Introduce domreload-certs virsh sub-command to notify domain reload
its specified certificates:
#virsh domreload-certs <domain> --type <type> [--flags <flags>]
Signed-off-by: Zheng Yan <yanzheng759@xxxxxxxxxx>
---
docs/manpages/virsh.rst | 15 ++++++++++
tools/virsh-domain.c | 61 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 76 insertions(+)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index ad91cd6356..33a5fdf3c0 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -1738,6 +1738,21 @@ included in the URI. If *--all* is specified, then all show all possible
graphical displays, for a VM could have more than one graphical displays.
+domreload-certs
+---------------
+
+**Syntax:**
+
+::
+ domreload-certs <domain> --type <type> [--flags <flags>]
+
+Notify an active domain reload its certificates without restart process,
+so it will avoid service interruption. *type* must be one of valid number
+from the virDomainTlsCertificateType enum in case the domain driver binary
+supports it, currently only 0 (means QEMU VNC) was supported. *flags* is a
+reserved parameter and not used yet, must be not specified or just set to 0.
+
+
domfsfreeze
-----------
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 0825f82522..3907001f5c 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -14429,6 +14429,61 @@ cmdDomDirtyRateCalc(vshControl *ctl, const vshCmd *cmd)
return ret;
}
+/**
+ * "domreload-certs" command
+ */
+static const vshCmdInfo info_domreload_certs[] = {
+ {.name = "help",
+ .data = N_("Notify domain reload its certificates")
+ },
+ {.name = "desc",
+ .data = N_("Notify domain reload its certificates with specified 'type'")
+ },
+ {.name = NULL}
+};
+
+static const vshCmdOptDef opts_domreload_certs[] = {
+ VIRSH_COMMON_OPT_DOMAIN_FULL(0),
+ {.name = "type",
+ .type = VSH_OT_INT,
+ .flags = VSH_OFLAG_REQ,
+ .help = N_("domain TLS certificate type, currently only support 0(VNC)")
+ },
+ {.name = "flags",
+ .type = VSH_OT_INT,
+ .help = N_("extern flags, not used yet, so callers should always pass 0")
+ },
+ {.name = NULL}
+};
+
+static bool
+cmdDomReloadCerts(vshControl *ctl, const vshCmd *cmd)
+{
+ virDomainPtr dom;
+ unsigned int type;
+ unsigned int flags = 0;
+ bool ret = false;
+
+ if (!(dom = virshCommandOptDomain(ctl, cmd, NULL)))
+ return ret;
+
+ if (vshCommandOptUInt(ctl, cmd, "type", &type) < 0)
+ goto cleanup;
+
+ if (vshCommandOptUInt(ctl, cmd, "flags", &flags) < 0)
+ goto cleanup;
+
+ /* params and nparams not used yet */
+ if (virDomainReloadTlsCertificates(dom, type, NULL, 0, flags) < 0)
+ goto cleanup;
+
+ ret = true;
+
+ cleanup:
+ virDomainFree(dom);
+ return ret;
+}
+
const vshCmdDef domManagementCmds[] = {
{.name = "attach-device",
@@ -15075,5 +15130,11 @@ const vshCmdDef domManagementCmds[] = {
.info = info_domdirtyrate_calc,
.flags = 0
},
+ {.name = "domreload-certs",
+ .handler = cmdDomReloadCerts,
+ .opts = opts_domreload_certs,
+ .info = info_domreload_certs,
+ .flags = 0
+ },
{.name = NULL}
};
--
2.25.1
