On Thu, Apr 26, 2018 at 04:51:49PM +0200, Peter Krempa wrote:
> Since libvirt is currently not able to setup the NBD migration stream
> secured by TLS we should not allow such migration since data would be
> transferred unencrypted.
>
> This will break compatibility of TLS migration if non-shared storage is
> requested but the security implications are more severe.
>
> Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
> ---
> src/qemu/qemu_migration.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
> index 3b5ba4f0a1..24ef819738 100644
> --- a/src/qemu/qemu_migration.c
> +++ b/src/qemu/qemu_migration.c
> @@ -3352,6 +3352,15 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
> if (migrate_flags & (QEMU_MONITOR_MIGRATE_NON_SHARED_DISK |
> QEMU_MONITOR_MIGRATE_NON_SHARED_INC)) {
> if (mig->nbd) {
> + /* Currently libvirt does not support setting up of the NBD
> + * non-shared storage migration with TLS. As we need to honour the
> + * VIR_MIGRATE_TLS flag, we need to reject such migration. */
You might want to reword the last sentence to be explicitly clear that:
"... reject such migration until TLS for NBD streams is implemented."
Or something like that. Your choice.
>From what I understand, what you are saying is -- today if one sets
VIR_MIGRATE_TLS flag, then libvirt will use TLS for the migration stream
but not for the NBD stream via which non-shared disks will be migrated.
You are fixing that inconsistency.
> + if (flags & VIR_MIGRATE_TLS) {
> + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> + _("NBD migration with TLS is not supported"));
> + goto error;
> + }
> +
> /* This will update migrate_flags on success */
> if (qemuMigrationSrcDriveMirror(driver, vm, mig,
> spec->dest.host.name,
> --
> 2.16.2
>
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list
--
/kashyap
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
