From nobody Fri May 3 14:40:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1606226376; cv=none; d=zohomail.com; s=zohoarc; b=RHrpGoCzLd7R22YsUDmaQ6QztC/LJeciMVomplm3Z6j0MPAWBQ8nsdUULG0a0eS1CLyOBdNn+f2Kpm8KutvaUtW2NlyFTsSHAUgS8k3fiDpWgK7rwGQHh1drt7/cWtrnqqaYSAkB1KS2e9oTJLNcOpsPtq4iCIf9+IcbzqL8JhM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606226376; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=61kT3Y4o8lQ0pLIU72hBzVcGuxPZlLkzz3QUnSymJxE=; b=Yyguz7zEcF88THvS/VUwBr2Q8wJbKzNKSU/Q36U9kfrUVivif340pr87cPZ72hvRA3bjkM4YGgrKZheLbJ9EnSYDcmBnTdLR+GpFgHXBrbuQg91KXyTbTAu+EzayUT/jLHrfyRcIbCeh4ZEg05nzzyUdRtXuwrphbMSfsxpBCtc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1606226376592801.9779259249829; Tue, 24 Nov 2020 05:59:36 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-520-52PFOKZQMgu_1jZ34aNQ8A-1; Tue, 24 Nov 2020 08:59:33 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id AF0611922025; Tue, 24 Nov 2020 13:59:27 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 893EF63BA7; Tue, 24 Nov 2020 13:59:27 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5376D5002F; Tue, 24 Nov 2020 13:59:27 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0AODx9S4023021 for ; Tue, 24 Nov 2020 08:59:09 -0500 Received: by smtp.corp.redhat.com (Postfix) id 0478C60864; Tue, 24 Nov 2020 13:59:09 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3ED5160873 for ; Tue, 24 Nov 2020 13:59:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606226375; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=61kT3Y4o8lQ0pLIU72hBzVcGuxPZlLkzz3QUnSymJxE=; b=R2HieVs950d3YB0G7jnN7jzMWb60OjyTgZv0LqfJbPLAYKuCnwUNLn02rIn/v3NGpiez7U hirthXhYtNFSUFRvHOpkn0HGs4vepJZwjmGIKB/6zBzNVGZ2sMyYZ0iy/X/+flspFizh3D RKmXvmCAM2aBEqpGJHHOLWJDkL09CjU= X-MC-Unique: 52PFOKZQMgu_1jZ34aNQ8A-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 1/7] docs: migration: Fix example for unix socket migration Date: Tue, 24 Nov 2020 14:58:56 +0100 Message-Id: <151077239f576e5b2528b9171ace61fc265d270b.1606226117.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Fix the following issues: 1) the very long line is overflowing the code box 2) '--migrateuri' was missing for the qemu data stream 3) '--desturi' was not used making it non-obvious what the argument corresponds to Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- docs/migration.html.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/migration.html.in b/docs/migration.html.in index 77731eeb37..e84e5f5452 100644 --- a/docs/migration.html.in +++ b/docs/migration.html.in @@ -655,7 +655,10 @@ virsh migrate --p2p --tunnelled web1 qemu+ssh://destho= st/system qemu+ssh://10.0. software): 

-virsh migrate web1 [--p2p] --copy-storage-all 'qemu+unix:///system?socket=
=3D/tmp/migdir/test-sock-driver' 'unix:///tmp/migdir/test-sock-qemu' --disk=
s-uri unix:///tmp/migdir/test-sock-nbd
+virsh migrate --domain web1 [--p2p] --copy-storage-all
+  --desturi 'qemu+unix:///system?socket=3D/tmp/migdir/test-sock-driver'
+  --migrateuri 'unix:///tmp/migdir/test-sock-qemu'
+  --disks-uri unix:///tmp/migdir/test-sock-nbd

--=20 2.28.0 From nobody Fri May 3 14:40:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1606226379; cv=none; d=zohomail.com; s=zohoarc; b=UplRF/AuCV0MjcQNAhSzW0GYBVpPUFbmcpNwMzZ2BXa5dSaP5WLZHWgoVcNCMrD6qFYUTp5/NXwewKZiRv+ncrVd+iPrhxfgBfb2klOPId7Sge8M82LtWOxfv+5qaPi0eSwIgzKUw70irSsPPcnBwTLGALehAOR8pM5pxeXS5Y0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606226379; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=54ivJVSRozmVen1Z5kflFXiUTe1hI2JSRAo16hUr7TQ=; b=KBcrrlc2i9GgqGmcTNMQ2q3q+GMrctJVKIdp9xwL0TxKLmCB9EAlLQUf++RN8sGVOAgstIhh/2qSPD1nnXhrDo8XOzLkNfQfQe9y967ObSkhFNV/QMwMaYpTzHpTJ4zHb40JA0eZAYSFpS5HarNt8aLfDYo5A0NO8PHi3qii9o0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 16062263795890.7097762408789094; Tue, 24 Nov 2020 05:59:39 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-16-3Yvah6nGNsqliD3O_CRObQ-1; Tue, 24 Nov 2020 08:59:36 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C83DCA0C22; Tue, 24 Nov 2020 13:59:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A20A65D9CD; Tue, 24 Nov 2020 13:59:30 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 689BA50032; Tue, 24 Nov 2020 13:59:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0AODxA7L023038 for ; Tue, 24 Nov 2020 08:59:10 -0500 Received: by smtp.corp.redhat.com (Postfix) id 3205360873; Tue, 24 Nov 2020 13:59:10 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id 743BC60864 for ; Tue, 24 Nov 2020 13:59:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606226378; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=54ivJVSRozmVen1Z5kflFXiUTe1hI2JSRAo16hUr7TQ=; b=KuIuOJJ4LeEX3zUm2SdhlP25A5uRZrzQ3gxbRyZI0JDo0lPNaljPU3FmimvG3ORzqFeeqn xS6Yr98Qv+Dj0miaGN3cO0S0WnDvPspChOAC9oVKloWM2qXoRsXZfEFqOw0+D3U2jDMweW 1CsBxtqqAU5crhepHEfDUx6KZEw+Npc= X-MC-Unique: 3Yvah6nGNsqliD3O_CRObQ-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 2/7] qemu: migration: Remove TODO about implementing NBD for TUNNELLED migration Date: Tue, 24 Nov 2020 14:58:57 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Our streams are not the best transport for migration data and we support TLS for security now. It's unlikely that there will be enough motivation to add a new migration protocol to tunnell NBD too. Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- src/qemu/qemu_migration.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index fef0be63a1..85f3c4ccee 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -2244,10 +2244,7 @@ qemuMigrationSrcBeginPhase(virQEMUDriverPtr driver, } } - /* TODO support NBD for TUNNELLED migration */ - if (flags & VIR_MIGRATE_TUNNELLED) { - VIR_WARN("NBD in tunnelled migration is currently not supporte= d"); - } else { + if (!(flags & VIR_MIGRATE_TUNNELLED)) { cookieFlags |=3D QEMU_MIGRATION_COOKIE_NBD; priv->nbdPort =3D 0; } --=20 2.28.0 From nobody Fri May 3 14:40:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1606226387; cv=none; d=zohomail.com; s=zohoarc; b=DHc7WqT2tXx04TgMU6Fxeyi0ViAtlv80T8AZTKOGkbqthkH63oOtSz43AkD0izTWefHnhbvtPr0FYfuImF1Goxzqx21ZVFhUMnyqvG61TBDmdmO+dmuCFU0QrgmdCPiJqCC67mprZSYtiNmyjnw+NMFflRJhXn3ZWY+GPp1qLQM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606226387; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=6GUxKJTXOatUdwCwKlHpYj+/Q0xDI8pr4qSQ0zAc+i8=; b=MvkEf0AoB3AcTrsE2qmnhhj1GmAgPp40DGyQiw55TT0ZTVT71XLvwJB1UE1HjSsM5LZhipsWlRUU/wj4yViR1/c7kf9/td/hEAHPWRWPPYKSKB5a8LlCKZ5iN3MHhrxXFDjAYbptMdAvlYucWWrX9ogg1HBZ6wDtPJkmRFGeNJc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1606226386999545.3091875632342; Tue, 24 Nov 2020 05:59:46 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-451-cwXQ7Z73PZKWmwh8_wdq_g-1; Tue, 24 Nov 2020 08:59:40 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8926E81F02F; Tue, 24 Nov 2020 13:59:33 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 657F4189A4; Tue, 24 Nov 2020 13:59:33 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2A2B31809CA0; Tue, 24 Nov 2020 13:59:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0AODxCBq023054 for ; Tue, 24 Nov 2020 08:59:12 -0500 Received: by smtp.corp.redhat.com (Postfix) id 2EA8C60873; Tue, 24 Nov 2020 13:59:12 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id E679B60864 for ; Tue, 24 Nov 2020 13:59:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606226385; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=6GUxKJTXOatUdwCwKlHpYj+/Q0xDI8pr4qSQ0zAc+i8=; b=iZD0y2MhklnzqC8Gr2uTtrFLxs4B7AEWei3MVCRTL1HJhqJWS9l5hMJyT/J6RZLN+tIGFR ybvbz4C7FpRtaTRdaHK/AUvO7aVFQj/WwPTjO79aXGZzKp1WNLWUVUFe2Lt3IdmfSZkEMH 3chiNvQkfb8OooaaM4jv0aG79JZ+3Ds= X-MC-Unique: cwXQ7Z73PZKWmwh8_wdq_g-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 3/7] qemu: migration: Aggregate logic depending on tunnelled migration Date: Tue, 24 Nov 2020 14:58:58 +0100 Message-Id: <301961c0ea68bb8b1ed4882e64cabad61da19980.1606226117.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Move and aggregate all the logic which is switched based on whether the migration is tunnelled or not before other checks. Further checks will be added later. While the code is being moved the error message is put on a single line per new coding style. Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- src/qemu/qemu_migration.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 85f3c4ccee..13d73638f4 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -2219,6 +2219,17 @@ qemuMigrationSrcBeginPhase(virQEMUDriverPtr driver, } if (flags & (VIR_MIGRATE_NON_SHARED_DISK | VIR_MIGRATE_NON_SHARED_INC)= ) { + if (flags & VIR_MIGRATE_TUNNELLED) { + if (nmigrate_disks) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("Selecting disks to migrate is not implem= ented for tunnelled migration")); + return NULL; + } + } else { + cookieFlags |=3D QEMU_MIGRATION_COOKIE_NBD; + priv->nbdPort =3D 0; + } + if (nmigrate_disks) { size_t i, j; /* Check user requested only known disk targets. */ @@ -2235,18 +2246,6 @@ qemuMigrationSrcBeginPhase(virQEMUDriverPtr driver, return NULL; } } - - if (flags & VIR_MIGRATE_TUNNELLED) { - virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", - _("Selecting disks to migrate is not " - "implemented for tunnelled migration")); - return NULL; - } - } - - if (!(flags & VIR_MIGRATE_TUNNELLED)) { - cookieFlags |=3D QEMU_MIGRATION_COOKIE_NBD; - priv->nbdPort =3D 0; } } --=20 2.28.0 From nobody Fri May 3 14:40:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) client-ip=63.128.21.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1606226386; cv=none; d=zohomail.com; s=zohoarc; b=XpJYu5Adqh8LmopAWeQyhiWr+XGL8T3z1DqGE0FqUkDwej1YdZDmx760q470JA0oFB1IrGTeHV8TMTmMijUqwMglr+roMQtqLAHEEkfrIApt4XVKStFBGezhKEkkeMB59FygccuwbEM95aEblDr+VvuQ2TgxqX2xwVNBAMFZ4pc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606226386; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=TmYQry0encet335ZjFu3hkSn7wlEagen0jIAFDeMYeU=; b=FWhk1KefashpNR2B78+4z7k+REA4pXtDmurn61ue7/V/kuGYaSaOaZee9wYUzC2hGbPpS7fvyoJ6dpCO6BkyRC9Fgu1quevu5mLRMlOOqgGrzIfIhHL6pkaG3vplo1VGEyKpGobjSFwxAPLNCZHd0rqHlXVtAYe3vA7OimPAeUw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 63.128.21.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by mx.zohomail.com with SMTPS id 1606226386317264.6082855435835; Tue, 24 Nov 2020 05:59:46 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-546-IfDtdAXbPQmJLU-d-y9tkg-1; Tue, 24 Nov 2020 08:59:42 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 89812A0C25; Tue, 24 Nov 2020 13:59:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 58D3A5D71D; Tue, 24 Nov 2020 13:59:36 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DCC1550032; Tue, 24 Nov 2020 13:59:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0AODxD9m023062 for ; Tue, 24 Nov 2020 08:59:13 -0500 Received: by smtp.corp.redhat.com (Postfix) id 6F88660873; Tue, 24 Nov 2020 13:59:13 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9D4AA60864 for ; Tue, 24 Nov 2020 13:59:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606226385; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=TmYQry0encet335ZjFu3hkSn7wlEagen0jIAFDeMYeU=; b=NS57f+ufhUWIN8sdDPTPeSgrePJvBnAZxAY2l6+OaCYhgcSDAsE39RhLsZNEfP32NSeNhU lTEynQ5xag+FMVleGp6yh3leAEDRDaoFaAr3o/WcLt7zSdLEOkdxKaRDZOLjHAvmLWCY6L E6ml6G/7DWZt/e3TOXTYIv3+dS/ULDY= X-MC-Unique: IfDtdAXbPQmJLU-d-y9tkg-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 4/7] qemu: migration: Forbid tunnelled non-shared storage migration with -blockdev Date: Tue, 24 Nov 2020 14:58:59 +0100 Message-Id: <3ee8b3ee5938f945820f8aca5de569a776a0ad95.1606226117.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" qemu's internals were not prepared for switching to -blockdev for the legacy storage migration. Add a proper error message since qemu is unlikely to attempt fixing the old protocol. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/65 Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- src/qemu/qemu_migration.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 13d73638f4..2be0fc29ae 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -2220,6 +2220,12 @@ qemuMigrationSrcBeginPhase(virQEMUDriverPtr driver, if (flags & (VIR_MIGRATE_NON_SHARED_DISK | VIR_MIGRATE_NON_SHARED_INC)= ) { if (flags & VIR_MIGRATE_TUNNELLED) { + if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV)) { + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("migration of non-shared storage is not s= upported with tunnelled migration and this QEMU")); + return NULL; + } + if (nmigrate_disks) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", _("Selecting disks to migrate is not implem= ented for tunnelled migration")); --=20 2.28.0 From nobody Fri May 3 14:40:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1606226390; cv=none; d=zohomail.com; s=zohoarc; b=iwGOnTi5DURL6/cLOe0QKOqsqnWId/GXRSAkxgnDTmxlIz4Kg+WIIyrCo8wACFOZBw0IM+89JCUyrjfVj+hSspPmfZfHPKC3Wwbz8t40zNFtOTxH6XxvWdZKBKXrACmNBnIcCfPLms8hYFvuWKkeeSD4FdHNhEe09l9upCJ8ueQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606226390; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=WOfIYHISZQ1Ma+VdXsNAl871NEmtxeohBqcF8b4uT/c=; b=DDDNeaEeaCK6BNcSSVc10fCKWf2bMWLPmz++HaoGFtJExBJs6s7F5GeGfvUnYZsunAk5XPVXn9WOMWx1ZJ5XokAIJi66UvT8RpRmPwJelPquAMeFoao9yoaWFG7/90Va+SYpFYFFBuAuLhrvz0Frp+mFXa9rKhb8RA+OE839WRI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1606226390826673.040415352059; Tue, 24 Nov 2020 05:59:50 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-259-I7nCee6rPK-l_Ro7fIeTgw-1; Tue, 24 Nov 2020 08:59:47 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E97BEA0C28; Tue, 24 Nov 2020 13:59:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C06C919C71; Tue, 24 Nov 2020 13:59:40 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8641E1809CA1; Tue, 24 Nov 2020 13:59:40 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0AODxEF8023076 for ; Tue, 24 Nov 2020 08:59:14 -0500 Received: by smtp.corp.redhat.com (Postfix) id C519A60873; Tue, 24 Nov 2020 13:59:14 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0B86360864 for ; Tue, 24 Nov 2020 13:59:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606226389; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=WOfIYHISZQ1Ma+VdXsNAl871NEmtxeohBqcF8b4uT/c=; b=HtBVvRWjbU5NgaTlFCMRut2ioNRqNvKRqgb/5FajKNZErz8WdqFRG6b3ZWH+DT5qy6z081 3RdaQCfTFA3/u4TrRUA0AMH0RBgEtqDve/xmCVDF5lakIGbbQ+vHQoqsN6xks+1QgCg1pD M7vVaxfY6/ykOm1F6OobQNF2f6gyKdY= X-MC-Unique: I7nCee6rPK-l_Ro7fIeTgw-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 5/7] docs: migration: Mention that features may not work with tunnelled migration Date: Tue, 24 Nov 2020 14:59:00 +0100 Message-Id: <81cd9c7e871c6cefa629caddf4939953b04bc03b.1606226117.git.pkrempa@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Enumerate some features which are incompatible with tunnelled migration. Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- docs/migration.html.in | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/migration.html.in b/docs/migration.html.in index e84e5f5452..c3c64fb51f 100644 --- a/docs/migration.html.in +++ b/docs/migration.html.in @@ -49,6 +49,14 @@ migration operations.

+

+ Note: Certain features such as migration of non-shared stor= age + (VIR_MIGRATE_NON_SHARED_DISK), the multi-connection mig= ration + (VIR_MIGRATE_PARALLEL), or post-copy migration + (VIR_MIGRATE_POSTCOPY) may not be available when using + libvirt's tunnelling. +

+

3D"Migration=

--=20 2.28.0 From nobody Fri May 3 14:40:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1606226370; cv=none; d=zohomail.com; s=zohoarc; b=DCqiECYdXgTCkjSfCsc5taWA/DvcAK6LhR88hF8srRK93NryB2Hs2bvmsPnHoG3iiaFCPjNW9JfIj8EvA8szqLrlK55RTSrKKfupFfKzwLG/v5sLgXkdmA+ctG32Nzzcys7VRsXi1d7kupKACKPH15GkEoWlh/bo3q4eUa82OMQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606226370; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=2hNuGYDIbDHsWSiGS2TwSVJDTF/tmNmPkLUj+2lJpPU=; b=OnbITCf8GANOl6NanyzgEFEStRlFpib8VLCmN8Iy8nlUzDZnN5WtwdgMisTGLg3HlmxFMDg2LD3Anl/RdM/i7tZGuNar3EaqLpG0gShJDayCGqasv+x0jl0gpPuOsPI22oxZkTMY+el38rWti3vekVkHk1lSu6dGjvyy5nX42qw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1606226370298601.621171298629; Tue, 24 Nov 2020 05:59:30 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-161-gAbjNvUGNcyINK3FajTw9w-1; Tue, 24 Nov 2020 08:59:25 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7392DA0C24; Tue, 24 Nov 2020 13:59:19 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1D4964D; Tue, 24 Nov 2020 13:59:19 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6993A4EEF6; Tue, 24 Nov 2020 13:59:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0AODxGp0023090 for ; Tue, 24 Nov 2020 08:59:16 -0500 Received: by smtp.corp.redhat.com (Postfix) id 181E360873; Tue, 24 Nov 2020 13:59:16 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6253860864 for ; Tue, 24 Nov 2020 13:59:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606226368; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=2hNuGYDIbDHsWSiGS2TwSVJDTF/tmNmPkLUj+2lJpPU=; b=SaTJa0+jcGGjz+9TOs38eLcH0H2QgcWYcZ1aLNeDTqXF6SAjy37yt1d0JgApVKFdL1U+hT +srQC+iwEZldRsWjoX5nAMvlezNbqUimQfm1/ia8gIhUSGQqwSY110orTgUj05gR3EL8kS EQaz9vuFj8aLilLHA+EFwEMTjZ4/0OI= X-MC-Unique: gAbjNvUGNcyINK3FajTw9w-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 6/7] qemu: conf: Introduce "migrate_tls_force" qemu.conf option Date: Tue, 24 Nov 2020 14:59:01 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Forgetting to use the VIR_MIGRATE_TLS flag with migration can lead to leak of sensitive information. Add an administrative knob to force use of the flag. Note that without VIR_MIGRATE_PEER2PEER, the migration is driven by an instance of the client library which doesn't necessarily run on either of the hosts so the flag can't be used to assume VIR_MIGRATE_TLS even if it wasn't provided by the user instead of rejecting if it's not. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/67 Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 8 ++++++++ src/qemu/qemu_conf.c | 2 ++ src/qemu/qemu_conf.h | 1 + src/qemu/qemu_migration.c | 28 ++++++++++++++++++++++++++++ src/qemu/test_libvirtd_qemu.aug.in | 1 + 6 files changed, 41 insertions(+) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index abbac549f2..3c1045858b 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -58,6 +58,7 @@ module Libvirtd_qemu =3D let migrate_entry =3D str_entry "migrate_tls_x509_cert_dir" | bool_entry "migrate_tls_x509_verify" | str_entry "migrate_tls_x509_secret_uuid" + | bool_entry "migrate_tls_force" let backup_entry =3D str_entry "backup_tls_x509_cert_dir" | bool_entry "backup_tls_x509_verify" diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index a7b864f594..0c1054f198 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -401,6 +401,14 @@ #migrate_tls_x509_secret_uuid =3D "00000000-0000-0000-0000-000000000000" +# By default TLS is requested using the VIR_MIGRATE_TLS flag, thus not req= uested +# automatically. Setting 'migate_tls_force' to "1" will prevent any migrat= ion +# which is not using VIR_MIGRATE_TLS to ensure higher level of security in +# deployments with TLS. +# +#migrate_tls_force =3D 0 + + # In order to override the default TLS certificate location for backup NBD # server certificates, supply a valid path to the certificate directory. I= f the # provided path does not exist, libvirtd will fail to start. If the path is diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 83de26ab56..d6615ca0dd 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -494,6 +494,8 @@ virQEMUDriverConfigLoadSpecificTLSEntry(virQEMUDriverCo= nfigPtr cfg, return -1; if (virConfGetValueBool(conf, "chardev_tls", &cfg->chardevTLS) < 0) return -1; + if (virConfGetValueBool(conf, "migrate_tls_force", &cfg->migrateTLSFor= ce) < 0) + return -1; #define GET_CONFIG_TLS_CERTINFO_COMMON(val) \ do { \ diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 8748212a82..411d08db36 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -140,6 +140,7 @@ struct _virQEMUDriverConfig { bool migrateTLSx509verify; bool migrateTLSx509verifyPresent; char *migrateTLSx509secretUUID; + bool migrateTLSForce; char *backupTLSx509certdir; bool backupTLSx509verify; diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index 2be0fc29ae..122481dea1 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -2332,9 +2332,18 @@ qemuMigrationSrcBegin(virConnectPtr conn, unsigned long flags) { virQEMUDriverPtr driver =3D conn->privateData; + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); char *xml =3D NULL; qemuDomainAsyncJob asyncJob; + if (cfg->migrateTLSForce && + !(flags & VIR_MIGRATE_TUNNELLED) && + !(flags & VIR_MIGRATE_TLS)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("this libvirtd instance allows migration only wit= h VIR_MIGRATE_TLS flag")); + goto cleanup; + } + if ((flags & VIR_MIGRATE_CHANGE_PROTECTION)) { if (qemuMigrationJobStart(driver, vm, QEMU_ASYNC_JOB_MIGRATION_OUT, flags) < 0) @@ -2501,6 +2510,7 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver, qemuMigrationParamsPtr migParams, unsigned long flags) { + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); virDomainObjPtr vm =3D NULL; virObjectEventPtr event =3D NULL; virErrorPtr origErr; @@ -2563,6 +2573,14 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver, goto cleanup; } + if (cfg->migrateTLSForce && + !(flags & VIR_MIGRATE_TUNNELLED) && + !(flags & VIR_MIGRATE_TLS)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("this libvirtd instance allows migration only wit= h VIR_MIGRATE_TLS flag")); + goto cleanup; + } + if (!qemuMigrationSrcIsAllowedHostdev(*def)) goto cleanup; @@ -5013,6 +5031,8 @@ qemuMigrationSrcPerform(virQEMUDriverPtr driver, unsigned long resource, bool v3proto) { + g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); + VIR_DEBUG("driver=3D%p, conn=3D%p, vm=3D%p, xmlin=3D%s, dconnuri=3D%s,= " "uri=3D%s, graphicsuri=3D%s, listenAddress=3D%s, " "nmigrate_disks=3D%zu, migrate_disks=3D%p, nbdPort=3D%d, " @@ -5025,6 +5045,14 @@ qemuMigrationSrcPerform(virQEMUDriverPtr driver, NULLSTR(cookiein), cookieinlen, cookieout, cookieoutlen, flags, NULLSTR(dname), resource, v3proto); + if (cfg->migrateTLSForce && + !(flags & VIR_MIGRATE_TUNNELLED) && + !(flags & VIR_MIGRATE_TLS)) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("this libvirtd instance allows migration only wit= h VIR_MIGRATE_TLS flag")); + return -1; + } + if ((flags & (VIR_MIGRATE_TUNNELLED | VIR_MIGRATE_PEER2PEER))) { if (cookieinlen) { virReportError(VIR_ERR_OPERATION_INVALID, diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe= mu.aug.in index 6a54e2322a..9310dcec1c 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -35,6 +35,7 @@ module Test_libvirtd_qemu =3D { "migrate_tls_x509_cert_dir" =3D "/etc/pki/libvirt-migrate" } { "migrate_tls_x509_verify" =3D "1" } { "migrate_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000= " } +{ "migrate_tls_force" =3D "0" } { "backup_tls_x509_cert_dir" =3D "/etc/pki/libvirt-backup" } { "backup_tls_x509_verify" =3D "1" } { "backup_tls_x509_secret_uuid" =3D "00000000-0000-0000-0000-000000000000"= } --=20 2.28.0 From nobody Fri May 3 14:40:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1606226525; cv=none; d=zohomail.com; s=zohoarc; b=TEtoa2FqK9KF0L/vxN+eeobAmMJdArYyN6RX58e803zpFYG51dPbzl+YUqaLEHVZx+rn8auaBGg5nfalFxMIO6GQrRiRg8OXfLS5OLsPP/u3GD0R2qlG0uytdz78A6EEOzXRpQsDLOOYiXjq0iHEhUsB8RD4lvQIDpNi7kLmyrk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1606226525; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=7vlXebJDA9NxTE6g8u3cwFl1iACOb4U2XNVvX0CpkAQ=; b=kQZsg0l7wqCZLI/ueyyqoS1QvNSdcjtfoPI4VxaiJQ717ERrmEgSVaNBJ6zIrM8pfDvXStokuV55CaYjxjZ65gP2XFsT+ClHgkyYBASFIiAtN44FgOXTQfMp6y3IaOoV1dJ+LWLZ4ZSxzD4Hy337olzJ3f7Y6B83HAL6UdVunYY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1606226525198113.64215023636268; Tue, 24 Nov 2020 06:02:05 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-529-LNxufBRhNhi_0jE9puBhng-1; Tue, 24 Nov 2020 08:59:49 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B76AE81F033; Tue, 24 Nov 2020 13:59:43 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8EFCD5D719; Tue, 24 Nov 2020 13:59:43 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 556BE50035; Tue, 24 Nov 2020 13:59:43 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0AODxHDt023096 for ; Tue, 24 Nov 2020 08:59:17 -0500 Received: by smtp.corp.redhat.com (Postfix) id 5A9C360873; Tue, 24 Nov 2020 13:59:17 +0000 (UTC) Received: from speedmetal.lan (unknown [10.40.208.3]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8475760864 for ; Tue, 24 Nov 2020 13:59:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606226406; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=7vlXebJDA9NxTE6g8u3cwFl1iACOb4U2XNVvX0CpkAQ=; b=BMUB/rid9G0Ofm826MY8BW+lEn46B1pnWm/RT5FlcEvUHWpdYedNYE9Gjb6MXkunvSSxob SBBrBgPqNhL4TDqmqOx5SU6eYW8s5bOLypTqs8AFnCnsqTavqfrHertiUdtAX+RRBbzOQg GKqlQpqM0Uj245fnKWt6kdKyeBXC37w= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606226523; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=7vlXebJDA9NxTE6g8u3cwFl1iACOb4U2XNVvX0CpkAQ=; b=AlbobGKIXyb8Ur7eLQD+I/nMjIsinn5V+/RryjRu6aKYMX4kHmKXpTKHRkP4vT32b0+bPW ZE8pK0ScCaylKJgx+Bivsnkl2AVtVL9BXUJYZ6ui99iF085urbMOWP2gEKXTy9ThCvmtwC 5uGuxugxbTBU1YBgqVFww/22Se37wzY= X-MC-Unique: LNxufBRhNhi_0jE9puBhng-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 7/7] docs: migration: Add a mention of VIR_MIGRATE_TLS and it's enforcement for qemu Date: Tue, 24 Nov 2020 14:59:02 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Mention the flag to enable TLS and also the knob to enforce it in the qmemu hypervisor driver. Signed-off-by: Peter Krempa Reviewed-by: J=C3=A1n Tomko --- docs/migration.html.in | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/migration.html.in b/docs/migration.html.in index c3c64fb51f..b080e3a7f5 100644 --- a/docs/migration.html.in +++ b/docs/migration.html.in @@ -31,6 +31,14 @@ of ports on the firewall to allow multiple concurrent migration oper= ations.

+

+ Modern hypervisors support TLS for encryption and authentication of = the + migration connections which can be enabled using the + VIR_MIGRATE_TLS flag. The qemu hypervisor driv= er + allows users to force use of TLS via the migrate_tls_force + knob configured in /etc/libvirt/qemu.conf. +

+

3D"Migration=

--=20 2.28.0