[libvirt] [PATCH v5 4/9] qemu: Add the ability to hotplug the TLS X.509 environment

Daniel P. Berrange berrange at redhat.com
Fri Aug 5 08:23:52 UTC 2016 

On Thu, Aug 04, 2016 at 11:21:22AM -0400, John Ferlan wrote:
> If the incoming XML defined a path to a TLS X.509 certificate environment,
> add the necessary 'tls-creds-x509' object to the VIR_DOMAIN_CHR_TYPE_TCP
> character device.
> 
> Likewise, if the environment exists the hot unplug needs adjustment as
> well.  Note that all the return ret were changed to goto cleanup since
> the cfg needs to be unref'd
> 
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
>  src/conf/domain_conf.h       |  1 +
>  src/qemu/qemu_command.c      |  2 +-
>  src/qemu/qemu_command.h      |  8 ++++++
>  src/qemu/qemu_hotplug.c      | 59 ++++++++++++++++++++++++++++++++++++++------
>  src/qemu/qemu_monitor_json.c |  9 +++++++
>  5 files changed, 71 insertions(+), 8 deletions(-)
> 
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index b2e905d..b25e219 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -1091,6 +1091,7 @@ struct _virDomainChrSourceDef {
>              char *service;
>              bool listen;
>              int protocol;
> +            bool tlscreds;
>          } tcp;
>          struct {
>              char *bindHost;
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 33cc451..2295175 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -690,7 +690,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
>   *
>   * Returns 0 on success, -1 on failure with error set.
>   */
> -static int
> +int
>  qemuBuildTLSx509BackendProps(const char *tlspath,
>                               bool listen,
>                               bool verifypeer,
> diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
> index dcf9ba6..583f35d 100644
> --- a/src/qemu/qemu_command.h
> +++ b/src/qemu/qemu_command.h
> @@ -60,10 +60,18 @@ virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr driver,
>                                     const char *domainLibDir)
>      ATTRIBUTE_NONNULL(15);
>  
> +
>  /* Generate the object properties for a secret */
>  int qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
>                               virJSONValuePtr *propsret);
>  
> +/* Generate the object properties for a tls-creds-x509 */
> +int qemuBuildTLSx509BackendProps(const char *tlspath,
> +                                 bool listen,
> +                                 bool verifypeer,
> +                                 virQEMUCapsPtr qemuCaps,
> +                                 virJSONValuePtr *propsret);
> +
>  /* Generate '-device' string for chardev device */
>  int
>  qemuBuildChrDeviceStr(char **deviceStr,
> @@ -4286,32 +4318,40 @@ int qemuDomainDetachChrDevice(virQEMUDriverPtr driver,
>                                virDomainChrDefPtr chr)
>  {
>      int ret = -1;
> +    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
>      qemuDomainObjPrivatePtr priv = vm->privateData;
>      virDomainDefPtr vmdef = vm->def;
>      virDomainChrDefPtr tmpChr;
> +    char *objAlias = NULL;
>      char *devstr = NULL;
>  
>      if (!(tmpChr = virDomainChrFind(vmdef, chr))) {
>          virReportError(VIR_ERR_OPERATION_INVALID, "%s",
>                         _("device not present in domain configuration"));
> -        return ret;
> +        goto cleanup;
>      }
>  
>      if (!tmpChr->info.alias && qemuAssignDeviceChrAlias(vmdef, tmpChr, -1) < 0)
> -        return ret;
> +        goto cleanup;
>  
>      sa_assert(tmpChr->info.alias);
>  
> +    if (cfg->chardevTLS &&
> +        !(objAlias = qemuAliasTLSObjFromChardevAlias(tmpChr->info.alias)))
> +        goto cleanup;
> +
>      if (qemuBuildChrDeviceStr(&devstr, vmdef, chr, priv->qemuCaps) < 0)
> -        return ret;
> +        goto cleanup;
>  
>      qemuDomainMarkDeviceForRemoval(vm, &tmpChr->info);
>  
>      qemuDomainObjEnterMonitor(driver, vm);
> -    if (devstr && qemuMonitorDelDevice(priv->mon, tmpChr->info.alias) < 0) {
> -        ignore_value(qemuDomainObjExitMonitor(driver, vm));
> -        goto cleanup;
> -    }
> +    if (objAlias && qemuMonitorDelObject(priv->mon, objAlias) < 0)
> +        goto exit_monitor;
> +
> +    if (devstr && qemuMonitorDelDevice(priv->mon, tmpChr->info.alias) < 0)
> +        goto exit_monitor;

We should really detach the device before the tls object, due
to their dependancy order

ACK with that swapped


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list