On 7/2/20 9:40 AM, Peter Krempa wrote:
Allow enabling TLS for the NBD server used to do pull-mode backups. Note
that documentation already mentions 'tls', so this just implements the
schema and XML bits.
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
+++ b/tests/domainbackupxml2xmlin/backup-pull-encrypted.xml
@@ -1,6 +1,6 @@
<domainbackup mode="pull">
<incremental>1525889631</incremental>
- <server transport='tcp' name='localhost' port='10809'/>
+ <server transport='tcp' tls='yes' name='localhost' port='10809'/>
So this doesn't say what files are actually feeding the TLS
configuration; the docs already mentioned 'tls', but do we need to add a
cross-reference that states when tls='yes' is in effect then the server
uses the files as configured in qemu.conf? Knowing how the server is
keyed is important for writing a client that can connect over TLS to the
server.
But the overall idea makes sense.
Reviewed-by: Eric Blake <eblake@xxxxxxxxxx>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
