From nobody Sun Feb 8 23:41:01 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701211; cv=none; d=zohomail.com; s=zohoarc; b=DeGpmFzuKCIUXUegXXA7qsrajzT0/PrMaB7APYWhhvmHcl4oTba6mGXt+GqtLuySYqdgj8lGTISUpVnoYgkusQxueH4L6DzUwwTMCGqCB5r2KJlC6HIfb4dKqW4BpF951Ql2sdNnDeK/m32YgSf8Vpf7d4aGnXrRakDYZdS7IG0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701211; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=uGskPQY7YRojnPvyUUWrbccaTxzqnMjgfx390S6Trfs=; b=VTHnwtCMLxsvE1wtPeh3TdXEYNbLn8WlRq6hFvZDT41kcAwHygnmmE7TsVwTMRrDAVrDdRrhIun/Grb+5gbotQI16hWbyDbgxSz29j8RwaQzrapURrqVKUWNGFPrjYI09Y34oFSFZZt1Qt7SBKiQXCtZwIbnOICuhQICn3iKC5U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 159370121186450.07536829507501; Thu, 2 Jul 2020 07:46:51 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-429-Mh_e-o1bPmu1kXFQE1Ubjg-1; Thu, 02 Jul 2020 10:46:48 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7807D186A210; Thu, 2 Jul 2020 14:46:41 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5B2CD5C1B0; Thu, 2 Jul 2020 14:46:41 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2CF366C9CA; Thu, 2 Jul 2020 14:46:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062Eedjo011911 for ; Thu, 2 Jul 2020 10:40:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id F014610002A2; Thu, 2 Jul 2020 14:40:39 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 615EF10013D2 for ; Thu, 2 Jul 2020 14:40:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701210; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=uGskPQY7YRojnPvyUUWrbccaTxzqnMjgfx390S6Trfs=; b=SdNevUeFGgFSj3bBaYyFeBFvPN+TcRr5WLHkpbUTNJRKTUZGooB82el/LFqCa/Usc8Mu/c s66fqHn8gE1h73pPoLzHfexe7Akj4g/q7nfTSzpXx/uBIeCEju8+m9JVXSFZE4y8eo8qnC iLzr5myc0nrUzSxWU2aX/U5g3xNqX18= X-MC-Unique: Mh_e-o1bPmu1kXFQE1Ubjg-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 22/24] qemu: conf: Add configuration of TLS environment for NBD transport of pull-backups Date: Thu, 2 Jul 2020 16:40:08 +0200 Message-Id: <44d9465b8e2f77dd14ab0bad063357ed10ce4d49.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" TLS is required to transport backed-up data securely when using pull-mode backups. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- docs/formatbackup.rst | 4 ++++ src/qemu/libvirtd_qemu.aug | 5 ++++ src/qemu/qemu.conf | 37 ++++++++++++++++++++++++++++++ src/qemu/qemu_conf.c | 17 ++++++++++++++ src/qemu/qemu_conf.h | 5 ++++ src/qemu/test_libvirtd_qemu.aug.in | 3 +++ 6 files changed, 71 insertions(+) diff --git a/docs/formatbackup.rst b/docs/formatbackup.rst index e5b6fc6eb0..142b8250d2 100644 --- a/docs/formatbackup.rst +++ b/docs/formatbackup.rst @@ -42,6 +42,10 @@ were supplied). The following child elements and attribu= tes are supported: necessary to set up an NBD server that exposes the content of each disk= at the time the backup is started. + Note that for the QEMU hypervisor the TLS environment in controlled usi= ng + ``backup_tls_x509_cert_dir``, ``backup_tls_x509_verify``, and + ``backup_tls_x509_secret_uuid`` properties in ``/etc/libvirt/qemu.conf`= `. + ``disks`` An optional listing of instructions for disks participating in the back= up (if omitted, all disks participate and libvirt attempts to generate filenam= es by diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index c19a086c38..abbac549f2 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -59,6 +59,10 @@ module Libvirtd_qemu =3D | bool_entry "migrate_tls_x509_verify" | str_entry "migrate_tls_x509_secret_uuid" + let backup_entry =3D str_entry "backup_tls_x509_cert_dir" + | bool_entry "backup_tls_x509_verify" + | str_entry "backup_tls_x509_secret_uuid" + let vxhs_entry =3D bool_entry "vxhs_tls" | str_entry "vxhs_tls_x509_cert_dir" | str_entry "vxhs_tls_x509_secret_uuid" @@ -146,6 +150,7 @@ module Libvirtd_qemu =3D | spice_entry | chardev_entry | migrate_entry + | backup_entry | nogfx_entry | remote_display_entry | security_entry diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index ab403c21ac..a96bedb114 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -395,6 +395,43 @@ #migrate_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000" +# In order to override the default TLS certificate location for backup NBD +# server certificates, supply a valid path to the certificate directory. I= f the +# provided path does not exist, libvirtd will fail to start. If the path is +# not provided, but TLS-encrypted backup is requested, then the +# default_tls_x509_cert_dir path will be used. +# +#backup_tls_x509_cert_dir =3D "/etc/pki/libvirt-backup" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client that does not have a +# ca-cert.pem certificate signed by the CA in the backup_tls_x509_cert_dir +# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem +# files described in default_tls_x509_cert_dir. +# +# If this option is not supplied, it will be set to the value of +# "default_tls_x509_verify". +# +#backup_tls_x509_verify =3D 1 + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#backup_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000" + + # By default, if no graphical front end is configured, libvirt will disable # QEMU audio output since directly talking to alsa/pulseaudio may not work # with various security settings. If you know what you're doing, enable diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 6e673e8f62..30d7c61cf9 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -347,6 +347,9 @@ static void virQEMUDriverConfigDispose(void *obj) VIR_FREE(cfg->migrateTLSx509certdir); VIR_FREE(cfg->migrateTLSx509secretUUID); + VIR_FREE(cfg->backupTLSx509certdir); + VIR_FREE(cfg->backupTLSx509secretUUID); + while (cfg->nhugetlbfs) { cfg->nhugetlbfs--; VIR_FREE(cfg->hugetlbfs[cfg->nhugetlbfs].mnt_dir); @@ -511,6 +514,9 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverCo= nfigPtr cfg, GET_CONFIG_TLS_CERTINFO_COMMON(migrate); GET_CONFIG_TLS_CERTINFO_SERVER(migrate); + GET_CONFIG_TLS_CERTINFO_COMMON(backup); + GET_CONFIG_TLS_CERTINFO_SERVER(backup); + GET_CONFIG_TLS_CERTINFO_COMMON(vxhs); GET_CONFIG_TLS_CERTINFO_COMMON(nbd); @@ -1154,6 +1160,14 @@ virQEMUDriverConfigValidate(virQEMUDriverConfigPtr c= fg) return -1; } + if (cfg->backupTLSx509certdir && + !virFileExists(cfg->backupTLSx509certdir)) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("backup_tls_x509_cert_dir directory '%s' does not= exist"), + cfg->backupTLSx509certdir); + return -1; + } + if (cfg->vxhsTLSx509certdir && !virFileExists(cfg->vxhsTLSx509certdir)) { virReportError(VIR_ERR_CONF_SYNTAX, @@ -1189,6 +1203,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr= cfg) SET_TLS_SECRET_UUID_DEFAULT(vnc); SET_TLS_SECRET_UUID_DEFAULT(chardev); SET_TLS_SECRET_UUID_DEFAULT(migrate); + SET_TLS_SECRET_UUID_DEFAULT(backup); SET_TLS_SECRET_UUID_DEFAULT(vxhs); SET_TLS_SECRET_UUID_DEFAULT(nbd); @@ -1216,6 +1231,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr= cfg) SET_TLS_X509_CERT_DEFAULT(spice); SET_TLS_X509_CERT_DEFAULT(chardev); SET_TLS_X509_CERT_DEFAULT(migrate); + SET_TLS_X509_CERT_DEFAULT(backup); SET_TLS_X509_CERT_DEFAULT(vxhs); SET_TLS_X509_CERT_DEFAULT(nbd); @@ -1230,6 +1246,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr= cfg) SET_TLS_VERIFY_DEFAULT(vnc); SET_TLS_VERIFY_DEFAULT(chardev); SET_TLS_VERIFY_DEFAULT(migrate); + SET_TLS_VERIFY_DEFAULT(backup); #undef SET_TLS_VERIFY_DEFAULT diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 6193a7111c..687829123c 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -144,6 +144,11 @@ struct _virQEMUDriverConfig { bool migrateTLSx509verifyPresent; char *migrateTLSx509secretUUID; + char *backupTLSx509certdir; + bool backupTLSx509verify; + bool backupTLSx509verifyPresent; + char *backupTLSx509secretUUID; + bool vxhsTLS; char *vxhsTLSx509certdir; char *vxhsTLSx509secretUUID; diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index db125bf352..6a54e2322a 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -35,6 +35,9 @@ module Test_libvirtd_qemu =3D { "migrate_tls_x509_cert_dir" =3D "/etc/pki/libvirt-migrate" } { "migrate_tls_x509_verify" =3D "1" } { "migrate_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000= " } +{ "backup_tls_x509_cert_dir" =3D "/etc/pki/libvirt-backup" } +{ "backup_tls_x509_verify" =3D "1" } +{ "backup_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000"= } { "nographics_allow_host_audio" =3D "1" } { "remote_display_port_min" =3D "5900" } { "remote_display_port_max" =3D "65535" } --=20 2.26.2