9:17 a.m.
On Wed, Aug 30, 2017 at 18:46:11 -0400, John Ferlan wrote:
From: Ashish Mittal <Ashish.Mittal(a)veritas.com>
[...]
src/qemu/qemu_block.c | 29
++++++++++++++++++--
src/qemu/qemu_block.h | 3 +-
src/qemu/qemu_command.c | 32 +++++++++++++++++++++-
...muxml2argv-disk-drive-network-tlsx509-vxhs.args | 30 ++++++++++++++++++++
tests/qemuxml2argvtest.c | 5 ++++
5 files changed, 94 insertions(+), 5 deletions(-)
create mode 100644
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.args
This won't work with disk hotplug. You either need to add code for it
to work properly or add code that specifically disables it.
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index cb765ab..5e65692 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -18,6 +18,7 @@
#include <config.h>
+#include "qemu_alias.h"
#include "qemu_block.h"
#include "qemu_domain.h"
@@ -484,9 +485,12 @@ qemuBlockStorageSourceGetGlusterProps(virStorageSourcePtr src)
static virJSONValuePtr
qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src,
- virQEMUCapsPtr qemuCaps)
+ virQEMUCapsPtr qemuCaps,
+ const char *diskAlias)
As I've pointed out elsewhere, the disk alias should not be passed here,
but rather stored in the disk source structure.
const char *protocol =
virStorageNetProtocolTypeToString(src->protocol);
+ char *objalias = NULL;
virJSONValuePtr server = NULL;
virJSONValuePtr ret = NULL;
@@ -506,17 +510,34 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src,
if (!(server = qemuBlockStorageSourceBuildHostsJSONSocketAddress(src, true)))
return NULL;
+ if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
+ if (!diskAlias) {
+ virReportError(VIR_ERR_INVALID_ARG, "%s",
+ _("disk does not have an alias"));
+ return NULL;
+ }
+
+ if (!(objalias = qemuAliasTLSObjFromSrcAlias(diskAlias))) {
+ virJSONValueFree(server);
+ return NULL;
+ }
+ }
+
/* VxHS disk specification example:
* { driver:"vxhs",
+ * [tls-creds:"objvirtio-disk0_tls0",]
* vdisk-id:"eb90327c-8302-4725-4e85ed4dc251",
* server:[{type:"tcp", host:"1.2.3.4", port:9999}]}
*/
if (virJSONValueObjectCreate(&ret,
"s:driver", protocol,
+ "S:tls-creds", objalias,
"s:vdisk-id", src->path,
"a:server", server, NULL) < 0)
virJSONValueFree(server);
+ VIR_FREE(objalias);
+
return ret;
}
@@ -530,7 +551,8 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src,
*/
virJSONValuePtr
qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src,
- virQEMUCapsPtr qemuCaps)
+ virQEMUCapsPtr qemuCaps,
+ const char *diskAlias)
{
int actualType = virStorageSourceGetActualType(src);
virJSONValuePtr fileprops = NULL;
@@ -553,7 +575,8 @@ qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src,
break;
case VIR_STORAGE_NET_PROTOCOL_VXHS:
- if (!(fileprops = qemuBlockStorageSourceGetVxHSProps(src, qemuCaps)))
+ if (!(fileprops = qemuBlockStorageSourceGetVxHSProps(src, qemuCaps,
+ diskAlias)))
goto cleanup;
break;
[...]
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 3205a59..b94ed11 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -791,6 +791,32 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
}
+/* qemuBuildDiskTLSx509CommandLine:
+ *
+ * Add TLS object if the disk uses a secure communication channel
+ *
+ * Returns 0 on success, -1 w/ error on some sort of failure.
+ */
+static int
+qemuBuildDiskTLSx509CommandLine(virCommandPtr cmd,
+ virQEMUDriverConfigPtr cfg,
+ virDomainDiskDefPtr disk,
+ virQEMUCapsPtr qemuCaps)
+{
+ virStorageSourcePtr src = disk->src;
Here it looks like a nice place to allocate the secret alias and set it
into disk->src.
+
+ /* other protocols may be added later */
+ if (src->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS &&
+ disk->src->haveTLS == VIR_TRISTATE_BOOL_YES) {
+ return qemuBuildTLSx509CommandLine(cmd, cfg->vxhsTLSx509certdir,
+ false, true, false,
+ disk->info.alias, qemuCaps);
+ }
+
+ return 0;
+}
+
+
static char *
qemuBuildNetworkDriveURI(virStorageSourcePtr src,
qemuDomainSecretInfoPtr secinfo)