[libvirt] [PATCH v2 00/14] Add TLS support for migration
Andrea Bolognani
abologna at redhat.com
Fri Feb 24 09:01:02 UTC 2017
On Thu, 2017-02-23 at 13:42 -0500, John Ferlan wrote:
> v1: http://www.redhat.com/archives/libvir-list/2017-February/msg00897.html
> v1 cover letter reiterated:
>
> Patches 1, 3 -> 9 are primarily quite a bit of code motion in order to allow
> reuse of the "core" of the chardev TLS code.
>
> Theoretically speaking of course, these patches should work - I don't
> have a TLS and migration environment to test with, so between following
> the qemu command model on Daniel's blog and prior experience with the
> chardev TLS would
>
> I added the saving of a flag to the private qemu domain state, although
> I'm not 100% sure it was necessary. At one time I created the source TLS
> objects during the Begin phase, but later decided to wait until just
> before the migration is run. I think the main reason to have the flag
> would be a restart of libvirtd to let 'something' know migration using
> TLS was configured. I think it may only be "necessary" in order to
> repopulate the migSecinfo after libvirtd restart, but it's not entirely
> clear. By the time I started thinking more about while writing this cover
> letter it was too late to just remove.
>
> Also rather than create the destination host TLS objects on the fly,
> I modified the command line generation. That model could change to adding
> the TLS objects once the destination is started and before the params are
> set for the migration.
>
> This 'model' is also going to be used for the NBD, but I figured I'd get
> this posted now since it was already too long of a series.
These changes are user-visible, and should be documented
in the release notes accordingly.
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list