceDefFormat
to manage some new boolean 'tlsFromConfig' that I'm not sure could be
set properly is something I think is outside these patches.
John Ferlan (4):
qemu: Introduce qemuDomainSupportTLSChardevTCP
domain: Add optional 'tls' attribute for TCP chardev
qemu: Add a secret object to/for a chardev tcp with secret
qemu: Add secret object hotplug for TCP chardev TLS
docs/formatdomain.html.in | 28 +++++
docs/schemas/domaincommon.rng | 5 +
src/conf/domain_conf.c | 22 +++-
src/conf/domain_conf.h | 1 +
src/qemu/qemu_command.c | 33 ++++-
src/qemu/qemu_command.h | 1 +
src/qemu/qemu_domain.c | 133 ++++++++++++++++++++-
src/qemu/qemu_domain.h | 18 ++-
src/qemu/qemu_driver.c | 2 +-
src/qemu/qemu_hotplug.c | 58 ++++++++-
src/qemu/qemu_hotplug.h | 3 +-
src/qemu/qemu_process.c | 4 +-
tests/qemuhotplugtest.c | 2 +-
...uxml2argv-serial-tcp-tlsx509-chardev-notls.args | 30 +++++
...muxml2argv-serial-tcp-tlsx509-chardev-notls.xml | 50 ++++++++
...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 ++++++
...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 50 ++++++++
tests/qemuxml2argvtest.c | 20 ++++
...xml2xmlout-serial-tcp-tlsx509-chardev-notls.xml | 1 +
tests/qemuxml2xmltest.c | 1 +
20 files changed, 483 insertions(+), 17 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev-notls.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev-notls.xml
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml
create mode 120000
tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev-notls.xml
--
2.7.4