From nobody Tue Sep  9 03:16:11 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1748332310; cv=none;
	d=zohomail.com; s=zohoarc;
	b=K3JeWDJaf7cE3Wcs8O0l7Gc2QULcPqvEmPuSKQm5ePwluxrG7EJ28BCaVRtp1vwKCrly7m93pc6IFj7y4CWn8VJhRHktvnBYcrciMkqhUwlykQ2ja7ywnM8Dr4u2sNn14t2C5egvWzu4DijdnTYYeaJZ+MBEiTbMxqWW23iifG0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1748332310;
 h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc;
	bh=X4LHNxXaGwgMuZ7Msa8cVQxXMTluvDTmGOZKIt6Apo8=;
	b=AnR86ozf7WWGoruCm7iZOEbwZNNUASkgdpu4gEhQ/xJNXUUYHD4cVQVmJ4VoibTnx5VwiF2FZ0mbU7Olq/2SWm0x4dWipg9J+fyLENHMSg5Vlc58diThKlE/R2MPJ2gT6MZpM430uEsN3zuv4jE9CvxFNlKCbBceuToxpY9ODM4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1748332310108296.0749268833521;
 Tue, 27 May 2025 00:51:50 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id ED3031290; Tue, 27 May 2025 03:51:48 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 003EC15DE;
	Tue, 27 May 2025 03:49:36 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 6EA3314B5; Tue, 27 May 2025 03:49:30 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 37CA4169B
	for <devel@lists.libvirt.org>; Tue, 27 May 2025 03:49:17 -0400 (EDT)
Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-175-SybSiqZ_OYyowQmAH3BsWg-1; Tue,
 27 May 2025 03:49:13 -0400
Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id D48631956080
	for <devel@lists.libvirt.org>; Tue, 27 May 2025 07:49:12 +0000 (UTC)
Received: from speedmetal.lan (unknown [10.44.22.3])
	by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 16F83180047F
	for <devel@lists.libvirt.org>; Tue, 27 May 2025 07:49:11 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,
	RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1748332156;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Ue4fJz6jQ6/L/GS6sPPyB5TGUGMLUZmmixFvqmTeh2E=;
	b=h/QJJWfKHpo16juBfc/xbddfG2riPU/AtWETPVAetejFwcw2jX9UdYiyWRA9bMM0lyqQE+
	VDMW6FGOeeG/bkEgLWiRjX+jVkQ5mxE9KuFKdCUBzpd0d6xGP9QmvY6Io6zm9Wt/jD1yM/
	squyIYxvPjRMP/5V4mUVV1rhiJ396Zg=
X-MC-Unique: SybSiqZ_OYyowQmAH3BsWg-1
X-Mimecast-MFC-AGG-ID: SybSiqZ_OYyowQmAH3BsWg_1748332152
To: devel@lists.libvirt.org
Subject: [PATCH 4/9] qemu.conf: Document options for VxHS block network
 protocol TLS config as ignored
Date: Tue, 27 May 2025 09:49:00 +0200
Message-ID: 
 <753bf88b467903d4793fd90a4ece2d1851236f5f.1748332058.git.pkrempa@redhat.com>
In-Reply-To: <cover.1748332058.git.pkrempa@redhat.com>
References: <cover.1748332058.git.pkrempa@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: X1faH_6C2-kGBs1988aRSrsfTGl14ud2ASabyKP4h0E_1748332152
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: X6AV6CQGQ4RCEIYRVFI26AF7OBHGUPP2
X-Message-ID-Hash: X6AV6CQGQ4RCEIYRVFI26AF7OBHGUPP2
X-MailFrom: pkrempa@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/X6AV6CQGQ4RCEIYRVFI26AF7OBHGUPP2/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: Peter Krempa via Devel <devel@lists.libvirt.org>
Reply-To: Peter Krempa <pkrempa@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1748332312062116600
Content-Type: text/plain; charset="utf-8"

From: Peter Krempa <pkrempa@redhat.com>

qemu-5.2 dropped support for VxHS. As we now require at least qemu-6.2,
the qemu.conf option for setting up TLS for VxHS are no longer used.
Document them as such.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/libvirtd_qemu.aug |  2 ++
 src/qemu/qemu.conf.in      | 42 +++-----------------------------------
 2 files changed, 5 insertions(+), 39 deletions(-)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index bd744940d2..e1e479d72c 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -69,6 +69,8 @@ module Libvirtd_qemu =3D
                  | bool_entry "backup_tls_x509_verify"
                  | str_entry "backup_tls_x509_secret_uuid"

+   (* support for vxhs was removed from qemu and the examples were dopped =
from *)
+   (* qemu.conf but these need to stay *)
    let vxhs_entry =3D bool_entry "vxhs_tls"
                  | str_entry "vxhs_tls_x509_cert_dir"
                  | str_entry "vxhs_tls_x509_secret_uuid"
diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
index 502adbf5c3..042bb75b50 100644
--- a/src/qemu/qemu.conf.in
+++ b/src/qemu/qemu.conf.in
@@ -299,48 +299,12 @@
 #chardev_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000"


-# Enable use of TLS encryption for all VxHS network block devices that
-# don't specifically disable.
-#
-# When the VxHS network block device server is set up appropriately,
-# x509 certificates are required for authentication between the clients
-# (qemu processes) and the remote VxHS server.
-#
-# It is necessary to setup CA and issue the client certificate before
-# enabling this.
+# The support for VxHS network block protocol was removed in qemu-5.2 and
+# thus also dropped from libvirt's qemu driver. The following options which
+# were used to configure the TLS certificates for VxHS are thus ignored.
 #
 #vxhs_tls =3D 1
-
-
-# In order to override the default TLS certificate location for VxHS
-# backed storage, supply a valid path to the certificate directory.
-# This is used to authenticate the VxHS block device clients to the VxHS
-# server.
-#
-# If the provided path does not exist, libvirtd will fail to start.
-# If the path is not provided, but vxhs_tls =3D 1, then the
-# default_tls_x509_cert_dir path will be used.
-#
-# VxHS block device clients expect the client certificate and key to be
-# present in the certificate directory along with the CA master certificat=
e.
-# If using the default environment, default_tls_x509_verify must be config=
ured.
-# Since this is only a client the server-key.pem certificate is not needed.
-# Thus a VxHS directory must contain the following:
-#
-#  ca-cert.pem - the CA master certificate
-#  client-cert.pem - the client certificate signed with the ca-cert.pem
-#  client-key.pem - the client private key
-#
 #vxhs_tls_x509_cert_dir =3D "/etc/pki/libvirt-vxhs"
-
-
-# Uncomment and use the following option to override the default secret
-# UUID provided in the default_tls_x509_secret_uuid parameter.
-#
-# NB This default all-zeros UUID will not work. Replace it with the
-# output from the UUID for the TLS secret from a 'virsh secret-list'
-# command and then uncomment the entry
-#
 #vxhs_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000"


--=20
2.49.0