To allow encryption of the non-shared storage migration NBD connection
we will need to instantiated the NBD server with the TLS env.
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
src/qemu/qemu_migration.c | 2 +-
src/qemu/qemu_monitor.c | 7 ++++---
src/qemu/qemu_monitor.h | 3 ++-
src/qemu/qemu_monitor_json.c | 4 +++-
src/qemu/qemu_monitor_json.h | 3 ++-
tests/qemumonitorjsontest.c | 2 +-
6 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 88b8253fa9..743ae77dbb 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -411,7 +411,7 @@ qemuMigrationDstStartNBDServer(virQEMUDriverPtr driver,
else if (virPortAllocatorAcquire(driver->migrationPorts, &port) < 0)
goto exit_monitor;
- if (qemuMonitorNBDServerStart(priv->mon, listenAddr, port) < 0)
+ if (qemuMonitorNBDServerStart(priv->mon, listenAddr, port, NULL) < 0)
goto exit_monitor;
}
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index f642d9a51a..8c26ee66b3 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -3999,13 +3999,14 @@ qemuMonitorGetGICCapabilities(qemuMonitorPtr mon,
int
qemuMonitorNBDServerStart(qemuMonitorPtr mon,
const char *host,
- unsigned int port)
+ unsigned int port,
+ const char *tls_alias)
{
- VIR_DEBUG("host=%s port=%u", host, port);
+ VIR_DEBUG("host=%s port=%u tls_alias=%s", host, port, NULLSTR(tls_alias));
QEMU_CHECK_MONITOR_JSON(mon);
- return qemuMonitorJSONNBDServerStart(mon, host, port);
+ return qemuMonitorJSONNBDServerStart(mon, host, port, tls_alias);
}
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index d6b68b44ca..a93844f77b 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1052,7 +1052,8 @@ char *qemuMonitorGetTargetArch(qemuMonitorPtr mon);
int qemuMonitorNBDServerStart(qemuMonitorPtr mon,
const char *host,
- unsigned int port);
+ unsigned int port,
+ const char *tls_alias);
int qemuMonitorNBDServerAdd(qemuMonitorPtr mon,
const char *deviceID,
bool writable);
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 24d37eb41d..05ac8d0a3c 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6396,7 +6396,8 @@ qemuMonitorJSONBuildUnixSocketAddress(const char *path)
int
qemuMonitorJSONNBDServerStart(qemuMonitorPtr mon,
const char *host,
- unsigned int port)
+ unsigned int port,
+ const char *tls_alias)
{
int ret = -1;
virJSONValuePtr cmd = NULL;
@@ -6412,6 +6413,7 @@ qemuMonitorJSONNBDServerStart(qemuMonitorPtr mon,
if (!(cmd = qemuMonitorJSONMakeCommand("nbd-server-start",
"a:addr", &addr,
+ "S:tls-creds", tls_alias,
NULL)))
goto cleanup;
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 665da27d6d..ed5f29b20a 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -449,7 +449,8 @@ char *qemuMonitorJSONGetTargetArch(qemuMonitorPtr mon);
int qemuMonitorJSONNBDServerStart(qemuMonitorPtr mon,
const char *host,
- unsigned int port);
+ unsigned int port,
+ const char *tls_alias);
int qemuMonitorJSONNBDServerAdd(qemuMonitorPtr mon,
const char *deviceID,
bool writable);
diff --git a/tests/qemumonitorjsontest.c b/tests/qemumonitorjsontest.c
index f8d39c35ab..9a83c9a608 100644
--- a/tests/qemumonitorjsontest.c
+++ b/tests/qemumonitorjsontest.c
@@ -1350,7 +1350,7 @@ GEN_TEST_FUNC(qemuMonitorJSONBlockCommit, "vdb", "/foo/bar1", "/foo/bar2", NULL,
GEN_TEST_FUNC(qemuMonitorJSONDrivePivot, "vdb")
GEN_TEST_FUNC(qemuMonitorJSONScreendump, "/foo/bar")
GEN_TEST_FUNC(qemuMonitorJSONOpenGraphics, "spice", "spicefd", false)
-GEN_TEST_FUNC(qemuMonitorJSONNBDServerStart, "localhost", 12345)
+GEN_TEST_FUNC(qemuMonitorJSONNBDServerStart, "localhost", 12345, "test-alias")
GEN_TEST_FUNC(qemuMonitorJSONNBDServerAdd, "vda", true)
GEN_TEST_FUNC(qemuMonitorJSONDetachCharDev, "serial1")
--
2.16.2
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
