From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701185; cv=none; d=zohomail.com; s=zohoarc; b=QdAs1JjWiNeG+qxiZg1QA1WZ2MZ0VxCECrxe2e0esosQ3p5PndCQPVLCfgkRYROrIU550ahgktKkhGq6VOr5uAHNO9/H4fHqRN1RXXB+aqnrFn3Wwlpm0hbkbDKmYbMQkAXS5k6CGNzDOUIjNQVXtYWi3EFDfu1MKwoIQrCex34= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701185; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=vTQn0U0vlnm8bfFxkk91fodjjcOCPDQNxDLcaAoc2Sg=; b=Rh7XHGRwLLy2ZHl4FQBUW2sQYvLIW1J9ZU5mG/fps/8WyR9AozRLef8rJMrzTSskA6EQTCZEOHhw/gSvee3MChEMD+8p768SJ0Nk5UI3u6MliD49idvlmqxwXsQBOiQxEOQReibECwKlVg0gFnUuR+rAe5Fj+twe9dYlJyT5Ai8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1593701185840921.6335939762735; Thu, 2 Jul 2020 07:46:25 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-435-x7Qb8zJgNdu05Jle0X_EzA-1; Thu, 02 Jul 2020 10:46:22 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 89C5FEC1A9; Thu, 2 Jul 2020 14:46:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 671D31010404; Thu, 2 Jul 2020 14:46:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 353681809547; Thu, 2 Jul 2020 14:46:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeGLS011666 for ; Thu, 2 Jul 2020 10:40:16 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3E25010027B5; Thu, 2 Jul 2020 14:40:16 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id A504910002A2 for ; Thu, 2 Jul 2020 14:40:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701184; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=vTQn0U0vlnm8bfFxkk91fodjjcOCPDQNxDLcaAoc2Sg=; b=DQcHSe9APHQV7AEQ3Yw5uj1V/Zn33PfBzcgEHvzPRZNvLYwD45LGCk8F3iXiqWuwt+W7Ly WHXEAbE6eiOyzzcWm9wJtt5q364hqXLugbRRQyOryFFyFPhzU3D8XeHUb+2mh8HMH355hV h+pj1XbdX7GSvRoGu7nmTv9UonZGhuw= X-MC-Unique: x7Qb8zJgNdu05Jle0X_EzA-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 01/24] qemu: domain: Introduce helper for always fetching virStorageSource private data Date: Thu, 2 Jul 2020 16:39:47 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Add a helper which will always return the storage source private data even if it was not allocated before. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_domain.c | 10 ++++++++++ src/qemu/qemu_domain.h | 2 ++ 2 files changed, 12 insertions(+) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index c5b8d91f9a..74392760b8 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -570,6 +570,16 @@ qemuDomainStorageSourcePrivateDispose(void *obj) } +qemuDomainStorageSourcePrivatePtr +qemuDomainStorageSourcePrivateFetch(virStorageSourcePtr src) +{ + if (!src->privateData) + src->privateData =3D qemuDomainStorageSourcePrivateNew(); + + return QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src); +} + + static virClassPtr qemuDomainVcpuPrivateClass; static void qemuDomainVcpuPrivateDispose(void *obj); diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 15ffd87cb5..ae3c3bf1da 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -320,6 +320,8 @@ struct _qemuDomainStorageSourcePrivate { }; virObjectPtr qemuDomainStorageSourcePrivateNew(void); +qemuDomainStorageSourcePrivatePtr +qemuDomainStorageSourcePrivateFetch(virStorageSourcePtr src); typedef struct _qemuDomainVcpuPrivate qemuDomainVcpuPrivate; typedef qemuDomainVcpuPrivate *qemuDomainVcpuPrivatePtr; --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701167; cv=none; d=zohomail.com; s=zohoarc; b=f/WiyOOXp/QxLsv63JI1TgXSN/qRGiqbx157/D4NLJHX76NxIZdx9ToncvaBgIcrtmyh1wOPs3QCYCAg9e4stZ5NX6TIkcS1U+HywMJpTMwZ9mMl8QR22WLcc4MoRDnMqAeBuzSfMpUskCg2maNExyC0xwH5zCI0njPin3nYXVM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701167; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=cK/1+/Wre0B5vn6Db6sxHGCZZYZb75RxsH8h+gZaB2A=; b=GxUljVziJ50CER8w2xicPt+SGqgpxhlM4y3iRGu2+f9V69ZZeEZ7N3Qcc+iYX8nPTBewm1Wg3UpOsdDGErx3s8RQ2dgSlG8QhM1slOJ5pgoQ8bSaJ9qoTEQ03XfEqeqycGHQ8/mH/e5MlH5SYnXAC1Zs44f01uVhcw9nx83g5oI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1593701167422491.0652528367202; Thu, 2 Jul 2020 07:46:07 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-237-8bdr8TpDMq2J8FfF2y93ow-1; Thu, 02 Jul 2020 10:45:06 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CD121107ACF4; Thu, 2 Jul 2020 14:44:57 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ACE649F43; Thu, 2 Jul 2020 14:44:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7ECC61809547; Thu, 2 Jul 2020 14:44:57 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeHoD011682 for ; Thu, 2 Jul 2020 10:40:17 -0400 Received: by smtp.corp.redhat.com (Postfix) id 9C28E10190A7; Thu, 2 Jul 2020 14:40:17 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 945FC10002A2 for ; Thu, 2 Jul 2020 14:40:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701165; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=cK/1+/Wre0B5vn6Db6sxHGCZZYZb75RxsH8h+gZaB2A=; b=PBsGmQv+QsIrKpKRgaFYgogF+XhVYILia1t+LjbkrRkWDE6Pssha4sm4GV6/xE7S7GCzhr HPVZIekDOotrWG9LGvjGMdMBvGBMadsXjRw7v6SACUBjaqRRHWWJnWJKN1e8osCIPcwyig 896MTZOnjvopQzpNBBYqtc5qhtyI+jQ= X-MC-Unique: 8bdr8TpDMq2J8FfF2y93ow-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 02/24] qemuDomainDiskHasEncryptionSecret: unexport Date: Thu, 2 Jul 2020 16:39:48 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_domain.h | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 74392760b8..697ddab727 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1102,7 +1102,7 @@ qemuDomainStorageSourceHasAuth(virStorageSourcePtr sr= c) } -bool +static bool qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src) { if (!virStorageSourceIsEmpty(src) && src->encryption && diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index ae3c3bf1da..1ddac52092 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -837,9 +837,6 @@ void qemuDomainSecretDiskDestroy(virDomainDiskDefPtr di= sk) bool qemuDomainStorageSourceHasAuth(virStorageSourcePtr src) ATTRIBUTE_NONNULL(1); -bool qemuDomainDiskHasEncryptionSecret(virStorageSourcePtr src) - ATTRIBUTE_NONNULL(1); - qemuDomainSecretInfoPtr qemuDomainSecretInfoTLSNew(qemuDomainObjPrivatePtr priv, const char *srcAlias, --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701087; cv=none; d=zohomail.com; s=zohoarc; b=WLukPurF71QOIbyvDG3lu057VyIFYaogxLflP6PGbRx5sZbB/srO5n6sCVU4qHMo2VqjM0AbM5vXK93njw2sNbjC6HUBhRJ0IRNG/+TbA3Y0bpeDXBEu5gLKnxlOU3f9dfsbRWGDjNlJQo+egpqMlCOPkai3gXj9170qpuRqSPI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701087; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=8/g0Ot0gi7ncwC6ve5OBuaFayy18Xd1otuiaaRqw6pY=; b=muL8vSUE2UhB8r/xLBatOeZrE2RtKUKCEuOHnSqAgYb61HG34Qn8AeAYgHhsFXNHsNWd+J6Y1JiOJE4EkKrRBfLAxTJvkdIHz1wOyRyfQp/rJ7B4J9NKXhvZmB9HS8GqDuY87Gjy9hnJoy08dQzEj73bxHknQgxV7Ejq020S4oc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1593701087217837.8437476047716; Thu, 2 Jul 2020 07:44:47 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-221-vfAWhbTUOgSfvBqx5vvRXw-1; Thu, 02 Jul 2020 10:44:43 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 761B7879510; Thu, 2 Jul 2020 14:44:37 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2C0905C1B0; Thu, 2 Jul 2020 14:44:37 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 545426C9C6; Thu, 2 Jul 2020 14:44:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeIIu011687 for ; Thu, 2 Jul 2020 10:40:18 -0400 Received: by smtp.corp.redhat.com (Postfix) id 89EFD10002A2; Thu, 2 Jul 2020 14:40:18 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id F24AF104C522 for ; Thu, 2 Jul 2020 14:40:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701085; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=8/g0Ot0gi7ncwC6ve5OBuaFayy18Xd1otuiaaRqw6pY=; b=PfBaj1sPYCSg209nhZfZggexZJ+XfMAgwqZInqs5KIMbZtPKtYzQF5qbwaqdlmCYelB+/M rKR8i1wCSo7njtyHfU2PY9c2POF4uTGxVx+xNpkO4wt6UtqpHaO6Rs4OgJS9wHS2BT0TSF tOT1YEGGFQcp3wMVPLGgJ+UmoasW7Rk= X-MC-Unique: vfAWhbTUOgSfvBqx5vvRXw-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 03/24] qemu.conf: Remove misleading mention of 'migrate_tls' Date: Thu, 2 Jul 2020 16:39:49 +0200 Message-Id: <8a1c908bb7d6f9cbc4e14c67a5a83a142eed2d65.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" There's no such parameter. Reword the sentence to account for enabling TLS-encrypted migration using API flags. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu.conf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index f89dbd2c3a..9b04c8534b 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -340,9 +340,10 @@ # In order to override the default TLS certificate location for migration # certificates, supply a valid path to the certificate directory. If the # provided path does not exist, libvirtd will fail to start. If the path is -# not provided, but migrate_tls =3D 1, then the default_tls_x509_cert_dir = path -# will be used. Once/if a default certificate is enabled/defined, migration -# will then be able to use the certificate via migration API flags. +# not provided, but TLS-encrypted migration is requested, then the +# default_tls_x509_cert_dir path will be used. Once/if a default certifica= te is +# enabled/defined, migration will then be able to use the certificate via +# migration API flags. # #migrate_tls_x509_cert_dir =3D "/etc/pki/libvirt-migrate" --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701190; cv=none; d=zohomail.com; s=zohoarc; b=ZpcCezMQi1TKbrCBVcPyZCI1Ws819q5aFxiyB2//FdGInaMy98+7e/q2fP31ESCkPt7DMJNHymUfiyu5T8smaI5ZwG1JRzRRhREGEckJNQek/jTByQrSkT4uhztrh+CoMUIDu2OLVv5wktJ4WkZ4k6IhbtktvKB6fwIt+cgEHWI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701190; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=CKBvC3071A3mxexs54mva1TrMxRmaHQfHHvdCHoSMC4=; b=h806s1pkXK9OK6Gxnlrr2q+QoJN8RSI6Ojqutyztal5szwrRN47hMIJLcxjo8+SLhikKepgEv2p+e6u9Q6pZvnbNvvpvnDrIYkV++5W8VLw/6u0wmRLiCEdSPvM/+zp07MIt0fMsnK7zPBByaV9BP88H9w3WTZvkkBxI5NTK/QU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1593701190144603.7769864980825; Thu, 2 Jul 2020 07:46:30 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-109-Ptwf2LMsMEOxlfWcVz7MTQ-1; Thu, 02 Jul 2020 10:46:25 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1B80DEC1A8; Thu, 2 Jul 2020 14:46:20 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F1B285C3FD; Thu, 2 Jul 2020 14:46:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C4F756C9C6; Thu, 2 Jul 2020 14:46:19 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeJgv011699 for ; Thu, 2 Jul 2020 10:40:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id 81E3C104C43E; Thu, 2 Jul 2020 14:40:19 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id E9B17104C41A for ; Thu, 2 Jul 2020 14:40:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701188; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=CKBvC3071A3mxexs54mva1TrMxRmaHQfHHvdCHoSMC4=; b=dq4HPChYJTzE9Y3XliX0qvEubDFxdCHr9QxeUN/bCoymBTby+cqTnucVFuzncnj8OfaQW9 IpF+8kYkfzN6ky/OvDvUCkb8oWBcXyHC7wKf+0otExnNo+c6nidfnwyfuSildoHARgDpnP R9weZrh/gVDAkZxnBIieoz0U3lU6zWo= X-MC-Unique: Ptwf2LMsMEOxlfWcVz7MTQ-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 04/24] qemu: conf: Move 'nbd' and 'vxhs' tls config variables together with rest of tls setup Date: Thu, 2 Jul 2020 16:39:50 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/libvirtd_qemu.aug | 12 ++++++------ src/qemu/qemu_conf.h | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index 404498b611..7a6a33c77c 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -59,6 +59,12 @@ module Libvirtd_qemu =3D | bool_entry "migrate_tls_x509_verify" | str_entry "migrate_tls_x509_secret_uuid" + let vxhs_entry =3D bool_entry "vxhs_tls" + | str_entry "vxhs_tls_x509_cert_dir" + + let nbd_entry =3D bool_entry "nbd_tls" + | str_entry "nbd_tls_x509_cert_dir" + let nogfx_entry =3D bool_entry "nographics_allow_host_audio" let remote_display_entry =3D int_entry "remote_display_port_min" @@ -121,12 +127,6 @@ module Libvirtd_qemu =3D let memory_entry =3D str_entry "memory_backing_dir" - let vxhs_entry =3D bool_entry "vxhs_tls" - | str_entry "vxhs_tls_x509_cert_dir" - - let nbd_entry =3D bool_entry "nbd_tls" - | str_entry "nbd_tls_x509_cert_dir" - let swtpm_entry =3D str_entry "swtpm_user" | str_entry "swtpm_group" diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index b9ef4551a3..4f54c136db 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -144,6 +144,12 @@ struct _virQEMUDriverConfig { bool migrateTLSx509verifyPresent; char *migrateTLSx509secretUUID; + bool vxhsTLS; + char *vxhsTLSx509certdir; + + bool nbdTLS; + char *nbdTLSx509certdir; + unsigned int remotePortMin; unsigned int remotePortMax; @@ -208,12 +214,6 @@ struct _virQEMUDriverConfig { char *memoryBackingDir; - bool vxhsTLS; - char *vxhsTLSx509certdir; - - bool nbdTLS; - char *nbdTLSx509certdir; - uid_t swtpm_user; gid_t swtpm_group; --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701191; cv=none; d=zohomail.com; s=zohoarc; b=G8MFZUnPf6Q/8Jdcl7fPW/BrmPrwkDyFrXQ6np7cBxOoxPZ6rTLm29e2B4MN9LITqYWR1wwlrpXjv6BZoiMbt8iHpmyjN8C9dGGvguqAP6Ocvw74WSawwlTt/MANzuMWYbSD5UgHy8zpuQcojslYm7m7LgIrlC1vfBc/8V4AHJg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701191; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=T1RpkmGdjRWToaUNoxm9pU0ME/5huBmaCIqjEWOoftk=; b=dN1coOjjRsOBsYGf3jSBBKX0ANJf9XH6pEnDwf3J4UcuSqFpB5e5v8IpptN/3YuFF6H3WE4zjUyz817rjBeHgzHwZlDTk2WPn8nzSUz2Hp4J+IrhDX2++fj0BFjFSLvoxrKk/kEbbvs0To73EN8WmOBzWQ8iST7xA18su/AsfWM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1593701191505422.9456931856944; Thu, 2 Jul 2020 07:46:31 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-297-tmT0PPt7NjOwq9CXbl1G2A-1; Thu, 02 Jul 2020 10:46:28 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9F35887950E; Thu, 2 Jul 2020 14:46:22 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7FBC67BEBE; Thu, 2 Jul 2020 14:46:22 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4F3106C9CE; Thu, 2 Jul 2020 14:46:22 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeK9n011709 for ; Thu, 2 Jul 2020 10:40:20 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7EC6110002A2; Thu, 2 Jul 2020 14:40:20 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id E6D04104C41A for ; Thu, 2 Jul 2020 14:40:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701190; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=T1RpkmGdjRWToaUNoxm9pU0ME/5huBmaCIqjEWOoftk=; b=Gf3c6wm2q6n2AetWtFDfLCaumWpZDwQx3eYKnSWjvz0oJCefC0xSR0Hhevkyjc3abxYnd0 JcocpJdQqdh95Zkn0x2+8ydlZVt4kUVdD7MZ6K3Vk0OkG9PErKFJojHxgfYb6cfL/LFEfw zJwf07hGWzmBlvHQWLiqTWCLWR3fuWk= X-MC-Unique: tmT0PPt7NjOwq9CXbl1G2A-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 05/24] virQEMUDriverConfigLoadSpecificTLSEntry: Move fetching of 'chardev_tls' above macro Date: Thu, 2 Jul 2020 16:39:51 +0200 Message-Id: <6c13cd8a4acdfff17bca6a3cd220a089c9ac44be.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Move the extraction of the config value so that it makes more sense after upcoming refactors. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 33b3989268..2cbff1348a 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -483,6 +483,8 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverCo= nfigPtr cfg, return -1; if (virConfGetValueString(conf, "nbd_tls_x509_cert_dir", &cfg->nbdTLSx= 509certdir) < 0) return -1; + if (virConfGetValueBool(conf, "chardev_tls", &cfg->chardevTLS) < 0) + return -1; #define GET_CONFIG_TLS_CERTINFO(val) \ do { \ @@ -500,8 +502,6 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverCo= nfigPtr cfg, return -1; \ } while (0) - if (virConfGetValueBool(conf, "chardev_tls", &cfg->chardevTLS) < 0) - return -1; GET_CONFIG_TLS_CERTINFO(chardev); GET_CONFIG_TLS_CERTINFO(migrate); --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701098; cv=none; d=zohomail.com; s=zohoarc; b=DKcFbGKTcA2B5YBuQ3P7G3kj2tSlnysp8LMxAyv+/7zCZlQaAmzmeAnSybtundmtLEqjJ4EdNrGzSZRhhKVehI+YFH612YH+JWvQ74msfSTkHmUUPX5/NvjI1xyjw6kQ9kKYzNWgist8lv+XlrADB0dzjg6vSWD2Dgt9Nj4ZgFk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701098; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=FxVUZtjFpPdOj8FphHzIlWP/yLj4W5X1re+uOmxcdC8=; b=ntIx8GvGyZ6YOQyKoiYFcEYhvJdcWDUhC/df8K/lncxuX6YqAKxFrwtI+MvzTt4lglArTyHQgwlWpfsl5sktuk6yYSY0QK6y4seqC7MbuIS444J8fEstc2FNd8PcZBvQ1+x8xoS7ZFEIxH4aTxjclbpRsiLsSm4pbfB3GjOctNM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1593701097923751.191385966442; Thu, 2 Jul 2020 07:44:57 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-19-MwQnVa_dNXq3SOBTW7-k3A-1; Thu, 02 Jul 2020 10:44:53 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7F505107ACF3; Thu, 2 Jul 2020 14:44:47 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5960677899; Thu, 2 Jul 2020 14:44:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 010736C9CB; Thu, 2 Jul 2020 14:44:47 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeL9h011720 for ; Thu, 2 Jul 2020 10:40:21 -0400 Received: by smtp.corp.redhat.com (Postfix) id 76A1110002A2; Thu, 2 Jul 2020 14:40:21 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id DEE541002397 for ; Thu, 2 Jul 2020 14:40:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701095; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=FxVUZtjFpPdOj8FphHzIlWP/yLj4W5X1re+uOmxcdC8=; b=JeoJKzfbLLUiuuW5ewAG9WhSYvFA8x3wJDP6GA6gOJ92bbXQnT3iit8oZcF+6HXmfOdh4j O7j0EMm497ySqoCLYNCg3GobujhLgqIGyAgahGQ3dPcO09aPblxvoltYnRDgc811U251vX NyqNnq27tin3gr8cESB9AXJUzUhXUm0= X-MC-Unique: MwQnVa_dNXq3SOBTW7-k3A-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 06/24] virQEMUDriverConfigLoadSpecificTLSEntry: Split up fetching of server-only config options Date: Thu, 2 Jul 2020 16:39:52 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The '*_tls_x509_verify' options are relevant only when we are going to expose a server socket as client sockets always enable verification. Split up the macro to separate the common bits from the server bits so that when we'll later extend support of 'nbd' and 'vxhs' disks which are client only we can reuse the existing macros. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_conf.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 2cbff1348a..b9b90e853f 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -486,13 +486,8 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverC= onfigPtr cfg, if (virConfGetValueBool(conf, "chardev_tls", &cfg->chardevTLS) < 0) return -1; -#define GET_CONFIG_TLS_CERTINFO(val) \ +#define GET_CONFIG_TLS_CERTINFO_COMMON(val) \ do { \ - if ((rv =3D virConfGetValueBool(conf, #val "_tls_x509_verify", \ - &cfg->val## TLSx509verify)) < 0) \ - return -1; \ - if (rv =3D=3D 1) \ - cfg->val## TLSx509verifyPresent =3D true; \ if (virConfGetValueString(conf, #val "_tls_x509_cert_dir", \ &cfg->val## TLSx509certdir) < 0) \ return -1; \ @@ -502,11 +497,23 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriver= ConfigPtr cfg, return -1; \ } while (0) - GET_CONFIG_TLS_CERTINFO(chardev); +#define GET_CONFIG_TLS_CERTINFO_SERVER(val) \ + do { \ + if ((rv =3D virConfGetValueBool(conf, #val "_tls_x509_verify", \ + &cfg->val## TLSx509verify)) < 0) \ + return -1; \ + if (rv =3D=3D 1) \ + cfg->val## TLSx509verifyPresent =3D true; \ + } while (0) + + GET_CONFIG_TLS_CERTINFO_COMMON(chardev); + GET_CONFIG_TLS_CERTINFO_SERVER(chardev); - GET_CONFIG_TLS_CERTINFO(migrate); + GET_CONFIG_TLS_CERTINFO_COMMON(migrate); + GET_CONFIG_TLS_CERTINFO_SERVER(migrate); -#undef GET_CONFIG_TLS_CERTINFO +#undef GET_CONFIG_TLS_CERTINFO_COMMON +#undef GET_CONFIG_TLS_CERTINFO_SERVER return 0; } --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701167; cv=none; d=zohomail.com; s=zohoarc; b=Pjh8plpMzvT+md1sPg9HoVZjrp3v+YmfUHdyzi184YHCl3f6AwchFRNsF1zRkHlPdCo6GPpA6T0M1ysmlEOEqkwZYaiocmzbqrmv/jOWM4BGtQv6+uCNrFZFU+UX4eWEwGGuAp8ccTWGH4ln8vWTpQKIPk4maZ6++GfmszveFFg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701167; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=2GHSSlm+KlgnBI1TIsHEdtMsUmjvAgdMGLy+VqzB5YU=; b=XHQAye9snIixXaF1oEFfmhZ8Pp3VsNofjlj1p6ZWOA8+tScsn59Z8KP7n2A+Sm413V2UJBSugnWrPW7lbuZ93cRAMjDetkUTbeRuRoGk+JOoGVcjO35JwtwI1fM9shcJr0Z0xUeR9HkzcjhykaC5nx0RcHzdJLTcHCnHX4lio2w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 1593701167262393.78268087718936; Thu, 2 Jul 2020 07:46:07 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-223--v2UJfyLPV6vC9EIcrBtcA-1; Thu, 02 Jul 2020 10:45:13 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A2436100A61E; Thu, 2 Jul 2020 14:45:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8260877893; Thu, 2 Jul 2020 14:45:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4DA751809557; Thu, 2 Jul 2020 14:45:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeMBa011735 for ; Thu, 2 Jul 2020 10:40:22 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6FAD91002397; Thu, 2 Jul 2020 14:40:22 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id D6FC110002A2 for ; Thu, 2 Jul 2020 14:40:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701166; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=2GHSSlm+KlgnBI1TIsHEdtMsUmjvAgdMGLy+VqzB5YU=; b=Mz8dQQW/Z23+ZmTiZEDf4VxneEHdCHmulZXTZQM47zl2xbJEv3NkdmJcYQJzfo9cwh5vec Oig/s+1jlj+wCjlA27GmzlRn8yVTNJE6r41mb+ERCzory1gUtBKrHEzog6Ya9aemJTxpkU bnUKebl+Z5/sJcRuNT28LIJoEx1Vapk= X-MC-Unique: -v2UJfyLPV6vC9EIcrBtcA-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 07/24] qemu: domain: Add infrastructure passing in TLS key's decryption key via 'secret' Date: Thu, 2 Jul 2020 16:39:53 +0200 Message-Id: <00ca428c2d23985adb4156e5bb4aaa3e7e4c6c19.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Store the required data in the private data of a storage source and ensure that the 'alias' of the secret is formatted in the status XML. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_domain.c | 10 +++++++++- src/qemu/qemu_domain.h | 3 +++ tests/qemustatusxml2xmldata/modern-in.xml | 1 + 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 697ddab727..7f0be22f20 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -567,6 +567,7 @@ qemuDomainStorageSourcePrivateDispose(void *obj) g_clear_pointer(&priv->secinfo, qemuDomainSecretInfoFree); g_clear_pointer(&priv->encinfo, qemuDomainSecretInfoFree); g_clear_pointer(&priv->httpcookie, qemuDomainSecretInfoFree); + g_clear_pointer(&priv->tlsKeySecret, qemuDomainSecretInfoFree); } @@ -1083,6 +1084,7 @@ qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk) if ((srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(n))) { qemuDomainSecretInfoDestroy(srcPriv->secinfo); qemuDomainSecretInfoDestroy(srcPriv->encinfo); + qemuDomainSecretInfoDestroy(srcPriv->tlsKeySecret); } } } @@ -1750,6 +1752,7 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr = ctxt, g_autofree char *authalias =3D NULL; g_autofree char *encalias =3D NULL; g_autofree char *httpcookiealias =3D NULL; + g_autofree char *tlskeyalias =3D NULL; src->nodestorage =3D virXPathString("string(./nodenames/nodename[@type= =3D'storage']/@name)", ctxt); src->nodeformat =3D virXPathString("string(./nodenames/nodename[@type= =3D'format']/@name)", ctxt); @@ -1764,8 +1767,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr = ctxt, authalias =3D virXPathString("string(./objects/secret[@type=3D'auth']/= @alias)", ctxt); encalias =3D virXPathString("string(./objects/secret[@type=3D'encrypti= on']/@alias)", ctxt); httpcookiealias =3D virXPathString("string(./objects/secret[@type=3D'h= ttpcookie']/@alias)", ctxt); + tlskeyalias =3D virXPathString("string(./objects/secret[@type=3D'tlske= y']/@alias)", ctxt); - if (authalias || encalias || httpcookiealias) { + if (authalias || encalias || httpcookiealias || tlskeyalias) { if (!src->privateData && !(src->privateData =3D qemuDomainStorageSourcePrivateNew())) return -1; @@ -1780,6 +1784,9 @@ qemuStorageSourcePrivateDataParse(xmlXPathContextPtr = ctxt, if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->httpcookie, &= httpcookiealias) < 0) return -1; + + if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->tlsKeySecret,= &tlskeyalias) < 0) + return -1; } if (virStorageSourcePrivateDataParseRelPath(ctxt, src) < 0) @@ -1831,6 +1838,7 @@ qemuStorageSourcePrivateDataFormat(virStorageSourcePt= r src, qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->secinfo, = "auth"); qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->encinfo, = "encryption"); qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->httpcooki= e, "httpcookie"); + qemuStorageSourcePrivateDataFormatSecinfo(&tmp, srcPriv->tlsKeySec= ret, "tlskey"); } if (src->tlsAlias) diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 1ddac52092..e524fd0002 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -317,6 +317,9 @@ struct _qemuDomainStorageSourcePrivate { /* secure passthrough of the http cookie */ qemuDomainSecretInfoPtr httpcookie; + + /* key for decrypting TLS certificate */ + qemuDomainSecretInfoPtr tlsKeySecret; }; virObjectPtr qemuDomainStorageSourcePrivateNew(void); diff --git a/tests/qemustatusxml2xmldata/modern-in.xml b/tests/qemustatusxm= l2xmldata/modern-in.xml index 64d42200e4..2e0e415bc3 100644 --- a/tests/qemustatusxml2xmldata/modern-in.xml +++ b/tests/qemustatusxml2xmldata/modern-in.xml @@ -336,6 +336,7 @@ + --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) client-ip=207.211.31.81; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701227; cv=none; d=zohomail.com; s=zohoarc; b=Q7QOL3iWWGx20jB3+x6515kBuKJ4dmMTLMcy2vuGEYRpd1R6BiwBHloM5ZWbXXI9emwuTWM0ltUQFTqFuIXuiEusDZCp4g+AMTAVa//I5PUHqZ5F8F6CMyMg4/ZECUE0HWH3GXtNhl9Kiyfh2pNwol/NcACyqbUJjYSuJgOJbyk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701227; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=QNLfDHgh+x9IgUsAIPtdObWKlaI8lHuP6FA3uwqt0S4=; b=P37K/VQiNtOoGJV8m6wAR/iPw8B8oFpWjdNbGedfPRp38uaRwGE5RZ7bVceq2Z7HAJybA6ak/WB0bX9MVMYDE8fKjFL+M/uDsgQ+yzHOC0jbn2R7+OSmefIufyTLLwr7Md/U85FlIIyDWIv0a8AS7OtdugRAf52L8S4kLDFLeFw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by mx.zohomail.com with SMTPS id 159370122713045.9326319254011; Thu, 2 Jul 2020 07:47:07 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-230-usV7gDeMNRixUpo9AnR9gw-1; Thu, 02 Jul 2020 10:46:31 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E482B108BD11; Thu, 2 Jul 2020 14:46:24 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C41FB7168D; Thu, 2 Jul 2020 14:46:24 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 95D3A1809557; Thu, 2 Jul 2020 14:46:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeNC0011750 for ; Thu, 2 Jul 2020 10:40:23 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6035F1002397; Thu, 2 Jul 2020 14:40:23 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id D111910002A2 for ; Thu, 2 Jul 2020 14:40:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701225; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=QNLfDHgh+x9IgUsAIPtdObWKlaI8lHuP6FA3uwqt0S4=; b=OpdbIOeA4/wAth3N+M1rzD7gM0omJw6m1+62Jm6HNfRypapoxUaNAYxj7uxqD+iFXy9/WG Fh7QW2UOLSwbVhfTrEifxfdc1WZD746RrHcC6e2CJeMIyn7V2yMEwWuZuDbAwA/3CGPyBS x87/DXpXKTPxZkJ2u6ZZPjZaR44MS80= X-MC-Unique: usV7gDeMNRixUpo9AnR9gw-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 08/24] qemu block: Add internals for handling 'secret' corresponding to TLS key Date: Thu, 2 Jul 2020 16:39:54 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Add infrastructure for hot- and cold-plug of the secret object holding decryption key for the TLS key. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_block.c | 12 ++++++++++++ src/qemu/qemu_block.h | 2 ++ src/qemu/qemu_command.c | 11 ++++++++++- 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index b00694c96f..36fc6784de 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -1542,7 +1542,9 @@ qemuBlockStorageSourceAttachDataFree(qemuBlockStorage= SourceAttachDataPtr data) virJSONValueFree(data->httpcookiesecretProps); virJSONValueFree(data->encryptsecretProps); virJSONValueFree(data->tlsProps); + virJSONValueFree(data->tlsKeySecretProps); VIR_FREE(data->tlsAlias); + VIR_FREE(data->tlsKeySecretAlias); VIR_FREE(data->authsecretAlias); VIR_FREE(data->encryptsecretAlias); VIR_FREE(data->httpcookiesecretAlias); @@ -1617,6 +1619,11 @@ qemuBlockStorageSourceAttachApplyStorageDeps(qemuMon= itorPtr mon, &data->httpcookiesecretAlias) < 0) return -1; + if (data->tlsKeySecretProps && + qemuMonitorAddObject(mon, &data->tlsKeySecretProps, + &data->tlsKeySecretAlias) < 0) + return -1; + if (data->tlsProps && qemuMonitorAddObject(mon, &data->tlsProps, &data->tlsAlias) < 0) return -1; @@ -1766,6 +1773,8 @@ qemuBlockStorageSourceAttachRollback(qemuMonitorPtr m= on, if (data->tlsAlias) ignore_value(qemuMonitorDelObject(mon, data->tlsAlias, false)); + if (data->tlsKeySecretAlias) + ignore_value(qemuMonitorDelObject(mon, data->tlsKeySecretAlias, fa= lse)); virErrorRestore(&orig_err); } @@ -1821,6 +1830,9 @@ qemuBlockStorageSourceDetachPrepare(virStorageSourceP= tr src, if (srcpriv->httpcookie) data->httpcookiesecretAlias =3D g_strdup(srcpriv->httpcookie->= s.aes.alias); + + if (srcpriv->tlsKeySecret) + data->tlsKeySecretAlias =3D g_strdup(srcpriv->tlsKeySecret->s.= aes.alias); } return g_steal_pointer(&data); diff --git a/src/qemu/qemu_block.h b/src/qemu/qemu_block.h index 24b87e79db..b1bdb39613 100644 --- a/src/qemu/qemu_block.h +++ b/src/qemu/qemu_block.h @@ -105,6 +105,8 @@ struct qemuBlockStorageSourceAttachData { virJSONValuePtr tlsProps; char *tlsAlias; + virJSONValuePtr tlsKeySecretProps; + char *tlsKeySecretAlias; }; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 6e7fd59561..0c4c77cf8c 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -2047,6 +2047,7 @@ qemuBuildBlockStorageSourceAttachDataCommandline(virC= ommandPtr cmd, qemuBuildObjectCommandline(cmd, data->authsecretProps) < 0 || qemuBuildObjectCommandline(cmd, data->encryptsecretProps) < 0 || qemuBuildObjectCommandline(cmd, data->httpcookiesecretProps) < 0 || + qemuBuildObjectCommandline(cmd, data->tlsKeySecretProps) < 0 || qemuBuildObjectCommandline(cmd, data->tlsProps) < 0) return -1; @@ -10161,6 +10162,7 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorag= eSourcePtr src, virQEMUCapsPtr qemuCaps) { qemuDomainStorageSourcePrivatePtr srcpriv =3D QEMU_DOMAIN_STORAGE_SOUR= CE_PRIVATE(src); + const char *tlsKeySecretAlias =3D NULL; if (src->pr && !virStoragePRDefIsManaged(src->pr) && @@ -10180,11 +10182,18 @@ qemuBuildStorageSourceAttachPrepareCommon(virStor= ageSourcePtr src, if (srcpriv->httpcookie && qemuBuildSecretInfoProps(srcpriv->httpcookie, &data->httpcooki= esecretProps) < 0) return -1; + + if (srcpriv->tlsKeySecret) { + if (qemuBuildSecretInfoProps(srcpriv->tlsKeySecret, &data->tls= KeySecretProps) < 0) + return -1; + + tlsKeySecretAlias =3D srcpriv->tlsKeySecret->s.aes.alias; + } } if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES && qemuBuildTLSx509BackendProps(src->tlsCertdir, false, true, src->tl= sAlias, - NULL, qemuCaps, &data->tlsProps) < 0) + tlsKeySecretAlias, qemuCaps, &data->t= lsProps) < 0) return -1; return 0; --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701099; cv=none; d=zohomail.com; s=zohoarc; b=iZ/Bn6yRPzXfsaYkv/sl6J0cbxt0sCyeTGGRTjk+2ZWl1dFKyy2W30YWCHSKFF42Sy3sSlzIDSXIkQLEiNW6fI0qFvL2e6fIbmvioy5z+F5yZv5S4xr6mbNXm2mYRcZg5EL91lqy3ZrJo3AcfQEIGh5+5V/TZlRlYGKm7GCCv+0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701099; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ey7Sxio2WO7nrgfLy+ldVgzZ8BAwIuQhJzCQYUDbU8A=; b=iTE+9n9HeA54wZJajP6rOf7Rie+A9nMkJ9jb72bZJvVvjb6HF1Xxb/Eum4xIZ8N6jCEThuwclX26DXgmPBPqdoBw4kzAku21ahNLZIFB+Nu47ts9sSRko9Cd3bfKzFmbPNk3T1z8IInxAbMTn1YoFr4KxPpd3lCXmjCTsWANrJE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1593701099898989.8437208703612; Thu, 2 Jul 2020 07:44:59 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-355-zh7N-ziVOVmqVcnJ2e-1iw-1; Thu, 02 Jul 2020 10:44:56 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 12AF0107ACF2; Thu, 2 Jul 2020 14:44:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EA19A73FE8; Thu, 2 Jul 2020 14:44:49 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BB69B6C9CD; Thu, 2 Jul 2020 14:44:49 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeO0Y011756 for ; Thu, 2 Jul 2020 10:40:24 -0400 Received: by smtp.corp.redhat.com (Postfix) id 5007B10002A2; Thu, 2 Jul 2020 14:40:24 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id B6B0F10013D2 for ; Thu, 2 Jul 2020 14:40:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701097; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ey7Sxio2WO7nrgfLy+ldVgzZ8BAwIuQhJzCQYUDbU8A=; b=RiXNzVy48TWNbT7rybABNktTBxvPUiLRNWPgxyM4LoJwTd24jsBp9LpsInOVwK2YB3sMJn Ary6U3pVg4DAwNG/jeyb0pq2jF0CLOTljvnV3Qy0gcsI5lXKs0IZECt4USuhx96HhwtoDi /T3wJ80zQvqR5RpAN5LzNqL4EiRjHnM= X-MC-Unique: zh7N-ziVOVmqVcnJ2e-1iw-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 09/24] qemu: conf: Add configuration of TLS key encryption for 'vxhs' and 'nbd' disks Date: Thu, 2 Jul 2020 16:39:55 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Until now libvirt didn't allow using encrypted TLS key for disk clients. Add fields for configuring the secret and propagate defaults. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/libvirtd_qemu.aug | 2 ++ src/qemu/qemu.conf | 19 +++++++++++++++++++ src/qemu/qemu_conf.c | 13 +++++++++---- src/qemu/qemu_conf.h | 2 ++ src/qemu/test_libvirtd_qemu.aug.in | 2 ++ 5 files changed, 34 insertions(+), 4 deletions(-) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index 7a6a33c77c..c19a086c38 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -61,9 +61,11 @@ module Libvirtd_qemu =3D let vxhs_entry =3D bool_entry "vxhs_tls" | str_entry "vxhs_tls_x509_cert_dir" + | str_entry "vxhs_tls_x509_secret_uuid" let nbd_entry =3D bool_entry "nbd_tls" | str_entry "nbd_tls_x509_cert_dir" + | str_entry "nbd_tls_x509_secret_uuid" let nogfx_entry =3D bool_entry "nographics_allow_host_audio" diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 9b04c8534b..ab403c21ac 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -303,6 +303,15 @@ #vxhs_tls_x509_cert_dir =3D "/etc/pki/libvirt-vxhs" +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#vxhs_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000" + # Enable use of TLS encryption for all NBD disk devices that don't # specifically disable it. @@ -337,6 +346,16 @@ #nbd_tls_x509_cert_dir =3D "/etc/pki/libvirt-nbd" +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#nbd_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000" + + # In order to override the default TLS certificate location for migration # certificates, supply a valid path to the certificate directory. If the # provided path does not exist, libvirtd will fail to start. If the path is diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index b9b90e853f..6e673e8f62 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -339,7 +339,10 @@ static void virQEMUDriverConfigDispose(void *obj) VIR_FREE(cfg->chardevTLSx509secretUUID); VIR_FREE(cfg->vxhsTLSx509certdir); + VIR_FREE(cfg->vxhsTLSx509secretUUID); + VIR_FREE(cfg->nbdTLSx509certdir); + VIR_FREE(cfg->nbdTLSx509secretUUID); VIR_FREE(cfg->migrateTLSx509certdir); VIR_FREE(cfg->migrateTLSx509secretUUID); @@ -477,12 +480,8 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverC= onfigPtr cfg, if (virConfGetValueBool(conf, "vxhs_tls", &cfg->vxhsTLS) < 0) return -1; - if (virConfGetValueString(conf, "vxhs_tls_x509_cert_dir", &cfg->vxhsTL= Sx509certdir) < 0) - return -1; if (virConfGetValueBool(conf, "nbd_tls", &cfg->nbdTLS) < 0) return -1; - if (virConfGetValueString(conf, "nbd_tls_x509_cert_dir", &cfg->nbdTLSx= 509certdir) < 0) - return -1; if (virConfGetValueBool(conf, "chardev_tls", &cfg->chardevTLS) < 0) return -1; @@ -512,6 +511,10 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverC= onfigPtr cfg, GET_CONFIG_TLS_CERTINFO_COMMON(migrate); GET_CONFIG_TLS_CERTINFO_SERVER(migrate); + GET_CONFIG_TLS_CERTINFO_COMMON(vxhs); + + GET_CONFIG_TLS_CERTINFO_COMMON(nbd); + #undef GET_CONFIG_TLS_CERTINFO_COMMON #undef GET_CONFIG_TLS_CERTINFO_SERVER return 0; @@ -1186,6 +1189,8 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr= cfg) SET_TLS_SECRET_UUID_DEFAULT(vnc); SET_TLS_SECRET_UUID_DEFAULT(chardev); SET_TLS_SECRET_UUID_DEFAULT(migrate); + SET_TLS_SECRET_UUID_DEFAULT(vxhs); + SET_TLS_SECRET_UUID_DEFAULT(nbd); #undef SET_TLS_SECRET_UUID_DEFAULT diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 4f54c136db..6193a7111c 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -146,9 +146,11 @@ struct _virQEMUDriverConfig { bool vxhsTLS; char *vxhsTLSx509certdir; + char *vxhsTLSx509secretUUID; bool nbdTLS; char *nbdTLSx509certdir; + char *nbdTLSx509secretUUID; unsigned int remotePortMin; unsigned int remotePortMax; diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index e533b9f551..db125bf352 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -28,8 +28,10 @@ module Test_libvirtd_qemu =3D { "chardev_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000= " } { "vxhs_tls" =3D "1" } { "vxhs_tls_x509_cert_dir" =3D "/etc/pki/libvirt-vxhs" } +{ "vxhs_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000" } { "nbd_tls" =3D "1" } { "nbd_tls_x509_cert_dir" =3D "/etc/pki/libvirt-nbd" } +{ "nbd_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000" } { "migrate_tls_x509_cert_dir" =3D "/etc/pki/libvirt-migrate" } { "migrate_tls_x509_verify" =3D "1" } { "migrate_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000= " } --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701109; cv=none; d=zohomail.com; s=zohoarc; b=lUp2hCfREcR8DxkYs1238YhYFT6oCgo2sQUoHHGgR+N7Bw5uD5KvFcf5p7tDitz/maSiG/nvw8f9acJ4kpQc/92c4v23l86gwU1MhEL74JrRfW6g9layouzVO7HyIGIu2aJazYm+yn/lN7C0JHxbp7lmi2+fJ+N4aLTiWDhTRaU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701109; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=P+bPdapMPn4P4Yczjw6WVu4WET3J4OacJve4EnxJeL0=; b=MjuGzwlBMYhp0Jjvk5JSnFuvyclg80egW6jnjTUveCDtYBMo+0DN+lkDg4zv/pGem0SFnJkMkoZML+MYqQ8DWQUSm/hKqDFCSzVnIQDqqatSujgEzr78++uZOEttvaL2GxMXA7ox8ZB+zsKak022AjMuV2Aieqqofnvr7nDDxE0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1593701109520347.6905181357264; Thu, 2 Jul 2020 07:45:09 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-322-dXG_w5zrNES-IWXjat2RhQ-1; Thu, 02 Jul 2020 10:45:04 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 04F8B1B2C980; Thu, 2 Jul 2020 14:44:59 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D85B02B4BC; Thu, 2 Jul 2020 14:44:58 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id AAC3C6C9CF; Thu, 2 Jul 2020 14:44:58 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EePEV011768 for ; Thu, 2 Jul 2020 10:40:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id 54BC31002397; Thu, 2 Jul 2020 14:40:25 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id C57BD10013D2 for ; Thu, 2 Jul 2020 14:40:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701107; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=P+bPdapMPn4P4Yczjw6WVu4WET3J4OacJve4EnxJeL0=; b=QcHyrIke81hYrdHCCu1FeGcvbrZGJj3oarvCCPvnJXkDSkma1VDyQPS3Ipgu8sMqGJmo6D 09xMxsZiSyD7s0K0/bi4zX/BsRTlfDKTnyUbN7DXJTVE+q3zQ/MbwSjwd1U3MqC0oJiWG+ H8Mv0wzHyd2Zu1mMO++xYZTutu2Llw8= X-MC-Unique: dXG_w5zrNES-IWXjat2RhQ-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 10/24] qemu: domain: Setup secret for TLS key for nbd/vxhs disks Date: Thu, 2 Jul 2020 16:39:56 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Setup the TLS secret when preparing a virStorageSource for use. https://bugzilla.redhat.com/show_bug.cgi?id=3D1602328 Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_domain.c | 44 +++++++++++++++++++++++++++++------------- 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 7f0be22f20..42cc78ac1b 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -9537,7 +9537,9 @@ qemuDomainPrepareChardevSource(virDomainDefPtr def, static int qemuProcessPrepareStorageSourceTLSVxhs(virStorageSourcePtr src, - virQEMUDriverConfigPtr cfg) + virQEMUDriverConfigPtr cfg, + qemuDomainObjPrivatePtr priv, + const char *parentAlias) { /* VxHS uses only client certificates and thus has no need for * the server-key.pem nor a secret that could be used to decrypt @@ -9550,9 +9552,19 @@ qemuProcessPrepareStorageSourceTLSVxhs(virStorageSou= rcePtr src, src->tlsFromConfig =3D true; } - if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) + if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) { + src->tlsAlias =3D qemuAliasTLSObjFromSrcAlias(parentAlias); src->tlsCertdir =3D g_strdup(cfg->vxhsTLSx509certdir); + if (cfg->vxhsTLSx509secretUUID) { + qemuDomainStorageSourcePrivatePtr srcpriv =3D qemuDomainStorag= eSourcePrivateFetch(src); + + if (!(srcpriv->tlsKeySecret =3D qemuDomainSecretInfoTLSNew(pri= v, src->tlsAlias, + cfg->= vxhsTLSx509secretUUID))) + return -1; + } + } + return 0; } @@ -9560,7 +9572,8 @@ qemuProcessPrepareStorageSourceTLSVxhs(virStorageSour= cePtr src, static int qemuProcessPrepareStorageSourceTLSNBD(virStorageSourcePtr src, virQEMUDriverConfigPtr cfg, - virQEMUCapsPtr qemuCaps) + qemuDomainObjPrivatePtr priv, + const char *parentAlias) { if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_ABSENT) { if (cfg->nbdTLS) @@ -9571,13 +9584,22 @@ qemuProcessPrepareStorageSourceTLSNBD(virStorageSou= rcePtr src, } if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) { - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NBD_TLS)) { + if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_NBD_TLS)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("this qemu does not support TLS transport for= NBD")); return -1; } + src->tlsAlias =3D qemuAliasTLSObjFromSrcAlias(parentAlias); src->tlsCertdir =3D g_strdup(cfg->nbdTLSx509certdir); + + if (cfg->nbdTLSx509secretUUID) { + qemuDomainStorageSourcePrivatePtr srcpriv =3D qemuDomainStorag= eSourcePrivateFetch(src); + + if (!(srcpriv->tlsKeySecret =3D qemuDomainSecretInfoTLSNew(pri= v, src->tlsAlias, + cfg->= nbdTLSx509secretUUID))) + return -1; + } } return 0; @@ -9599,19 +9621,19 @@ static int qemuDomainPrepareStorageSourceTLS(virStorageSourcePtr src, virQEMUDriverConfigPtr cfg, const char *parentAlias, - virQEMUCapsPtr qemuCaps) + qemuDomainObjPrivatePtr priv) { if (virStorageSourceGetActualType(src) !=3D VIR_STORAGE_TYPE_NETWORK) return 0; switch ((virStorageNetProtocol) src->protocol) { case VIR_STORAGE_NET_PROTOCOL_VXHS: - if (qemuProcessPrepareStorageSourceTLSVxhs(src, cfg) < 0) + if (qemuProcessPrepareStorageSourceTLSVxhs(src, cfg, priv, parentA= lias) < 0) return -1; break; case VIR_STORAGE_NET_PROTOCOL_NBD: - if (qemuProcessPrepareStorageSourceTLSNBD(src, cfg, qemuCaps) < 0) + if (qemuProcessPrepareStorageSourceTLSNBD(src, cfg, priv, parentAl= ias) < 0) return -1; break; @@ -9640,10 +9662,6 @@ qemuDomainPrepareStorageSourceTLS(virStorageSourcePt= r src, return -1; } - if (src->haveTLS =3D=3D VIR_TRISTATE_BOOL_YES && - !(src->tlsAlias =3D qemuAliasTLSObjFromSrcAlias(parentAlias))) - return -1; - return 0; } @@ -12128,7 +12146,7 @@ qemuDomainPrepareDiskSourceLegacy(virDomainDiskDefP= tr disk, return -1; if (qemuDomainPrepareStorageSourceTLS(disk->src, cfg, disk->info.alias, - priv->qemuCaps) < 0) + priv) < 0) return -1; return 0; @@ -12164,7 +12182,7 @@ qemuDomainPrepareStorageSourceBlockdev(virDomainDis= kDefPtr disk, return -1; if (qemuDomainPrepareStorageSourceTLS(src, cfg, src->nodestorage, - priv->qemuCaps) < 0) + priv) < 0) return -1; return 0; --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701115; cv=none; d=zohomail.com; s=zohoarc; b=DULZJbtF5A6N0szKlGOsBARC6tBcKfPUAfTQ2t/NAJ8bQKGYu4m+OGsfCZwqd9lZKKprHt5140B3zUuVkmwC+ICw7/o+pFYcB+cy8/Cxlz3yGUEwK+DboYLNwVu2DT8A98/eYJDNSNyWbGI8aEYD45LDmU34QeE0ux2MqS+070o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701115; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=VmWFfaSiFcFbWBCz1ZVqHBTa84TK7tvAw086Q+6X5zY=; b=iAO/NU4pTN7ATIUdqgH0aFPRLH4HVJNOhMrP6B/hlFDdUe7SiehZ5xVZVdTco/bWGNYRyajh10kKKMdswx90tgwq7GVSG5+bItBa6tpfOPBP5qdu1FwR4C3bbI6nvNPZUiQVv9r+1v3UJ95m9xBMcDHss70GVOSCd9kbmKPzZ9s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 159370111584490.11912379618059; Thu, 2 Jul 2020 07:45:15 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-266-uqHo-ZsoPdicv2dmWGljBA-1; Thu, 02 Jul 2020 10:45:11 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3F79B107ACF8; Thu, 2 Jul 2020 14:45:05 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1BBAD2B4DD; Thu, 2 Jul 2020 14:45:05 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DDB5C1806B0A; Thu, 2 Jul 2020 14:45:04 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeQlD011784 for ; Thu, 2 Jul 2020 10:40:26 -0400 Received: by smtp.corp.redhat.com (Postfix) id 454CE10002A2; Thu, 2 Jul 2020 14:40:26 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id AB4B510013D2 for ; Thu, 2 Jul 2020 14:40:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701114; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=VmWFfaSiFcFbWBCz1ZVqHBTa84TK7tvAw086Q+6X5zY=; b=YMjFLF4fXvu7cZ9/OUWfoRFxiKseSRuOZigvR3zP0GgCcwZS6uMIXy2xuxJwjPmOViL5Qx 8Aum31pNcVypJHy+9NzVwsQIyDntb/30wY0r7tI/DV7KQgFJZ555Ke3xj/rl2Ud/Eb1x0d DcyQX5+3D08cr/C0oXx7okYnhK/hfxU= X-MC-Unique: uqHo-ZsoPdicv2dmWGljBA-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 11/24] tests: qemuxml2argv: Test encrypted TLS key for nbd/vxhs disks Date: Thu, 2 Jul 2020 16:39:57 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Add a dummy secret so that we see what command line is generated. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- .../disk-network-tlsx509.x86_64-2.12.0.args | 15 ++++++++++++--- .../disk-network-tlsx509.x86_64-latest.args | 18 +++++++++++++++--- tests/qemuxml2argvtest.c | 2 ++ 3 files changed, 29 insertions(+), 6 deletions(-) diff --git a/tests/qemuxml2argvdata/disk-network-tlsx509.x86_64-2.12.0.args= b/tests/qemuxml2argvdata/disk-network-tlsx509.x86_64-2.12.0.args index 06686f801d..2a30ad02c9 100644 --- a/tests/qemuxml2argvdata/disk-network-tlsx509.x86_64-2.12.0.args +++ b/tests/qemuxml2argvdata/disk-network-tlsx509.x86_64-2.12.0.args @@ -28,8 +28,11 @@ file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ -no-acpi \ -boot strict=3Don \ -device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \ +-object secret,id=3Dobjvirtio-disk0_tls0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ -object tls-creds-x509,id=3Dobjvirtio-disk0_tls0,dir=3D/etc/pki/libvirt-vx= hs/dummy,\ -,path,endpoint=3Dclient,verify-peer=3Dyes \ +,path,endpoint=3Dclient,verify-peer=3Dyes,passwordid=3Dobjvirtio-disk0_tls= 0-secret0 \ -drive file.driver=3Dvxhs,file.tls-creds=3Dobjvirtio-disk0_tls0,\ file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc251,\ file.server.host=3D192.168.0.1,file.server.port=3D9999,format=3Draw,if=3Dn= one,\ @@ -37,8 +40,11 @@ id=3Ddrive-virtio-disk0,cache=3Dnone \ -device virtio-blk-pci,scsi=3Doff,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-vir= tio-disk0,\ id=3Dvirtio-disk0,bootindex=3D1,write-cache=3Don,\ serial=3Deb90327c-8302-4725-9e1b-4e85ed4dc251 \ +-object secret,id=3Dobjvirtio-disk1_tls0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ -object tls-creds-x509,id=3Dobjvirtio-disk1_tls0,dir=3D/etc/pki/libvirt-vx= hs/dummy,\ -,path,endpoint=3Dclient,verify-peer=3Dyes \ +,path,endpoint=3Dclient,verify-peer=3Dyes,passwordid=3Dobjvirtio-disk1_tls= 0-secret0 \ -drive file.driver=3Dvxhs,file.tls-creds=3Dobjvirtio-disk1_tls0,\ file.vdisk-id=3Deb90327c-8302-4725-9e1b-4e85ed4dc252,\ file.server.host=3D192.168.0.2,file.server.port=3D9999,format=3Draw,if=3Dn= one,\ @@ -50,8 +56,11 @@ file.server.host=3D192.168.0.3,file.server.port=3D9999,f= ormat=3Draw,if=3Dnone,\ id=3Ddrive-virtio-disk2,cache=3Dnone \ -device virtio-blk-pci,scsi=3Doff,bus=3Dpci.0,addr=3D0x6,drive=3Ddrive-vir= tio-disk2,\ id=3Dvirtio-disk2,write-cache=3Don,serial=3Deb90327c-8302-4725-9e1b-4e85ed= 4dc252 \ +-object secret,id=3Dobjvirtio-disk3_tls0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ -object tls-creds-x509,id=3Dobjvirtio-disk3_tls0,dir=3D/etc/pki/libvirt-nb= d/dummy,,\ -path,endpoint=3Dclient,verify-peer=3Dyes \ +path,endpoint=3Dclient,verify-peer=3Dyes,passwordid=3Dobjvirtio-disk3_tls0= -secret0 \ -drive file.driver=3Dnbd,file.server.type=3Dinet,file.server.host=3Dexampl= e.com,\ file.server.port=3D1234,file.tls-creds=3Dobjvirtio-disk3_tls0,format=3Draw= ,if=3Dnone,\ id=3Ddrive-virtio-disk3,cache=3Dnone \ diff --git a/tests/qemuxml2argvdata/disk-network-tlsx509.x86_64-latest.args= b/tests/qemuxml2argvdata/disk-network-tlsx509.x86_64-latest.args index 5195107b7b..ec4c28e161 100644 --- a/tests/qemuxml2argvdata/disk-network-tlsx509.x86_64-latest.args +++ b/tests/qemuxml2argvdata/disk-network-tlsx509.x86_64-latest.args @@ -28,8 +28,12 @@ file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ -no-acpi \ -boot strict=3Don \ -device piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 \ +-object secret,id=3Dobjlibvirt-4-storage_tls0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ -object tls-creds-x509,id=3Dobjlibvirt-4-storage_tls0,\ -dir=3D/etc/pki/libvirt-vxhs/dummy,,path,endpoint=3Dclient,verify-peer=3Dye= s \ +dir=3D/etc/pki/libvirt-vxhs/dummy,,path,endpoint=3Dclient,verify-peer=3Dye= s,\ +passwordid=3Dobjlibvirt-4-storage_tls0-secret0 \ -blockdev '{"driver":"vxhs","tls-creds":"objlibvirt-4-storage_tls0",\ "vdisk-id":"eb90327c-8302-4725-9e1b-4e85ed4dc251",\ "server":{"host":"192.168.0.1","port":"9999"},"node-name":"libvirt-4-stora= ge",\ @@ -41,8 +45,12 @@ dir=3D/etc/pki/libvirt-vxhs/dummy,,path,endpoint=3Dclien= t,verify-peer=3Dyes \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Dlibvirt-4-format,\ id=3Dvirtio-disk0,bootindex=3D1,write-cache=3Don,\ serial=3Deb90327c-8302-4725-9e1b-4e85ed4dc251 \ +-object secret,id=3Dobjlibvirt-3-storage_tls0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ -object tls-creds-x509,id=3Dobjlibvirt-3-storage_tls0,\ -dir=3D/etc/pki/libvirt-vxhs/dummy,,path,endpoint=3Dclient,verify-peer=3Dye= s \ +dir=3D/etc/pki/libvirt-vxhs/dummy,,path,endpoint=3Dclient,verify-peer=3Dye= s,\ +passwordid=3Dobjlibvirt-3-storage_tls0-secret0 \ -blockdev '{"driver":"vxhs","tls-creds":"objlibvirt-3-storage_tls0",\ "vdisk-id":"eb90327c-8302-4725-9e1b-4e85ed4dc252",\ "server":{"host":"192.168.0.2","port":"9999"},"node-name":"libvirt-3-stora= ge",\ @@ -62,8 +70,12 @@ id=3Dvirtio-disk1,write-cache=3Don,serial=3Deb90327c-830= 2-4725-9e1b-4e85ed4dc252 \ "file":"libvirt-2-storage"}' \ -device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Dlibvirt-2-format,\ id=3Dvirtio-disk2,write-cache=3Don,serial=3Deb90327c-8302-4725-9e1b-4e85ed= 4dc252 \ +-object secret,id=3Dobjlibvirt-1-storage_tls0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ -object tls-creds-x509,id=3Dobjlibvirt-1-storage_tls0,\ -dir=3D/etc/pki/libvirt-nbd/dummy,,path,endpoint=3Dclient,verify-peer=3Dyes= \ +dir=3D/etc/pki/libvirt-nbd/dummy,,path,endpoint=3Dclient,verify-peer=3Dyes= ,\ +passwordid=3Dobjlibvirt-1-storage_tls0-secret0 \ -blockdev '{"driver":"nbd","server":{"type":"inet","host":"example.com",\ "port":"1234"},"tls-creds":"objlibvirt-1-storage_tls0",\ "node-name":"libvirt-1-storage","cache":{"direct":true,"no-flush":false},\ diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 2e06140ea1..26333d8f40 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1192,6 +1192,8 @@ mymain(void) driver.config->vxhsTLS =3D 1; DO_TEST("disk-network-tlsx509", QEMU_CAPS_VXHS, QEMU_CAPS_OBJECT_TLS_CREDS_X509, QEMU_CAPS_NBD_TLS); + driver.config->nbdTLSx509secretUUID =3D g_strdup("6fd3f62d-9fe7-4a4e-a= 869-7acd6376d8ea"); + driver.config->vxhsTLSx509secretUUID =3D g_strdup("6fd3f62d-9fe7-4a4e-= a869-7acd6376d8ea"); DO_TEST_CAPS_VER("disk-network-tlsx509", "2.12.0"); DO_TEST_CAPS_LATEST("disk-network-tlsx509"); DO_TEST_CAPS_LATEST("disk-network-http"); --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701227; cv=none; d=zohomail.com; s=zohoarc; b=e08A+CF0YaxWwFOV+WuIMrRoH/D8T6MF0sZxYXnvdSceMngY1VzqLRZ36McigWeqcTACSy+Tqg3Hde5Cjb5Dr4NyYnfoiHQmYZGwwMCzXdC41Y68xymcXBpEj0swZ1DTGhjfKSWtjwSWLQAmoATeqResNVBmrQIW+QzxJMkIonM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701227; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=hT+GWu96RlAZcYTRZDBw5KeSOCXeMjTI5x8gZI5ARJ8=; b=CEPGniuPKognqAkUtFkS96ABY19pPFZ/755ZvXL6qxhjL2er8rTU3f88WPezXUePPEMDgbJGc8yVYQhTdlc+5fyJJzK6AH0Z884q3x4r5whbZPQ771bPj+cPKS0bZ1BOm0VwH44RXzy0LZJcPuzpli3yZ/tBn1i9udAqSRpaEPs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 15937012275187.421122505602284; Thu, 2 Jul 2020 07:47:07 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-471--OUSKHLSMPefGbrWA7mejQ-1; Thu, 02 Jul 2020 10:46:35 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 39B8380183C; Thu, 2 Jul 2020 14:46:27 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1A37873FF2; Thu, 2 Jul 2020 14:46:27 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DEC1C1800433; Thu, 2 Jul 2020 14:46:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeR2G011790 for ; Thu, 2 Jul 2020 10:40:27 -0400 Received: by smtp.corp.redhat.com (Postfix) id 352351002397; Thu, 2 Jul 2020 14:40:27 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id A572B10013D2 for ; Thu, 2 Jul 2020 14:40:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701226; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=hT+GWu96RlAZcYTRZDBw5KeSOCXeMjTI5x8gZI5ARJ8=; b=VYnAoM2ORzVynKJQpXBVhsxu4c6M8weCclUo+VlKbK+YNdWrYTloAPlxlm3ueT/T3ekY6h Ptmtmm6MNQafbFBwcnJQUGQSxzyAQnrqTIcOLxPl9MrC+CUIIp9aqfeC1YUpbWSqtumxUm RISZsJFrV/gK6DD4hTrizfEFRWvMBO8= X-MC-Unique: -OUSKHLSMPefGbrWA7mejQ-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 12/24] conf: backup: Don't explicitly forbid backup of read-only disk Date: Thu, 2 Jul 2020 16:39:58 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Users may want to use this to create a full backup or even incremental if the checkpoints are pre existing. We still will not allow to create a checkpoint on a read-only disk as that makes no sense. https://bugzilla.redhat.com/show_bug.cgi?id=3D1840053 Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/conf/backup_conf.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/conf/backup_conf.c b/src/conf/backup_conf.c index 92106d8aaa..e9eea5af75 100644 --- a/src/conf/backup_conf.c +++ b/src/conf/backup_conf.c @@ -411,13 +411,6 @@ virDomainBackupDefAssignStore(virDomainBackupDiskDefPt= r disk, _("disk '%s' has no media"), disk->name); return -1; } - } else if (src->readonly) { - if (disk->store) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("backup of readonly disk '%s' makes no sense"= ), - disk->name); - return -1; - } } else if (!disk->store) { if (virStorageSourceGetActualType(src) =3D=3D VIR_STORAGE_TYPE_FIL= E) { if (!(disk->store =3D virStorageSourceNew())) --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701201; cv=none; d=zohomail.com; s=zohoarc; b=b6esYhhXyEckbbMHluNWJvhDoIvfSNFVdmZZhC045Pv04nX7IySQGXL/S7ZEcc9VEpl/pTnQs+iHV8MMFypeGjaq/c271YZj9v5+fh20NVHdiXmVASV+9Yll9wx8472nEaRod4ETwHA4iZoTPKNHw2V7mqzzsANSTGBBU1P9tts= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701201; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=OIicMJN1lNQ0tFuXeouJ5ea86neB4F4wfbCPnKfK5Kk=; b=lSPsBcLGVMZFoyA1YEvjF4QPpalDNkwYmf+Q1gM735Nhlq8J6LDCdTLUQY4t3OTM/Jkoj+ptDBXCzcGBVgapdnKxTbDb5RTUsqHe9+DpyFwssjezdRCwnxGiiLw7GxmjcLpJm5W13zs4cJdvGyhjdFkKV0YZFDz0BY42rp5iw24= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 159370120112141.45366816524643; Thu, 2 Jul 2020 07:46:41 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-368-DA9zvBXDNfuCq_q0ydr5Xg-1; Thu, 02 Jul 2020 10:46:35 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 848E48014D7; Thu, 2 Jul 2020 14:46:29 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6362210190A7; Thu, 2 Jul 2020 14:46:29 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 34D236C9CE; Thu, 2 Jul 2020 14:46:29 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeSLB011799 for ; Thu, 2 Jul 2020 10:40:28 -0400 Received: by smtp.corp.redhat.com (Postfix) id 58DFD1002397; Thu, 2 Jul 2020 14:40:28 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9588410013D2 for ; Thu, 2 Jul 2020 14:40:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701199; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=OIicMJN1lNQ0tFuXeouJ5ea86neB4F4wfbCPnKfK5Kk=; b=aSsT+Gsz4McFtSHsDqpWi1go/yhluWpf5FTr9nYPXjv6NBciD4/CPuJZXBA6QSO9EQE+3A hz4gkRTiqi0Li7/tmi9656fNxYiwklhSL4QWzuXPWrLzf2PFBV+JwlC/99o1Olb0WGjjka ZW/DRsBshdDjNUjzLyrhKg9stge6+lU= X-MC-Unique: DA9zvBXDNfuCq_q0ydr5Xg-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 13/24] docs: backup: Convert XML documentation to RST Date: Thu, 2 Jul 2020 16:39:59 +0200 Message-Id: <2d37c1c7a5c521cc678d710099181dba6268a3f8.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Switch to the new format for easier extension. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- docs/formatbackup.html.in | 191 -------------------------------------- docs/formatbackup.rst | 149 +++++++++++++++++++++++++++++ 2 files changed, 149 insertions(+), 191 deletions(-) delete mode 100644 docs/formatbackup.html.in create mode 100644 docs/formatbackup.rst diff --git a/docs/formatbackup.html.in b/docs/formatbackup.html.in deleted file mode 100644 index 9e69d8f7d3..0000000000 --- a/docs/formatbackup.html.in +++ /dev/null @@ -1,191 +0,0 @@ - - - - -

Backup XML format

- -
    - -

    Backup XML

    - -

    - Creating a backup, whether full or incremental, is done - via virDomainBackupBegin(), which takes an XML - description of the actions to perform, as well as an optional - second XML document describing a - checkpoint to create at the same point in time. See - also a comparison betw= een - the various state capture APIs. -

    -

    - There are two general modes for backups: a push mode (where the - hypervisor writes out the data to the destination file, which - may be local or remote), and a pull mode (where the hypervisor - creates an NBD server that a third-party client can then read as - needed, and which requires the use of temporary storage, - typically local, until the backup is complete). -

    -

    - The instructions for beginning a backup job are provided as - attributes and elements of the - top-level domainbackup element. This element - includes an optional attribute mode which can be - either "push" or "pull" (default - push). virDomainBackupGetXMLDesc() can be used to - see the actual values selected for elements omitted during - creation (for example, learning which port the NBD server is - using in the pull model or what file names libvirt generated - when none were supplied). The following child elements and attributes - are supported: -

    -
    -
    incremental
    -
    An optional element giving the name of an existing - checkpoint of the domain, which will be used to make this - backup an incremental one. In the push model, only changes - since the named checkpoint are written to the destination. In - the pull model, the NBD server uses the - NBD_OPT_SET_META_CONTEXT extension to advertise to the client - which portions of the export contain changes since the named - checkpoint. If omitted, a full backup is performed. -
    -
    server
    -
    Present only for a pull mode backup. Contains the same - attributes as - the protocol - element of a disk attached via NBD in the domain (such as - transport, socket, name, port, or tls), necessary to set up an - NBD server that exposes the content of each disk at the time - the backup is started. -
    -
    disks
    -
    An optional listing of instructions for disks participating - in the backup (if omitted, all disks participate and libvirt - attempts to generate filenames by appending the current - timestamp as a suffix). If the entire element was omitted on - input, then all disks participate in the backup, otherwise, - only the disks explicitly listed which do not also - use backup=3D'no' will participate. On output, this - is the state of each of the domain's disk in relation to the - backup operation. -
    -
    disk
    -
    This sub-element describes the backup properties of a - specific disk, with the following attributes and child - elements: -
    -
    name
    -
    A mandatory attribute which must match - the <target dev=3D'name'/> - of one of - the disk - devices specified for the domain at the time of - the checkpoint.
    -
    backup
    -
    Setting this attribute to yes(default) spec= ifies - that the disk should take part in the backup and using - no excludes the disk from the backup.
    -
    exportname
    -
    Allows modification of the NBD export name for the given= disk. - By default equal to disk target. - Valid only for pull mode backups.
    -
    exportbitmap
    -
    Allows modification of the name of the bitmap describing= dirty - blocks for an incremental backup exported via NBD export n= ame - for the given disk. - Valid only for pull mode backups.
    -
    type
    -
    A mandatory attribute to describe the type of the - disk, except when backup=3D'no' is - used. Valid values include file, or - block. - Similar to a disk declaration for a domain, the choice of = type - controls what additional sub-elements are needed to descri= be - the destination.
    -
    target
    -
    Valid only for push mode backups, this is the - primary sub-element that describes the file name of - the backup destination, similar to - the source sub-element of a domain - disk. An optional sub-element driver can - also be used, with an attribute type to - specify a destination format different from - qcow2. See documentation for scratch below for - additional configuration.
    -
    scratch
    -
    Valid only for pull mode backups, this is the - primary sub-element that describes the file name of - the local scratch file to be used in facilitating the - backup, and is similar to the source - sub-element of a domain disk. Currently only file - and block scratch storage is supported. The - file scratch file is created and deleted by - libvirt in the given location. A block scratch - device must exist prior to starting the backup and is form= atted. - The block device must have enough space for the correspond= ing - disk data including format overhead. - - If VIR_DOMAIN_BACKUP_BEGIN_REUSE_EXTERNAL fla= g is - used the file for a scratch of file type must - exist with the correct format and size to hold the copy an= d is - used without modification. The file is not deleted after t= he - backup but the contents of the file don't make sense outsi= de - of the backup. The same applies for the block device which - must be formatted appropriately. - - Similarly to the domain - disk - definition scratch and target can - contain seclabel and/or encryption - subelements to configure the corresponding properties. -
    -
    -
    -
    -
    -
    - -

    Examples

    - -

    Use virDomainBackupBegin() to perform a full - backup using push mode. The example lets libvirt pick the - destination and format for 'vda', fully specifies that we want a - raw backup of 'vdb', and omits 'vdc' from the operation. -

    - 
    -<domainbackup>
-  <disks>
-    <disk name=3D'vda' backup=3D'yes'/>
-    <disk name=3D'vdb' type=3D'file'>
-      <target file=3D'/path/to/vdb.backup'/>
-      <driver type=3D'raw'/>
-    </disk>
-    <disk name=3D'vdc' backup=3D'no'/>
-  </disks>
-</domainbackup>
-
    - -

    If the previous full backup also passed a parameter describing - checkpoint XML that resulted - in a checkpoint named 1525889631, we can make - another call to virDomainBackupBegin() to perform - an incremental backup of just the data changed since that - checkpoint, this time using the following XML to start a pull - model export of the 'vda' and 'vdb' disks, where a third-party - NBD client connecting to '/path/to/server' completes the backup - (omitting 'vdc' from the explicit list has the same effect as - the backup=3D'no' from the previous example): -

    - 
    -<domainbackup mode=3D"pull">
-  <incremental>1525889631</incremental>
-  <server transport=3D"unix" socket=3D"/path/to/server"/>
-  <disks>
-    <disk name=3D'vda' backup=3D'yes' type=3D'file'>
-      <scratch file=3D'/path/to/file1.scratch'/>
-    </disk>
-  </disks>
-</domainbackup>
-
    - - diff --git a/docs/formatbackup.rst b/docs/formatbackup.rst new file mode 100644 index 0000000000..66583f562b --- /dev/null +++ b/docs/formatbackup.rst @@ -0,0 +1,149 @@ +Backup XML format +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +.. contents:: + +Backup XML +---------- + +Creating a backup, whether full or incremental, is done via +``virDomainBackupBegin()``, which takes an XML description of the actions = to +perform, as well as an optional second XML document `describing a +checkpoint `__ to create at the same point in time.= See +also `a comparison `__ between the various = state +capture APIs. + +There are two general modes for backups: a push mode (where the hypervisor +writes out the data to the destination file, which may be local or remote)= , and +a pull mode (where the hypervisor creates an NBD server that a third-party +client can then read as needed, and which requires the use of temporary st= orage, +typically local, until the backup is complete). + +The instructions for beginning a backup job are provided as attributes and +elements of the top-level ``domainbackup`` element. This element includes = an +optional attribute ``mode`` which can be either "push" or "pull" (default = push). +``virDomainBackupGetXMLDesc()`` can be used to see the actual values selec= ted +for elements omitted during creation (for example, learning which port the= NBD +server is using in the pull model or what file names libvirt generated whe= n none +were supplied). The following child elements and attributes are supported: + +``incremental`` + An optional element giving the name of an existing checkpoint of the do= main, + which will be used to make this backup an incremental one. In the push = model, + only changes since the named checkpoint are written to the destination.= In + the pull model, the NBD server uses the NBD_OPT_SET_META_CONTEXT extens= ion to + advertise to the client which portions of the export contain changes si= nce + the named checkpoint. If omitted, a full backup is performed. + +``server`` + Present only for a pull mode backup. Contains the same attributes as the + ```protocol`` element of a disk `__ at= tached + via NBD in the domain (such as transport, socket, name, port, or tls), + necessary to set up an NBD server that exposes the content of each disk= at + the time the backup is started. + +``disks`` + An optional listing of instructions for disks participating in the back= up (if + omitted, all disks participate and libvirt attempts to generate filenam= es by + appending the current timestamp as a suffix). If the entire element was + omitted on input, then all disks participate in the backup, otherwise, = only + the disks explicitly listed which do not also use ``backup=3D'no'`` will + participate. On output, this is the state of each of the domain's disk = in + relation to the backup operation. + + ``disk`` + This sub-element describes the backup properties of a specific disk,= with + the following attributes and child elements: + + ``name`` + A mandatory attribute which must match the ```` of + one of the `disk devices `__ spe= cified + for the domain at the time of the checkpoint. + + ``backup`` + Setting this attribute to ``yes``\ (default) specifies that the d= isk + should take part in the backup and using ``no`` excludes the disk= from + the backup. + + ``exportname`` + Allows modification of the NBD export name for the given disk. By + default equal to disk target. Valid only for pull mode backups. + + ``exportbitmap`` + Allows modification of the name of the bitmap describing dirty bl= ocks + for an incremental backup exported via NBD export name for the gi= ven + disk. Valid only for pull mode backups. + + ``type`` + A mandatory attribute to describe the type of the disk, except wh= en + ``backup=3D'no'`` is used. Valid values include ``file``, or ``bl= ock``. + Similar to a disk declaration for a domain, the choice of type co= ntrols + what additional sub-elements are needed to describe the destinati= on. + + ``target`` + Valid only for push mode backups, this is the primary sub-element= that + describes the file name of the backup destination, similar to the + ``source`` sub-element of a domain disk. An optional sub-element + ``driver`` can also be used, with an attribute ``type`` to specif= y a + destination format different from qcow2. See documentation for + ``scratch`` below for additional configuration. + + ``scratch`` + Valid only for pull mode backups, this is the primary sub-element= that + describes the file name of the local scratch file to be used in + facilitating the backup, and is similar to the ``source`` sub-ele= ment + of a domain disk. Currently only ``file`` and ``block`` scratch s= torage + is supported. The ``file`` scratch file is created and deleted by + libvirt in the given location. A ``block`` scratch device must ex= ist + prior to starting the backup and is formatted. The block device m= ust + have enough space for the corresponding disk data including format + overhead. If ``VIR_DOMAIN_BACKUP_BEGIN_REUSE_EXTERNAL`` flag is u= sed + the file for a scratch of ``file`` type must exist with the corre= ct + format and size to hold the copy and is used without modification= . The + file is not deleted after the backup but the contents of the file= don't + make sense outside of the backup. The same applies for the block = device + which must be formatted appropriately. Similarly to the domain + ```disk`` `__ definition ``scrat= ch`` + and ``target`` can contain ``seclabel`` and/or ``encryption`` + subelements to configure the corresponding properties. + +Examples +-------- + +Use ``virDomainBackupBegin()`` to perform a full backup using push mode. T= he +example lets libvirt pick the destination and format for 'vda', fully spec= ifies +that we want a raw backup of 'vdb', and omits 'vdc' from the operation. + +:: + + + + + + + + + + + + +If the previous full backup also passed a parameter describing `checkpoint +XML `__ that resulted in a checkpoint named +``1525889631``, we can make another call to ``virDomainBackupBegin()`` to +perform an incremental backup of just the data changed since that checkpoi= nt, +this time using the following XML to start a pull model export of the 'vda= ' and +'vdb' disks, where a third-party NBD client connecting to '/path/to/server' +completes the backup (omitting 'vdc' from the explicit list has the same e= ffect +as the backup=3D'no' from the previous example): + +:: + + + 1525889631 + + + + + + + --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701292; cv=none; d=zohomail.com; s=zohoarc; b=LHI4yq5Y/GucTL+XpKkMuAKyA9oT4yTqJa0V5fHRDhK4M2ZFhIZ6Y6zCDWVaiZ6JXQKFsjus16Db0j/B30jdi6Pr729SgNXiY5WsJD0vimJNPFEGUu4nVC9Cw9o4ab/MuEts7xKAYfOWYVZZmQQqCciasziIASSmrm+j/m2+OZc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701292; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=VQwy9IR92r9jf2BcCVDJRmQmBe3VNpBCPQUFARS5vlk=; b=IEQVxDpvOJdrSArwD4OkTVQ2UNjrNGVTz6xQoWVqYUoZlYjrYohtG6ZkjfZ+SR4j/lNsDH/zPtyYuz1JoxqCN8juWeb3iDpaLT1w0+1hliUUOGATJcE8qHrQ87JHsZlS09toEy2/BRt6HZyRfuPbokZDIRd0Q0p3gnQFohcoqUs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1593701292873625.274576965825; Thu, 2 Jul 2020 07:48:12 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-253-GTtsiw5FN9e-sok6wczN6Q-1; Thu, 02 Jul 2020 10:46:37 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B2A6B87950D; Thu, 2 Jul 2020 14:46:31 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 95F225C28E; Thu, 2 Jul 2020 14:46:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 674106C9D1; Thu, 2 Jul 2020 14:46:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeTx4011816 for ; Thu, 2 Jul 2020 10:40:29 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4775B1002397; Thu, 2 Jul 2020 14:40:29 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id AF58E10013D2 for ; Thu, 2 Jul 2020 14:40:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701291; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=VQwy9IR92r9jf2BcCVDJRmQmBe3VNpBCPQUFARS5vlk=; b=elU5vVSVPFNyK5QpmCvUQQayHRiyrdEce0GVPp8lX/OkyKPu9oN+0Pz90UnfGY2+HeNscK iSoYzt9abLgD+AeDvJoRgWOl+PBbRO1h2pQADh/2PgobLnpQPcPYp0GGhnfzVCNSNQw7JC Wq43wahCcKlvENloTDI/BezfTHSnkV0= X-MC-Unique: GTtsiw5FN9e-sok6wczN6Q-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 14/24] backup: Allow configuring incremental backup per-disk individually Date: Thu, 2 Jul 2020 16:40:00 +0200 Message-Id: <29e0b0282e8353055f7233bad4c6fa20bec1a1be.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The semantics of the backup operation don't strictly require that all disks being backed up are part of the same incremental part (when a disk was checkpointed/backed up separately or in a different VM), or even they may not have an previous checkpoint at all (e.g. when the disk was freshly hotplugged to the vm). In such cases we can still create a common checkpoint for all of them and backup differences according to configuration. This patch adds a per-disk configuration of the checkpoint to do the incremental backup from via the 'incremental' attribute and allows perform full backups via the 'backupmode' attribute. Note that no changes to the qemu driver are necessary to take advantage of this as we already obey the per-disk 'incremental' field. https://bugzilla.redhat.com/show_bug.cgi?id=3D1829829 Signed-off-by: Peter Krempa --- docs/formatbackup.rst | 11 ++++ docs/schemas/domainbackup.rng | 16 ++++++ src/conf/backup_conf.c | 57 +++++++++++++++++++- src/conf/backup_conf.h | 11 ++++ tests/domainbackupxml2xmlin/backup-pull.xml | 12 +++++ tests/domainbackupxml2xmlout/backup-pull.xml | 12 +++++ 6 files changed, 118 insertions(+), 1 deletion(-) diff --git a/docs/formatbackup.rst b/docs/formatbackup.rst index 66583f562b..e5b6fc6eb0 100644 --- a/docs/formatbackup.rst +++ b/docs/formatbackup.rst @@ -65,6 +65,17 @@ were supplied). The following child elements and attribu= tes are supported: should take part in the backup and using ``no`` excludes the disk= from the backup. + ``backupmode`` + This attribute overrides the implied backup mode inherited from t= he + definition of the backup itself. Value ``full`` forces a full bac= kup + even if the backup calls for an incremental backup and ``incremen= tal`` + coupled with the attribute ``incremental=3D'CHECKPOINTNAME`` for = the disk + forces an incremental backup from ``CHECKPOINTNAME``. + + ``incremental`` + An optional attribute giving the name of an existing checkpoint o= f the + domain which overrides the one set by the ```` eleme= nt. + ``exportname`` Allows modification of the NBD export name for the given disk. By default equal to disk target. Valid only for pull mode backups. diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng index 5165175152..650f5cd4c3 100644 --- a/docs/schemas/domainbackup.rng +++ b/docs/schemas/domainbackup.rng @@ -89,6 +89,20 @@ + + + + + full + incremental + + + + + + + + @@ -127,6 +141,7 @@ + @@ -196,6 +211,7 @@ + diff --git a/src/conf/backup_conf.c b/src/conf/backup_conf.c index e9eea5af75..4f28073ab2 100644 --- a/src/conf/backup_conf.c +++ b/src/conf/backup_conf.c @@ -56,6 +56,13 @@ VIR_ENUM_IMPL(virDomainBackupDiskState, "cancelling", "cancelled"); +VIR_ENUM_DECL(virDomainBackupDiskBackupMode); +VIR_ENUM_IMPL(virDomainBackupDiskBackupMode, + VIR_DOMAIN_BACKUP_DISK_BACKUP_MODE_LAST, + "", + "full", + "incremental"); + void virDomainBackupDefFree(virDomainBackupDefPtr def) { @@ -96,6 +103,7 @@ virDomainBackupDiskDefParseXML(xmlNodePtr node, g_autofree char *driver =3D NULL; g_autofree char *backup =3D NULL; g_autofree char *state =3D NULL; + g_autofree char *backupmode =3D NULL; int tmp; xmlNodePtr srcNode; unsigned int storageSourceParseFlags =3D 0; @@ -133,6 +141,19 @@ virDomainBackupDiskDefParseXML(xmlNodePtr node, def->exportbitmap =3D virXMLPropString(node, "exportbitmap"); } + if ((backupmode =3D virXMLPropString(node, "backupmode"))) { + if ((tmp =3D virDomainBackupDiskBackupModeTypeFromString(backupmod= e)) < 0) { + virReportError(VIR_ERR_XML_ERROR, + _("invalid backupmode '%s' of disk '%s'"), + backupmode, def->name); + return -1; + } + + def->backupmode =3D tmp; + } + + def->incremental =3D virXMLPropString(node, "incremental"); + if (internal) { if (!(state =3D virXMLPropString(node, "state")) || (tmp =3D virDomainBackupDiskStateTypeFromString(state)) < 0) { @@ -342,6 +363,13 @@ virDomainBackupDiskDefFormat(virBufferPtr buf, if (disk->backup =3D=3D VIR_TRISTATE_BOOL_YES) { virBufferAsprintf(&attrBuf, " type=3D'%s'", virStorageTypeToString= (disk->store->type)); + if (disk->backupmode !=3D VIR_DOMAIN_BACKUP_DISK_BACKUP_MODE_DEFAU= LT) { + virBufferAsprintf(&attrBuf, " backupmode=3D'%s'", + virDomainBackupDiskBackupModeTypeToString(di= sk->backupmode)); + } + + virBufferEscapeString(&attrBuf, " incremental=3D'%s'", disk->incre= mental); + virBufferEscapeString(&attrBuf, " exportname=3D'%s'", disk->export= name); virBufferEscapeString(&attrBuf, " exportbitmap=3D'%s'", disk->expo= rtbitmap); @@ -465,6 +493,24 @@ virDomainBackupAlignDisks(virDomainBackupDefPtr def, return -1; } + if (backupdisk->backupmode =3D=3D VIR_DOMAIN_BACKUP_DISK_BACKUP_MO= DE_FULL && + backupdisk->incremental) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("'full' backup mode incompatible with 'increm= ental' for disk '%s'"), + backupdisk->name); + return -1; + } + + if (backupdisk->backupmode =3D=3D VIR_DOMAIN_BACKUP_DISK_BACKUP_MO= DE_INCREMENTAL && + !backupdisk->incremental && + !def->incremental) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("'incremental' backup mode of disk '%s' requi= res setting 'incremental' field for disk or backup"), + backupdisk->name); + return -1; + } + + if (backupdisk->backup =3D=3D VIR_TRISTATE_BOOL_YES && virDomainBackupDefAssignStore(backupdisk, domdisk->src, suffix= ) < 0) return -1; @@ -502,7 +548,16 @@ virDomainBackupAlignDisks(virDomainBackupDefPtr def, for (i =3D 0; i < def->ndisks; i++) { virDomainBackupDiskDefPtr backupdisk =3D &def->disks[i]; - if (def->incremental && !backupdisk->incremental) + if (backupdisk->backupmode =3D=3D VIR_DOMAIN_BACKUP_DISK_BACKUP_MO= DE_DEFAULT) { + if (def->incremental || backupdisk->incremental) { + backupdisk->backupmode =3D VIR_DOMAIN_BACKUP_DISK_BACKUP_M= ODE_INCREMENTAL; + } else { + backupdisk->backupmode =3D VIR_DOMAIN_BACKUP_DISK_BACKUP_M= ODE_FULL; + } + } + + if (!backupdisk->incremental && + backupdisk->backupmode =3D=3D VIR_DOMAIN_BACKUP_DISK_BACKUP_MO= DE_INCREMENTAL) backupdisk->incremental =3D g_strdup(def->incremental); } diff --git a/src/conf/backup_conf.h b/src/conf/backup_conf.h index 172eb1cf1c..3f8b592b8d 100644 --- a/src/conf/backup_conf.h +++ b/src/conf/backup_conf.h @@ -45,12 +45,23 @@ typedef enum { VIR_DOMAIN_BACKUP_DISK_STATE_LAST } virDomainBackupDiskState; + +typedef enum { + VIR_DOMAIN_BACKUP_DISK_BACKUP_MODE_DEFAULT =3D 0, + VIR_DOMAIN_BACKUP_DISK_BACKUP_MODE_FULL, + VIR_DOMAIN_BACKUP_DISK_BACKUP_MODE_INCREMENTAL, + + VIR_DOMAIN_BACKUP_DISK_BACKUP_MODE_LAST +} virDomainBackupDiskBackupMode; + + /* Stores disk-backup information */ typedef struct _virDomainBackupDiskDef virDomainBackupDiskDef; typedef virDomainBackupDiskDef *virDomainBackupDiskDefPtr; struct _virDomainBackupDiskDef { char *name; /* name matching the + + + + + + + + + + + + diff --git a/tests/domainbackupxml2xmlout/backup-pull.xml b/tests/domainbac= kupxml2xmlout/backup-pull.xml index 24fce9c0e7..d2f84cda7a 100644 --- a/tests/domainbackupxml2xmlout/backup-pull.xml +++ b/tests/domainbackupxml2xmlout/backup-pull.xml @@ -6,5 +6,17 @@ + + + + + + + + + + + + --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701117; cv=none; d=zohomail.com; s=zohoarc; b=lWgq1LmQInoXaCe2BppzOShaPyyCMlBusxH/xtOSoT49Ut71BiqlpkYE7rnpU2JZAlvuc/DVxzYje6TFGnDgtfO5p25l0tOGQhqOYn2qkGsmROGXmdeF+tNePCAnIKj99F9x22dvVoV03/Ua6L7VJIeNbv9K6AzIWXHa+ylOr8g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701117; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=lGsnNH9hpX16fs3UdIMR6DDopOarx+jcIA+pEwdZFUw=; b=GbA9DYmlqLxpqB0asYJQMjr9m+ysR4xAKTprpyIRENUMTdG5dY4DyU+8APoIrGWJ4uX1ySip7t50quPXvWZoi9Kv3oIZl6VekJ75KIDdloMs3+6VecdpIuF1Ai0DO4WNOBUIw2NDZqjarRpDigNdVXfj910v8BOoel3SiFGJ5lk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1593701117278176.18579254475378; Thu, 2 Jul 2020 07:45:17 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-15-xSiIJE31MGKK7Shny5tWuA-1; Thu, 02 Jul 2020 10:45:13 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id ADDCF100A622; Thu, 2 Jul 2020 14:45:07 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8E1FB76120; Thu, 2 Jul 2020 14:45:07 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5F5506C9D8; Thu, 2 Jul 2020 14:45:07 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeUSw011823 for ; Thu, 2 Jul 2020 10:40:30 -0400 Received: by smtp.corp.redhat.com (Postfix) id 38CC81002397; Thu, 2 Jul 2020 14:40:30 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9D93310013D2 for ; Thu, 2 Jul 2020 14:40:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701116; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=lGsnNH9hpX16fs3UdIMR6DDopOarx+jcIA+pEwdZFUw=; b=QBWeRS5TeE6blzC7I/NXCGlHeyYR9AFSsO/DOT91VleqlF6MgfUTEyibplx5hxnH7aZ2Y/ 8F34rimnSUWS3WuNO7mnJ17ISwwpIUoEPLLTNUYXMadaVGulvQLgfoGWzPdUVVzfLJ9xrE oCstyB+2TiUfeExvFMB2rN/Kzrrib00= X-MC-Unique: xSiIJE31MGKK7Shny5tWuA-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 15/24] qemu: backup: integrate with blockpull Date: Thu, 2 Jul 2020 16:40:01 +0200 Message-Id: <36af06504c11db46b9e55f1072b99dd5388228d6.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Merge the bitmaps when finalizing a block pull job so that backups work properly afterwards. https://bugzilla.redhat.com/show_bug.cgi?id=3D1799010 Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_blockjob.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c index 7e4530f48b..435c945b78 100644 --- a/src/qemu/qemu_blockjob.c +++ b/src/qemu/qemu_blockjob.c @@ -936,6 +936,41 @@ qemuBlockJobClearConfigChain(virDomainObjPtr vm, } +static int +qemuBlockJobProcessEventCompletedPullBitmaps(virDomainObjPtr vm, + qemuBlockJobDataPtr job, + qemuDomainAsyncJob asyncJob) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + g_autoptr(virHashTable) blockNamedNodeData =3D NULL; + g_autoptr(virJSONValue) actions =3D NULL; + + if (!(blockNamedNodeData =3D qemuBlockGetNamedNodeData(vm, asyncJob))) + return -1; + + if (qemuBlockGetBitmapMergeActions(job->disk->src, + job->data.pull.base, + job->disk->src, + NULL, NULL, NULL, + &actions, + blockNamedNodeData) < 0) + return -1; + + if (!actions) + return 0; + + if (qemuDomainObjEnterMonitorAsync(priv->driver, vm, asyncJob) < 0) + return -1; + + qemuMonitorTransaction(priv->mon, &actions); + + if (qemuDomainObjExitMonitor(priv->driver, vm) < 0) + return -1; + + return 0; +} + + /** * qemuBlockJobProcessEventCompletedPull: * @driver: qemu driver object @@ -976,6 +1011,8 @@ qemuBlockJobProcessEventCompletedPull(virQEMUDriverPtr= driver, if (!cfgdisk) qemuBlockJobClearConfigChain(vm, job->disk); + qemuBlockJobProcessEventCompletedPullBitmaps(vm, job, asyncJob); + /* when pulling if 'base' is right below the top image we don't have t= o modify it */ if (job->disk->src->backingStore =3D=3D job->data.pull.base) return; --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701206; cv=none; d=zohomail.com; s=zohoarc; b=YLUPd6tFjzIuRtq0eJT1x4VDqFEqz0qhFKEmIeCar40Beg+0QXFnJbqNYLe+us9q4ReDt/dVba0RSIigE5bTcYc/Hi8BcjnM/lvHrG/5S/QFYFDMayRSTKtanZaOBe1MO8Mmm9kgBXZYqoA3EwYiuj+QH6ubT2GltrS2NtGUHKI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701206; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Z6Z3aUwPRePpRZkhLLvmEgfFs6BZcQMjo1nm+nXR3QI=; b=EYdnsNJKrP5DBVmQXbYBGTAAlK1NaVP1plZ2xhNaos0ycn9XupConb6atgKpvaFplelg0XteexU+cwE57DU/i5A9H6jmeVcx1sQqzF7SAaGq8FAJvbamW0HHzVrvoFwzTN0T0trPAFY7dVacw7sl33LNqI0N9vazcW+/lZcYVJo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1593701206134350.23107780474913; Thu, 2 Jul 2020 07:46:46 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-272-N7pa_OcMMC2U-FqlJMDIAw-1; Thu, 02 Jul 2020 10:46:42 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 807F0EC1A1; Thu, 2 Jul 2020 14:46:34 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 613922B4BE; Thu, 2 Jul 2020 14:46:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3307A6C9D1; Thu, 2 Jul 2020 14:46:34 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeYA1011846 for ; Thu, 2 Jul 2020 10:40:34 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0E1481002397; Thu, 2 Jul 2020 14:40:34 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7034710013D2 for ; Thu, 2 Jul 2020 14:40:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701204; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=Z6Z3aUwPRePpRZkhLLvmEgfFs6BZcQMjo1nm+nXR3QI=; b=ZBQRcCQ6hcSeG+NDH0/7wdkaHXlpVA66HI6xWb6hx/iDd50eaqLcjmoy1DRlIPP0Gbv9mb 57rvNlbBOvywVumjG3T7oXWAiTYZKs3DIkSZVZlI/bSXy9TqR7l7huUE043hpYSAezUP4T EAN8oLE2tw1C1WZzzuBbOnCA+7kM1Ss= X-MC-Unique: N7pa_OcMMC2U-FqlJMDIAw-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 16/24] docs: checkpoint: Convert XML documentation to RST Date: Thu, 2 Jul 2020 16:40:02 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Switch to the new format for easier extension. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- docs/formatcheckpoint.html.in | 198 ---------------------------------- docs/formatcheckpoint.rst | 162 ++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+), 198 deletions(-) delete mode 100644 docs/formatcheckpoint.html.in create mode 100644 docs/formatcheckpoint.rst diff --git a/docs/formatcheckpoint.html.in b/docs/formatcheckpoint.html.in deleted file mode 100644 index ee56194523..0000000000 --- a/docs/formatcheckpoint.html.in +++ /dev/null @@ -1,198 +0,0 @@ - - - - -

    Checkpoint XML format

    - -
      - -

      Checkpoint XML

      - -

      - One method of capturing domain disk backups is via the use of - incremental backups. Right now, incremental backups are only - supported for the QEMU hypervisor when using qcow2 disks at the - active layer; if other disk formats are in use, capturing disk - backups requires different libvirt APIs - (see domain state - capture for a comparison between APIs). -

      -

      - Libvirt is able to facilitate incremental backups by tracking - disk checkpoints, which are points in time against which it is - easy to compute which portion of the disk has changed. Given a - full backup (a backup created from the creation of the disk to a - given point in time), coupled with the creation of a disk - checkpoint at that time, and an incremental backup (a backup - created from just the dirty portion of the disk between the - first checkpoint and the second backup operation), it is - possible to do an offline reconstruction of the state of the - disk at the time of the second backup without having to copy as - much data as a second full backup would require. Most disk - checkpoints are created in conjunction with a backup - via virDomainBackupBegin(), although a future API - addition of virDomainSnapshotCreateXML2() will also - make this possible when creating external snapshots; however, - libvirt also exposes enough support to create disk checkpoints - independently from a backup operation - via virDomainCheckpointCreateXML() since - 5.6.0. Likewise, the creation of checkpoints when - external snapshots exist is currently forbidden, although future - work will make it possible to integrate these two concepts. -

      -

      - Attributes of libvirt checkpoints are stored as child elements - of the domaincheckpoint element. At checkpoint - creation time, normally only - the name, description, - and disks elements are settable. The rest of the - fields are ignored on creation and will be filled in by libvirt - in for informational purposes - by virDomainCheckpointGetXMLDesc(). However, when - redefining a checkpoint, with - the VIR_DOMAIN_CHECKPOINT_CREATE_REDEFINE flag - of virDomainCheckpointCreateXML(), all of the XML - fields described here are relevant on input, even the fields - that are normally described as readonly for output. -

      -

      - The top-level domaincheckpoint element may contain - the following elements: -

      -
      -
      name
      -
      The optional name for this checkpoint. If the name is - omitted, libvirt will create a name based on the time of the - creation. -
      -
      description
      -
      An optional human-readable description of the checkpoint. - If the description is omitted when initially creating the - checkpoint, then this field will be empty. -
      -
      disks
      -
      On input, this is an optional listing of specific - instructions for disk checkpoints; it is needed when making a - checkpoint on only a subset of the disks associated with a - domain. In particular, since QEMU checkpoints require qcow2 - disks, this element may be needed on input for excluding guest - disks that are not in qcow2 format. If the entire element was - omitted on input, then all disks participate in the - checkpoint, otherwise, only the disks explicitly listed which - do not also use checkpoint=3D'no' will - participate. On output, this is the checkpoint state of each - of the domain's disks. -
      -
      disk
      -
      This sub-element describes the checkpoint properties of - a specific disk with the following attributes: -
      -
      name
      -
      A mandatory attribute which must match either - the <target dev=3D'name'/> or an - unambiguous <source file=3D'name'/> - of one of - the disk - devices specified for the domain at the time of - the checkpoint.
      -
      checkpoint
      -
      An optional attribute; possible values - are no when the disk does not participate - in this checkpoint; or bitmap if the disk - will track all changes since the creation of this - checkpoint via a bitmap.
      -
      bitmap
      -
      The attribute bitmap is only valid - if checkpoint=3D'bitmap'; it describes the - name of the tracking bitmap (defaulting to the - checkpoint name).
      -
      size
      -
      The attribute size is ignored on input; - on output, it is only present if - the VIR_DOMAIN_CHECKPOINT_XML_SIZE flag - was used to perform a dynamic query of the estimated - size in bytes of the changes made since the checkpoint - was created.
      -
      -
      -
      -
      -
      creationTime
      -
      A readonly representation of the time this checkpoint was - created. The time is specified in seconds since the Epoch, - UTC (i.e. Unix time). -
      -
      parent
      -
      Readonly, present if this checkpoint has a parent. The - parent name is given by the sub-element name. The - parent relationship allows tracking a list of related checkpoints. -
      -
      domain
      -
      A readonly representation of the - inactive domain configuration - at the time the checkpoint was created. This element may be - omitted for output brevity by supplying - the VIR_DOMAIN_CHECKPOINT_XML_NO_DOMAIN flag, but - the resulting XML is no longer viable for use with - the VIR_DOMAIN_CHECKPOINT_CREATE_REDEFINE flag - of virDomainCheckpointCreateXML(). The domain - will have security-sensitive information omitted unless the - flag VIR_DOMAIN_CHECKPOINT_XML_SECURE is provided - on a read-write connection. -
      -
      - -

      Examples

      - -

      Using this XML to create a checkpoint of just vda on a qemu - domain with two disks and a prior checkpoint:

      - 
      -<domaincheckpoint>
-  <description>Completion of updates after OS install</descriptio=
n>
-  <disks>
-    <disk name=3D'vda' checkpoint=3D'bitmap'/>
-    <disk name=3D'vdb' checkpoint=3D'no'/>
-  </disks>
-</domaincheckpoint>
      - -

      will result in XML similar to this from - virDomainCheckpointGetXMLDesc():

      - 
      -<domaincheckpoint>
-  <name>1525889631</name>
-  <description>Completion of updates after OS install</descriptio=
n>
-  <parent>
-    <name>1525111885</name>
-  </parent>
-  <creationTime>1525889631</creationTime>
-  <disks>
-    <disk name=3D'vda' checkpoint=3D'bitmap' bitmap=3D'1525889631'/>
-    <disk name=3D'vdb' checkpoint=3D'no'/>
-  </disks>
-  <domain type=3D'qemu'>
-    <name>fedora</name>
-    <uuid>93a5c045-6457-2c09-e56c-927cdf34e178</uuid>
-    <memory>1048576</memory>
-    ...
-    <devices>
-      <disk type=3D'file' device=3D'disk'>
-        <driver name=3D'qemu' type=3D'qcow2'/>
-        <source file=3D'/path/to/file1'/>
-        <target dev=3D'vda' bus=3D'virtio'/>
-      </disk>
-      <disk type=3D'file' device=3D'disk' snapshot=3D'external'>
-        <driver name=3D'qemu' type=3D'raw'/>
-        <source file=3D'/path/to/file2'/>
-        <target dev=3D'vdb' bus=3D'virtio'/>
-      </disk>
-      ...
-    </devices>
-  </domain>
-</domaincheckpoint>
      - -

      With that checkpoint created, the qcow2 image is now tracking - all changes that occur in the image since the checkpoint via - the persistent bitmap named 1525889631. -

      - - diff --git a/docs/formatcheckpoint.rst b/docs/formatcheckpoint.rst new file mode 100644 index 0000000000..e45745390a --- /dev/null +++ b/docs/formatcheckpoint.rst @@ -0,0 +1,162 @@ +Checkpoint XML format +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +.. contents:: + +Checkpoint XML +-------------- + +One method of capturing domain disk backups is via the use of incremental +backups. Right now, incremental backups are only supported for the QEMU +hypervisor when using qcow2 disks at the active layer; if other disk forma= ts are +in use, capturing disk backups requires different libvirt APIs (see `domain +state capture `__ for a comparison between = APIs). + +Libvirt is able to facilitate incremental backups by tracking disk checkpo= ints, +which are points in time against which it is easy to compute which portion= of +the disk has changed. Given a full backup (a backup created from the creat= ion of +the disk to a given point in time), coupled with the creation of a disk +checkpoint at that time, and an incremental backup (a backup created from = just +the dirty portion of the disk between the first checkpoint and the second = backup +operation), it is possible to do an offline reconstruction of the state of= the +disk at the time of the second backup without having to copy as much data = as a +second full backup would require. Most disk checkpoints are created in +conjunction with a backup via ``virDomainBackupBegin()``, although a futur= e API +addition of ``virDomainSnapshotCreateXML2()`` will also make this possible= when +creating external snapshots; however, libvirt also exposes enough support = to +create disk checkpoints independently from a backup operation via +``virDomainCheckpointCreateXML()`` since 5.6.0. Likewise, the creation of +checkpoints when external snapshots exist is currently forbidden, although +future work will make it possible to integrate these two concepts. + +Attributes of libvirt checkpoints are stored as child elements of the +``domaincheckpoint`` element. At checkpoint creation time, normally only t= he +``name``, ``description``, and ``disks`` elements are settable. The rest o= f the +fields are ignored on creation and will be filled in by libvirt in for +informational purposes by ``virDomainCheckpointGetXMLDesc()``. However, wh= en +redefining a checkpoint, with the ``VIR_DOMAIN_CHECKPOINT_CREATE_REDEFINE`= ` flag +of ``virDomainCheckpointCreateXML()``, all of the XML fields described her= e are +relevant on input, even the fields that are normally described as readonly= for +output. + +The top-level ``domaincheckpoint`` element may contain the following eleme= nts: + +``name`` + The optional name for this checkpoint. If the name is omitted, libvirt = will + create a name based on the time of the creation. + +``description`` + An optional human-readable description of the checkpoint. If the descri= ption + is omitted when initially creating the checkpoint, then this field will= be + empty. + +``disks`` + On input, this is an optional listing of specific instructions for disk + checkpoints; it is needed when making a checkpoint on only a subset of = the + disks associated with a domain. In particular, since QEMU checkpoints r= equire + qcow2 disks, this element may be needed on input for excluding guest di= sks + that are not in qcow2 format. If the entire element was omitted on inpu= t, + then all disks participate in the checkpoint, otherwise, only the disks + explicitly listed which do not also use ``checkpoint=3D'no'`` will part= icipate. + On output, this is the checkpoint state of each of the domain's disks. + + ``disk`` + This sub-element describes the checkpoint properties of a specific d= isk + with the following attributes: + + ``name`` + A mandatory attribute which must match either the + ```` or an unambiguous ```` of + one of the `disk devices `__ spe= cified + for the domain at the time of the checkpoint. + + ``checkpoint`` + An optional attribute; possible values are ``no`` when the disk d= oes + not participate in this checkpoint; or ``bitmap`` if the disk will + track all changes since the creation of this checkpoint via a bit= map. + + ``bitmap`` + The attribute ``bitmap`` is only valid if ``checkpoint=3D'bitmap'= ``; it + describes the name of the tracking bitmap (defaulting to the chec= kpoint + name). + + ``size`` + The attribute ``size`` is ignored on input; on output, it is only + present if the ``VIR_DOMAIN_CHECKPOINT_XML_SIZE`` flag was used to + perform a dynamic query of the estimated size in bytes of the cha= nges + made since the checkpoint was created. + +``creationTime`` + A readonly representation of the time this checkpoint was created. The = time + is specified in seconds since the Epoch, UTC (i.e. Unix time). + +``parent`` + Readonly, present if this checkpoint has a parent. The parent name is g= iven + by the sub-element ``name``. The parent relationship allows tracking a = list + of related checkpoints. + +``domain`` + A readonly representation of the inactive `domain + configuration `__ at the time the checkpoint was cre= ated. + This element may be omitted for output brevity by supplying the + ``VIR_DOMAIN_CHECKPOINT_XML_NO_DOMAIN`` flag, but the resulting XML is = no + longer viable for use with the ``VIR_DOMAIN_CHECKPOINT_CREATE_REDEFINE`= ` flag + of ``virDomainCheckpointCreateXML()``. The domain will have + security-sensitive information omitted unless the flag + ``VIR_DOMAIN_CHECKPOINT_XML_SECURE`` is provided on a read-write connec= tion. + +Examples +-------- + +Using this XML to create a checkpoint of just vda on a qemu domain with two +disks and a prior checkpoint: + +:: + + + Completion of updates after OS install + + + + + + +will result in XML similar to this from ``virDomainCheckpointGetXMLDesc()`= `: + +:: + + + 1525889631 + Completion of updates after OS install + + 1525111885 + + 1525889631 + + + + + + fedora + 93a5c045-6457-2c09-e56c-927cdf34e178 + 1048576 + ... + + + + + + + + + + + + ... + + + + +With that checkpoint created, the qcow2 image is now tracking all changes = that +occur in the image since the checkpoint via the persistent bitmap named +``1525889631``. --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701122; cv=none; d=zohomail.com; s=zohoarc; b=Jj2GnWih/ULZhYgZwTnLfVJs2sJ3PMRUHuHPd1A7GpDXnCR3CzdOt27Jn1StMK2P2lRqvwh6dI/Fy6JVcLaIqeMsuE6TozqdsS3XiAuf34uLqRbr396oC5Q5dYPQCf6y3lN0/tI9BjmsQPsOEsEA+Ip5dn6etbkCcouYt19pfGI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701122; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=9M0P6lHgEmx/7/dnPoqKNBLCKDrRDST5B6cszdE/bRI=; b=ZMjUGhUxxQGn7P3HBOU8kSiSoWDvvSFW2oGOWCfGsMrfd3UTZUUvnHQ/G0mRK5lCvuQVktoNDzeo2TTvHL1d5beRRIfWoV3IWNIv1OseaI1XTXGQ+rnevCQFqEEjgavIhki0QCeGgL8IrsI46FGb6t5jy+PV/SDN7blFUOLWObM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 159370112287849.43722101311096; Thu, 2 Jul 2020 07:45:22 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-312-sEaFgFoROomVbJy43jbVKg-1; Thu, 02 Jul 2020 10:45:19 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 90DD8805722; Thu, 2 Jul 2020 14:45:11 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 12A4E79257; Thu, 2 Jul 2020 14:45:11 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D2DF46C9D7; Thu, 2 Jul 2020 14:45:10 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeZ9B011851 for ; Thu, 2 Jul 2020 10:40:35 -0400 Received: by smtp.corp.redhat.com (Postfix) id 02DEF10002A2; Thu, 2 Jul 2020 14:40:35 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6996F10013D2 for ; Thu, 2 Jul 2020 14:40:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701121; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=9M0P6lHgEmx/7/dnPoqKNBLCKDrRDST5B6cszdE/bRI=; b=KgoUJx7hSyxq4TyrSmF5eWOzaW+F7A+sbu5JSIwICfuohMPnTcdFc0F4PViI59WOqLlimH FMxVD7pPz/7vbtljWu7BjNH9AzH0HSvwhU8l11K5cPP956ovebK7mPt+fFJcjPzj1xoR0P TlNmRxSPiwSanNnxmahf8W8EGV4Cx2s= X-MC-Unique: sEaFgFoROomVbJy43jbVKg-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 17/24] conf: checkpoint: Add a flag storing whether disk 'size' is valid Date: Thu, 2 Jul 2020 16:40:03 +0200 Message-Id: <6de875a3b1f4ce2f8d41b6c5b9cac4d1af23da1f.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Avoid printing '0' size in case when we weren't able to determine the backup size by adding a flag whether the size is valid and interlock printing of the field according to the flag. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/conf/checkpoint_conf.c | 2 +- src/conf/checkpoint_conf.h | 1 + tests/qemudomaincheckpointxml2xmltest.c | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/conf/checkpoint_conf.c b/src/conf/checkpoint_conf.c index d557fada49..3405e8a3cc 100644 --- a/src/conf/checkpoint_conf.c +++ b/src/conf/checkpoint_conf.c @@ -430,7 +430,7 @@ virDomainCheckpointDiskDefFormat(virBufferPtr buf, virDomainCheckpointTypeToString(disk->type)); if (disk->bitmap) { virBufferEscapeString(buf, " bitmap=3D'%s'", disk->bitmap); - if (flags & VIR_DOMAIN_CHECKPOINT_FORMAT_SIZE) + if (flags & VIR_DOMAIN_CHECKPOINT_FORMAT_SIZE && disk->sizeValid) virBufferAsprintf(buf, " size=3D'%llu'", disk->size); } virBufferAddLit(buf, "/>\n"); diff --git a/src/conf/checkpoint_conf.h b/src/conf/checkpoint_conf.h index ee5d210593..f115b98c2b 100644 --- a/src/conf/checkpoint_conf.h +++ b/src/conf/checkpoint_conf.h @@ -46,6 +46,7 @@ struct _virDomainCheckpointDiskDef { int type; /* virDomainCheckpointType */ char *bitmap; /* bitmap name, if type is bitmap */ unsigned long long size; /* current checkpoint size in bytes */ + bool sizeValid; }; /* Stores the complete checkpoint metadata */ diff --git a/tests/qemudomaincheckpointxml2xmltest.c b/tests/qemudomainchec= kpointxml2xmltest.c index b73ac74e81..a5a5b59205 100644 --- a/tests/qemudomaincheckpointxml2xmltest.c +++ b/tests/qemudomaincheckpointxml2xmltest.c @@ -83,6 +83,7 @@ testCompareXMLToXMLFiles(const char *inxml, } if (flags & TEST_SIZE) { def->disks[0].size =3D 1048576; + def->disks[0].sizeValid =3D true; formatflags |=3D VIR_DOMAIN_CHECKPOINT_FORMAT_SIZE; } --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701164; cv=none; d=zohomail.com; s=zohoarc; b=D6plsdozio2lrHx9mOHmNg7SURIEnRtSdYu0SG5Cb9v5zSoKcOVsrvgyvfXzM4L6t3dek2x8TVpbv45tYqCBBzduRz1AMXCms2nG+SbO6giYB9PKclCI8TVGcQkAs0vz9k7c9cwrIaElC15ilhNhJAdM5WazkJqYT6U0nXr2Zrk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701164; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=4S9Bmsstktovg4+zG5hqGBhND++D6sPjSuYTTH1aP8s=; b=VR6B4xg3KwayDeJ3Vs4IrHBxHhqsqV3v5hXhHu3O60/j/DsjfdwBSZzT/Z4sNCmsoWIMGlNY0ix71SNSgBisOks3PWMvwSPulzqDclr5KnPDXDotmHGVIZfJjYaQgcgvmaotF4Tpz8UVEgPx8o+ys/Fz4loO28vurStYASwcPDs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1593701164007912.9562171499274; Thu, 2 Jul 2020 07:46:04 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-144-9MJ9iJvlNnquBCkLNrtiKQ-1; Thu, 02 Jul 2020 10:45:20 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B3471100A622; Thu, 2 Jul 2020 14:45:14 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 90AA12B4DE; Thu, 2 Jul 2020 14:45:14 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5E7F96C9DC; Thu, 2 Jul 2020 14:45:14 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeZum011864 for ; Thu, 2 Jul 2020 10:40:35 -0400 Received: by smtp.corp.redhat.com (Postfix) id E748E10002A2; Thu, 2 Jul 2020 14:40:35 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 636ED10013D2 for ; Thu, 2 Jul 2020 14:40:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701162; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=4S9Bmsstktovg4+zG5hqGBhND++D6sPjSuYTTH1aP8s=; b=Z08uwsz/6jwuDvOCF/KVydblFtH/nOHkMGHRdUcNZI76TKZSvz+XmrKTz3X0ySua6/1SlR ABu5iP03szdEIwJFlk+NekBtyYwy2XkhPS3M2sCEDz+jP2C23sdj8NbDfWBgNI9MYj1RsO oSmX7tLX8ofxJdWGYBFGxREzUIxe3dE= X-MC-Unique: 9MJ9iJvlNnquBCkLNrtiKQ-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 18/24] qemu: checkpoint: Implement VIR_DOMAIN_CHECKPOINT_XML_SIZE Date: Thu, 2 Jul 2020 16:40:04 +0200 Message-Id: <76532298a679ec88d5aa399c5411dbb820a4e03f.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Introduce code which merges the appropriate bitmaps and queries the final size of the backup, so that we can print the XML with size information. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_checkpoint.c | 143 ++++++++++++++++++++++++++++++++++++- 1 file changed, 142 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_checkpoint.c b/src/qemu/qemu_checkpoint.c index c24d97443c..f45ab29d4c 100644 --- a/src/qemu/qemu_checkpoint.c +++ b/src/qemu/qemu_checkpoint.c @@ -567,6 +567,142 @@ qemuCheckpointCreateXML(virDomainPtr domain, } +struct qemuCheckpointDiskMap { + virDomainCheckpointDiskDefPtr chkdisk; + virDomainDiskDefPtr domdisk; +}; + + +static int +qemuCheckpointGetXMLDescUpdateSize(virDomainObjPtr vm, + virDomainCheckpointDefPtr chkdef) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + virQEMUDriverPtr driver =3D priv->driver; + g_autoptr(virHashTable) blockNamedNodeData =3D NULL; + g_autofree struct qemuCheckpointDiskMap *diskmap =3D NULL; + g_autoptr(virJSONValue) recoveractions =3D NULL; + g_autoptr(virJSONValue) mergeactions =3D virJSONValueNewArray(); + g_autoptr(virJSONValue) cleanupactions =3D virJSONValueNewArray(); + int rc =3D 0; + size_t ndisks =3D 0; + size_t i; + int ret =3D -1; + + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) + return -1; + + if (virDomainObjCheckActive(vm) < 0) + goto endjob; + + if (!(blockNamedNodeData =3D qemuBlockGetNamedNodeData(vm, QEMU_ASYNC_= JOB_NONE))) + goto endjob; + + /* enumerate disks relevant for the checkpoint which are also present = in the + * domain */ + diskmap =3D g_new0(struct qemuCheckpointDiskMap, chkdef->ndisks); + + for (i =3D 0; i < chkdef->ndisks; i++) { + virDomainCheckpointDiskDefPtr chkdisk =3D chkdef->disks + i; + virDomainDiskDefPtr domdisk; + + chkdisk->size =3D 0; + chkdisk->sizeValid =3D false; + + if (chkdisk->type !=3D VIR_DOMAIN_CHECKPOINT_TYPE_BITMAP) + continue; + + if (!(domdisk =3D virDomainDiskByTarget(vm->def, chkdisk->name))) + continue; + + if (!qemuBlockBitmapChainIsValid(domdisk->src, chkdef->parent.name= , blockNamedNodeData)) + continue; + + diskmap[ndisks].chkdisk =3D chkdisk; + diskmap[ndisks].domdisk =3D domdisk; + ndisks++; + } + + if (ndisks =3D=3D 0) { + ret =3D 0; + goto endjob; + } + + /* we need to calculate the merged bitmap to obtain accurate data */ + for (i =3D 0; i < ndisks; i++) { + virDomainDiskDefPtr domdisk =3D diskmap[i].domdisk; + g_autoptr(virJSONValue) actions =3D NULL; + + /* possibly delete leftovers from previous cases */ + if (qemuBlockNamedNodeDataGetBitmapByName(blockNamedNodeData, domd= isk->src, + "libvirt-tmp-size-xml"))= { + if (!recoveractions) + recoveractions =3D virJSONValueNewArray(); + + if (qemuMonitorTransactionBitmapRemove(recoveractions, + domdisk->src->nodeforma= t, + "libvirt-tmp-size-xml")= < 0) + goto endjob; + } + + if (qemuBlockGetBitmapMergeActions(domdisk->src, NULL, domdisk->sr= c, + chkdef->parent.name, "libvirt-t= mp-size-xml", + NULL, &actions, blockNamedNodeD= ata) < 0) + goto endjob; + + if (virJSONValueArrayConcat(mergeactions, actions) < 0) + goto endjob; + + if (qemuMonitorTransactionBitmapRemove(cleanupactions, + domdisk->src->nodeformat, + "libvirt-tmp-size-xml") < 0) + goto endjob; + } + + qemuDomainObjEnterMonitor(driver, vm); + + if (rc =3D=3D 0 && recoveractions) + rc =3D qemuMonitorTransaction(priv->mon, &recoveractions); + + if (rc =3D=3D 0) + rc =3D qemuMonitorTransaction(priv->mon, &mergeactions); + + if (qemuDomainObjExitMonitor(driver, vm) < 0 || rc < 0) + goto endjob; + + /* now do a final refresh */ + virHashFree(blockNamedNodeData); + if (!(blockNamedNodeData =3D qemuBlockGetNamedNodeData(vm, QEMU_ASYNC_= JOB_NONE))) + goto endjob; + + qemuDomainObjEnterMonitor(driver, vm); + + rc =3D qemuMonitorTransaction(priv->mon, &cleanupactions); + + if (qemuDomainObjExitMonitor(driver, vm) < 0 || rc < 0) + goto endjob; + + /* update disks */ + for (i =3D 0; i < ndisks; i++) { + virDomainCheckpointDiskDefPtr chkdisk =3D diskmap[i].chkdisk; + virDomainDiskDefPtr domdisk =3D diskmap[i].domdisk; + qemuBlockNamedNodeDataBitmapPtr bitmap; + + if ((bitmap =3D qemuBlockNamedNodeDataGetBitmapByName(blockNamedNo= deData, domdisk->src, + "libvirt-tmp-s= ize-xml"))) { + chkdisk->size =3D bitmap->dirtybytes; + chkdisk->sizeValid =3D true; + } + } + + ret =3D 0; + + endjob: + qemuDomainObjEndJob(driver, vm); + return ret; +} + + char * qemuCheckpointGetXMLDesc(virDomainObjPtr vm, virDomainCheckpointPtr checkpoint, @@ -579,13 +715,18 @@ qemuCheckpointGetXMLDesc(virDomainObjPtr vm, unsigned int format_flags; virCheckFlags(VIR_DOMAIN_CHECKPOINT_XML_SECURE | - VIR_DOMAIN_CHECKPOINT_XML_NO_DOMAIN, NULL); + VIR_DOMAIN_CHECKPOINT_XML_NO_DOMAIN | + VIR_DOMAIN_CHECKPOINT_XML_SIZE, NULL); if (!(chk =3D qemuCheckpointObjFromCheckpoint(vm, checkpoint))) return NULL; chkdef =3D virDomainCheckpointObjGetDef(chk); + if (flags & VIR_DOMAIN_CHECKPOINT_XML_SIZE && + qemuCheckpointGetXMLDescUpdateSize(vm, chkdef) < 0) + return NULL; + format_flags =3D virDomainCheckpointFormatConvertXMLFlags(flags); return virDomainCheckpointDefFormat(chkdef, driver->xmlopt, format_flags); --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701207; cv=none; d=zohomail.com; s=zohoarc; b=BmMwJCZdG1yTiwenfbKNpd5rmW54VNb1T7gPVFI3D0JCHEec7wtqIuJB/fQ/DvGtzrxTYOnas3LoNNTdXrgfc6ud3dnD3xeADgYlwGA8rROcPGB1pJe15xHcnGXAEzFPTrhapqW0S/kEF5eMXdOg8Xy7AXqnx4g50BbePrzKkIY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701207; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=hgjL4O7NSONUU1/PTczGR5WxLqT5qy2SlC9kgS1zgOc=; b=SNfFEJIkwGTy/sQKdkPfVB9GG+sYsGh0DkXrvCv3sL0Ls7w1IUEf1uaCghmKlsjbCBcPL+1ZRozeLl/nMXQtTVnupH3sgOgtESWGOF5udFc4TJwF9uxINPMQTO+/Dui/H4Yfj/VCfUepRalC5DQZtcKvINnrBff2bP1kwiyFIvc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1593701207186822.0424756267242; Thu, 2 Jul 2020 07:46:47 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-361-FznjlR12PUWCEyJ_g7MR1w-1; Thu, 02 Jul 2020 10:46:42 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C34D7100A8ED; Thu, 2 Jul 2020 14:46:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A3A6A60CD1; Thu, 2 Jul 2020 14:46:36 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 70D3A6C9D3; Thu, 2 Jul 2020 14:46:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeaiW011875 for ; Thu, 2 Jul 2020 10:40:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id D7C2B10002A2; Thu, 2 Jul 2020 14:40:36 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 495A91002397 for ; Thu, 2 Jul 2020 14:40:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701206; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=hgjL4O7NSONUU1/PTczGR5WxLqT5qy2SlC9kgS1zgOc=; b=demG4FZ9C3IBHevaZNRgCzqguHtaWhdVj3RJVsIf54WchrowkpmIEPxZDiP/xbvTZnGJZq Ico0DEbGF03POA/Ub8oKGRL6uXfJbcA7lGS+T1Ks13qs602+kSm7zqnSKDOOAD4QawviQQ PTXgjc9gqW1LvnzB9VuG4H1v0hp6H0k= X-MC-Unique: FznjlR12PUWCEyJ_g7MR1w-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 19/24] checkpoint: Mention that VIR_DOMAIN_CHECKPOINT_XML_SIZE is expensive and stale Date: Thu, 2 Jul 2020 16:40:05 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Data is valid only when queried as guest writes may increase the backup size. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- docs/formatcheckpoint.rst | 4 ++++ src/libvirt-domain-checkpoint.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/formatcheckpoint.rst b/docs/formatcheckpoint.rst index e45745390a..f159f2a7a3 100644 --- a/docs/formatcheckpoint.rst +++ b/docs/formatcheckpoint.rst @@ -86,6 +86,10 @@ The top-level ``domaincheckpoint`` element may contain t= he following elements: perform a dynamic query of the estimated size in bytes of the cha= nges made since the checkpoint was created. + Note that updating the backup ``size`` may be expensive and + the actual required size may increase if the guest OS is actively + writing to the disk. + ``creationTime`` A readonly representation of the time this checkpoint was created. The = time is specified in seconds since the Epoch, UTC (i.e. Unix time). diff --git a/src/libvirt-domain-checkpoint.c b/src/libvirt-domain-checkpoin= t.c index 50627c486c..8a7b55dcd2 100644 --- a/src/libvirt-domain-checkpoint.c +++ b/src/libvirt-domain-checkpoint.c @@ -191,7 +191,8 @@ virDomainCheckpointCreateXML(virDomainPtr domain, * VIR_DOMAIN_CHECKPOINT_XML_SIZE, each listing adds an additional * attribute that shows an estimate of the current size in bytes that * have been dirtied between the time the checkpoint was created and the - * current point in time. + * current point in time. Note that updating the size may be expensive and + * data will be inaccurate once guest OS writes to the disk. * * Returns a 0 terminated UTF-8 encoded XML instance or NULL in case * of error. The caller must free() the returned value. --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701207; cv=none; d=zohomail.com; s=zohoarc; b=Cohfc8ggvMsUgkvW0/BqMK00QXv87M2/dsQGJmIUI610EK0li7eBy4zhv1PlsN37Wd/hP/doR6Bd1MuGynKfHxeYU3ABzHCKvLsh8Fr1fYTa17qt7uiS4L4SGz2DG7syxMBWnafEmOYFyv/y5Ulv3j0+PT84uzERf/o+LGftiz0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701207; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ZlpRpMzMOuUXG3MSgCaLwr3/G7J+OBv2RwxRpyuF3Ys=; b=R2k+iVAx8FOBxv5YS3fV74ZeAJ4uizNGhhrkNVwc/WLeNroAHmVbV41CCjsfGci0znyaHOKZYSjakM0+b5ZiBeYRg3QmM41yVr/u+GRnCs41JZpUc1Wh81B/i7xR3YgfoGAZBf42QmRy6bquJTjO1yfms3kWxZs2oX7dXgW0UIk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1593701207838538.5767336427539; Thu, 2 Jul 2020 07:46:47 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-274-W6MGtetAMjWvrTkUaDKXzA-1; Thu, 02 Jul 2020 10:46:44 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1E45D87951B; Thu, 2 Jul 2020 14:46:39 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EF122778A4; Thu, 2 Jul 2020 14:46:38 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BC1E51809547; Thu, 2 Jul 2020 14:46:38 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062Eebxu011885 for ; Thu, 2 Jul 2020 10:40:37 -0400 Received: by smtp.corp.redhat.com (Postfix) id C815E10002A2; Thu, 2 Jul 2020 14:40:37 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4449E10013D2 for ; Thu, 2 Jul 2020 14:40:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701206; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ZlpRpMzMOuUXG3MSgCaLwr3/G7J+OBv2RwxRpyuF3Ys=; b=Fakg24O0IwRCvMcc5NrRHuAKgxDmfCGrTM0TE/v4goWRl2sJOP2ie5yey1UU3p/f7kyQFH u9cWyCxBgJ3fa3Nf15TqvrhZm4ll+jzudcfRr4zt1YSSyA8wbKKVdy+rhjyjWZj3N5hvUr qyOdmgVKvtWggMgXaS71GAAZl0hQPvw= X-MC-Unique: W6MGtetAMjWvrTkUaDKXzA-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 20/24] testCompareBackupXML: Add infrastructure for testing internal fields Date: Thu, 2 Jul 2020 16:40:06 +0200 Message-Id: <2dfb9013dcbc8f7415b779acf26e4af34f51a764.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" There are few internal fields of the backup XML. Propagate the 'internal' flag so that the test can verify the XML infrastructure. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- tests/genericxml2xmltest.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/tests/genericxml2xmltest.c b/tests/genericxml2xmltest.c index 74e520522b..cf07f9bb79 100644 --- a/tests/genericxml2xmltest.c +++ b/tests/genericxml2xmltest.c @@ -45,16 +45,27 @@ testCompareXMLToXMLHelper(const void *data) } +struct testCompareBackupXMLData { + const char *testname; + bool internal; +}; + + static int -testCompareBackupXML(const void *data) +testCompareBackupXML(const void *opaque) { - const char *testname =3D data; + const struct testCompareBackupXMLData *data =3D opaque; + const char *testname =3D data->testname; g_autofree char *xml_in =3D NULL; g_autofree char *file_in =3D NULL; g_autofree char *file_out =3D NULL; g_autoptr(virDomainBackupDef) backup =3D NULL; g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; g_autofree char *actual =3D NULL; + unsigned int parseFlags =3D 0; + + if (data->internal) + parseFlags |=3D VIR_DOMAIN_BACKUP_PARSE_INTERNAL; file_in =3D g_strdup_printf("%s/domainbackupxml2xmlin/%s.xml", abs_srcdir, testname); @@ -64,12 +75,12 @@ testCompareBackupXML(const void *data) if (virFileReadAll(file_in, 1024 * 64, &xml_in) < 0) return -1; - if (!(backup =3D virDomainBackupDefParseString(xml_in, xmlopt, 0))) { + if (!(backup =3D virDomainBackupDefParseString(xml_in, xmlopt, parseFl= ags))) { VIR_TEST_VERBOSE("failed to parse backup def '%s'", file_in); return -1; } - if (virDomainBackupDefFormat(&buf, backup, false) < 0) { + if (virDomainBackupDefFormat(&buf, backup, data->internal) < 0) { VIR_TEST_VERBOSE("failed to format backup def '%s'", file_in); return -1; } @@ -185,9 +196,16 @@ mymain(void) DO_TEST_DIFFERENT("cputune"); +#define DO_TEST_BACKUP_FULL(name, intrnl) \ + do { \ + const struct testCompareBackupXMLData data =3D { .testname =3D nam= e, \ + .internal =3D intrn= l }; \ + if (virTestRun("QEMU BACKUP XML-2-XML " name, testCompareBackupXML= , &data) < 0) \ + ret =3D -1; \ + } while (false) + #define DO_TEST_BACKUP(name) \ - if (virTestRun("QEMU BACKUP XML-2-XML " name, testCompareBackupXML, na= me) < 0) \ - ret =3D -1; + DO_TEST_BACKUP_FULL(name, false) DO_TEST_BACKUP("empty"); DO_TEST_BACKUP("backup-pull"); --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701128; cv=none; d=zohomail.com; s=zohoarc; b=TlXULgMLDX71A22XANZvm6JiVt/xyq11ekyiu1ci6GWjMgwJOjKG34eUI+njEWyR9+zY7VHWNEdbj6zxuZKXVtwXH6DFhSeql5nMK1Atx45aJIx7NTahP/Sup/u/OeQAZ9N+ZRHwGscxp5goFCAKBoNsEyORZTW5dpErJNCAYGw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701128; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=KUdL664FLeux+2Z+hHSRV6l1L7x0QpMlEwWZTamRnt0=; b=H6x+5ghygRaJ4gIrsbX4BfAkNxMRxaktb7Inm3wNQWW1ALA/ZuO6H68u2Hc3rVR+bTXn3xsIao5K2X6wHtojJeu/sBaVlqWZr5R+5PMECdnMqktL3rCrecUM+LrsAhduwKQuG4gzivZpBfEuyHQryOBZqS+AZLBYkXT7OCVNoBc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1593701128886250.3643594290479; Thu, 2 Jul 2020 07:45:28 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-10-iCmbJQhuOGOfcHrE1cUHQA-1; Thu, 02 Jul 2020 10:45:23 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 292341B2C985; Thu, 2 Jul 2020 14:45:18 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 053001002397; Thu, 2 Jul 2020 14:45:18 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C5F8C1806B0D; Thu, 2 Jul 2020 14:45:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EedRY011894 for ; Thu, 2 Jul 2020 10:40:39 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0AEDE10002A2; Thu, 2 Jul 2020 14:40:39 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7BA7910013D2 for ; Thu, 2 Jul 2020 14:40:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701125; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=KUdL664FLeux+2Z+hHSRV6l1L7x0QpMlEwWZTamRnt0=; b=gmvtNFXJPF/EliyV/YJMtQSlbQ9uPSGxXBHvNQFayXKxwMK6O8HZWKuvAi05upNxk8BdzX i5vT3o0sveFXsz0/FvttQeyLm3n8/1mgj5KWo218oQSto1YZIgR5foqnztrh4uHBg40GiR v1PKlSVkH+Jro8cjAyLDhajUtzN6dDs= X-MC-Unique: iCmbJQhuOGOfcHrE1cUHQA-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 21/24] conf: backup: Store 'tlsAlias' and 'tlsSecretAlias' as internals of a backup Date: Thu, 2 Jul 2020 16:40:07 +0200 Message-Id: <90a6345b754faa12b588aeeb1d71632593bd1822.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Add fields for storing the aliases necessary to clean up the TLS env for a backup job after it finishes. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/conf/backup_conf.c | 42 +++++++++++++++++++ src/conf/backup_conf.h | 5 +++ .../backup-pull-internal-invalid.xml | 36 ++++++++++++++++ .../backup-pull-internal-invalid.xml | 1 + tests/genericxml2xmltest.c | 2 + 5 files changed, 86 insertions(+) create mode 100644 tests/domainbackupxml2xmlin/backup-pull-internal-invali= d.xml create mode 120000 tests/domainbackupxml2xmlout/backup-pull-internal-inval= id.xml diff --git a/src/conf/backup_conf.c b/src/conf/backup_conf.c index 4f28073ab2..74f6e4b020 100644 --- a/src/conf/backup_conf.c +++ b/src/conf/backup_conf.c @@ -86,6 +86,10 @@ virDomainBackupDefFree(virDomainBackupDefPtr def) } g_free(def->disks); + + g_free(def->tlsAlias); + g_free(def->tlsSecretAlias); + g_free(def); } @@ -213,6 +217,19 @@ virDomainBackupDiskDefParseXML(xmlNodePtr node, } +static void +virDomainBackupDefParsePrivate(virDomainBackupDefPtr def, + xmlXPathContextPtr ctxt, + unsigned int flags) +{ + if (!(flags & VIR_DOMAIN_BACKUP_PARSE_INTERNAL)) + return; + + def->tlsSecretAlias =3D virXPathString("string(./privateData/objects/s= ecret[@type=3D'tlskey']/@alias)", ctxt); + def->tlsAlias =3D virXPathString("string(./privateData/objects/TLSx509= /@alias)", ctxt); +} + + static virDomainBackupDefPtr virDomainBackupDefParse(xmlXPathContextPtr ctxt, virDomainXMLOptionPtr xmlopt, @@ -282,6 +299,8 @@ virDomainBackupDefParse(xmlXPathContextPtr ctxt, return NULL; } + virDomainBackupDefParsePrivate(def, ctxt, flags); + return g_steal_pointer(&def); } @@ -388,6 +407,26 @@ virDomainBackupDiskDefFormat(virBufferPtr buf, } +static void +virDomainBackupDefFormatPrivate(virBufferPtr buf, + virDomainBackupDefPtr def, + bool internal) +{ + g_auto(virBuffer) privChildBuf =3D VIR_BUFFER_INIT_CHILD(buf); + g_auto(virBuffer) objectsChildBuf =3D VIR_BUFFER_INIT_CHILD(&privChild= Buf); + + if (!internal) + return; + + virBufferEscapeString(&objectsChildBuf, "\n", + def->tlsSecretAlias); + virBufferEscapeString(&objectsChildBuf, "\n", d= ef->tlsAlias); + + virXMLFormatElement(&privChildBuf, "objects", NULL, &objectsChildBuf); + virXMLFormatElement(buf, "privateData", NULL, &privChildBuf); +} + + int virDomainBackupDefFormat(virBufferPtr buf, virDomainBackupDefPtr def, @@ -422,6 +461,9 @@ virDomainBackupDefFormat(virBufferPtr buf, } virXMLFormatElement(&childBuf, "disks", NULL, &disksChildBuf); + + virDomainBackupDefFormatPrivate(&childBuf, def, internal); + virXMLFormatElement(buf, "domainbackup", &attrBuf, &childBuf); return 0; diff --git a/src/conf/backup_conf.h b/src/conf/backup_conf.h index 3f8b592b8d..a1d1e453c1 100644 --- a/src/conf/backup_conf.h +++ b/src/conf/backup_conf.h @@ -86,6 +86,11 @@ struct _virDomainBackupDef { virDomainBackupDiskDef *disks; /* internal data */ + + /* NBD TLS internals */ + char *tlsAlias; + char *tlsSecretAlias; + /* statistic totals for completed disks */ unsigned long long push_transferred; unsigned long long push_total; diff --git a/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml b= /tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml new file mode 100644 index 0000000000..261dec0eea --- /dev/null +++ b/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml @@ -0,0 +1,36 @@ + + 1525889631 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml = b/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml new file mode 120000 index 0000000000..055ca37a0b --- /dev/null +++ b/tests/domainbackupxml2xmlout/backup-pull-internal-invalid.xml @@ -0,0 +1 @@ +../domainbackupxml2xmlin/backup-pull-internal-invalid.xml \ No newline at end of file diff --git a/tests/genericxml2xmltest.c b/tests/genericxml2xmltest.c index cf07f9bb79..2c1e8616dd 100644 --- a/tests/genericxml2xmltest.c +++ b/tests/genericxml2xmltest.c @@ -215,6 +215,8 @@ mymain(void) DO_TEST_BACKUP("backup-push-seclabel"); DO_TEST_BACKUP("backup-push-encrypted"); + DO_TEST_BACKUP_FULL("backup-pull-internal-invalid", true); + virObjectUnref(caps); virObjectUnref(xmlopt); --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701211; cv=none; d=zohomail.com; s=zohoarc; b=DeGpmFzuKCIUXUegXXA7qsrajzT0/PrMaB7APYWhhvmHcl4oTba6mGXt+GqtLuySYqdgj8lGTISUpVnoYgkusQxueH4L6DzUwwTMCGqCB5r2KJlC6HIfb4dKqW4BpF951Ql2sdNnDeK/m32YgSf8Vpf7d4aGnXrRakDYZdS7IG0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701211; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=uGskPQY7YRojnPvyUUWrbccaTxzqnMjgfx390S6Trfs=; b=VTHnwtCMLxsvE1wtPeh3TdXEYNbLn8WlRq6hFvZDT41kcAwHygnmmE7TsVwTMRrDAVrDdRrhIun/Grb+5gbotQI16hWbyDbgxSz29j8RwaQzrapURrqVKUWNGFPrjYI09Y34oFSFZZt1Qt7SBKiQXCtZwIbnOICuhQICn3iKC5U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 159370121186450.07536829507501; Thu, 2 Jul 2020 07:46:51 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-429-Mh_e-o1bPmu1kXFQE1Ubjg-1; Thu, 02 Jul 2020 10:46:48 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7807D186A210; Thu, 2 Jul 2020 14:46:41 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5B2CD5C1B0; Thu, 2 Jul 2020 14:46:41 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2CF366C9CA; Thu, 2 Jul 2020 14:46:41 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062Eedjo011911 for ; Thu, 2 Jul 2020 10:40:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id F014610002A2; Thu, 2 Jul 2020 14:40:39 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 615EF10013D2 for ; Thu, 2 Jul 2020 14:40:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701210; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=uGskPQY7YRojnPvyUUWrbccaTxzqnMjgfx390S6Trfs=; b=SdNevUeFGgFSj3bBaYyFeBFvPN+TcRr5WLHkpbUTNJRKTUZGooB82el/LFqCa/Usc8Mu/c s66fqHn8gE1h73pPoLzHfexe7Akj4g/q7nfTSzpXx/uBIeCEju8+m9JVXSFZE4y8eo8qnC iLzr5myc0nrUzSxWU2aX/U5g3xNqX18= X-MC-Unique: Mh_e-o1bPmu1kXFQE1Ubjg-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 22/24] qemu: conf: Add configuration of TLS environment for NBD transport of pull-backups Date: Thu, 2 Jul 2020 16:40:08 +0200 Message-Id: <44d9465b8e2f77dd14ab0bad063357ed10ce4d49.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" TLS is required to transport backed-up data securely when using pull-mode backups. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- docs/formatbackup.rst | 4 ++++ src/qemu/libvirtd_qemu.aug | 5 ++++ src/qemu/qemu.conf | 37 ++++++++++++++++++++++++++++++ src/qemu/qemu_conf.c | 17 ++++++++++++++ src/qemu/qemu_conf.h | 5 ++++ src/qemu/test_libvirtd_qemu.aug.in | 3 +++ 6 files changed, 71 insertions(+) diff --git a/docs/formatbackup.rst b/docs/formatbackup.rst index e5b6fc6eb0..142b8250d2 100644 --- a/docs/formatbackup.rst +++ b/docs/formatbackup.rst @@ -42,6 +42,10 @@ were supplied). The following child elements and attribu= tes are supported: necessary to set up an NBD server that exposes the content of each disk= at the time the backup is started. + Note that for the QEMU hypervisor the TLS environment in controlled usi= ng + ``backup_tls_x509_cert_dir``, ``backup_tls_x509_verify``, and + ``backup_tls_x509_secret_uuid`` properties in ``/etc/libvirt/qemu.conf`= `. + ``disks`` An optional listing of instructions for disks participating in the back= up (if omitted, all disks participate and libvirt attempts to generate filenam= es by diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index c19a086c38..abbac549f2 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -59,6 +59,10 @@ module Libvirtd_qemu =3D | bool_entry "migrate_tls_x509_verify" | str_entry "migrate_tls_x509_secret_uuid" + let backup_entry =3D str_entry "backup_tls_x509_cert_dir" + | bool_entry "backup_tls_x509_verify" + | str_entry "backup_tls_x509_secret_uuid" + let vxhs_entry =3D bool_entry "vxhs_tls" | str_entry "vxhs_tls_x509_cert_dir" | str_entry "vxhs_tls_x509_secret_uuid" @@ -146,6 +150,7 @@ module Libvirtd_qemu =3D | spice_entry | chardev_entry | migrate_entry + | backup_entry | nogfx_entry | remote_display_entry | security_entry diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index ab403c21ac..a96bedb114 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -395,6 +395,43 @@ #migrate_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000" +# In order to override the default TLS certificate location for backup NBD +# server certificates, supply a valid path to the certificate directory. I= f the +# provided path does not exist, libvirtd will fail to start. If the path is +# not provided, but TLS-encrypted backup is requested, then the +# default_tls_x509_cert_dir path will be used. +# +#backup_tls_x509_cert_dir =3D "/etc/pki/libvirt-backup" + + +# The default TLS configuration only uses certificates for the server +# allowing the client to verify the server's identity and establish +# an encrypted channel. +# +# It is possible to use x509 certificates for authentication too, by +# issuing an x509 certificate to every client who needs to connect. +# +# Enabling this option will reject any client that does not have a +# ca-cert.pem certificate signed by the CA in the backup_tls_x509_cert_dir +# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem +# files described in default_tls_x509_cert_dir. +# +# If this option is not supplied, it will be set to the value of +# "default_tls_x509_verify". +# +#backup_tls_x509_verify =3D 1 + + +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#backup_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000" + + # By default, if no graphical front end is configured, libvirt will disable # QEMU audio output since directly talking to alsa/pulseaudio may not work # with various security settings. If you know what you're doing, enable diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 6e673e8f62..30d7c61cf9 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -347,6 +347,9 @@ static void virQEMUDriverConfigDispose(void *obj) VIR_FREE(cfg->migrateTLSx509certdir); VIR_FREE(cfg->migrateTLSx509secretUUID); + VIR_FREE(cfg->backupTLSx509certdir); + VIR_FREE(cfg->backupTLSx509secretUUID); + while (cfg->nhugetlbfs) { cfg->nhugetlbfs--; VIR_FREE(cfg->hugetlbfs[cfg->nhugetlbfs].mnt_dir); @@ -511,6 +514,9 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverCo= nfigPtr cfg, GET_CONFIG_TLS_CERTINFO_COMMON(migrate); GET_CONFIG_TLS_CERTINFO_SERVER(migrate); + GET_CONFIG_TLS_CERTINFO_COMMON(backup); + GET_CONFIG_TLS_CERTINFO_SERVER(backup); + GET_CONFIG_TLS_CERTINFO_COMMON(vxhs); GET_CONFIG_TLS_CERTINFO_COMMON(nbd); @@ -1154,6 +1160,14 @@ virQEMUDriverConfigValidate(virQEMUDriverConfigPtr c= fg) return -1; } + if (cfg->backupTLSx509certdir && + !virFileExists(cfg->backupTLSx509certdir)) { + virReportError(VIR_ERR_CONF_SYNTAX, + _("backup_tls_x509_cert_dir directory '%s' does not= exist"), + cfg->backupTLSx509certdir); + return -1; + } + if (cfg->vxhsTLSx509certdir && !virFileExists(cfg->vxhsTLSx509certdir)) { virReportError(VIR_ERR_CONF_SYNTAX, @@ -1189,6 +1203,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr= cfg) SET_TLS_SECRET_UUID_DEFAULT(vnc); SET_TLS_SECRET_UUID_DEFAULT(chardev); SET_TLS_SECRET_UUID_DEFAULT(migrate); + SET_TLS_SECRET_UUID_DEFAULT(backup); SET_TLS_SECRET_UUID_DEFAULT(vxhs); SET_TLS_SECRET_UUID_DEFAULT(nbd); @@ -1216,6 +1231,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr= cfg) SET_TLS_X509_CERT_DEFAULT(spice); SET_TLS_X509_CERT_DEFAULT(chardev); SET_TLS_X509_CERT_DEFAULT(migrate); + SET_TLS_X509_CERT_DEFAULT(backup); SET_TLS_X509_CERT_DEFAULT(vxhs); SET_TLS_X509_CERT_DEFAULT(nbd); @@ -1230,6 +1246,7 @@ virQEMUDriverConfigSetDefaults(virQEMUDriverConfigPtr= cfg) SET_TLS_VERIFY_DEFAULT(vnc); SET_TLS_VERIFY_DEFAULT(chardev); SET_TLS_VERIFY_DEFAULT(migrate); + SET_TLS_VERIFY_DEFAULT(backup); #undef SET_TLS_VERIFY_DEFAULT diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 6193a7111c..687829123c 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -144,6 +144,11 @@ struct _virQEMUDriverConfig { bool migrateTLSx509verifyPresent; char *migrateTLSx509secretUUID; + char *backupTLSx509certdir; + bool backupTLSx509verify; + bool backupTLSx509verifyPresent; + char *backupTLSx509secretUUID; + bool vxhsTLS; char *vxhsTLSx509certdir; char *vxhsTLSx509secretUUID; diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index db125bf352..6a54e2322a 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -35,6 +35,9 @@ module Test_libvirtd_qemu =3D { "migrate_tls_x509_cert_dir" =3D "/etc/pki/libvirt-migrate" } { "migrate_tls_x509_verify" =3D "1" } { "migrate_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000= " } +{ "backup_tls_x509_cert_dir" =3D "/etc/pki/libvirt-backup" } +{ "backup_tls_x509_verify" =3D "1" } +{ "backup_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000"= } { "nographics_allow_host_audio" =3D "1" } { "remote_display_port_min" =3D "5900" } { "remote_display_port_max" =3D "65535" } --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701113; cv=none; d=zohomail.com; s=zohoarc; b=AY8gXO4drzr6jvBBvtb6U93VHqfPJS6v0k5C1w+3mkCkuYSYfAE8/mwociXhADcNoaZ/spRspy0sxjQPHyTib4184JsBBxAC2YmDUQ9V9gK6K4C0Z0iSOpcD3b8B9WPmWrlj2+3PJORNWykptCD1K307lr2AXCugguTY4Z3wJyQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701113; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=G9/A8Z2lcZbYKu6toUcb1qNUG56J0EYlsl8bAW1Hc6M=; b=biRNjf5eDd9JNOUMvHR6S3EFEo57/T3GjZoVKo6ftfNR2G+VkCZV2JZbS5e1p6iMQc5MU/spxxP96MhoVf4lR8YW6O1wi4CRY47Ztr7LPGfwfmGj08OOBMAoN2tYxUqWyOBqiqA4T50WfOnDxGS7fl8IiXpsK87/XFotVOZ4FRA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1593701113890596.8374029304052; Thu, 2 Jul 2020 07:45:13 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-268-s-tyVsnUOwake4l4aG_FKQ-1; Thu, 02 Jul 2020 10:45:10 -0400 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 00A3E879511; Thu, 2 Jul 2020 14:45:03 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D10941002397; Thu, 2 Jul 2020 14:45:02 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9D8166C9D1; Thu, 2 Jul 2020 14:45:02 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EeebJ011922 for ; Thu, 2 Jul 2020 10:40:40 -0400 Received: by smtp.corp.redhat.com (Postfix) id DFB5F1002397; Thu, 2 Jul 2020 14:40:40 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5C9BF10013D2 for ; Thu, 2 Jul 2020 14:40:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701112; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=G9/A8Z2lcZbYKu6toUcb1qNUG56J0EYlsl8bAW1Hc6M=; b=MoV4HqAeNKPcRV4PhbUemxRnh+jBzmwd5n+AmpToOqRG1CZVWN6nK2CZg4DiPaJut6ptbY Pc5v8CRs3iRWqYkyy3Jn2/tahK3tsl3ydkGSvGJNpDFpkamoor25ghjZ1tZ+OjaeIH0+Pd xT5cxsYTi3XA8bgjr4M6W2+YzV2Jbr4= X-MC-Unique: s-tyVsnUOwake4l4aG_FKQ-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 23/24] conf: backup: Add 'tls' attribute for 'server' element Date: Thu, 2 Jul 2020 16:40:09 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Allow enabling TLS for the NBD server used to do pull-mode backups. Note that documentation already mentions 'tls', so this just implements the schema and XML bits. Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- docs/schemas/domainbackup.rng | 9 ++++++++- src/conf/backup_conf.c | 17 +++++++++++++++++ src/conf/backup_conf.h | 1 + .../backup-pull-encrypted.xml | 2 +- .../backup-pull-internal-invalid.xml | 2 +- .../backup-pull-encrypted.xml | 2 +- 6 files changed, 29 insertions(+), 4 deletions(-) diff --git a/docs/schemas/domainbackup.rng b/docs/schemas/domainbackup.rng index 650f5cd4c3..c0ca3c3038 100644 --- a/docs/schemas/domainbackup.rng +++ b/docs/schemas/domainbackup.rng @@ -51,6 +51,14 @@       + + + + yes + no + + + @@ -69,7 +77,6 @@       - diff --git a/src/conf/backup_conf.c b/src/conf/backup_conf.c index 74f6e4b020..59d7e1dfaf 100644 --- a/src/conf/backup_conf.c +++ b/src/conf/backup_conf.c @@ -260,6 +260,8 @@ virDomainBackupDefParse(xmlXPathContextPtr ctxt, def->incremental =3D virXPathString("string(./incremental)", ctxt); if ((node =3D virXPathNode("./server", ctxt))) { + g_autofree char *tls =3D NULL; + if (def->type !=3D VIR_DOMAIN_BACKUP_TYPE_PULL) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("use of requires pull mode backup")); @@ -284,6 +286,19 @@ virDomainBackupDefParse(xmlXPathContextPtr ctxt, def->server->socket); return NULL; } + + if ((tls =3D virXMLPropString(node, "tls"))) { + int tmp; + + if ((tmp =3D virTristateBoolTypeFromString(tls)) <=3D 0) { + virReportError(VIR_ERR_XML_ERROR, + _("unknown value '%s' of 'tls' attribute"),\ + tls); + return NULL; + } + + def->tls =3D tmp; + } } if ((n =3D virXPathNodeSet("./disks/*", ctxt, &nodes)) < 0) @@ -445,6 +460,8 @@ virDomainBackupDefFormat(virBufferPtr buf, if (def->server) { virBufferAsprintf(&serverAttrBuf, " transport=3D'%s'", virStorageNetHostTransportTypeToString(def->serv= er->transport)); + if (def->tls !=3D VIR_TRISTATE_BOOL_ABSENT) + virBufferAsprintf(&serverAttrBuf, " tls=3D'%s'", virTristateBo= olTypeToString(def->tls)); virBufferEscapeString(&serverAttrBuf, " name=3D'%s'", def->server-= >name); if (def->server->port) virBufferAsprintf(&serverAttrBuf, " port=3D'%u'", def->server-= >port); diff --git a/src/conf/backup_conf.h b/src/conf/backup_conf.h index a1d1e453c1..bda2bdcfe4 100644 --- a/src/conf/backup_conf.h +++ b/src/conf/backup_conf.h @@ -81,6 +81,7 @@ struct _virDomainBackupDef { int type; /* virDomainBackupType */ char *incremental; virStorageNetHostDefPtr server; /* only when type =3D=3D PULL */ + virTristateBool tls; /* use TLS for NBD */ size_t ndisks; /* should not exceed dom->ndisks */ virDomainBackupDiskDef *disks; diff --git a/tests/domainbackupxml2xmlin/backup-pull-encrypted.xml b/tests/= domainbackupxml2xmlin/backup-pull-encrypted.xml index 1469189a37..48232aa0fe 100644 --- a/tests/domainbackupxml2xmlin/backup-pull-encrypted.xml +++ b/tests/domainbackupxml2xmlin/backup-pull-encrypted.xml @@ -1,6 +1,6 @@ 1525889631 - + diff --git a/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml b= /tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml index 261dec0eea..ba8f7ca3ab 100644 --- a/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml +++ b/tests/domainbackupxml2xmlin/backup-pull-internal-invalid.xml @@ -1,6 +1,6 @@ 1525889631 - + diff --git a/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml b/tests= /domainbackupxml2xmlout/backup-pull-encrypted.xml index 81519bfcb5..ea9dcf72b9 100644 --- a/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml +++ b/tests/domainbackupxml2xmlout/backup-pull-encrypted.xml @@ -1,6 +1,6 @@ 1525889631 - + --=20 2.26.2 From nobody Thu May 2 19:14:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593701213; cv=none; d=zohomail.com; s=zohoarc; b=XJnAXao+yiDtewFW+lJ5u0rEu9OQ7kepcxgkXtwt7UByrBJ5Sm8PAuPFbV3+TPrJipN7IDEKmvjFvnNRa8izHRoE2s1k1NuZLLCzN5/LO2JSnpmaLROKetOpdr06+fMb1L3gTZaLW0XXXqqdAW13hD365RBVd8VEPgLABIApcnM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593701213; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=/Ul095QQ881TAWlS63QrhORtnxQhb8G4ZDqarApKYCE=; b=attd6mFzwn1HHcUWV6YzrZO90C+wyt4kDdD/QYDuv1hvb6dU6xPLcxuXwcTSBnPB9RZTm0Nq0LfTsyRcXQwE0QUo0p0qYrWZfC0W6bB4VHTCQ38JLUrrhHwEZWMg85NX1Plj+zlpjEDxNPFI7+hayYZzhmDro462t+uaJYOwN2M= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1593701213550167.65091117477334; Thu, 2 Jul 2020 07:46:53 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-375-83Rpq7spP9qZmHDhVXwUfg-1; Thu, 02 Jul 2020 10:46:50 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E3092186A205; Thu, 2 Jul 2020 14:46:43 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C3DA578124; Thu, 2 Jul 2020 14:46:43 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7EF7E180043A; Thu, 2 Jul 2020 14:46:43 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 062EefgH011933 for ; Thu, 2 Jul 2020 10:40:41 -0400 Received: by smtp.corp.redhat.com (Postfix) id CF2F210002A2; Thu, 2 Jul 2020 14:40:41 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.18]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4226210013D2 for ; Thu, 2 Jul 2020 14:40:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593701212; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=/Ul095QQ881TAWlS63QrhORtnxQhb8G4ZDqarApKYCE=; b=YZnUALzYbvlKMFfjG/tKp6CXdgp+ri+agSfTElcWIQpJr7OOnH0JL/xoVXaqacyL4wbEVc whj/B1IsgeFypKFXgn/iHnZnc2IY28Q7VIb3mVpvUXFyTaRrxPJh/diIT5+4oUboPHFpeN 6yVd44EUY7gD3sY7JNP3Le3QPMDkdZE= X-MC-Unique: 83Rpq7spP9qZmHDhVXwUfg-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 24/24] qemu: backup: Setup TLS environment for pull-mode backup jobs Date: Thu, 2 Jul 2020 16:40:10 +0200 Message-Id: <99a8373c7aa0b051081791213b647ba7b47898d7.1593700474.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Use the configured TLS env to setup encryption of the TLS transport. https://bugzilla.redhat.com/show_bug.cgi?id=3D1822631 Signed-off-by: Peter Krempa Reviewed-by: Eric Blake --- src/qemu/qemu_backup.c | 80 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_backup.c b/src/qemu/qemu_backup.c index 8dc9d2504d..b711f8f623 100644 --- a/src/qemu/qemu_backup.c +++ b/src/qemu/qemu_backup.c @@ -18,6 +18,7 @@ #include +#include "qemu_alias.h" #include "qemu_block.h" #include "qemu_conf.h" #include "qemu_capabilities.h" @@ -642,6 +643,50 @@ qemuBackupJobCancelBlockjobs(virDomainObjPtr vm, } +#define QEMU_BACKUP_TLS_ALIAS_BASE "libvirt_backup" + +static int +qemuBackupBeginPrepareTLS(virDomainObjPtr vm, + virQEMUDriverConfigPtr cfg, + virDomainBackupDefPtr def, + virJSONValuePtr *tlsProps, + virJSONValuePtr *tlsSecretProps) +{ + qemuDomainObjPrivatePtr priv =3D vm->privateData; + g_autofree char *tlsObjAlias =3D qemuAliasTLSObjFromSrcAlias(QEMU_BACK= UP_TLS_ALIAS_BASE); + g_autoptr(qemuDomainSecretInfo) secinfo =3D NULL; + const char *tlsKeySecretAlias =3D NULL; + + if (def->tls !=3D VIR_TRISTATE_BOOL_YES) + return 0; + + if (!cfg->backupTLSx509certdir) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("backup TLS directory not configured")); + return -1; + } + + if (cfg->backupTLSx509secretUUID) { + if (!(secinfo =3D qemuDomainSecretInfoTLSNew(priv, tlsObjAlias, + cfg->backupTLSx509secre= tUUID))) + return -1; + + if (qemuBuildSecretInfoProps(secinfo, tlsSecretProps) < 0) + return -1; + + tlsKeySecretAlias =3D secinfo->s.aes.alias; + } + + if (qemuBuildTLSx509BackendProps(cfg->backupTLSx509certdir, true, + cfg->backupTLSx509verify, tlsObjAlias, + tlsKeySecretAlias, priv->qemuCaps, + tlsProps) < 0) + return -1; + + return 0; +} + + int qemuBackupBegin(virDomainObjPtr vm, const char *backupXML, @@ -656,6 +701,10 @@ qemuBackupBegin(virDomainObjPtr vm, virDomainMomentObjPtr chk =3D NULL; g_autoptr(virDomainCheckpointDef) chkdef =3D NULL; g_autoptr(virJSONValue) actions =3D NULL; + g_autoptr(virJSONValue) tlsProps =3D NULL; + g_autofree char *tlsAlias =3D NULL; + g_autoptr(virJSONValue) tlsSecretProps =3D NULL; + g_autofree char *tlsSecretAlias =3D NULL; struct qemuBackupDiskData *dd =3D NULL; ssize_t ndd =3D 0; g_autoptr(virHashTable) blockNamedNodeData =3D NULL; @@ -719,6 +768,9 @@ qemuBackupBegin(virDomainObjPtr vm, if (qemuBackupPrepare(def) < 0) goto endjob; + if (qemuBackupBeginPrepareTLS(vm, cfg, def, &tlsProps, &tlsSecretProps= ) < 0) + goto endjob; + if (virDomainBackupAlignDisks(def, vm->def, suffix) < 0) goto endjob; @@ -755,8 +807,16 @@ qemuBackupBegin(virDomainObjPtr vm, /* TODO: TLS is a must-have for the modern age */ if (pull) { - if ((rc =3D qemuMonitorNBDServerStart(priv->mon, priv->backup->ser= ver, NULL)) =3D=3D 0) - nbd_running =3D true; + if (tlsSecretProps) + rc =3D qemuMonitorAddObject(priv->mon, &tlsSecretProps, &tlsSe= cretAlias); + + if (rc =3D=3D 0 && tlsProps) + rc =3D qemuMonitorAddObject(priv->mon, &tlsProps, &tlsAlias); + + if (rc =3D=3D 0) { + if ((rc =3D qemuMonitorNBDServerStart(priv->mon, priv->backup-= >server, tlsAlias)) =3D=3D 0) + nbd_running =3D true; + } } if (rc =3D=3D 0) @@ -789,6 +849,9 @@ qemuBackupBegin(virDomainObjPtr vm, } } + priv->backup->tlsAlias =3D g_steal_pointer(&tlsAlias); + priv->backup->tlsSecretAlias =3D g_steal_pointer(&tlsSecretAlias); + ret =3D 0; endjob: @@ -797,9 +860,14 @@ qemuBackupBegin(virDomainObjPtr vm, /* if 'chk' is non-NULL here it's a failure and it must be rolled back= */ qemuCheckpointRollbackMetadata(vm, chk); - if (!job_started && nbd_running && + if (!job_started && (nbd_running || tlsAlias || tlsSecretAlias) && qemuDomainObjEnterMonitorAsync(priv->driver, vm, QEMU_ASYNC_JOB_BA= CKUP) =3D=3D 0) { - ignore_value(qemuMonitorNBDServerStop(priv->mon)); + if (nbd_running) + ignore_value(qemuMonitorNBDServerStop(priv->mon)); + if (tlsAlias) + ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias, false)); + if (tlsSecretAlias) + ignore_value(qemuMonitorDelObject(priv->mon, tlsSecretAlias, f= alse)); ignore_value(qemuDomainObjExitMonitor(priv->driver, vm)); } @@ -862,6 +930,10 @@ qemuBackupNotifyBlockjobEnd(virDomainObjPtr vm, if (qemuDomainObjEnterMonitorAsync(priv->driver, vm, asyncJob) < 0) return; ignore_value(qemuMonitorNBDServerStop(priv->mon)); + if (backup->tlsAlias) + ignore_value(qemuMonitorDelObject(priv->mon, backup->tlsAlias,= false)); + if (backup->tlsSecretAlias) + ignore_value(qemuMonitorDelObject(priv->mon, backup->tlsSecret= Alias, false)); if (qemuDomainObjExitMonitor(priv->driver, vm) < 0) return; --=20 2.26.2