[libvirt] [v2] remote: Add extra parameter pkipath for URI
Daniel P. Berrange
berrange at redhat.com
Wed Jan 26 11:55:58 UTC 2011
On Mon, Jan 24, 2011 at 10:20:03PM +0800, Osier Yang wrote:
> This new parameter allows user specifies where the client
> cerficate, client key, CA certificate of x509 is, instead of
> hardcoding it. If 'pkipath' is not specified, and the user
> is not root, try to find files in $HOME/.pki, as long as one
> of client cerficate, client key, CA certificate can not be
> found, use default global location (LIBVIRT_CACERT, LIBVIRT_CLIENTCERT,
> LIBVIRT_CLIENTKEY, see src/remote/remote_driver.h)
>
> e.g.
>
> [root at Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
> error: Cannot access CA certificate '/tmp/pki/client/cacert.pem': No such file or directory
> error: failed to connect to the hypervisor
> [root at Osier client]# ls -l
> total 24
> -rwxrwxr-x. 1 root root 6424 Jan 24 21:35 a.out
> -rw-r--r--. 1 root root 1245 Jan 23 19:04 clientcert.pem
> -rw-r--r--. 1 root root 132 Jan 23 19:04 client.info
> -rw-r--r--. 1 root root 1679 Jan 23 19:04 clientkey.pem
>
> [root at Osier client]# cp /tmp/cacert.pem .
> [root at Osier client]# virsh -c qemu+tls://10.66.93.111/system?pkipath=/tmp/pki/client
> Welcome to virsh, the virtualization interactive terminal.
>
> Type: 'help' for help with commands
> 'quit' to quit
>
> virsh #
>
> * src/remote/remote_driver.c
> ---
> src/remote/remote_driver.c | 130 ++++++++++++++++++++++++++++++++++++++------
> 1 files changed, 112 insertions(+), 18 deletions(-)
ACK, looks good now.
Daniel
More information about the libvir-list
mailing list