v9: http://www.redhat.com/archives/libvir-list/2016-October/msg00726.html "Theorically speaking" patch #2 is "separate" from patches 1, 3, & 4. That is patch 3 and 4 are adding the secret uuid processing handling which is different than the enable/disable property logic for patch 2. I've left them all together though since just to be consistent with previous series. Differences in v10 ... Pushed the previous series 2/5 and 3/5 since they were ACK'd ... Create a new patch 1 to have helper qemuDomainSupportTLSChardevTCP It's mostly unnecessary without patch 2 though, but it made adding or "separating" patch 2 from patches 3 & 4 a whole lot easier... ... Modified former patch 1 (now patch 2) to accommodate for a paradigm where tls='yes' and chardev_tls=0 might be possible. The new helper is used to whether to add the TLS information or not. ... Modified former patch 4 (now patch 3) to accommodate for the changes Pavel has made to the code and to generate the secalias using the "charAlias" ... Modified former patch 4 (now patch 4) to use the "charAlias" as well and merge in Pavel's changes NOTE: Even though 'yes' is a now possibility, it is an option that's assuming chardev_tls=0 so I don't feel the issues raised during review of v8 regarding needing to consider a currently running 2.3.0 domain that still needs to work when 2.4.0 is applied. I believe it will be with the way the optional property is being used, thus with respect to the points in: http://www.redhat.com/archives/libvir-list/2016-October/msg00732.html The proposed qemuProcessPrepareDomain change is invalid since haveTLS is a tristate and chardevTLS is a bistate. This is what I meant about being a bit dangerous (e.g. BOOL_NO=2, BOOL_YES=1, and BOOL_ABSENT=0); however, "chardevTLS=1" is enabled (yes) and "chardevTLS=0" is disabled (absent). While it looks good when typing, when you get down to the details sometimes you find those 'gotchas'. Even if the shorthand logic were fixed, it's not going to be good to assume that setting the domain property or disabling the domain property is the desired action. The qemuProcessAttach is for qemu-attach and not the path that libvirt uses to reconnect to running domains (which is qemuProcessReconnect). There's so much broken from the qemu-attach right now - I doubt it really works at all. With respect to the reconnect processing (since that's really what you were thinking about)... There is no "options" provided/found in that code. New code could possibly "read" the '/proc/$pid/cmdline' file and look for 'tls-creds', but the only purpose of that would be to manage 'assumptions' with how the "tls='{yes|no}'" property is used. Altering virDomainChrSourceDefParseXML and virDomainChrSourceDefFormat to manage some new boolean 'tlsFromConfig' that I'm not sure could be set properly is something I think is outside these patches. John Ferlan (4): qemu: Introduce qemuDomainSupportTLSChardevTCP domain: Add optional 'tls' attribute for TCP chardev qemu: Add a secret object to/for a chardev tcp with secret qemu: Add secret object hotplug for TCP chardev TLS docs/formatdomain.html.in | 28 +++++ docs/schemas/domaincommon.rng | 5 + src/conf/domain_conf.c | 22 +++- src/conf/domain_conf.h | 1 + src/qemu/qemu_command.c | 33 ++++- src/qemu/qemu_command.h | 1 + src/qemu/qemu_domain.c | 133 ++++++++++++++++++++- src/qemu/qemu_domain.h | 18 ++- src/qemu/qemu_driver.c | 2 +- src/qemu/qemu_hotplug.c | 58 ++++++++- src/qemu/qemu_hotplug.h | 3 +- src/qemu/qemu_process.c | 4 +- tests/qemuhotplugtest.c | 2 +- ...uxml2argv-serial-tcp-tlsx509-chardev-notls.args | 30 +++++ ...muxml2argv-serial-tcp-tlsx509-chardev-notls.xml | 50 ++++++++ ...xml2argv-serial-tcp-tlsx509-secret-chardev.args | 38 ++++++ ...uxml2argv-serial-tcp-tlsx509-secret-chardev.xml | 50 ++++++++ tests/qemuxml2argvtest.c | 20 ++++ ...xml2xmlout-serial-tcp-tlsx509-chardev-notls.xml | 1 + tests/qemuxml2xmltest.c | 1 + 20 files changed, 483 insertions(+), 17 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev-notls.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev-notls.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-secret-chardev.xml create mode 120000 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev-notls.xml -- 2.7.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list