3:23 a.m.
On Thu, Aug 04, 2016 at 11:21:22AM -0400, John Ferlan wrote:
If the incoming XML defined a path to a TLS X.509 certificate
environment,
add the necessary 'tls-creds-x509' object to the VIR_DOMAIN_CHR_TYPE_TCP
character device.
Likewise, if the environment exists the hot unplug needs adjustment as
well. Note that all the return ret were changed to goto cleanup since
the cfg needs to be unref'd
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/conf/domain_conf.h | 1 +
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_command.h | 8 ++++++
src/qemu/qemu_hotplug.c | 59 ++++++++++++++++++++++++++++++++++++++------
src/qemu/qemu_monitor_json.c | 9 +++++++
5 files changed, 71 insertions(+), 8 deletions(-)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index b2e905d..b25e219 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1091,6 +1091,7 @@ struct _virDomainChrSourceDef {
char *service;
bool listen;
int protocol;
+ bool tlscreds;
} tcp;
struct {
char *bindHost;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 33cc451..2295175 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -690,7 +690,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
*
* Returns 0 on success, -1 on failure with error set.
*/
-static int
+int
qemuBuildTLSx509BackendProps(const char *tlspath,
bool listen,
bool verifypeer,
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index dcf9ba6..583f35d 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -60,10 +60,18 @@ virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr driver,
const char *domainLibDir)
ATTRIBUTE_NONNULL(15);
+
/* Generate the object properties for a secret */
int qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
virJSONValuePtr *propsret);
+/* Generate the object properties for a tls-creds-x509 */
+int qemuBuildTLSx509BackendProps(const char *tlspath,
+ bool listen,
+ bool verifypeer,
+ virQEMUCapsPtr qemuCaps,
+ virJSONValuePtr *propsret);
+
/* Generate '-device' string for chardev device */
int
qemuBuildChrDeviceStr(char **deviceStr,
@@ -4286,32 +4318,40 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
virDomainChrDefPtr chr)
{
int ret = -1;
+ virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
qemuDomainObjPrivatePtr priv = vm->privateData;
virDomainDefPtr vmdef = vm->def;
virDomainChrDefPtr tmpChr;
+ char *objAlias = NULL;
char *devstr = NULL;
if (!(tmpChr = virDomainChrFind(vmdef, chr))) {
virReportError(VIR_ERR_OPERATION_INVALID, "%s",
_("device not present in domain configuration"));
- return ret;
+ goto cleanup;
}
if (!tmpChr->info.alias && qemuAssignDeviceChrAlias(vmdef, tmpChr, -1)
< 0)
- return ret;
+ goto cleanup;
sa_assert(tmpChr->info.alias);
+ if (cfg->chardevTLS &&
+ !(objAlias = qemuAliasTLSObjFromChardevAlias(tmpChr->info.alias)))
+ goto cleanup;
+
if (qemuBuildChrDeviceStr(&devstr, vmdef, chr, priv->qemuCaps) < 0)
- return ret;
+ goto cleanup;
qemuDomainMarkDeviceForRemoval(vm, &tmpChr->info);
qemuDomainObjEnterMonitor(driver, vm);
- if (devstr && qemuMonitorDelDevice(priv->mon, tmpChr->info.alias) <
0) {
- ignore_value(qemuDomainObjExitMonitor(driver, vm));
- goto cleanup;
- }
+ if (objAlias && qemuMonitorDelObject(priv->mon, objAlias) < 0)
+ goto exit_monitor;
+
+ if (devstr && qemuMonitorDelDevice(priv->mon, tmpChr->info.alias) <
0)
+ goto exit_monitor;
We should really detach the device before the tls object, due
to their dependancy order
ACK with that swapped
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|