[libvirt] [PATCH v6 11/13] qemu: Add TLS support for Veritas HyperScale (VxHS)

Peter Krempa pkrempa at redhat.com
Thu Aug 31 14:17:07 UTC 2017 

On Wed, Aug 30, 2017 at 18:46:11 -0400, John Ferlan wrote:
> From: Ashish Mittal <Ashish.Mittal at veritas.com>

[...]

>  src/qemu/qemu_block.c                              | 29 ++++++++++++++++++--
>  src/qemu/qemu_block.h                              |  3 +-
>  src/qemu/qemu_command.c                            | 32 +++++++++++++++++++++-
>  ...muxml2argv-disk-drive-network-tlsx509-vxhs.args | 30 ++++++++++++++++++++
>  tests/qemuxml2argvtest.c                           |  5 ++++
>  5 files changed, 94 insertions(+), 5 deletions(-)
>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.args

This won't work with disk hotplug. You either need to add code for it
to work properly or add code that specifically disables it.

> diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
> index cb765ab..5e65692 100644
> --- a/src/qemu/qemu_block.c
> +++ b/src/qemu/qemu_block.c
> @@ -18,6 +18,7 @@
>  
>  #include <config.h>
>  
> +#include "qemu_alias.h"
>  #include "qemu_block.h"
>  #include "qemu_domain.h"
>  
> @@ -484,9 +485,12 @@ qemuBlockStorageSourceGetGlusterProps(virStorageSourcePtr src)
>  
>  static virJSONValuePtr
>  qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src,
> -                                   virQEMUCapsPtr qemuCaps)
> +                                   virQEMUCapsPtr qemuCaps,
> +                                   const char *diskAlias)

As I've pointed out elsewhere, the disk alias should not be passed here,
but rather stored in the disk source structure.

>      const char *protocol = virStorageNetProtocolTypeToString(src->protocol);
> +    char *objalias = NULL;
>      virJSONValuePtr server = NULL;
>      virJSONValuePtr ret = NULL;
>  
> @@ -506,17 +510,34 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src,
>      if (!(server = qemuBlockStorageSourceBuildHostsJSONSocketAddress(src, true)))
>          return NULL;
>  
> +    if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
> +        if (!diskAlias) {
> +            virReportError(VIR_ERR_INVALID_ARG, "%s",
> +                           _("disk does not have an alias"));
> +            return NULL;
> +        }
> +
> +        if (!(objalias = qemuAliasTLSObjFromSrcAlias(diskAlias))) {
> +            virJSONValueFree(server);
> +            return NULL;
> +        }
> +    }
> +
>      /* VxHS disk specification example:
>       * { driver:"vxhs",
> +     *   [tls-creds:"objvirtio-disk0_tls0",]
>       *   vdisk-id:"eb90327c-8302-4725-4e85ed4dc251",
>       *   server:[{type:"tcp", host:"1.2.3.4", port:9999}]}
>       */
>      if (virJSONValueObjectCreate(&ret,
>                                   "s:driver", protocol,
> +                                 "S:tls-creds", objalias,
>                                   "s:vdisk-id", src->path,
>                                   "a:server", server, NULL) < 0)
>          virJSONValueFree(server);
>  
> +    VIR_FREE(objalias);
> +
>      return ret;
>  }
>  
> @@ -530,7 +551,8 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr src,
>   */
>  virJSONValuePtr
>  qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src,
> -                                      virQEMUCapsPtr qemuCaps)
> +                                      virQEMUCapsPtr qemuCaps,
> +                                      const char *diskAlias)
>  {
>      int actualType = virStorageSourceGetActualType(src);
>      virJSONValuePtr fileprops = NULL;
> @@ -553,7 +575,8 @@ qemuBlockStorageSourceGetBackendProps(virStorageSourcePtr src,
>              break;
>  
>          case VIR_STORAGE_NET_PROTOCOL_VXHS:
> -            if (!(fileprops = qemuBlockStorageSourceGetVxHSProps(src, qemuCaps)))
> +            if (!(fileprops = qemuBlockStorageSourceGetVxHSProps(src, qemuCaps,
> +                                                                 diskAlias)))
>                  goto cleanup;
>              break;
>  

[...]

> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index 3205a59..b94ed11 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -791,6 +791,32 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
>  }
>  
>  
> +/* qemuBuildDiskTLSx509CommandLine:
> + *
> + * Add TLS object if the disk uses a secure communication channel
> + *
> + * Returns 0 on success, -1 w/ error on some sort of failure.
> + */
> +static int
> +qemuBuildDiskTLSx509CommandLine(virCommandPtr cmd,
> +                                virQEMUDriverConfigPtr cfg,
> +                                virDomainDiskDefPtr disk,
> +                                virQEMUCapsPtr qemuCaps)
> +{
> +    virStorageSourcePtr src = disk->src;

Here it looks like a nice place to allocate the secret alias and set it
into disk->src.

> +
> +    /* other protocols may be added later */
> +    if (src->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS &&
> +        disk->src->haveTLS == VIR_TRISTATE_BOOL_YES) {
> +        return qemuBuildTLSx509CommandLine(cmd, cfg->vxhsTLSx509certdir,
> +                                          false, true, false,
> +                                          disk->info.alias, qemuCaps);
> +    }
> +
> +    return 0;
> +}
> +
> +
>  static char *
>  qemuBuildNetworkDriveURI(virStorageSourcePtr src,
>                           qemuDomainSecretInfoPtr secinfo)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170831/fb8acf5d/attachment-0001.sig>

More information about the libvir-list mailing list