Re: [libvirt] [PATCH RFC] update cacrl without restarting libvirtd via virt-admin

This is an RFC request for supporting virt-admin to update cacrl without restarting libvirtd. When a client wants to establish a TLS connection with libvirtd, a CRL file is used by libvirtd to verify the client's certificate. Right now, if the CRL file is changed, you must restart libvirtd to make it take effect. The restart behavior of libvirtd will cause clients connecting with libvirtd to fail. In a server cluster, the CRL file may be updated quite frequently due to the large amount of certificates. If the new CRL does not take effect in time, there are security risks. So you may need to restart libvirtd frequently to make the CRL take effect in time. However, frequent restarts will affect the reliability of cluster virtual machine management(such as openstack) services. This RFC patch adds a virt-admin command to update the server's CRL *online*. This patch is not elegant enough, if this feature makes sense, I'd do more improvements.

--- include/libvirt/libvirt-admin.h | 4 ++ src/admin/admin_protocol.x | 13 +++++- src/admin/admin_server.c | 13 ++++++ src/admin/admin_server.h | 4 ++ src/admin/libvirt-admin.c | 33 ++++++++++++++++ src/admin/libvirt_admin_private.syms | 1 + src/admin/libvirt_admin_public.syms | 1 + src/rpc/virnetserver.c | 58 +++++++++++++++++++++++++++ src/rpc/virnetserver.h | 3 ++ src/rpc/virnettlscontext.c | 33 ++++++++++++++++ src/rpc/virnettlscontext.h | 3 ++ tools/virt-admin.c | 59 ++++++++++++++++++++++++++++