On Wed, May 30, 2018 at 02:41:34PM +0200, Peter Krempa wrote:
Use the default TLS env if TLS is required for NBD. The rest of the implementation is rather simple since all pieces were in place. Note that separate configuration knobs in qemu.conf can be added later if it's desired to configure them. Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> --- docs/schemas/domaincommon.rng | 5 ++++ src/qemu/qemu_command.c | 5 ++++ src/qemu/qemu_domain.c | 33 ++++++++++++++++++++-- .../disk-drive-network-tlsx509.args | 9 +++++- .../disk-drive-network-tlsx509.xml | 8 ++++++ tests/qemuxml2argvtest.c | 2 +- .../disk-drive-network-tlsx509.xml | 8 ++++++ 7 files changed, 66 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index e329cdf958..db7884a9a1 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -9937,6 +9937,29 @@ qemuProcessPrepareStorageSourceTlsVxhs(virStorageSourcePtr src, } +static int +qemuProcessPrepareStorageSourceTlsNbd(virStorageSourcePtr src,
Please, TLSNBD.
+ virQEMUDriverConfigPtr cfg,
+ virQEMUCapsPtr qemuCaps)
+{
+ /* XXX: for NBD we don't have the qemu.conf knobs for private TLS env */
+ if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
+ if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NBD_TLS)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("this qemu does not support TLS transport for nbd"));
NBD
+ return -1; + } + + if (VIR_STRDUP(src->tlsCertdir, cfg->defaultTLSx509certdir) < 0) + return -1; + + src->tlsVerify = true; + } + + return 0; +} + +
Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx> Jano
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
