[PATCH 20/68] qemu: Set tlsHostname inside qemuMigrationParamsEnableTLS

Jiri Denemark <jdenemar@xxxxxxxxxx> · Wed, 4 Apr 2018 16:41:09 +0200

Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx>
---
 src/qemu/qemu_migration.c        | 31 ++++++++++++-------------------
 src/qemu/qemu_migration_params.c |  9 +++++++--
 src/qemu/qemu_migration_params.h |  1 +
 3 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 254239b18b..fe2fae8fba 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -2457,13 +2457,9 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
         cfg = virQEMUDriverGetConfig(driver);
         if (qemuMigrationParamsEnableTLS(driver, vm, cfg, true,
                                          QEMU_ASYNC_JOB_MIGRATION_IN,
-                                         &tlsAlias, &secAlias, migParams) < 0)
+                                         &tlsAlias, &secAlias, NULL,
+                                         migParams) < 0)
             goto stopjob;
-
-        /* Force reset of 'tls-hostname', it's a source only parameter */
-        if (VIR_STRDUP(migParams->params.tlsHostname, "") < 0)
-            goto stopjob;
-
     } else {
         if (qemuMigrationParamsDisableTLS(vm, migParams) < 0)
             goto stopjob;
@@ -3409,23 +3405,20 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
         VIR_WARN("unable to provide data for graphics client relocation");
 
     if (flags & VIR_MIGRATE_TLS) {
-        cfg = virQEMUDriverGetConfig(driver);
-        if (qemuMigrationParamsEnableTLS(driver, vm, cfg, false,
-                                         QEMU_ASYNC_JOB_MIGRATION_OUT,
-                                         &tlsAlias, &secAlias, migParams) < 0)
-            goto error;
+        const char *hostname = NULL;
 
         /* We need to add tls-hostname whenever QEMU itself does not
          * connect directly to the destination. */
         if (spec->destType == MIGRATION_DEST_CONNECT_HOST ||
-            spec->destType == MIGRATION_DEST_FD) {
-            if (VIR_STRDUP(migParams->params.tlsHostname, spec->dest.host.name) < 0)
-                goto error;
-        } else {
-            /* Be sure there's nothing from a previous migration */
-            if (VIR_STRDUP(migParams->params.tlsHostname, "") < 0)
-                goto error;
-        }
+            spec->destType == MIGRATION_DEST_FD)
+            hostname = spec->dest.host.name;
+
+        cfg = virQEMUDriverGetConfig(driver);
+        if (qemuMigrationParamsEnableTLS(driver, vm, cfg, false,
+                                         QEMU_ASYNC_JOB_MIGRATION_OUT,
+                                         &tlsAlias, &secAlias, hostname,
+                                         migParams) < 0)
+            goto error;
     } else {
         if (qemuMigrationParamsDisableTLS(vm, migParams) < 0)
             goto error;
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
index a03239e2a2..812c35e13e 100644
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -141,9 +141,12 @@ qemuMigrationParamsSet(virQEMUDriverPtr driver,
  * @asyncJob: Migration job to join
  * @tlsAlias: alias to be generated for TLS object
  * @secAlias: alias to be generated for a secinfo object
+ * @hostname: hostname of the migration destination
  * @migParams: migration parameters to set
  *
- * Create the TLS objects for the migration and set the migParams value
+ * Create the TLS objects for the migration and set the migParams value.
+ * If QEMU itself does not connect to the destination @hostname must be
+ * provided for certificate verification.
  *
  * Returns 0 on success, -1 on failure
  */
@@ -155,6 +158,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
                              int asyncJob,
                              char **tlsAlias,
                              char **secAlias,
+                             const char *hostname,
                              qemuMigrationParamsPtr migParams)
 {
     qemuDomainObjPrivatePtr priv = vm->privateData;
@@ -198,7 +202,8 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
                                 *tlsAlias, &tlsProps) < 0)
         goto error;
 
-    if (VIR_STRDUP(migParams->params.tlsCreds, *tlsAlias) < 0)
+    if (VIR_STRDUP(migParams->params.tlsCreds, *tlsAlias) < 0 ||
+        VIR_STRDUP(migParams->params.tlsHostname, hostname ? hostname : "") < 0)
         goto error;
 
     return 0;
diff --git a/src/qemu/qemu_migration_params.h b/src/qemu/qemu_migration_params.h
index 8aa6136508..2955bf7436 100644
--- a/src/qemu/qemu_migration_params.h
+++ b/src/qemu/qemu_migration_params.h
@@ -79,6 +79,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
                              int asyncJob,
                              char **tlsAlias,
                              char **secAlias,
+                             const char *hostname,
                              qemuMigrationParamsPtr migParams);
 
 int
-- 
2.17.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list






