9:40 a.m.
TLS is required to transport backed-up data securely when using
pull-mode backups.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
docs/formatbackup.rst | 4 ++++
src/qemu/libvirtd_qemu.aug | 5 ++++
src/qemu/qemu.conf | 37 ++++++++++++++++++++++++++++++
src/qemu/qemu_conf.c | 17 ++++++++++++++
src/qemu/qemu_conf.h | 5 ++++
src/qemu/test_libvirtd_qemu.aug.in | 3 +++
6 files changed, 71 insertions(+)
diff --git a/docs/formatbackup.rst b/docs/formatbackup.rst
index e5b6fc6eb0..142b8250d2 100644
--- a/docs/formatbackup.rst
+++ b/docs/formatbackup.rst
@@ -42,6 +42,10 @@ were supplied). The following child elements and attributes are
supported:
necessary to set up an NBD server that exposes the content of each disk at
the time the backup is started.
+ Note that for the QEMU hypervisor the TLS environment in controlled using
+ ``backup_tls_x509_cert_dir``, ``backup_tls_x509_verify``, and
+ ``backup_tls_x509_secret_uuid`` properties in ``/etc/libvirt/qemu.conf``.
+
``disks``
An optional listing of instructions for disks participating in the backup (if
omitted, all disks participate and libvirt attempts to generate filenames by
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index c19a086c38..abbac549f2 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -59,6 +59,10 @@ module Libvirtd_qemu =
| bool_entry "migrate_tls_x509_verify"
| str_entry "migrate_tls_x509_secret_uuid"
+ let backup_entry = str_entry "backup_tls_x509_cert_dir"
+ | bool_entry "backup_tls_x509_verify"
+ | str_entry "backup_tls_x509_secret_uuid"
+
let vxhs_entry = bool_entry "vxhs_tls"
| str_entry "vxhs_tls_x509_cert_dir"
| str_entry "vxhs_tls_x509_secret_uuid"
@@ -146,6 +150,7 @@ module Libvirtd_qemu =
| spice_entry
| chardev_entry
| migrate_entry
+ | backup_entry
| nogfx_entry
| remote_display_entry
| security_entry
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index ab403c21ac..a96bedb114 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -395,6 +395,43 @@
#migrate_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+# In order to override the default TLS certificate location for backup NBD
+# server certificates, supply a valid path to the certificate directory. If the
+# provided path does not exist, libvirtd will fail to start. If the path is
+# not provided, but TLS-encrypted backup is requested, then the
+# default_tls_x509_cert_dir path will be used.
+#
+#backup_tls_x509_cert_dir = "/etc/pki/libvirt-backup"
+
+
+# The default TLS configuration only uses certificates for the server
+# allowing the client to verify the server's identity and establish
+# an encrypted channel.
+#
+# It is possible to use x509 certificates for authentication too, by
+# issuing an x509 certificate to every client who needs to connect.
+#
+# Enabling this option will reject any client that does not have a
+# ca-cert.pem certificate signed by the CA in the backup_tls_x509_cert_dir
+# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem
+# files described in default_tls_x509_cert_dir.
+#
+# If this option is not supplied, it will be set to the value of
+# "default_tls_x509_verify".
+#
+#backup_tls_x509_verify = 1
+
+
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+# NB This default all-zeros UUID will not work. Replace it with the
+# output from the UUID for the TLS secret from a 'virsh secret-list'
+# command and then uncomment the entry
+#
+#backup_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
# By default, if no graphical front end is configured, libvirt will disable
# QEMU audio output since directly talking to alsa/pulseaudio may not work
# with various security settings. If you know what you're doing, enable
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 6e673e8f62..30d7c61cf9 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -347,6 +347,9 @@ static void virQEMUDriverConfigDispose(void *obj)
VIR_FREE(cfg->migrateTLSx509certdir);
VIR_FREE(cfg->migrateTLSx509secretUUID);
+ VIR_FREE(cfg->backupTLSx509certdir);
+ VIR_FREE(cfg->backupTLSx509secretUUID);
+
while (cfg->nhugetlbfs) {
cfg->nhugetlbfs--;
VIR_FREE(cfg->hugetlbfs[cfg->nhugetlbfs].mnt_dir);
@@ -511,6 +514,9 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverConfigPtr cfg,
GET_CONFIG_TLS_CERTINFO_COMMON(migrate);
GET_CONFIG_TLS_CERTINFO_SERVER(migrate);
+ GET_CONFIG_TLS_CERTINFO_COMMON(backup);
+ GET_CONFIG_TLS_CERTINFO_SERVER(backup);
+
GET_CONFIG_TLS_CERTINFO_COMMON(vxhs);
GET_CONFIG_TLS_CERTINFO_COMMON(nbd);
@@ -1154,6 +1160,14 @@ virQEMUDriverConfigValidate(virQEMUDriverConfigPtr cfg)
return -1;
}
+ if (cfg->backupTLSx509certdir &&
+ !virFileExists(cfg->backupTLSx509certdir)) {
+ virReportError(VIR_ERR_CONF_SYNTAX,
+ _("backup_tls_x509_cert_dir directory '%s' does not
exist"),
+ cfg->backupTLSx509certdir);
+ return -1;
+ }
+
if (cfg->vxhsTLSx509certdir &&
!virFileExists(cfg->vxhsTLSx509certdir)) {
virReportError(VIR_ERR_CONF_SYNTAX,
@@ -1189,6 +1203,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr cfg)
SET_TLS_SECRET_UUID_DEFAULT(vnc);
SET_TLS_SECRET_UUID_DEFAULT(chardev);
SET_TLS_SECRET_UUID_DEFAULT(migrate);
+ SET_TLS_SECRET_UUID_DEFAULT(backup);
SET_TLS_SECRET_UUID_DEFAULT(vxhs);
SET_TLS_SECRET_UUID_DEFAULT(nbd);
@@ -1216,6 +1231,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr cfg)
SET_TLS_X509_CERT_DEFAULT(spice);
SET_TLS_X509_CERT_DEFAULT(chardev);
SET_TLS_X509_CERT_DEFAULT(migrate);
+ SET_TLS_X509_CERT_DEFAULT(backup);
SET_TLS_X509_CERT_DEFAULT(vxhs);
SET_TLS_X509_CERT_DEFAULT(nbd);
@@ -1230,6 +1246,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr cfg)
SET_TLS_VERIFY_DEFAULT(vnc);
SET_TLS_VERIFY_DEFAULT(chardev);
SET_TLS_VERIFY_DEFAULT(migrate);
+ SET_TLS_VERIFY_DEFAULT(backup);
#undef SET_TLS_VERIFY_DEFAULT
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 6193a7111c..687829123c 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -144,6 +144,11 @@ struct _virQEMUDriverConfig {
bool migrateTLSx509verifyPresent;
char *migrateTLSx509secretUUID;
+ char *backupTLSx509certdir;
+ bool backupTLSx509verify;
+ bool backupTLSx509verifyPresent;
+ char *backupTLSx509secretUUID;
+
bool vxhsTLS;
char *vxhsTLSx509certdir;
char *vxhsTLSx509secretUUID;
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index db125bf352..6a54e2322a 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -35,6 +35,9 @@ module Test_libvirtd_qemu =
{ "migrate_tls_x509_cert_dir" = "/etc/pki/libvirt-migrate" }
{ "migrate_tls_x509_verify" = "1" }
{ "migrate_tls_x509_secret_uuid" =
"00000000-0000-0000-0000-000000000000" }
+{ "backup_tls_x509_cert_dir" = "/etc/pki/libvirt-backup" }
+{ "backup_tls_x509_verify" = "1" }
+{ "backup_tls_x509_secret_uuid" =
"00000000-0000-0000-0000-000000000000" }
{ "nographics_allow_host_audio" = "1" }
{ "remote_display_port_min" = "5900" }
{ "remote_display_port_max" = "65535" }
--
2.26.2