[PATCH 0/3] qemu: backup: Properly write TLS cert and secret object alias into status XML
Please see 3/3 for explanation. Peter Krempa (3): qemustatusxml2xml: backup-pull: Test private data formatting/parsing qemu: backup: Remove note that TLS should be implemented qemu: backup: Write TLS cert and secret object aliases into status XML src/qemu/qemu_backup.c | 7 +++---- tests/qemustatusxml2xmldata/backup-pull-in.xml | 8 +++++++- 2 files changed, 10 insertions(+), 5 deletions(-) -- 2.26.2
Modify the test case to enable TLS and add private data containing aliases of objects corresponding to a TLS setup. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemustatusxml2xmldata/backup-pull-in.xml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/qemustatusxml2xmldata/backup-pull-in.xml b/tests/qemustatusxml2xmldata/backup-pull-in.xml index 1db978a3ac..faaed67e38 100644 --- a/tests/qemustatusxml2xmldata/backup-pull-in.xml +++ b/tests/qemustatusxml2xmldata/backup-pull-in.xml @@ -254,12 +254,18 @@ <backups> <domainbackup mode='pull'> <incremental>12345</incremental> - <server transport='tcp' name='localhost' port='10809'/> + <server transport='tcp' tls='yes' name='localhost' port='10809'/> <disks> <disk name='vda' backup='yes' state='running' type='file'> <scratch file='/path/to/file/'/> </disk> </disks> + <privateData> + <objects> + <secret type='tlskey' alias='testalias-secret'/> + <TLSx509 alias='testalias-tlsx509'/> + </objects> + </privateData> </domainbackup> </backups> <domain type='kvm' id='4'> -- 2.26.2
On a Monday in 2020, Peter Krempa wrote:
Modify the test case to enable TLS and add private data containing aliases of objects corresponding to a TLS setup.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- tests/qemustatusxml2xmldata/backup-pull-in.xml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
Commit 423576679a5 implementing TLS forgot to remove the comment. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_backup.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/qemu/qemu_backup.c b/src/qemu/qemu_backup.c index a402730d38..2f1a612803 100644 --- a/src/qemu/qemu_backup.c +++ b/src/qemu/qemu_backup.c @@ -805,7 +805,6 @@ qemuBackupBegin(virDomainObjPtr vm, if (qemuDomainObjEnterMonitorAsync(priv->driver, vm, QEMU_ASYNC_JOB_BACKUP) < 0) goto endjob; - /* TODO: TLS is a must-have for the modern age */ if (pull) { if (tlsSecretProps) rc = qemuMonitorAddObject(priv->mon, &tlsSecretProps, &tlsSecretAlias); -- 2.26.2
On a Monday in 2020, Peter Krempa wrote:
Commit 423576679a5 implementing TLS forgot to remove the comment.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_backup.c | 1 - 1 file changed, 1 deletion(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
We've put the aliases into the backup job definition after the status XML was already writted so they didn't appear in the on-disk state. Move the code putting them into the private definition earlier, so that the status XML update done by saving blockjobs already writes them out. Also add a note notifying that the block job status update writes the status XML. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1870488 Fixes: 423576679a5 Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_backup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_backup.c b/src/qemu/qemu_backup.c index 2f1a612803..4e61a5e52b 100644 --- a/src/qemu/qemu_backup.c +++ b/src/qemu/qemu_backup.c @@ -825,6 +825,9 @@ qemuBackupBegin(virDomainObjPtr vm, goto endjob; job_started = true; + priv->backup->tlsAlias = g_steal_pointer(&tlsAlias); + priv->backup->tlsSecretAlias = g_steal_pointer(&tlsSecretAlias); + /* qemuBackupDiskStarted saves the status XML */ qemuBackupDiskStarted(vm, dd, ndd); if (chk) { @@ -848,9 +851,6 @@ qemuBackupBegin(virDomainObjPtr vm, } } - priv->backup->tlsAlias = g_steal_pointer(&tlsAlias); - priv->backup->tlsSecretAlias = g_steal_pointer(&tlsSecretAlias); - ret = 0; endjob: -- 2.26.2
On a Monday in 2020, Peter Krempa wrote:
We've put the aliases into the backup job definition after the status XML was already writted so they didn't appear in the on-disk state.
s/writted/written/
Move the code putting them into the private definition earlier, so that the status XML update done by saving blockjobs already writes them out.
Also add a note notifying that the block job status update writes the status XML.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1870488 Fixes: 423576679a5 Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_backup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
On 9/14/20 6:23 PM, Peter Krempa wrote:
Please see 3/3 for explanation.
Peter Krempa (3): qemustatusxml2xml: backup-pull: Test private data formatting/parsing qemu: backup: Remove note that TLS should be implemented qemu: backup: Write TLS cert and secret object aliases into status XML
src/qemu/qemu_backup.c | 7 +++---- tests/qemustatusxml2xmldata/backup-pull-in.xml | 8 +++++++- 2 files changed, 10 insertions(+), 5 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
participants (3)
-
Ján Tomko -
Michal Privoznik -
Peter Krempa