[libvirt] [PATCH v3 4/4] qemu: Add the ability to hotplug the TLS X.509 environment
John Ferlan
jferlan at redhat.com
Thu Jun 16 16:26:45 UTC 2016
If the incoming XML defined a path to a TLS X.509 certificate environment,
add the necessary 'tls-creds-x509' object to the VIR_DOMAIN_CHR_TYPE_TCP
character device.
Signed-off-by: John Ferlan <jferlan at redhat.com>
---
src/conf/domain_conf.h | 1 +
src/qemu/qemu_command.c | 2 +-
src/qemu/qemu_command.h | 7 +++++++
src/qemu/qemu_hotplug.c | 30 +++++++++++++++++++++++++++++-
src/qemu/qemu_monitor_json.c | 9 +++++++++
5 files changed, 47 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 15f9c80..0e07504 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1097,6 +1097,7 @@ struct _virDomainChrSourceDef {
char *service;
bool listen;
int protocol;
+ bool tlscreds;
} tcp;
struct {
char *bindHost;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 0ee07a9..36ad484 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -712,7 +712,7 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
*
* Returns 0 on success, -1 on failure with error set.
*/
-static int
+int
qemuBuildTLSx509BackendProps(const char *tlspath,
bool listen,
bool verifypeer,
diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h
index 9ff4edb..fcb720b 100644
--- a/src/qemu/qemu_command.h
+++ b/src/qemu/qemu_command.h
@@ -61,6 +61,13 @@ virCommandPtr qemuBuildCommandLine(virQEMUDriverPtr driver,
const char *domainLibDir)
ATTRIBUTE_NONNULL(15);
+/* Generate the object properties for a tls-creds-x509 */
+int qemuBuildTLSx509BackendProps(const char *tlspath,
+ bool listen,
+ bool verifypeer,
+ virQEMUCapsPtr qemuCaps,
+ virJSONValuePtr *propsret);
+
/* Generate '-device' string for chardev device */
int
qemuBuildChrDeviceStr(char **deviceStr,
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index e1c3de7..5407b3a 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1496,10 +1496,14 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
virDomainChrDefPtr chr)
{
int ret = -1, rc;
+ virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
qemuDomainObjPrivatePtr priv = vm->privateData;
virDomainDefPtr vmdef = vm->def;
char *devstr = NULL;
+ virDomainChrSourceDefPtr dev = &chr->source;
char *charAlias = NULL;
+ virJSONValuePtr props = NULL;
+ char *objAlias = NULL;
bool need_release = false;
if (chr->deviceType == VIR_DOMAIN_CHR_DEVICE_TYPE_CHANNEL &&
@@ -1523,8 +1527,26 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
if (qemuDomainChrPreInsert(vmdef, chr) < 0)
goto cleanup;
+ if (cfg->chardevTLS) {
+ if (qemuBuildTLSx509BackendProps(cfg->chardevTLSx509certdir,
+ dev->data.tcp.listen,
+ cfg->chardevTLSx509verify,
+ priv->qemuCaps,
+ &props) < 0)
+ goto cleanup;
+
+ if (virAsprintf(&objAlias, "obj%s_tls0", chr->info.alias) < 0)
+ goto cleanup;
+ dev->data.tcp.tlscreds = true;
+ }
+
qemuDomainObjEnterMonitor(driver, vm);
- if (qemuMonitorAttachCharDev(priv->mon, charAlias, &chr->source) < 0)
+
+ if (objAlias && qemuMonitorAddObject(priv->mon, "tls-creds-x509",
+ objAlias, props) < 0)
+ goto failobject;
+
+ if (qemuMonitorAttachCharDev(priv->mon, charAlias, dev) < 0)
goto failchardev;
if (qemuMonitorAddDevice(priv->mon, devstr) < 0)
@@ -1542,14 +1564,20 @@ int qemuDomainAttachChrDevice(virQEMUDriverPtr driver,
qemuDomainChrInsertPreAllocCleanup(vm->def, chr);
if (ret < 0 && need_release)
qemuDomainReleaseDeviceAddress(vm, &chr->info, NULL);
+ VIR_FREE(objAlias);
+ virJSONValueFree(props);
VIR_FREE(charAlias);
VIR_FREE(devstr);
+ virObjectUnref(cfg);
return ret;
failadddev:
/* detach associated chardev on error */
qemuMonitorDetachCharDev(priv->mon, charAlias);
failchardev:
+ /* Remove the object */
+ ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
+ failobject:
ignore_value(qemuDomainObjExitMonitor(driver, vm));
goto audit;
}
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 380ddab..703622a 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -6137,6 +6137,7 @@ qemuMonitorJSONAttachCharDevCommand(const char *chrID,
virJSONValuePtr data = NULL;
virJSONValuePtr addr = NULL;
const char *backend_type = NULL;
+ char *tlsalias = NULL;
bool telnet;
if (!(backend = virJSONValueNewObject()) ||
@@ -6182,6 +6183,13 @@ qemuMonitorJSONAttachCharDevCommand(const char *chrID,
virJSONValueObjectAppendBoolean(data, "telnet", telnet) < 0 ||
virJSONValueObjectAppendBoolean(data, "server", chr->data.tcp.listen) < 0)
goto error;
+ if (chr->data.tcp.tlscreds) {
+ if (virAsprintf(&tlsalias, "obj%s_tls0", chrID) < 0)
+ goto error;
+
+ if (virJSONValueObjectAppendString(data, "tls-creds", tlsalias) < 0)
+ goto error;
+ }
break;
case VIR_DOMAIN_CHR_TYPE_UDP:
@@ -6247,6 +6255,7 @@ qemuMonitorJSONAttachCharDevCommand(const char *chrID,
return ret;
error:
+ VIR_FREE(tlsalias);
virJSONValueFree(addr);
virJSONValueFree(data);
virJSONValueFree(backend);
--
2.5.5
More information about the libvir-list
mailing list