From nobody Fri May  3 04:25:08 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1509096499272889.842667080348;
 Fri, 27 Oct 2017 02:28:19 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 6E0F3C058EDC;
	Fri, 27 Oct 2017 09:28:17 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3560760602;
	Fri, 27 Oct 2017 09:28:17 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 33C1B1805960;
	Fri, 27 Oct 2017 09:28:16 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v9R9SEqY029957 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 27 Oct 2017 05:28:14 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id C4BFD60619; Fri, 27 Oct 2017 09:28:14 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.36.118.49])
	by smtp.corp.redhat.com (Postfix) with ESMTP id EC42760602
	for <libvir-list@redhat.com>; Fri, 27 Oct 2017 09:28:11 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 6E0F3C058EDC
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com;
 spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 27 Oct 2017 05:28:08 -0400
Message-Id: <20171027092808.30291-1-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH] qemu.conf: Clarify the various _tls_x509_cert_dir
	descriptions
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]);
 Fri, 27 Oct 2017 09:28:18 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

https://bugzilla.redhat.com/show_bug.cgi?id=3D1458630

Apparantly commit id 'dc4c2f75a' wasn't specific enough, so here's
a few more clarifications.

Signed-off-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu.conf | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 2e8370a5a8..6ec893ac1f 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -13,8 +13,9 @@
 #
 #  dh-params.pem - the DH params configuration file
 #
-# If the directory does not exist or contain the necessary files, QEMU
-# domains will fail to start if they are configured to use TLS.
+# If the directory does not exist, libvirtd will fail to start. If the
+# directory doesn't contain the necessary files, QEMU domains will fail
+# to start if they are configured to use TLS.
 #
 # In order to overwrite the default path alter the following. This path
 # definition will be used as the default path for other *_tls_x509_cert_dir
@@ -87,8 +88,9 @@
=20
 # In order to override the default TLS certificate location for
 # vnc certificates, supply a valid path to the certificate directory.
-# If the provided path does not exist then the default_tls_x509_cert_dir
-# path will be used.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but vnc_tls =3D 1, then the
+# default_tls_x509_cert_dir path will be used.
 #
 #vnc_tls_x509_cert_dir =3D "/etc/pki/libvirt-vnc"
=20
@@ -172,8 +174,9 @@
=20
 # In order to override the default TLS certificate location for
 # spice certificates, supply a valid path to the certificate directory.
-# If the provided path does not exist then the default_tls_x509_cert_dir
-# path will be used.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but spice_tls =3D 1, then the
+# default_tls_x509_cert_dir path will be used.
 #
 #spice_tls_x509_cert_dir =3D "/etc/pki/libvirt-spice"
=20
@@ -224,8 +227,9 @@
=20
 # In order to override the default TLS certificate location for character
 # device TCP certificates, supply a valid path to the certificate director=
y.
-# If the provided path does not exist then the default_tls_x509_cert_dir
-# path will be used.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but chardev_tls =3D 1, then the
+# default_tls_x509_cert_dir path will be used.
 #
 #chardev_tls_x509_cert_dir =3D "/etc/pki/libvirt-chardev"
=20
@@ -276,8 +280,9 @@
 # This is used to authenticate the VxHS block device clients to the VxHS
 # server.
 #
-# If the provided path does not exist then the default_tls_x509_cert_dir
-# path will be used.
+# If the provided path does not exist, libvirtd will fail to start.
+# If the path is not provided, but vxhs_tls =3D 1, then the
+# default_tls_x509_cert_dir path will be used.
 #
 # VxHS block device clients expect the client certificate and key to be
 # present in the certificate directory along with the CA master certificat=
e.
@@ -294,7 +299,8 @@
=20
 # In order to override the default TLS certificate location for migration
 # certificates, supply a valid path to the certificate directory. If the
-# provided path does not exist then the default_tls_x509_cert_dir path
+# provided path does not exist, libvirtd will fail to start. If the path is
+# not provided, but migrate_tls =3D 1, then the default_tls_x509_cert_dir =
path
 # will be used. Once/if a default certificate is enabled/defined, migration
 # will then be able to use the certificate via migration API flags.
 #
--=20
2.13.6

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list