On Wed, Aug 30, 2017 at 18:46:11 -0400, John Ferlan wrote:
From: Ashish Mittal <Ashish.Mittal@veritas.com>
[...]
src/qemu/qemu_block.c | 29 ++++++++++++++++++-- src/qemu/qemu_block.h | 3 +- src/qemu/qemu_command.c | 32 +++++++++++++++++++++- ...muxml2argv-disk-drive-network-tlsx509-vxhs.args | 30 ++++++++++++++++++++ tests/qemuxml2argvtest.c | 5 ++++ 5 files changed, 94 insertions(+), 5 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.args
This won't work with disk hotplug. You either need to add code for it to work properly or add code that specifically disables it.
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index cb765ab..5e65692 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -18,6 +18,7 @@
#include <config.h>
+#include "qemu_alias.h" #include "qemu_block.h" #include "qemu_domain.h"
@@ -484,9 +485,12 @@ qemuBlockStorageSourceGetGlusterProps(virStorageSourcePtr src)
static virJSONValuePtr qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + const char *diskAlias)
As I've pointed out elsewhere, the disk alias should not be passed here, but rather stored in the disk source structure.
const char *protocol = virStorageNetProtocolTypeToString(src->protocol); + char *objalias = NULL; virJSONValuePtr server = NULL; virJSONValuePtr ret = NULL;
@@ -506,17 +510,34 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src, if (!(server = qemuBlockStorageSourceBuildHostsJSONSocketAddress(src, true))) return NULL;
+ if (src->haveTLS == VIR_TRISTATE_BOOL_YES) { + if (!diskAlias) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("disk does not have an alias")); + return NULL; + } + + if (!(objalias = qemuAliasTLSObjFromSrcAlias(diskAlias))) { + virJSONValueFree(server); + return NULL; + } + } + /* VxHS disk specification example: * { driver:"vxhs", + * [tls-creds:"objvirtio-disk0_tls0",] * vdisk-id:"eb90327c-8302-4725-4e85ed4dc251", * server:[{type:"tcp", host:"1.2.3.4", port:9999}]} */ if (virJSONValueObjectCreate(&ret, "s:driver", protocol, + "S:tls-creds", objalias, "s:vdisk-id", src->path, "a:server", server, NULL) < 0) virJSONValueFree(server);
+ VIR_FREE(objalias); + return ret; }
@@ -530,7 +551,8 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src, */ virJSONValuePtr qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src, - virQEMUCapsPtr qemuCaps) + virQEMUCapsPtr qemuCaps, + const char *diskAlias) { int actualType = virStorageSourceGetActualType(src); virJSONValuePtr fileprops = NULL; @@ -553,7 +575,8 @@ qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src, break;
case VIR_STORAGE_NET_PROTOCOL_VXHS: - if (!(fileprops = qemuBlockStorageSourceGetVxHSProps(src, qemuCaps))) + if (!(fileprops = qemuBlockStorageSourceGetVxHSProps(src, qemuCaps, + diskAlias))) goto cleanup; break;
[...]
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 3205a59..b94ed11 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -791,6 +791,32 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd, }
+/* qemuBuildDiskTLSx509CommandLine: + * + * Add TLS object if the disk uses a secure communication channel + * + * Returns 0 on success, -1 w/ error on some sort of failure. + */ +static int +qemuBuildDiskTLSx509CommandLine(virCommandPtr cmd, + virQEMUDriverConfigPtr cfg, + virDomainDiskDefPtr disk, + virQEMUCapsPtr qemuCaps) +{ + virStorageSourcePtr src = disk->src;
Here it looks like a nice place to allocate the secret alias and set it into disk->src.
+ + /* other protocols may be added later */ + if (src->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS && + disk->src->haveTLS == VIR_TRISTATE_BOOL_YES) { + return qemuBuildTLSx509CommandLine(cmd, cfg->vxhsTLSx509certdir, + false, true, false, + disk->info.alias, qemuCaps); + } + + return 0; +} + + static char * qemuBuildNetworkDriveURI(virStorageSourcePtr src, qemuDomainSecretInfoPtr secinfo)