From nobody Tue Apr 30 23:59:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; dkim=fail spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1498788248436526.9859931275198; Thu, 29 Jun 2017 19:04:08 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E2DB8804E9; Fri, 30 Jun 2017 02:04:05 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B5C027DB45; Fri, 30 Jun 2017 02:04:05 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 94EA741F78; Fri, 30 Jun 2017 02:04:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v5U23VEV023048 for ; Thu, 29 Jun 2017 22:03:31 -0400 Received: by smtp.corp.redhat.com (Postfix) id 59B807DB46; Fri, 30 Jun 2017 02:03:31 +0000 (UTC) Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com [10.5.110.29]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A4D1D17CDE; Fri, 30 Jun 2017 02:03:29 +0000 (UTC) Received: from mail-pg0-f68.google.com (mail-pg0-f68.google.com [74.125.83.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B1B28315FB7; Fri, 30 Jun 2017 02:03:25 +0000 (UTC) Received: by mail-pg0-f68.google.com with SMTP id u62so13727937pgb.0; Thu, 29 Jun 2017 19:03:25 -0700 (PDT) Received: from localhost.localdomain.localdomain ([172.56.38.136]) by smtp.gmail.com with ESMTPSA id u194sm12741850pgb.24.2017.06.29.19.03.22 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Jun 2017 19:03:24 -0700 (PDT) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com E2DB8804E9 Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com E2DB8804E9 Authentication-Results: mx1.redhat.com; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bMkfvEec" DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B1B28315FB7 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=ashmit602@gmail.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com B1B28315FB7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=LyL2HUoEKM3NMyvTjiXCoO9ZQZbkc5ElQp8ZsyuCk8k=; b=bMkfvEecKEWhMNUVivu9u5RomiPX5UHwDEbSssBMvmOI6h21+jlRP/+HMiMvR/lcDI fT8VrBfMcfSaulGohLp6JFLgu+3g9SVROAWPUW9opZoXfENeMNfqVcRXw8eRZaCfUn/Y I+7QM78vlkKlx/fmor4XEIZfzJbZBfSad5HUkEOuLQ2JdupFakAyCLet9ngRe4IBkoxK NRhg8wH89/f+dQOP+ohmPw5QiBYeDjHWWvT3pg3FAFYHRKXKaqbRtth5K3nWX8zZ40UR LY1KnJrxN8j6tPktJdukZ70cHuEuAxbgL1EAVB4Y2lMfTRGLqpDFfDWffWBFnLkHlzD6 lJZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=LyL2HUoEKM3NMyvTjiXCoO9ZQZbkc5ElQp8ZsyuCk8k=; b=ViXo7A1uqS1z8ubk8DFgUbo9P0KpgZWiFQN/tmUWZVCM18vNgG6tS72+YPA7KmyT1F ohGWkewwOrDEQWnWK+2LKuSSqyWPWm1k9PYFS5IOH78nwLe2jMOvJci5jDtPMFspzxK3 Zu/rx5j8uwg5GviBalc07oP3Wg6YFgDAwsM7lZFsDD4mRwzCWRpmkljM4otgiX8GQeWN JXjTwyN9hAP7Oe3ksmNG1G5Ng6vh8uA0lMaOYHIELl3lMHqo1bC7uPDDuhD5VjmViQO7 jEOKiE8IxDKQvNnRjb0mtFQeEX0mcQJUJg8Iiq6CQ2oYasss8lqqB2XLPLpJrAtAKjkD WtTg== X-Gm-Message-State: AKS2vOyAE1ow+Dy8vTE5Ni9JBKB3oslsVR6izPCUuLR6vITYFiil0ruy WvGNAEUaJCh8Zr84nr4= X-Received: by 10.98.75.156 with SMTP id d28mr19548066pfj.135.1498788204669; Thu, 29 Jun 2017 19:03:24 -0700 (PDT) From: Ashish Mittal X-Google-Original-From: Ashish Mittal To: libvir-list@redhat.com, jferlan@redhat.com, pbonzini@redhat.com, berrange@redhat.com, jcody@redhat.com, ashish.mittal@veritas.com, stefanha@gmail.com, Ketan.Nilangekar@veritas.com, Nitin.Jerath@veritas.com, venkatesha.mg@veritas.com, pkrempa@redhat.com, areis@redhat.com, pchavva@redhat.com, ashmit602@gmail.com Date: Thu, 29 Jun 2017 19:02:39 -0700 Message-Id: <1498788161-46841-2-git-send-email-Ashish.Mittal@veritas.com> In-Reply-To: <1498788161-46841-1-git-send-email-Ashish.Mittal@veritas.com> References: <1498788161-46841-1-git-send-email-Ashish.Mittal@veritas.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 30 Jun 2017 02:03:26 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 30 Jun 2017 02:03:26 +0000 (UTC) for IP:'74.125.83.68' DOMAIN:'mail-pg0-f68.google.com' HELO:'mail-pg0-f68.google.com' FROM:'ashmit602@gmail.com' RCPT:'' X-RedHat-Spam-Score: 1.42 * (BAYES_50, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, RCVD_IN_SORBS_SPAM, SPF_PASS) 74.125.83.68 mail-pg0-f68.google.com 74.125.83.68 mail-pg0-f68.google.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.29 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 1/3] Add support for Veritas HyperScale (VxHS) block device protocol X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Fri, 30 Jun 2017 02:04:07 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Ashish Mittal Sample XML for a VxHS disk: eb90327c-8302-4725-9e1b-4e85ed4dc251
Signed-off-by: Ashish Mittal --- v2 changelog: (1) Added code for JSON parsing of a VxHS vdisk. (2) Added test case to verify JSON parsing. (3) Added missing switch-case checks for VIR_STORAGE_NET_PROTOCOL_VXHS. (4) Fixed line wrap in qemuxml2argv-disk-drive-network-vxhs.args. v3 changelog: (1) Implemented the modern syntax for VxHS disk specification. (2) Changed qemuxml2argvdata VxHS test case to verify the new syntax. (3) Added a negative test case to check failure when multiple hosts are specified for a VxHS disk. v4 changelog: (1) Fixes per review comments from v3. (2) Had to remove a test from the previous version that checked for error when multiple hosts are specified for VxHS device. This started failing virschematest with the error "XML document failed to validate against schema" as the docs/schemas/domain.rng specifies only a single host. docs/formatdomain.html.in | 15 ++++- docs/schemas/domaincommon.rng | 13 ++++ src/libxl/libxl_conf.c | 1 + src/qemu/qemu_command.c | 70 ++++++++++++++++++= ++++ src/qemu/qemu_driver.c | 3 + src/qemu/qemu_parse_command.c | 25 ++++++++ src/util/virstoragefile.c | 64 ++++++++++++++++++= +- src/util/virstoragefile.h | 1 + src/xenconfig/xen_xl.c | 1 + .../qemuargv2xml-disk-drive-network-vxhs-fail.args | 24 ++++++++ tests/qemuargv2xmltest.c | 17 +++++- .../qemuxml2argv-disk-drive-network-vxhs.args | 25 ++++++++ .../qemuxml2argv-disk-drive-network-vxhs.xml | 34 +++++++++++ tests/qemuxml2argvtest.c | 1 + tests/virstoragetest.c | 19 ++++++ 15 files changed, 308 insertions(+), 5 deletions(-) create mode 100644 tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-= vxhs-fail.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= vxhs.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= vxhs.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 36bea67..62d67f4 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2501,9 +2501,9 @@
The protocol attribute specifies the protocol to access to the requested image. Possible values are "nbd", - "iscsi", "rbd", "sheepdog" or "gluster". If the - protocol attribute is "rbd", "sheepdog" or - "gluster", an additional attribute name is + "iscsi", "rbd", "sheepdog", "gluster" or "vxhs". If the + protocol attribute is "rbd", "sheepdog", "glust= er" + or "vxhs", an additional attribute name is mandatory to specify which volume/image will be used. For "n= bd", the name attribute is optional. For "iscsi" (since 1.0.4), the name @@ -2511,6 +2511,9 @@ target's name by a slash (e.g., iqn.2013-07.com.example:iscsi-pool/1). If not specified, the default LUN is zero. + For "vxhs" (since 3.3.0), the + name is the UUID of the volume, assigned by the + HyperScale sever. Since 0.8.7
volume
@@ -2613,6 +2616,12 @@ one or more (Since 2.1.0= ), just one prior to that 24007 + + vxhs + a server running Veritas HyperScale daemon + only one + 9999 +

gluster supports "tcp", "rdma", "unix" as valid values for the diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index bdf7103..7525a2a 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1613,6 +1613,18 @@ =20 + + + + + vxhs + + + + + + + network @@ -1623,6 +1635,7 @@ + =20 diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index 938e09d..f12c796 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -665,6 +665,7 @@ libxlMakeNetworkDiskSrcStr(virStorageSourcePtr src, case VIR_STORAGE_NET_PROTOCOL_GLUSTER: case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG: case VIR_STORAGE_NET_PROTOCOL_SSH: + case VIR_STORAGE_NET_PROTOCOL_VXHS: case VIR_STORAGE_NET_PROTOCOL_LAST: case VIR_STORAGE_NET_PROTOCOL_NONE: virReportError(VIR_ERR_NO_SUPPORT, diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index c53ab97..8e00782 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -524,6 +524,7 @@ qemuNetworkDriveGetPort(int protocol, return 0; =20 case VIR_STORAGE_NET_PROTOCOL_RBD: + case VIR_STORAGE_NET_PROTOCOL_VXHS: case VIR_STORAGE_NET_PROTOCOL_LAST: case VIR_STORAGE_NET_PROTOCOL_NONE: /* not applicable */ @@ -931,6 +932,65 @@ qemuBuildGlusterDriveJSON(virStorageSourcePtr src) } =20 =20 +#define QEMU_DEFAULT_VXHS_PORT "9999" + +/* Build the VxHS host object */ +static virJSONValuePtr +qemuBuildVxHSDriveJSONHost(virStorageSourcePtr src) +{ + virJSONValuePtr server =3D NULL; + virStorageNetHostDefPtr host; + const char *portstr; + + if (src->nhosts !=3D 1) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("protocol VxHS accepts only one host")); + goto cleanup; + } + + host =3D src->hosts; + portstr =3D host->port; + + if (!portstr) + portstr =3D QEMU_DEFAULT_VXHS_PORT; + + if (virJSONValueObjectCreate(&server, + "s:host", host->name, + "s:port", portstr, + NULL) < 0) + server =3D NULL; + + cleanup: + return server; +} + + +static virJSONValuePtr +qemuBuildVxHSDriveJSON(virStorageSourcePtr src) +{ + const char *protocol =3D virStorageNetProtocolTypeToString(src->protoc= ol); + virJSONValuePtr server =3D NULL; + virJSONValuePtr ret =3D NULL; + + if (!(server =3D qemuBuildVxHSDriveJSONHost(src))) + return NULL; + + /* VxHS disk specification example: + * { driver:"vxhs", + * vdisk-id:"eb90327c-8302-4725-4e85ed4dc251", + * server.host:"1.2.3.4", + * server.port:1234} + */ + if (virJSONValueObjectCreate(&ret, + "s:driver", protocol, + "s:vdisk-id", src->path, + "a:server", server, NULL) < 0) + virJSONValueFree(server); + + return ret; +} + + static char * qemuBuildNetworkDriveURI(virStorageSourcePtr src, qemuDomainSecretInfoPtr secinfo) @@ -1136,6 +1196,11 @@ qemuBuildNetworkDriveStr(virStorageSourcePtr src, ret =3D virBufferContentAndReset(&buf); break; =20 + case VIR_STORAGE_NET_PROTOCOL_VXHS: + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'VxHS' protocol does not support URI syntax"= )); + goto cleanup; + case VIR_STORAGE_NET_PROTOCOL_SSH: virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("'ssh' protocol is not yet supported")); @@ -1180,6 +1245,11 @@ qemuGetDriveSourceProps(virStorageSourcePtr src, if (!(fileprops =3D qemuBuildGlusterDriveJSON(src))) return -1; } + + if (src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_VXHS) { + if (!(fileprops =3D qemuBuildVxHSDriveJSON(src))) + return -1; + } break; } =20 diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index cdb727b..d43de69 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -13683,6 +13683,7 @@ qemuDomainSnapshotPrepareDiskExternalBackingInactiv= e(virDomainDiskDefPtr disk) case VIR_STORAGE_NET_PROTOCOL_FTPS: case VIR_STORAGE_NET_PROTOCOL_TFTP: case VIR_STORAGE_NET_PROTOCOL_SSH: + case VIR_STORAGE_NET_PROTOCOL_VXHS: case VIR_STORAGE_NET_PROTOCOL_LAST: virReportError(VIR_ERR_INTERNAL_ERROR, _("external inactive snapshots are not supporte= d on " @@ -13746,6 +13747,7 @@ qemuDomainSnapshotPrepareDiskExternalOverlayActive(= virDomainSnapshotDiskDefPtr d case VIR_STORAGE_NET_PROTOCOL_FTPS: case VIR_STORAGE_NET_PROTOCOL_TFTP: case VIR_STORAGE_NET_PROTOCOL_SSH: + case VIR_STORAGE_NET_PROTOCOL_VXHS: case VIR_STORAGE_NET_PROTOCOL_LAST: virReportError(VIR_ERR_INTERNAL_ERROR, _("external active snapshots are not supported = on " @@ -13891,6 +13893,7 @@ qemuDomainSnapshotPrepareDiskInternal(virConnectPtr= conn, case VIR_STORAGE_NET_PROTOCOL_FTPS: case VIR_STORAGE_NET_PROTOCOL_TFTP: case VIR_STORAGE_NET_PROTOCOL_SSH: + case VIR_STORAGE_NET_PROTOCOL_VXHS: case VIR_STORAGE_NET_PROTOCOL_LAST: virReportError(VIR_ERR_INTERNAL_ERROR, _("internal inactive snapshots are not supporte= d on " diff --git a/src/qemu/qemu_parse_command.c b/src/qemu/qemu_parse_command.c index af9063c..aa15225 100644 --- a/src/qemu/qemu_parse_command.c +++ b/src/qemu/qemu_parse_command.c @@ -263,6 +263,17 @@ qemuParseNBDString(virDomainDiskDefPtr disk) return -1; } =20 +static int +qemuParseVxHSString(virDomainDiskDefPtr def) +{ + virURIPtr uri =3D NULL; + + if (!(uri =3D virURIParse(def->src->path))) + return -1; + + return qemuParseDriveURIString(def, uri, "vxhs"); +} + =20 /* * This method takes a string representing a QEMU command line ARGV set @@ -737,6 +748,11 @@ qemuParseCommandLineDisk(virDomainXMLOptionPtr xmlopt, if (VIR_STRDUP(def->src->path, vdi) < 0) goto error; } + } else if (STRPREFIX(def->src->path, "vxhs:")) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("VxHS protocol does not support URI s= yntax '%s'"), + def->src->path); + goto error; } else { def->src->type =3D VIR_STORAGE_TYPE_FILE; } @@ -1945,6 +1961,10 @@ qemuParseCommandLine(virCapsPtr caps, disk->src->type =3D VIR_STORAGE_TYPE_NETWORK; disk->src->protocol =3D VIR_STORAGE_NET_PROTOCOL_SHEEPDOG; val +=3D strlen("sheepdog:"); + } else if (STRPREFIX(val, "vxhs:")) { + disk->src->type =3D VIR_STORAGE_TYPE_NETWORK; + disk->src->protocol =3D VIR_STORAGE_NET_PROTOCOL_VXHS; + val +=3D strlen("vxhs:"); } else { disk->src->type =3D VIR_STORAGE_TYPE_FILE; } @@ -2021,6 +2041,11 @@ qemuParseCommandLine(virCapsPtr caps, goto error; =20 break; + case VIR_STORAGE_NET_PROTOCOL_VXHS: + if (qemuParseVxHSString(disk) < 0) + goto error; + + break; case VIR_STORAGE_NET_PROTOCOL_HTTP: case VIR_STORAGE_NET_PROTOCOL_HTTPS: case VIR_STORAGE_NET_PROTOCOL_FTP: diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index f0ed5c6..eb36694 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -85,7 +85,8 @@ VIR_ENUM_IMPL(virStorageNetProtocol, VIR_STORAGE_NET_PROT= OCOL_LAST, "ftp", "ftps", "tftp", - "ssh") + "ssh", + "vxhs") =20 VIR_ENUM_IMPL(virStorageNetHostTransport, VIR_STORAGE_NET_HOST_TRANS_LAST, "tcp", @@ -2719,6 +2720,7 @@ virStorageSourceParseBackingColon(virStorageSourcePtr= src, case VIR_STORAGE_NET_PROTOCOL_ISCSI: case VIR_STORAGE_NET_PROTOCOL_GLUSTER: case VIR_STORAGE_NET_PROTOCOL_SSH: + case VIR_STORAGE_NET_PROTOCOL_VXHS: virReportError(VIR_ERR_INTERNAL_ERROR, _("malformed backing store path for protocol %s"), protocol); @@ -3219,6 +3221,65 @@ virStorageSourceParseBackingJSONRaw(virStorageSource= Ptr src, return virStorageSourceParseBackingJSONInternal(src, json); } =20 +#define QEMU_DEFAULT_VXHS_PORT "9999" + +static int +virStorageSourceParseBackingJSONVxHS(virStorageSourcePtr src, + virJSONValuePtr json, + int opaque ATTRIBUTE_UNUSED) +{ + const char *uri =3D virJSONValueObjectGetString(json, "filename"); + const char *vdisk_id =3D virJSONValueObjectGetString(json, "vdisk-id"); + virJSONValuePtr server =3D virJSONValueObjectGetObject(json, "server"); + const char *hostname; + const char *port; + + /* Check for legacy URI based syntax passed via 'filename' option */ + if (uri) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("'VxHS' protocol does not support URI syntax")); + return -1; + } + + if (!vdisk_id || !server) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("missing 'vdisk-id' or 'server' attribute in " + "JSON backing definition for VxHS volume")); + return -1; + } + + hostname =3D virJSONValueObjectGetString(server, "host"); + port =3D virJSONValueObjectGetString(server, "port"); + + if (!hostname) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("missing hostname for tcp backing server in " + "JSON backing definition for VxHS volume")); + return -1; + } + + if (!port) + port =3D QEMU_DEFAULT_VXHS_PORT; + + src->type =3D VIR_STORAGE_TYPE_NETWORK; + src->protocol =3D VIR_STORAGE_NET_PROTOCOL_VXHS; + + if (VIR_STRDUP(src->path, vdisk_id) < 0) + return -1; + + if (VIR_ALLOC_N(src->hosts, 1) < 0) + return -1; + src->nhosts =3D 1; + + src->hosts[0].transport =3D VIR_STORAGE_NET_HOST_TRANS_TCP; + + if (VIR_STRDUP(src->hosts[0].name, hostname) < 0 || + VIR_STRDUP(src->hosts[0].port, port) < 0) + return -1; + + return 0; +} + struct virStorageSourceJSONDriverParser { const char *drvname; int (*func)(virStorageSourcePtr src, virJSONValuePtr json, int opaque); @@ -3241,6 +3302,7 @@ static const struct virStorageSourceJSONDriverParser = jsonParsers[] =3D { {"ssh", virStorageSourceParseBackingJSONSSH, 0}, {"rbd", virStorageSourceParseBackingJSONRBD, 0}, {"raw", virStorageSourceParseBackingJSONRaw, 0}, + {"vxhs", virStorageSourceParseBackingJSONVxHS, 0}, }; =20 =20 diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index 0bff867..0b6e409 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -134,6 +134,7 @@ typedef enum { VIR_STORAGE_NET_PROTOCOL_FTPS, VIR_STORAGE_NET_PROTOCOL_TFTP, VIR_STORAGE_NET_PROTOCOL_SSH, + VIR_STORAGE_NET_PROTOCOL_VXHS, =20 VIR_STORAGE_NET_PROTOCOL_LAST } virStorageNetProtocol; diff --git a/src/xenconfig/xen_xl.c b/src/xenconfig/xen_xl.c index cac440c..8bd6f3e 100644 --- a/src/xenconfig/xen_xl.c +++ b/src/xenconfig/xen_xl.c @@ -1024,6 +1024,7 @@ xenFormatXLDiskSrcNet(virStorageSourcePtr src) case VIR_STORAGE_NET_PROTOCOL_GLUSTER: case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG: case VIR_STORAGE_NET_PROTOCOL_SSH: + case VIR_STORAGE_NET_PROTOCOL_VXHS: case VIR_STORAGE_NET_PROTOCOL_LAST: case VIR_STORAGE_NET_PROTOCOL_NONE: virReportError(VIR_ERR_NO_SUPPORT, diff --git a/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-vxhs-fa= il.args b/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-vxhs-fail.= args new file mode 100644 index 0000000..f6e3e37 --- /dev/null +++ b/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-vxhs-fail.args @@ -0,0 +1,24 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/libexec/qemu-kvm \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-cpu qemu32 \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ +-no-acpi \ +-boot c \ +-usb \ +-drive file=3Dvxhs://192.168.0.1:9999/eb90327c-8302-4725-9e1b-4e85ed4dc251= ,\ +format=3Draw,if=3Dnone,id=3Ddrive-virtio-disk0,cache=3Dnone \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 diff --git a/tests/qemuargv2xmltest.c b/tests/qemuargv2xmltest.c index 1adbcfe..fc15714 100644 --- a/tests/qemuargv2xmltest.c +++ b/tests/qemuargv2xmltest.c @@ -50,6 +50,7 @@ static int testSanitizeDef(virDomainDefPtr vmdef) =20 typedef enum { FLAG_EXPECT_WARNING =3D 1 << 0, + FLAG_EXPECT_FAIL =3D 1 << 1, } virQemuXML2ArgvTestFlags; =20 static int testCompareXMLToArgvFiles(const char *xmlfile, @@ -67,7 +68,16 @@ static int testCompareXMLToArgvFiles(const char *xmlfile, =20 if (!(vmdef =3D qemuParseCommandLineString(driver.caps, driver.xmlopt, cmd, NULL, NULL, NULL))) - goto fail; + { + if (flags & FLAG_EXPECT_FAIL) { + if (virTestLogContentAndReset() =3D=3D NULL) + goto fail; + + VIR_TEST_DEBUG("Got expected error from " + "qemuParseCommandLineString:\n"); + goto out; + } + } =20 if (!virTestOOMActive()) { if ((log =3D virTestLogContentAndReset()) =3D=3D NULL) @@ -106,6 +116,7 @@ static int testCompareXMLToArgvFiles(const char *xmlfil= e, if (virTestCompareToFile(actualxml, xmlfile) < 0) goto fail; =20 + out: ret =3D 0; =20 fail: @@ -166,6 +177,9 @@ mymain(void) # define DO_TEST(name) \ DO_TEST_FULL(name, 0) =20 +# define DO_TEST_FAIL(name) \ + DO_TEST_FULL(name, FLAG_EXPECT_FAIL) + setenv("PATH", "/bin", 1); setenv("USER", "test", 1); setenv("LOGNAME", "test", 1); @@ -220,6 +234,7 @@ mymain(void) /* older format using CEPH_ARGS env var */ DO_TEST("disk-drive-network-rbd-ceph-env"); DO_TEST("disk-drive-network-sheepdog"); + DO_TEST_FAIL("disk-drive-network-vxhs-fail"); DO_TEST("disk-usb"); DO_TEST("graphics-vnc"); DO_TEST("graphics-vnc-socket"); diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-vxhs.ar= gs b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-vxhs.args new file mode 100644 index 0000000..41dffff --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-vxhs.args @@ -0,0 +1,25 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-cpu qemu32 \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ +-no-acpi \ +-boot c \ +-usb \ +-drive file.driver=3Dvxhs,file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4d= c251,\ +file.server.host=3D192.168.0.1,file.server.port=3D9999,format=3Draw,if=3Dn= one,\ +id=3Ddrive-virtio-disk0,cache=3Dnone \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-vxhs.xm= l b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-vxhs.xml new file mode 100644 index 0000000..a488770 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-vxhs.xml @@ -0,0 +1,34 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + eb90327c-8302-4725-9e1b-4e85ed4dc251 + +

+ + + + + + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 27eea70..0a1ef01 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -903,6 +903,7 @@ mymain(void) # endif DO_TEST("disk-drive-network-rbd-ipv6", NONE); DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE); + DO_TEST("disk-drive-network-vxhs", NONE); DO_TEST("disk-drive-no-boot", QEMU_CAPS_BOOTINDEX); DO_TEST_PARSE_ERROR("disk-device-lun-type-invalid", diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index f344083..3a4e03b 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -1575,6 +1575,25 @@ mymain(void) "\n" " \n" "\n"); + TEST_BACKING_PARSE("json:{ \"file\": { " + "\"driver\": \"raw\"," + "\"file\": {" + "\"driver\": \"file\"," + "\"filename\": \"/path/to/file\" } } }= ", + "\n"); + TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"vxhs\"," + "\"vdisk-id\":\"c6718f6b-0401-441d-= a8c3-1f0064d75ee0\"," + "\"server\": { \"host\":\"example.c= om\"," + "\"port\":\"1234\"" + "}" + "}" + "}", + "\n" + " \n" + "\n"); + TEST_BACKING_PARSE("json:{\"file.driver\":\"vxhs\"," + "\"file.filename\":\"vxhs://192.168.0.1:9999/= c6718f6b-0401-441d-a8c3-1f0064d75ee0\"" + "}", NULL); #endif /* WITH_YAJL */ =20 cleanup: --=20 2.5.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Tue Apr 30 23:59:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; dkim=fail spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1498788240783960.3873347528964; Thu, 29 Jun 2017 19:04:00 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4573E85541; Fri, 30 Jun 2017 02:03:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ED0B47E59C; Fri, 30 Jun 2017 02:03:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 55C6141F50; Fri, 30 Jun 2017 02:03:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v5U23VYe023050 for ; Thu, 29 Jun 2017 22:03:31 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5D8C57DB4D; Fri, 30 Jun 2017 02:03:31 +0000 (UTC) Received: from mx1.redhat.com (ext-mx10.extmail.prod.ext.phx2.redhat.com [10.5.110.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4C2B67D535; Fri, 30 Jun 2017 02:03:30 +0000 (UTC) Received: from mail-pg0-f67.google.com (mail-pg0-f67.google.com [74.125.83.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B79AA5F795; Fri, 30 Jun 2017 02:03:27 +0000 (UTC) Received: by mail-pg0-f67.google.com with SMTP id f127so13707149pgc.2; Thu, 29 Jun 2017 19:03:27 -0700 (PDT) Received: from localhost.localdomain.localdomain ([172.56.38.136]) by smtp.gmail.com with ESMTPSA id u194sm12741850pgb.24.2017.06.29.19.03.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Jun 2017 19:03:26 -0700 (PDT) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4573E85541 Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ext-mx04.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 4573E85541 Authentication-Results: mx1.redhat.com; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Ahpv5X+u" DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B79AA5F795 Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=ashmit602@gmail.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com B79AA5F795 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=gjCl0deVy8keZyOk54QhzWcimeyL4bAFNCzBxB1u4Wk=; b=Ahpv5X+uj9r0QTW31e/A7Py5WVXeUmoGdaY5m72nQeijRviaDAC5htS53ThnXfvWpD 1IADNX30gadpSeW00Rkl0zJqx0YYq78Q0yfq7CBnlNASJB7fGR+sFcZTyB1F3BiUrNhQ 0IcQn/vWreYJWdeZHfEm71mn2lrXogrJ3jzu+CXPb1txCKygXNkPAKqJhSLGfl21Kzt2 sIxX36AKxwWSazRaxIzKYqOpZBcTo60Ca8vyz2d2Ar99G1uBYfu5X/ZpfcDyNNzW21aE Mh1jDR5qMaVrhChfPVL7Ap3Fiz7eE4zEuZ8RePNk1rR5iOXWJUMWhd3MArNJaVR4cbu1 peRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=gjCl0deVy8keZyOk54QhzWcimeyL4bAFNCzBxB1u4Wk=; b=GQ6c+R3Tm/2H8x98Y0bmH43LNaSxEtovM4UWG3O4cXWTqF27ULjZggcPwWRBxh6vfc C1hlLPCm/eb9Hej3MoB/jRCyzXCwGH6CXhLaWugvdHCNEPQcEkTviZJDG8FduGgMzR3O Y0msA3arhMvdHXrXauhQ9pOETrvcuYMSkxtNa2QtifHXXsv287MAQS/a/T8Ha5/IjjZw 5Myd4v1wUioMJGAJLdeX07FZMOfdrfRwCarP46Sg9vb1Ian5QugB54AZpMQ9uSpPThko 1alTbVh0UNWnOBZMAxSeY/bvNtaBfSwC34CP5fpdBKSTgZXbGcEhQKh+hZx8l7rl0tky gjrg== X-Gm-Message-State: AKS2vOzFefyG91WwuEZXKgNPY27UHmhx46vyvKyJm1oBNyNZO1h9pkaW zvz26fwBtJfDcmNgXYM= X-Received: by 10.98.72.194 with SMTP id q63mr19973388pfi.23.1498788206851; Thu, 29 Jun 2017 19:03:26 -0700 (PDT) From: Ashish Mittal X-Google-Original-From: Ashish Mittal To: libvir-list@redhat.com, jferlan@redhat.com, pbonzini@redhat.com, berrange@redhat.com, jcody@redhat.com, ashish.mittal@veritas.com, stefanha@gmail.com, Ketan.Nilangekar@veritas.com, Nitin.Jerath@veritas.com, venkatesha.mg@veritas.com, pkrempa@redhat.com, areis@redhat.com, pchavva@redhat.com, ashmit602@gmail.com Date: Thu, 29 Jun 2017 19:02:40 -0700 Message-Id: <1498788161-46841-3-git-send-email-Ashish.Mittal@veritas.com> In-Reply-To: <1498788161-46841-1-git-send-email-Ashish.Mittal@veritas.com> References: <1498788161-46841-1-git-send-email-Ashish.Mittal@veritas.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 30 Jun 2017 02:03:28 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 30 Jun 2017 02:03:28 +0000 (UTC) for IP:'74.125.83.67' DOMAIN:'mail-pg0-f67.google.com' HELO:'mail-pg0-f67.google.com' FROM:'ashmit602@gmail.com' RCPT:'' X-RedHat-Spam-Score: 1.42 * (BAYES_50, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, RCVD_IN_SORBS_SPAM, SPF_PASS) 74.125.83.67 mail-pg0-f67.google.com 74.125.83.67 mail-pg0-f67.google.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.39 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 2/3] conf: Introduce TLS options for VxHS block device clients X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Fri, 30 Jun 2017 02:03:59 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Ashish Mittal Add a new TLS X.509 certificate type - "vxhs". This will handle the creation of a TLS certificate capability for properly configured VxHS network block device clients. Signed-off-by: Ashish Mittal --- Changelog: (1) Add two new options in /etc/libvirt/qemu.conf to control TLS behavior with VxHS block devices "vxhs_tls" and "vxhs_tls_x509_cert_dir". (2) Setting "vxhs_tls=3D1" in /etc/libvirt/qemu.conf will enable TLS for VxHS block devices. (3) "vxhs_tls_x509_cert_dir" can be set to the full path where the TLS certificates and keys are saved. If this value is missing, the "default_tls_x509_cert_dir" will be used instead. src/qemu/libvirtd_qemu.aug | 4 ++++ src/qemu/qemu.conf | 23 +++++++++++++++++++++++ src/qemu/qemu_conf.c | 7 +++++++ src/qemu/qemu_conf.h | 3 +++ src/qemu/test_libvirtd_qemu.aug.in | 2 ++ 5 files changed, 39 insertions(+) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index e1983d1..c19bf3a 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -115,6 +115,9 @@ module Libvirtd_qemu =3D =20 let memory_entry =3D str_entry "memory_backing_dir" =20 + let vxhs_entry =3D bool_entry "vxhs_tls" + | str_entry "vxhs_tls_x509_cert_dir" + (* Each entry in the config is one of the following ... *) let entry =3D default_tls_entry | vnc_entry @@ -133,6 +136,7 @@ module Libvirtd_qemu =3D | nvram_entry | gluster_debug_level_entry | memory_entry + | vxhs_entry =20 let comment =3D [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \= t\n][^\n]*)?/ . del /\n/ "\n" ] let empty =3D [ label "#empty" . eol ] diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index e6c0832..83c2377 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -250,6 +250,29 @@ #chardev_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000" =20 =20 +# Enable use of TLS encryption on the VxHS network block devices. +# +# When the VxHS network block device server is set up appropriately, +# x509 certificates are used for authentication between the clients +# (qemu processes) and the remote VxHS server. +# +# It is necessary to setup CA and issue client and server certificates +# before enabling this. +# +#vxhs_tls =3D 1 + + +# In order to override the default TLS certificate location for VxHS +# device TCP certificates, supply a valid path to the certificate director= y. +# This is used to authenticate the VxHS block device clients to the VxHS +# server. +# +# If the provided path does not exist then the default_tls_x509_cert_dir +# path will be used. +# +#vxhs_tls_x509_cert_dir =3D "/etc/pki/libvirt-vxhs" + + # In order to override the default TLS certificate location for migration # certificates, supply a valid path to the certificate directory. If the # provided path does not exist then the default_tls_x509_cert_dir path diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 73c33d6..f3813d4 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -280,6 +280,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool priv= ileged) SET_TLS_X509_CERT_DEFAULT(spice); SET_TLS_X509_CERT_DEFAULT(chardev); SET_TLS_X509_CERT_DEFAULT(migrate); + SET_TLS_X509_CERT_DEFAULT(vxhs); =20 #undef SET_TLS_X509_CERT_DEFAULT =20 @@ -395,6 +396,8 @@ static void virQEMUDriverConfigDispose(void *obj) VIR_FREE(cfg->chardevTLSx509certdir); VIR_FREE(cfg->chardevTLSx509secretUUID); =20 + VIR_FREE(cfg->vxhsTLSx509certdir); + VIR_FREE(cfg->migrateTLSx509certdir); VIR_FREE(cfg->migrateTLSx509secretUUID); =20 @@ -533,6 +536,10 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr= cfg, goto cleanup; if (virConfGetValueBool(conf, "spice_auto_unix_socket", &cfg->spiceAut= oUnixSocket) < 0) goto cleanup; + if (virConfGetValueBool(conf, "vxhs_tls", &cfg->vxhsTLS) < 0) + goto cleanup; + if (virConfGetValueString(conf, "vxhs_tls_x509_cert_dir", &cfg->vxhsTL= Sx509certdir) < 0) + goto cleanup; =20 #define GET_CONFIG_TLS_CERTINFO(val) = \ do { = \ diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 1407eef..96c0225 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -201,6 +201,9 @@ struct _virQEMUDriverConfig { unsigned int glusterDebugLevel; =20 char *memoryBackingDir; + + bool vxhsTLS; + char *vxhsTLSx509certdir; }; =20 /* Main driver state */ diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index 3e317bc..dfe88f4 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -25,6 +25,8 @@ module Test_libvirtd_qemu =3D { "chardev_tls_x509_cert_dir" =3D "/etc/pki/libvirt-chardev" } { "chardev_tls_x509_verify" =3D "1" } { "chardev_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000= " } +{ "vxhs_tls" =3D "1" } +{ "vxhs_tls_x509_cert_dir" =3D "/etc/pki/libvirt-vxhs" } { "migrate_tls_x509_cert_dir" =3D "/etc/pki/libvirt-migrate" } { "migrate_tls_x509_verify" =3D "1" } { "migrate_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000= " } --=20 2.5.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Tue Apr 30 23:59:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zoho.com; dkim=fail spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1498788295259513.1955039652436; Thu, 29 Jun 2017 19:04:55 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5232CEB9CB; Fri, 30 Jun 2017 02:04:53 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2D1A47E67D; Fri, 30 Jun 2017 02:04:53 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CBCAF1853E2F; Fri, 30 Jun 2017 02:04:52 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v5U23ZGT023079 for ; Thu, 29 Jun 2017 22:03:35 -0400 Received: by smtp.corp.redhat.com (Postfix) id 166E07E67E; Fri, 30 Jun 2017 02:03:35 +0000 (UTC) Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com [10.5.110.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 410247E679; Fri, 30 Jun 2017 02:03:33 +0000 (UTC) Received: from mail-pg0-f68.google.com (mail-pg0-f68.google.com [74.125.83.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D6B17DAD10; Fri, 30 Jun 2017 02:03:30 +0000 (UTC) Received: by mail-pg0-f68.google.com with SMTP id j186so13715722pge.1; Thu, 29 Jun 2017 19:03:30 -0700 (PDT) Received: from localhost.localdomain.localdomain ([172.56.38.136]) by smtp.gmail.com with ESMTPSA id u194sm12741850pgb.24.2017.06.29.19.03.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 29 Jun 2017 19:03:29 -0700 (PDT) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 5232CEB9CB Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=libvir-list-bounces@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 5232CEB9CB Authentication-Results: mx1.redhat.com; dkim=fail reason="signature verification failed" (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VxFsMwYe" DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D6B17DAD10 Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=ashmit602@gmail.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com D6B17DAD10 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=UR2Vv7O3dBzU6QsSbUY6j3/WMs2yhLyfsFMcW2cMJNI=; b=VxFsMwYeXSu+3yDwYE3l6E/kuoeIQIbON9ItpgpxyesG1Pkd8PjkwxFeqbCbcBUpto CjDr6MMwxTAsUcIg5IGPrH5SvdwsTi8+g/qPOL8Jxo+LTuuCsl44tbH3q+FNoQuz/Hpq 6/Oa08aHX1dDlJyCEIprhwO3g2Vymoj7urZNkFLuu9aD7c/rH6SkW7ZTi97aCR5lrdxC N40p633To4155T7gG/2FtYO/MQXpOB6rBFAcXW2pLiPmwsOEWEMV718v2EBIPtLfzdh+ 1mHmfobnwrivzLyMByvUxeI1oar6mUjqE7iYfcMwZTrwNj3VM1gH2Agib1Zh8Ml/ZQbu KGOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=UR2Vv7O3dBzU6QsSbUY6j3/WMs2yhLyfsFMcW2cMJNI=; b=KP6K8DI+O/wW0zu1plmWYjwwGmdH9vAKNkcdyRVmvqJtZs1M/WlXgloSVUyujfmXFZ YufyfGLryZVeTSaz/aR1AuI0+XrkUV9GxCZhgMaLqnqpr+ClcxRxQIy7RooofndnduvR SBHhTlTeg2KQZxjaRVpkj0O7wQR8n3nb+ldX4ljKE6aM/By/Y1afOrECfWz80H3vJFFc YyF/PzgjHq7oYa72DlBHHbHYKH+aGMeFa7KtSV7jr191CRI3/8c8fP3VsYc4BOjpb1V5 zTjlwhC6XPkDCx1LIYawlQZibeYBePjbK9OVIzfGzWMI5h47y/hr3HW5V5w4KWAxhQuG 0Cvg== X-Gm-Message-State: AKS2vOxLHaMwg8qShz3QgEUeI5WOGp3YjBHc/EPn+fhUVVOmU/UK9M1r 9EKlWzPe0OHwMTh5ZsY= X-Received: by 10.98.220.218 with SMTP id c87mr5414465pfl.73.1498788209751; Thu, 29 Jun 2017 19:03:29 -0700 (PDT) From: Ashish Mittal X-Google-Original-From: Ashish Mittal To: libvir-list@redhat.com, jferlan@redhat.com, pbonzini@redhat.com, berrange@redhat.com, jcody@redhat.com, ashish.mittal@veritas.com, stefanha@gmail.com, Ketan.Nilangekar@veritas.com, Nitin.Jerath@veritas.com, venkatesha.mg@veritas.com, pkrempa@redhat.com, areis@redhat.com, pchavva@redhat.com, ashmit602@gmail.com Date: Thu, 29 Jun 2017 19:02:41 -0700 Message-Id: <1498788161-46841-4-git-send-email-Ashish.Mittal@veritas.com> In-Reply-To: <1498788161-46841-1-git-send-email-Ashish.Mittal@veritas.com> References: <1498788161-46841-1-git-send-email-Ashish.Mittal@veritas.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Fri, 30 Jun 2017 02:03:31 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Fri, 30 Jun 2017 02:03:31 +0000 (UTC) for IP:'74.125.83.68' DOMAIN:'mail-pg0-f68.google.com' HELO:'mail-pg0-f68.google.com' FROM:'ashmit602@gmail.com' RCPT:'' X-RedHat-Spam-Score: 1.42 * (BAYES_50, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, RCVD_IN_SORBS_SPAM, SPF_PASS) 74.125.83.68 mail-pg0-f68.google.com 74.125.83.68 mail-pg0-f68.google.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.26 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v4 3/3] Add TLS support for Veritas HyperScale (VxHS) block device protocol X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Fri, 30 Jun 2017 02:04:53 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Ashish Mittal The following describes the behavior of TLS for VxHS block device: (1) Two new options have been added in /etc/libvirt/qemu.conf to control TLS behavior with VxHS block devices "vxhs_tls" and "vxhs_tls_x509_cert_dir". (2) Setting "vxhs_tls=3D1" in /etc/libvirt/qemu.conf will enable TLS for VxHS block devices. (3) "vxhs_tls_x509_cert_dir" can be set to the full path where the TLS certificates and keys are saved. If this value is missing, the "default_tls_x509_cert_dir" will be used instead. (4) If the value of "vxhs_tls" is set to 1, TLS creds will be added automatically on the qemu command line for every VxHS block device. (5) With "vxhs_tls=3D1", TLS may selectively be disabled on individual VxHS disks by specifying tls=3D'no' in the device domain specification. (6) Valid values for domain TLS setting are tls=3D'yes|no'. (7) tls=3D'yes' can only be specified if "vxhs_tls" is enabled. Specifying tls=3D'yes' when "vxhs_tls=3D0" results in an error. (8) Test cases have been added to validate points (4), (5) and (7). Test case also added to confirm that JSON arguments containing tls attribute are parsed correctly. QEMU changes for VxHS (including TLS support) are already upstream. Sample TLS args generated by libvirt - -object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\ endpoint=3Dclient,verify-peer=3Dyes \ -drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\ file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc251,\ file.server.host=3D192.168.0.1,file.server.port=3D9999,format=3Draw,if=3Dno= ne,\ id=3Ddrive-virtio-disk0,cache=3Dnone \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ id=3Dvirtio-disk0 Signed-off-by: Ashish Mittal --- docs/formatdomain.html.in | 18 +++- docs/schemas/domaincommon.rng | 5 + src/conf/domain_conf.c | 19 ++++ src/qemu/qemu_command.c | 107 +++++++++++++++++= +--- src/util/virstoragefile.c | 13 +++ src/util/virstoragefile.h | 9 ++ ...ml2argv-disk-drive-network-tlsx509-err-vxhs.xml | 34 +++++++ ...-disk-drive-network-tlsx509-multidisk-vxhs.args | 41 ++++++++ ...k-drive-network-tlsx509-multidisk-vxhs.args.new | 41 ++++++++ ...v-disk-drive-network-tlsx509-multidisk-vxhs.xml | 56 +++++++++++ ...muxml2argv-disk-drive-network-tlsx509-vxhs.args | 28 ++++++ ...emuxml2argv-disk-drive-network-tlsx509-vxhs.xml | 34 +++++++ tests/qemuxml2argvtest.c | 9 ++ tests/virstoragetest.c | 11 +++ 14 files changed, 413 insertions(+), 12 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= tlsx509-err-vxhs.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= tlsx509-multidisk-vxhs.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= tlsx509-multidisk-vxhs.args.new create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= tlsx509-multidisk-vxhs.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= tlsx509-vxhs.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= tlsx509-vxhs.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 62d67f4..86808e5 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2511,7 +2511,7 @@ target's name by a slash (e.g., iqn.2013-07.com.example:iscsi-pool/1). If not specified, the default LUN is zero. - For "vxhs" (since 3.3.0), the + For "vxhs" (since 3.3.1), the name is the UUID of the volume, assigned by the HyperScale sever. Since 0.8.7 @@ -2630,6 +2630,22 @@ transport is "unix", the socket attribute specifies the path t= o an AF_UNIX socket.

+

+ Since 3.3.1, the optional attribu= te + tls (QEMU only) can be used to control whether a = vxhs + network block device would utilize a hypervisor configured + TLS X.509 certificate environment in order to encrypt the data + channel. For the QEMU hypervisor, usage of a TLS environment c= an + be controlled on the host by the vxhs_tls and + vxhs_tls_x509_cert_dir or + default_tls_x509_cert_dir settings in the file + /etc/libvirt/qemu.conf. If vxhs_tls is enabled, + then unless the domain tls attribute is set to "n= o", + libvirt will use the host configured TLS environment. + If vxhs_tls is disabled, but the tls + attribute is set to "yes" in the device domain specification, + then libvirt will throw an error. +

snapshot
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 7525a2a..909af50 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1622,6 +1622,11 @@ + + + + + =20 diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index c3149f9..34d8451 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -7745,6 +7745,7 @@ virDomainDiskSourceParse(xmlNodePtr node, int ret =3D -1; char *protocol =3D NULL; xmlNodePtr saveNode =3D ctxt->node; + char *haveTLS =3D NULL; =20 ctxt->node =3D node; =20 @@ -7778,6 +7779,19 @@ virDomainDiskSourceParse(xmlNodePtr node, goto cleanup; } =20 + /* Check tls=3Dyes|no domain setting for the block device */ + /* At present only VxHS. Other block devices may be added later */ + if ((haveTLS =3D virXMLPropString(node, "tls")) && + src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_VXHS) { + if ((src->haveTLS =3D + virTristateBoolTypeFromString(haveTLS)) <=3D 0) { + virReportError(VIR_ERR_XML_ERROR, + _("unknown VxHS 'tls' setting '%s'"), + haveTLS); + goto cleanup; + } + } + /* for historical reasons the volume name for gluster volume is st= ored * as a part of the path. This is hard to work with when dealing w= ith * relative names. Split out the volume into a separate variable */ @@ -7830,6 +7844,7 @@ virDomainDiskSourceParse(xmlNodePtr node, =20 cleanup: VIR_FREE(protocol); + VIR_FREE(haveTLS); ctxt->node =3D saveNode; return ret; } @@ -21266,6 +21281,10 @@ virDomainDiskSourceFormatNetwork(virBufferPtr buf, =20 VIR_FREE(path); =20 + if (src->haveTLS !=3D VIR_TRISTATE_BOOL_ABSENT) + virBufferAsprintf(buf, " tls=3D'%s'", + virTristateBoolTypeToString(src->haveTLS)); + if (src->nhosts =3D=3D 0 && !src->snapshot && !src->configFile) { virBufferAddLit(buf, "/>\n"); } else { diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 8e00782..99bc94f 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -931,6 +931,68 @@ qemuBuildGlusterDriveJSON(virStorageSourcePtr src) return ret; } =20 +/* qemuBuildDiskVxHSTLSinfoCommandLine: + * @cmd: Pointer to the command string + * @cfg: Pointer to the qemu driver config + * @disk: The disk we are processing + * @qemuCaps: qemu capabilities object + * + * Check if the VxHS disk meets all the criteria to enable TLS. + * If yes, add a new TLS object and mention it's ID on the disk + * command line. + * + * Returns 0 on success, -1 w/ error on some sort of failure. + */ +static int +qemuBuildDiskVxHSTLSinfoCommandLine(virCommandPtr cmd, + virQEMUDriverConfigPtr cfg, + virDomainDiskDefPtr disk, + virQEMUCapsPtr qemuCaps) +{ + int ret =3D 0; + + if (cfg->vxhsTLS =3D=3D true && disk->src->haveTLS !=3D VIR_TRISTATE_= BOOL_NO) { + disk->src->addTLS =3D true; + ret =3D qemuBuildTLSx509CommandLine(cmd, cfg->vxhsTLSx509certd= ir, + false, + true, + false, + "vxhs", + qemuCaps); + } else if (cfg->vxhsTLS =3D=3D false && + disk->src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Please enable VxHS specific TLS options in the q= emu " + "conf file before using TLS in VxHS device domain= " + "specification")); + ret =3D -1; + } + + return ret; +} + + +/* qemuBuildDiskTLSinfoCommandLine: + * + * Add TLS object if the disk uses a secure communication channel + * + * Returns 0 on success, -1 w/ error on some sort of failure. + */ +static int +qemuBuildDiskTLSinfoCommandLine(virCommandPtr cmd, + virQEMUDriverConfigPtr cfg, + virDomainDiskDefPtr disk, + virQEMUCapsPtr qemuCaps) +{ + virStorageSourcePtr src =3D disk->src; + + /* other protocols may be added later */ + if (src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_VXHS) + return qemuBuildDiskVxHSTLSinfoCommandLine(cmd, cfg, disk, qemuCap= s); + + return 0; +} + =20 #define QEMU_DEFAULT_VXHS_PORT "9999" =20 @@ -975,18 +1037,38 @@ qemuBuildVxHSDriveJSON(virStorageSourcePtr src) if (!(server =3D qemuBuildVxHSDriveJSONHost(src))) return NULL; =20 - /* VxHS disk specification example: - * { driver:"vxhs", - * vdisk-id:"eb90327c-8302-4725-4e85ed4dc251", - * server.host:"1.2.3.4", - * server.port:1234} - */ - if (virJSONValueObjectCreate(&ret, - "s:driver", protocol, - "s:vdisk-id", src->path, - "a:server", server, NULL) < 0) - virJSONValueFree(server); + if (src->addTLS =3D=3D true) { + char *objalias =3D NULL; =20 + if (!(objalias =3D qemuAliasTLSObjFromSrcAlias("vxhs"))) + goto cleanup; + + if (virJSONValueObjectCreate(&ret, + "s:driver", protocol, + "s:tls-creds", objalias, + "s:vdisk-id", src->path, + "a:server", server, NULL) < 0) { + virJSONValueFree(server); + ret =3D NULL; + } + VIR_FREE(objalias); + } else { + /* VxHS disk specification example: + * { driver:"vxhs", + * vdisk-id:"eb90327c-8302-4725-4e85ed4dc251", + * server.host:"1.2.3.4", + * server.port:1234} + */ + if (virJSONValueObjectCreate(&ret, + "s:driver", protocol, + "s:vdisk-id", src->path, + "a:server", server, NULL) < 0) { + virJSONValueFree(server); + ret =3D NULL; + } + } + + cleanup: return ret; } =20 @@ -2438,6 +2520,9 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd, if (qemuBuildDiskSecinfoCommandLine(cmd, encinfo) < 0) return -1; =20 + if (qemuBuildDiskTLSinfoCommandLine(cmd, cfg, disk, qemuCaps) < 0) + return -1; + virCommandAddArg(cmd, "-drive"); =20 if (!(optstr =3D qemuBuildDriveStr(disk, cfg, driveBoot, qemuCaps)= )) diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index eb36694..449ace4 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2042,6 +2042,8 @@ virStorageSourceCopy(const virStorageSource *src, ret->physical =3D src->physical; ret->readonly =3D src->readonly; ret->shared =3D src->shared; + ret->haveTLS =3D src->haveTLS; + ret->addTLS =3D src->addTLS; =20 /* storage driver metadata are not copied */ ret->drv =3D NULL; @@ -3231,6 +3233,7 @@ virStorageSourceParseBackingJSONVxHS(virStorageSource= Ptr src, const char *uri =3D virJSONValueObjectGetString(json, "filename"); const char *vdisk_id =3D virJSONValueObjectGetString(json, "vdisk-id"); virJSONValuePtr server =3D virJSONValueObjectGetObject(json, "server"); + const char *haveTLS =3D virJSONValueObjectGetString(json, "tls"); const char *hostname; const char *port; =20 @@ -3258,6 +3261,16 @@ virStorageSourceParseBackingJSONVxHS(virStorageSourc= ePtr src, return -1; } =20 + if (haveTLS) { + if ((src->haveTLS =3D + virTristateBoolTypeFromString(haveTLS)) <=3D 0) { + virReportError(VIR_ERR_INVALID_ARG, + _("unknown VxHS 'tls' setting '%s'"), + haveTLS); + return -1; + } + } + if (!port) port =3D QEMU_DEFAULT_VXHS_PORT; =20 diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index 0b6e409..e586170 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -281,6 +281,15 @@ struct _virStorageSource { /* metadata that allows identifying given storage source */ char *nodeformat; /* name of the format handler object */ char *nodebacking; /* name of the backing storage object */ + + /* This is the domain specific setting. + * It may be absent */ + int haveTLS; /* enum virTristateBool */ + + /* This should be set to "true" only when TLS creds are to be added for + * the device. For e.g. this could be based on a combination of + * global conf setting + domain specific setting */ + bool addTLS; }; =20 =20 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509= -err-vxhs.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx= 509-err-vxhs.xml new file mode 100644 index 0000000..951ad4e --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-err-vx= hs.xml @@ -0,0 +1,34 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + eb90327c-8302-4725-9e1b-4e85ed4dc251 + +
+ + + + + + + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509= -multidisk-vxhs.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-netwo= rk-tlsx509-multidisk-vxhs.args new file mode 100644 index 0000000..960960d --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-multid= isk-vxhs.args @@ -0,0 +1,41 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-cpu qemu32 \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ +-no-acpi \ +-boot c \ +-usb \ +-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\ +endpoint=3Dclient,verify-peer=3Dyes \ +-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\ +file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc251,\ +file.server.host=3D192.168.0.1,file.server.port=3D9999,format=3Draw,if=3Dn= one,\ +id=3Ddrive-virtio-disk0,cache=3Dnone \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 \ +-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\ +endpoint=3Dclient,verify-peer=3Dyes \ +-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\ +file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc252,\ +file.server.host=3D192.168.0.2,file.server.port=3D9999,format=3Draw,if=3Dn= one,\ +id=3Ddrive-virtio-disk1,cache=3Dnone \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Ddrive-virtio-disk1,\ +id=3Dvirtio-disk1 \ +-drive file.driver=3Dvxhs,file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4d= c253,\ +file.server.host=3D192.168.0.3,file.server.port=3D9999,format=3Draw,if=3Dn= one,\ +id=3Ddrive-virtio-disk2,cache=3Dnone \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Ddrive-virtio-disk2,\ +id=3Dvirtio-disk2 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509= -multidisk-vxhs.args.new b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-n= etwork-tlsx509-multidisk-vxhs.args.new new file mode 100644 index 0000000..960960d --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-multid= isk-vxhs.args.new @@ -0,0 +1,41 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-cpu qemu32 \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ +-no-acpi \ +-boot c \ +-usb \ +-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\ +endpoint=3Dclient,verify-peer=3Dyes \ +-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\ +file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc251,\ +file.server.host=3D192.168.0.1,file.server.port=3D9999,format=3Draw,if=3Dn= one,\ +id=3Ddrive-virtio-disk0,cache=3Dnone \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 \ +-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\ +endpoint=3Dclient,verify-peer=3Dyes \ +-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\ +file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc252,\ +file.server.host=3D192.168.0.2,file.server.port=3D9999,format=3Draw,if=3Dn= one,\ +id=3Ddrive-virtio-disk1,cache=3Dnone \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Ddrive-virtio-disk1,\ +id=3Dvirtio-disk1 \ +-drive file.driver=3Dvxhs,file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4d= c253,\ +file.server.host=3D192.168.0.3,file.server.port=3D9999,format=3Draw,if=3Dn= one,\ +id=3Ddrive-virtio-disk2,cache=3Dnone \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Ddrive-virtio-disk2,\ +id=3Dvirtio-disk2 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509= -multidisk-vxhs.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-networ= k-tlsx509-multidisk-vxhs.xml new file mode 100644 index 0000000..3d28958 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-multid= isk-vxhs.xml @@ -0,0 +1,56 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + eb90327c-8302-4725-9e1b-4e85ed4dc251 + +
+ + + + + + + + + eb90327c-8302-4725-9e1b-4e85ed4dc252 + +
+ + + + + + + + + eb90327c-8302-4725-9e1b-4e85ed4dc252 + +
+ + + + + + + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509= -vxhs.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509= -vxhs.args new file mode 100644 index 0000000..e1ad36e --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.a= rgs @@ -0,0 +1,28 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-cpu qemu32 \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ +-no-acpi \ +-boot c \ +-usb \ +-object tls-creds-x509,id=3Dobjvxhs_tls0,dir=3D/usr/local/etc/pki/qemu,\ +endpoint=3Dclient,verify-peer=3Dyes \ +-drive file.driver=3Dvxhs,file.tls-creds=3Dobjvxhs_tls0,\ +file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc251,\ +file.server.host=3D192.168.0.1,file.server.port=3D9999,format=3Draw,if=3Dn= one,\ +id=3Ddrive-virtio-disk0,cache=3Dnone \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509= -vxhs.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-= vxhs.xml new file mode 100644 index 0000000..a488770 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-tlsx509-vxhs.x= ml @@ -0,0 +1,34 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + eb90327c-8302-4725-9e1b-4e85ed4dc251 + +
+ + + + + + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 0a1ef01..7459522 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -904,6 +904,15 @@ mymain(void) DO_TEST("disk-drive-network-rbd-ipv6", NONE); DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE); DO_TEST("disk-drive-network-vxhs", NONE); + DO_TEST_FAILURE("disk-drive-network-tlsx509-err-vxhs", + QEMU_CAPS_OBJECT_TLS_CREDS_X509); + driver.config->vxhsTLS =3D 1; + DO_TEST("disk-drive-network-tlsx509-vxhs", + QEMU_CAPS_OBJECT_TLS_CREDS_X509); + DO_TEST("disk-drive-network-tlsx509-multidisk-vxhs", + QEMU_CAPS_OBJECT_TLS_CREDS_X509); + driver.config->vxhsTLS =3D 0; + VIR_FREE(driver.config->vxhsTLSx509certdir); DO_TEST("disk-drive-no-boot", QEMU_CAPS_BOOTINDEX); DO_TEST_PARSE_ERROR("disk-device-lun-type-invalid", diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index 3a4e03b..28747ff 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -1594,6 +1594,17 @@ mymain(void) TEST_BACKING_PARSE("json:{\"file.driver\":\"vxhs\"," "\"file.filename\":\"vxhs://192.168.0.1:9999/= c6718f6b-0401-441d-a8c3-1f0064d75ee0\"" "}", NULL); + TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"vxhs\"," + "\"vdisk-id\":\"c6718f6b-0401-441d-= a8c3-1f0064d75ee0\"," + "\"server\": { \"host\":\"example.c= om\"," + "\"port\":\"1234\"" + "}," + "\"tls\":\"yes\"" + "}" + "}", + "\n" + " \n" + "\n"); #endif /* WITH_YAJL */ =20 cleanup: --=20 2.5.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list