From nobody Wed May 15 15:01:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=huawei.com ARC-Seal: i=1; a=rsa-sha256; t=1620741965; cv=none; d=zohomail.com; s=zohoarc; b=nne7ZcqWTPINZqW/hjP6pfaW687PhGhVdB5/DBzyA6K8PcpDZO9PqwQ8z3tCfRMrxQ/AVMdVJ6dhlK6CITP3rjjJ6kno98UCzGEems5vl5QNRDajTMTWNEarrFyKj/VVWz39UbYKvYXuySxMoLL5VOV5x9NK+bzzFNTl7P8tTA0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620741965; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=BQSh38JW21HSi/LZI9ovz1w25uSt+Gh0sgxUmiw9PSk=; b=l013NHN3u2KnuoJ6HhHLP8XlUGbnR39gEQDm3WPJfFfvZSJB/HtqCmp37YF0nsZMeasQr7ScDLU+2JhZ0feaFrs1fO8UZrVG1BQeypn3FNKzbcAMN7T6s7O3myCUVp7D7YNhJAsqD/iV+glGQ2O8hE7EHhnfyrUE+Q73CuqhXqo= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 162074196573781.8959953366367; Tue, 11 May 2021 07:06:05 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-228-d2vyH_ZjPMO68lQ9TkM7cQ-1; Tue, 11 May 2021 10:05:55 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 372F81008060; Tue, 11 May 2021 14:05:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 157A51B427; Tue, 11 May 2021 14:05:50 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CE3D555345; Tue, 11 May 2021 14:05:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14BE5m27032740 for ; Tue, 11 May 2021 10:05:48 -0400 Received: by smtp.corp.redhat.com (Postfix) id 179C21041AF8; Tue, 11 May 2021 14:05:48 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 12BAD1050187 for ; Tue, 11 May 2021 14:05:44 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 89CC3100DE78 for ; Tue, 11 May 2021 14:05:44 +0000 (UTC) Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-578-cbw7o6WIORGvyYCOzlFmvw-1; Tue, 11 May 2021 10:05:39 -0400 Received: from DGGEMS411-HUB.china.huawei.com (unknown [172.30.72.58]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4Fffkz5t7Cz1BLLq; Tue, 11 May 2021 22:02:51 +0800 (CST) Received: from localhost (10.174.149.15) by DGGEMS411-HUB.china.huawei.com (10.3.19.211) with Microsoft SMTP Server id 14.3.498.0; Tue, 11 May 2021 22:05:21 +0800 X-MC-Unique: d2vyH_ZjPMO68lQ9TkM7cQ-1 X-MC-Unique: cbw7o6WIORGvyYCOzlFmvw-1 From: Zheng Yan To: Subject: [PATCH 1/4] qemu_capabilities: Add QEMU_CAPS_DISPLAY_RELOAD Date: Tue, 11 May 2021 22:05:18 +0800 Message-ID: <1620741921-22056-2-git-send-email-yanzheng759@huawei.com> In-Reply-To: <1620741921-22056-1-git-send-email-yanzheng759@huawei.com> References: <1620741921-22056-1-git-send-email-yanzheng759@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.174.149.15] X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: libvir-list@redhat.com Cc: mprivozn@redhat.com, wangxinxin.wang@huawei.com, changzihao1@huawei.com, hhan@redhat.com, oscar.zhangbo@huawei.com, hexiaoyu3@huawei.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The 'display-reload' QMP command was introduced in QEMU 6.0.0, so we add a compatible capability to check if target QEMU binary supports it. {"execute":"display-reload", "arguments":{"type": "vnc", "tls-certs": true}} The new QMP refer to: https://gitlab.com/qemu-project/qemu/-/commit/9cc07651655ee86eca41059f5ead8= c4e5607c734 Signed-off-by: Zheng Yan --- src/qemu/qemu_capabilities.c | 2 ++ src/qemu/qemu_capabilities.h | 1 + tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml | 1 + 3 files changed, 4 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 43975a39ce..7013ff0265 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -629,6 +629,7 @@ VIR_ENUM_IMPL(virQEMUCaps, /* 400 */ "compat-deprecated", "acpi-index", + "display-reload", ); =20 =20 @@ -1174,6 +1175,7 @@ struct virQEMUCapsStringFlags virQEMUCapsCommands[] = =3D { { "query-cpu-model-baseline", QEMU_CAPS_QUERY_CPU_MODEL_BASELINE }, { "query-cpu-model-comparison", QEMU_CAPS_QUERY_CPU_MODEL_COMPARISON }, { "block-export-add", QEMU_CAPS_BLOCK_EXPORT_ADD }, + { "display-reload", QEMU_CAPS_DISPLAY_RELOAD }, }; =20 struct virQEMUCapsStringFlags virQEMUCapsMigration[] =3D { diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 122fded494..925be69c53 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -609,6 +609,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for = syntax-check */ /* 400 */ QEMU_CAPS_COMPAT_DEPRECATED, /* -compat deprecated-(input|output) is s= upported */ QEMU_CAPS_ACPI_INDEX, /* PCI device 'acpi-index' property */ + QEMU_CAPS_DISPLAY_RELOAD, /* 'display-reload' qmp command is supported= */ =20 QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; diff --git a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_6.0.0.x86_64.xml index df631cf88d..74c084dccd 100644 --- a/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_6.0.0.x86_64.xml @@ -254,6 +254,7 @@ + 6000000 0 43100242 --=20 2.25.1 From nobody Wed May 15 15:01:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=huawei.com ARC-Seal: i=1; a=rsa-sha256; t=1620741954; cv=none; d=zohomail.com; s=zohoarc; b=Eb3esMHNqK4Uw7NTciJ2bSX1+hHqeN8W3xUt0BEGLvx3ZVyJU6L8PgW+u2vQMuU/wrOsuPbZC0ps5Fk78t5n2E//52dFyVbm6iQQs2XTvym+R1kWdHr9lkkLrHBjD65WU2DmbXu1S5QZ1z0LDQQ1YmesvH2m7npN8pdJSqhwYTs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620741954; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=n6/brOO7J+6O6CfphgzuJBqsAfgDRM4+gDnyLouU1Vg=; b=UGblmEFqcr3NysF+qTo2fMugAyxLwJ73iVcIJ+rX5yFywe6/PaRn+hcF9xoVYGqhTOrYiJsRU8xU1l04UI6kjI1HD7GVNhUthM8GZfFFuItvAMxan7kp+pC9fwSF4QHz+/3UKyj3RMBStAf/zLjSFiXRmRwwQeKaihphgh6WhLU= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1620741954024557.4355091512118; Tue, 11 May 2021 07:05:54 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-478-aoOw3kRjNV6MQhVQmdUYpQ-1; Tue, 11 May 2021 10:05:46 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A87C5100806D; Tue, 11 May 2021 14:05:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 206812BFF6; Tue, 11 May 2021 14:05:38 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4B4D544A6D; Tue, 11 May 2021 14:05:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14BE5Yqq032699 for ; Tue, 11 May 2021 10:05:34 -0400 Received: by smtp.corp.redhat.com (Postfix) id 50B9520F74F5; Tue, 11 May 2021 14:05:34 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4D14220F74F6 for ; Tue, 11 May 2021 14:05:31 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 138AD8339A8 for ; Tue, 11 May 2021 14:05:31 +0000 (UTC) Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-496-E64eaflMPsORSJvnNBwMlQ-1; Tue, 11 May 2021 10:05:27 -0400 Received: from dggeml714-chm.china.huawei.com (unknown [172.30.72.56]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4Fffkq5RLfz617R; Tue, 11 May 2021 22:02:43 +0800 (CST) Received: from dggema769-chm.china.huawei.com (10.1.198.211) by dggeml714-chm.china.huawei.com (10.3.17.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Tue, 11 May 2021 22:05:23 +0800 Received: from localhost (10.174.149.15) by dggema769-chm.china.huawei.com (10.1.198.211) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2; Tue, 11 May 2021 22:05:22 +0800 X-MC-Unique: aoOw3kRjNV6MQhVQmdUYpQ-1 X-MC-Unique: E64eaflMPsORSJvnNBwMlQ-1 From: Zheng Yan To: Subject: [PATCH 2/4] qemu: add new driver API for reload TLS certs Date: Tue, 11 May 2021 22:05:19 +0800 Message-ID: <1620741921-22056-3-git-send-email-yanzheng759@huawei.com> In-Reply-To: <1620741921-22056-1-git-send-email-yanzheng759@huawei.com> References: <1620741921-22056-1-git-send-email-yanzheng759@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.174.149.15] X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To dggema769-chm.china.huawei.com (10.1.198.211) X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Cc: mprivozn@redhat.com, wangxinxin.wang@huawei.com, changzihao1@huawei.com, hhan@redhat.com, oscar.zhangbo@huawei.com, hexiaoyu3@huawei.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The 'display-reload' QMP command had been introduced from QEMU 6.0.0: https://gitlab.com/qemu-project/qemu/-/commit/9cc07651655ee86eca41059f5ead8= c4e5607c734 TO support the new QMP command, we added a new internal API 'virDrvDomainReloadTlsCertificates' to virHypervisorDriver, and implemented the qemu driver. Only QEMU VNC TLS certificates are supported currenly. Signed-off-by: Zheng Yan --- src/driver-hypervisor.h | 8 ++++++++ src/qemu/qemu_driver.c | 40 ++++++++++++++++++++++++++++++++++++ src/qemu/qemu_hotplug.c | 17 +++++++++++++++ src/qemu/qemu_hotplug.h | 4 ++++ src/qemu/qemu_monitor.c | 27 ++++++++++++++++++++++++ src/qemu/qemu_monitor.h | 3 +++ src/qemu/qemu_monitor_json.c | 27 ++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 4 ++++ 8 files changed, 130 insertions(+) diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h index d642af8a37..d0d4976441 100644 --- a/src/driver-hypervisor.h +++ b/src/driver-hypervisor.h @@ -1410,6 +1410,13 @@ typedef int int seconds, unsigned int flags); =20 +typedef int +(*virDrvDomainReloadTlsCertificates)(virDomainPtr domain, + unsigned int type, + virTypedParameterPtr params, + int nparams, + unsigned int flags); + typedef struct _virHypervisorDriver virHypervisorDriver; =20 /** @@ -1676,4 +1683,5 @@ struct _virHypervisorDriver { virDrvDomainAuthorizedSSHKeysSet domainAuthorizedSSHKeysSet; virDrvDomainGetMessages domainGetMessages; virDrvDomainStartDirtyRateCalc domainStartDirtyRateCalc; + virDrvDomainReloadTlsCertificates domainReloadTlsCertificates; }; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c90d52edc0..422a350c65 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -20449,6 +20449,45 @@ qemuDomainStartDirtyRateCalc(virDomainPtr dom, return ret; } =20 +static int +qemuDomainReloadTlsCertificates(virDomainPtr domain, + unsigned int type, + virTypedParameterPtr params, + int nparams, + unsigned int flags) +{ + int ret =3D -1; + virQEMUDriver *driver =3D domain->conn->privateData; + virDomainObj *vm =3D qemuDomObjFromDomain(domain); + + if (!vm) + goto cleanup; + + virCheckNonNullArgGoto(params, cleanup); + if (nparams !=3D 0) { + virReportInvalidZeroArg(nparams); + goto cleanup; + } + virCheckFlagsGoto(0, cleanup); + + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) + goto cleanup; + + if (!virDomainObjIsActive(vm)) { + virReportError(VIR_ERR_OPERATION_INVALID, + "%s", _("domain is not running")); + goto endjob; + } + + ret =3D qemuDomainReloadTLSCerts(driver, vm, type); + + endjob: + qemuDomainObjEndJob(driver, vm); + + cleanup: + virDomainObjEndAPI(&vm); + return ret; +} =20 static virHypervisorDriver qemuHypervisorDriver =3D { .name =3D QEMU_DRIVER_NAME, @@ -20693,6 +20732,7 @@ static virHypervisorDriver qemuHypervisorDriver =3D= { .domainAuthorizedSSHKeysSet =3D qemuDomainAuthorizedSSHKeysSet, /* 6.1= 0.0 */ .domainGetMessages =3D qemuDomainGetMessages, /* 7.1.0 */ .domainStartDirtyRateCalc =3D qemuDomainStartDirtyRateCalc, /* 7.2.0 */ + .domainReloadTlsCertificates =3D qemuDomainReloadTlsCertificates, /* 7= .4.0 */ }; =20 =20 diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index a64cddb9e7..34dc035d73 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -6704,3 +6704,20 @@ qemuDomainSetVcpuInternal(virQEMUDriver *driver, virBitmapFree(livevcpus); return ret; } + +int qemuDomainReloadTLSCerts(virQEMUDriverPtr driver, + virDomainObjPtr vm, + unsigned int type) +{ + int ret =3D -1; + qemuDomainObjPrivate *priv =3D vm->privateData; + + qemuDomainObjEnterMonitor(driver, vm); + + ret =3D qemuMonitorDisplayReloadTLSCerts(priv->mon, type); + + if (qemuDomainObjExitMonitor(driver, vm) < 0) + ret =3D -1; + + return ret; +} diff --git a/src/qemu/qemu_hotplug.h b/src/qemu/qemu_hotplug.h index df8f76f8d6..411741a688 100644 --- a/src/qemu/qemu_hotplug.h +++ b/src/qemu/qemu_hotplug.h @@ -160,3 +160,7 @@ int qemuHotplugAttachDBusVMState(virQEMUDriver *driver, int qemuHotplugRemoveDBusVMState(virQEMUDriver *driver, virDomainObj *vm, qemuDomainAsyncJob asyncJob); + +int qemuDomainReloadTLSCerts(virQEMUDriverPtr driver, + virDomainObjPtr vm, + unsigned int type); diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 1e6f892e08..11f8cc8670 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -4746,3 +4746,30 @@ qemuMonitorQueryDirtyRate(qemuMonitor *mon, =20 return qemuMonitorJSONQueryDirtyRate(mon, info); } + +static const char * +qemuMonitorTLSCertificateTypeToString(unsigned int type) +{ + switch (type) { + /* for now, only VNC is supported */ + case VIR_DOMAIN_TLS_CERT_GRAPHICS_VNC: + return "vnc"; + default: + virReportError(VIR_ERR_INVALID_ARG, + _("unsupported qemu certificate type %u"), + type); + return NULL; + } +} + +int +qemuMonitorDisplayReloadTLSCerts(qemuMonitorPtr mon, unsigned int type) +{ + const char *certType =3D qemuMonitorTLSCertificateTypeToString(type); + if (!certType) + return -1; + + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONDisplayReload(mon, certType, true); +} diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 6a25def78b..f26f92fb51 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -1496,3 +1496,6 @@ struct _qemuMonitorDirtyRateInfo { int qemuMonitorQueryDirtyRate(qemuMonitor *mon, qemuMonitorDirtyRateInfo *info); + +int qemuMonitorDisplayReloadTLSCerts(qemuMonitorPtr mon, + unsigned int type); diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 46aa3330a8..9934613cc2 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -9446,3 +9446,30 @@ qemuMonitorJSONQueryDirtyRate(qemuMonitor *mon, =20 return qemuMonitorJSONExtractDirtyRateInfo(data, info); } + +int qemuMonitorJSONDisplayReload(qemuMonitorPtr mon, + const char *type, + bool tlsCerts) +{ + int ret =3D -1; + virJSONValuePtr reply =3D NULL; + virJSONValuePtr cmd =3D qemuMonitorJSONMakeCommand("display-reload", + "s:type", type, + "b:tls-certs", tlsCer= ts, + NULL); + if (!cmd) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + ret =3D 0; + + cleanup: + virJSONValueFree(cmd); + virJSONValueFree(reply); + return ret; +} diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 01a3ba25f1..73761d54f8 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -706,3 +706,7 @@ qemuMonitorJSONStartDirtyRateCalc(qemuMonitor *mon, int qemuMonitorJSONQueryDirtyRate(qemuMonitor *mon, qemuMonitorDirtyRateInfo *info); + +int qemuMonitorJSONDisplayReload(qemuMonitorPtr mon, + const char *type, + bool tlsCerts); --=20 2.25.1 From nobody Wed May 15 15:01:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=huawei.com ARC-Seal: i=1; a=rsa-sha256; t=1620741965; cv=none; d=zohomail.com; s=zohoarc; b=AaQD4SGgw7JN4Kcb7jppCJG6Ekd/QlscYFBToaFUkcWRB9bQezox2ujCKplSNPqFAlffWZFjj23Z8TKDVWSQ0oX7+41+b6peXGzm0Fv3Z6cHbGVgWJ/m6Yb5whNfl4V4DPGQ5oPfppg0umnrT+wtVYzxYSt+05zdZ7YdG7dcinY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620741965; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=wVdQq288lenuqtbFza+Xgk88MsWgPPmUSoMhxCcDn8s=; b=jAasioy5eUpIIIPOGMQq5h8/n7WjHIGXnc1+L14QeTUJzCWEaqcYN7eSOLI1/rWOJ40IAICBGHyRiVCo+iAQwrN4jK2VCMAZWGEkWAATfVurqwyL0ta/Jeo2ujKZRbkXYV0bZBm8umjJ8egROHBrxS9pm0QBJT0ulHiPmKAkr0Q= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1620741965969515.9617398586192; Tue, 11 May 2021 07:06:05 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-531-7xXXcTM6PmuxGYC_bjjXFA-1; Tue, 11 May 2021 10:05:57 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0129B8015DB; Tue, 11 May 2021 14:05:49 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D83176A033; Tue, 11 May 2021 14:05:48 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9EF5955340; Tue, 11 May 2021 14:05:48 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14BE5hmL032730 for ; Tue, 11 May 2021 10:05:43 -0400 Received: by smtp.corp.redhat.com (Postfix) id 8F8ACF8945; Tue, 11 May 2021 14:05:43 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8ABD1F8964 for ; Tue, 11 May 2021 14:05:40 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 495E1802C15 for ; Tue, 11 May 2021 14:05:40 +0000 (UTC) Received: from szxga05-in.huawei.com (szxga05-in.huawei.com [45.249.212.191]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-391-2zVPoVuIOPurJ0T4BN8MxQ-1; Tue, 11 May 2021 10:05:35 -0400 Received: from DGGEMS412-HUB.china.huawei.com (unknown [172.30.72.58]) by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4Fffkz564tzwSPS; Tue, 11 May 2021 22:02:51 +0800 (CST) Received: from localhost (10.174.149.15) by DGGEMS412-HUB.china.huawei.com (10.3.19.212) with Microsoft SMTP Server id 14.3.498.0; Tue, 11 May 2021 22:05:23 +0800 X-MC-Unique: 7xXXcTM6PmuxGYC_bjjXFA-1 X-MC-Unique: 2zVPoVuIOPurJ0T4BN8MxQ-1 From: Zheng Yan To: Subject: [PATCH 3/4] libvirt: Introduce virDomainReloadTlsCertificates API Date: Tue, 11 May 2021 22:05:20 +0800 Message-ID: <1620741921-22056-4-git-send-email-yanzheng759@huawei.com> In-Reply-To: <1620741921-22056-1-git-send-email-yanzheng759@huawei.com> References: <1620741921-22056-1-git-send-email-yanzheng759@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.174.149.15] X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-loop: libvir-list@redhat.com Cc: mprivozn@redhat.com, wangxinxin.wang@huawei.com, changzihao1@huawei.com, hhan@redhat.com, oscar.zhangbo@huawei.com, hexiaoyu3@huawei.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The new virDomainReloadTlsCertificates API is used to notify domain reload its certificates without restart, and avoid service interruption. And add remote qemu driver impl for virDrvDomainReloadTlsCertificates. Currently, only QEMU VNC TLS certificates are supported, but parameters and flags are also reserved for subsequent scenarios. Take reload QEMU VNC TLS certificates as an example, we can call: virDomainReloadTlsCertificates(domain, VIR_DOMAIN_TLS_CERT_GRAPHICS_VNC, NULL, 0, 0); Then the specified QMP message would be send to QEMU: {"execute": "display-relo "arguments":{"type": "vnc", "tls-certs": true}} Signed-off-by: Zheng Yan --- include/libvirt/libvirt-domain.h | 20 +++++++++++ src/libvirt-domain.c | 57 ++++++++++++++++++++++++++++++++ src/libvirt_public.syms | 5 +++ src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 15 ++++++++- src/remote_protocol-structs | 10 ++++++ 6 files changed, 107 insertions(+), 1 deletion(-) diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-dom= ain.h index e99bfb7654..357d3598a6 100644 --- a/include/libvirt/libvirt-domain.h +++ b/include/libvirt/libvirt-domain.h @@ -5152,4 +5152,24 @@ int virDomainStartDirtyRateCalc(virDomainPtr domain, int seconds, unsigned int flags); =20 +/** + * virDomainTlsCertificateType: + * the used scene of TLS certificates for doamin + */ +typedef enum { + VIR_DOMAIN_TLS_CERT_GRAPHICS_VNC =3D 0, + VIR_DOMAIN_TLS_CERT_GRAPHICS_SPICE =3D 1, + +# ifdef VIR_ENUM_SENTINELS + VIR_DOMAIN_TLS_CERT_LAST +# endif +} virDomainTlsCertificateType; + +int +virDomainReloadTlsCertificates(virDomainPtr domain, + unsigned int type, + virTypedParameterPtr params, + int nparams, + unsigned int flags); + #endif /* LIBVIRT_DOMAIN_H */ diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 42c75f6cc5..f2a8949971 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -13218,3 +13218,60 @@ virDomainStartDirtyRateCalc(virDomainPtr domain, virDispatchError(conn); return -1; } + +/** + * virDomainReloadTlsCertificates: + * @domain: a domain object. + * @type: a value of virDomainTlsCertificateType + * @params: pointer to TLS Certs parameter objects, must be NULL if not us= ed + * @nparams: number of TLS Certs parameter objects, must be 0 if not used + * @flags: extra flags; not used yet, so callers should always pass 0 + * + * Notify domain reload its certificates with specified 'type' + * + * Returns 0 in case of success, -1 otherwise. + */ +int +virDomainReloadTlsCertificates(virDomainPtr domain, + unsigned int type, + virTypedParameterPtr params, + int nparams, + unsigned int flags) +{ + virConnectPtr conn; + + VIR_DOMAIN_DEBUG(domain, "certificate type=3D%u, params=3D%p, nparams= =3D%d, flags=3D%x", + type, params, nparams, flags); + + virResetLastError(); + + virCheckDomainReturn(domain, -1); + conn =3D domain->conn; + virCheckReadOnlyGoto(conn->flags, error); + virCheckNonNegativeArgGoto(nparams, error); + + if (type >=3D VIR_DOMAIN_TLS_CERT_LAST) { + virReportInvalidArg(type, + _("type must be less than %d"), + VIR_DOMAIN_TLS_CERT_LAST); + goto error; + } + + if (conn->driver->domainReloadTlsCertificates) { + int ret; + ret =3D conn->driver->domainReloadTlsCertificates(domain, + type, + params, + nparams, + flags); + if (ret < 0) + goto error; + return ret; + } + + virReportUnsupportedError(); + + error: + virDispatchError(domain->conn); + return -1; +} diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 5678a13cda..30ff012958 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -896,4 +896,9 @@ LIBVIRT_7.3.0 { virNodeDeviceCreate; } LIBVIRT_7.2.0; =20 +LIBVIRT_7.4.0 { + global: + virDomainReloadTlsCertificates; +} LIBVIRT_7.3.0; + # .... define new API here using predicted next version number .... diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index 0c72d69933..0e6e4e3007 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -8566,6 +8566,7 @@ static virHypervisorDriver hypervisor_driver =3D { .domainAuthorizedSSHKeysSet =3D remoteDomainAuthorizedSSHKeysSet, /* 6= .10.0 */ .domainGetMessages =3D remoteDomainGetMessages, /* 7.1.0 */ .domainStartDirtyRateCalc =3D remoteDomainStartDirtyRateCalc, /* 7.2.0= */ + .domainReloadTlsCertificates =3D remoteDomainReloadTlsCertificates, /*= 7.4.0 */ }; =20 static virNetworkDriver network_driver =3D { diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index de69704b68..96cc7dd9ea 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -286,6 +286,8 @@ const REMOTE_DOMAIN_AUTHORIZED_SSH_KEYS_MAX =3D 2048; /* Upper limit on number of messages */ const REMOTE_DOMAIN_MESSAGES_MAX =3D 2048; =20 +/* Upper limit on list of TLS certificate parameters */ +const REMOTE_DOMAIN_RELOAD_TLS_CERT_PARAMETERS_MAX =3D 16; =20 /* UUID. VIR_UUID_BUFLEN definition comes from libvirt.h */ typedef opaque remote_uuid[VIR_UUID_BUFLEN]; @@ -3836,6 +3838,12 @@ struct remote_domain_start_dirty_rate_calc_args { unsigned int flags; }; =20 +struct remote_domain_reload_tls_certificates_args { + remote_nonnull_domain dom; + unsigned int type; + remote_typed_param params; + unsigned int flags; +}; =20 /*----- Protocol. -----*/ =20 @@ -6784,6 +6792,11 @@ enum remote_procedure { * @priority: high * @acl: node_device:start */ - REMOTE_PROC_NODE_DEVICE_CREATE =3D 430 + REMOTE_PROC_NODE_DEVICE_CREATE =3D 430, =20 + /** + * @generate: both + * @acl: domain:write + */ + REMOTE_PROC_DOMAIN_RELOAD_TLS_CERTIFICATES =3D 431 }; diff --git a/src/remote_protocol-structs b/src/remote_protocol-structs index 6b46328adc..799a8596ea 100644 --- a/src/remote_protocol-structs +++ b/src/remote_protocol-structs @@ -3192,6 +3192,15 @@ struct remote_domain_start_dirty_rate_calc_args { int seconds; u_int flags; }; +struct remote_domain_reload_tls_certificates_args { + remote_nonnull_domain dom; + u_int type; + struct { + u_int params_len; + remote_typed_param * params_val; + } params; + u_int flags; +}; enum remote_procedure { REMOTE_PROC_CONNECT_OPEN =3D 1, REMOTE_PROC_CONNECT_CLOSE =3D 2, @@ -3623,4 +3632,5 @@ enum remote_procedure { REMOTE_PROC_NODE_DEVICE_DEFINE_XML =3D 428, REMOTE_PROC_NODE_DEVICE_UNDEFINE =3D 429, REMOTE_PROC_NODE_DEVICE_CREATE =3D 430, + REMOTE_PROC_DOMAIN_RELOAD_TLS_CERTIFICATES =3D 431, }; --=20 2.25.1 From nobody Wed May 15 15:01:35 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=huawei.com ARC-Seal: i=1; a=rsa-sha256; t=1620741998; cv=none; d=zohomail.com; s=zohoarc; b=Qvwxv0+u6Aa1a8MyVKXhQmFosA2HxSuey6YCXJZMkjIN837G3VEae8iq+k3wiiFcI7n87WKTRDYwH204MJvQ6rDq1xy9xEvx7JDmb1L2r1PxHOHMspsN2M+oZkNr/pfgmCdIoC7t5wBYKtjp7PrF2HsUR/1BBhfu5/cv4VpgUy8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620741998; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=L9r41BdIIChYchWquGDUmXnQi8Wk6MgAyJA/dQcF738=; b=cOr4HwIVWifwOb8S6PIgV17TCvsuPi61+e4UWEvYfCJx1LtABRDnOjLLr9++nNd+4rAAWZeBdZmm3whgBRvb3oriVJB0dK/sclERqCgG0LvCuBKRi312FMzn2KUSLmU8epN33SecZ1kKC07pk36jI8n9cxB/sKrYK9kqSr2HR9o= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1620741998439505.53698347071736; Tue, 11 May 2021 07:06:38 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-227-YL9VUZ0QO7G_O8p0xXSLEg-1; Tue, 11 May 2021 10:05:56 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E85AD1854E2B; Tue, 11 May 2021 14:05:48 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C57D119CA8; Tue, 11 May 2021 14:05:48 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8CE92180B465; Tue, 11 May 2021 14:05:48 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14BE5d0T032714 for ; Tue, 11 May 2021 10:05:39 -0400 Received: by smtp.corp.redhat.com (Postfix) id 35D8F20F74F5; Tue, 11 May 2021 14:05:39 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 31D6020F74F2 for ; Tue, 11 May 2021 14:05:39 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1B04F80122D for ; Tue, 11 May 2021 14:05:39 +0000 (UTC) Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-208-lUykAAaFMkS8Bp-yvhyLTA-1; Tue, 11 May 2021 10:05:36 -0400 Received: from DGGEMS411-HUB.china.huawei.com (unknown [172.30.72.58]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4Fffkz667zz1BLNm; Tue, 11 May 2021 22:02:51 +0800 (CST) Received: from localhost (10.174.149.15) by DGGEMS411-HUB.china.huawei.com (10.3.19.211) with Microsoft SMTP Server id 14.3.498.0; Tue, 11 May 2021 22:05:23 +0800 X-MC-Unique: YL9VUZ0QO7G_O8p0xXSLEg-1 X-MC-Unique: lUykAAaFMkS8Bp-yvhyLTA-1 From: Zheng Yan To: Subject: [PATCH 4/4] virsh: Introduce domreload-certs sub command Date: Tue, 11 May 2021 22:05:21 +0800 Message-ID: <1620741921-22056-5-git-send-email-yanzheng759@huawei.com> In-Reply-To: <1620741921-22056-1-git-send-email-yanzheng759@huawei.com> References: <1620741921-22056-1-git-send-email-yanzheng759@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.174.149.15] X-CFilter-Loop: Reflected X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: libvir-list@redhat.com Cc: mprivozn@redhat.com, wangxinxin.wang@huawei.com, changzihao1@huawei.com, hhan@redhat.com, oscar.zhangbo@huawei.com, hexiaoyu3@huawei.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce domreload-certs virsh sub-command to notify domain reload its specified certificates: #virsh domreload-certs --type [--flags ] Signed-off-by: Zheng Yan --- docs/manpages/virsh.rst | 15 ++++++++++ tools/virsh-domain.c | 61 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst index ad91cd6356..33a5fdf3c0 100644 --- a/docs/manpages/virsh.rst +++ b/docs/manpages/virsh.rst @@ -1738,6 +1738,21 @@ included in the URI. If *--all* is specified, then a= ll show all possible graphical displays, for a VM could have more than one graphical displays. =20 =20 +domreload-certs +--------------- + +**Syntax:** + +:: + domreload-certs --type [--flags ] + +Notify an active domain reload its certificates without restart process, +so it will avoid service interruption. *type* must be one of valid number +from the virDomainTlsCertificateType enum in case the domain driver binary +supports it, currently only 0 (means QEMU VNC) was supported. *flags* is a +reserved parameter and not used yet, must be not specified or just set to = 0. + + domfsfreeze ----------- =20 diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 0825f82522..3907001f5c 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -14429,6 +14429,61 @@ cmdDomDirtyRateCalc(vshControl *ctl, const vshCmd = *cmd) return ret; } =20 +/** + * "domreload-certs" command + */ +static const vshCmdInfo info_domreload_certs[] =3D { + {.name =3D "help", + .data =3D N_("Notify domain reload its certificates") + }, + {.name =3D "desc", + .data =3D N_("Notify domain reload its certificates with specified 't= ype'") + }, + {.name =3D NULL} +}; + +static const vshCmdOptDef opts_domreload_certs[] =3D { + VIRSH_COMMON_OPT_DOMAIN_FULL(0), + {.name =3D "type", + .type =3D VSH_OT_INT, + .flags =3D VSH_OFLAG_REQ, + .help =3D N_("domain TLS certificate type, currently only support 0(V= NC)") + }, + {.name =3D "flags", + .type =3D VSH_OT_INT, + .help =3D N_("extern flags, not used yet, so callers should always pa= ss 0") + }, + {.name =3D NULL} +}; + +static bool +cmdDomReloadCerts(vshControl *ctl, const vshCmd *cmd) +{ + virDomainPtr dom; + unsigned int type; + unsigned int flags =3D 0; + bool ret =3D false; + + if (!(dom =3D virshCommandOptDomain(ctl, cmd, NULL))) + return ret; + + if (vshCommandOptUInt(ctl, cmd, "type", &type) < 0) + goto cleanup; + + if (vshCommandOptUInt(ctl, cmd, "flags", &flags) < 0) + goto cleanup; + + /* params and nparams not used yet */ + if (virDomainReloadTlsCertificates(dom, type, NULL, 0, flags) < 0) + goto cleanup; + + ret =3D true; + + cleanup: + virDomainFree(dom); + return ret; +} + =20 const vshCmdDef domManagementCmds[] =3D { {.name =3D "attach-device", @@ -15075,5 +15130,11 @@ const vshCmdDef domManagementCmds[] =3D { .info =3D info_domdirtyrate_calc, .flags =3D 0 }, + {.name =3D "domreload-certs", + .handler =3D cmdDomReloadCerts, + .opts =3D opts_domreload_certs, + .info =3D info_domreload_certs, + .flags =3D 0 + }, {.name =3D NULL} }; --=20 2.25.1