qemu: Add TLS support for Veritas HyperScale (VxHS)
Alter qemu command line generation in order to possibly add TLS for
a suitably configured domain.
Sample TLS args generated by libvirt -
-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
endpoint=client,verify-peer=yes \
-drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\
file.server.type=tcp,file.server.host=192.168.0.1,\
file.server.port=9999,format=raw,if=none,\
id=drive-virtio-disk0,cache=none \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
id=virtio-disk0
Update the qemuxml2argvtest with a couple of examples. One for a
simple case and the other a bit more complex where multiple VxHS disks
are added where at least one uses a VxHS that doesn't require TLS
credentials and thus sets the domain disk source attribute "tls = 'no'".
Update the hotplug to be able to handle processing the tlsAlias whether
it's to add the TLS object when hotplugging a disk or to remove the TLS
object when hot unplugging a disk. The hot plug/unplug code is largely
generic, but the addition code does make the VXHS specific checks only
because it needs to grab the correct config directory and generate the
object as the command line would do.
Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-30 15:06:00 +00:00
|
|
|
LC_ALL=C \
|
|
|
|
PATH=/bin \
|
|
|
|
HOME=/home/test \
|
|
|
|
USER=test \
|
|
|
|
LOGNAME=test \
|
|
|
|
QEMU_AUDIO_DRV=none \
|
|
|
|
/usr/bin/qemu-system-x86_64 \
|
|
|
|
-name QEMUGuest1 \
|
|
|
|
-S \
|
|
|
|
-M pc \
|
|
|
|
-cpu qemu32 \
|
|
|
|
-m 214 \
|
|
|
|
-smp 1,sockets=1,cores=1,threads=1 \
|
|
|
|
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
|
|
|
|
-nographic \
|
|
|
|
-nodefaults \
|
|
|
|
-chardev socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\
|
|
|
|
server,nowait \
|
|
|
|
-mon chardev=charmonitor,id=monitor,mode=readline \
|
|
|
|
-no-acpi \
|
|
|
|
-boot c \
|
|
|
|
-usb \
|
2017-09-28 17:41:21 +00:00
|
|
|
-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/libvirt-vxhs,\
|
qemu: Add TLS support for Veritas HyperScale (VxHS)
Alter qemu command line generation in order to possibly add TLS for
a suitably configured domain.
Sample TLS args generated by libvirt -
-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
endpoint=client,verify-peer=yes \
-drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\
file.server.type=tcp,file.server.host=192.168.0.1,\
file.server.port=9999,format=raw,if=none,\
id=drive-virtio-disk0,cache=none \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
id=virtio-disk0
Update the qemuxml2argvtest with a couple of examples. One for a
simple case and the other a bit more complex where multiple VxHS disks
are added where at least one uses a VxHS that doesn't require TLS
credentials and thus sets the domain disk source attribute "tls = 'no'".
Update the hotplug to be able to handle processing the tlsAlias whether
it's to add the TLS object when hotplugging a disk or to remove the TLS
object when hot unplugging a disk. The hot plug/unplug code is largely
generic, but the addition code does make the VXHS specific checks only
because it needs to grab the correct config directory and generate the
object as the command line would do.
Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-30 15:06:00 +00:00
|
|
|
endpoint=client,verify-peer=yes \
|
|
|
|
-drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
|
|
|
|
file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,file.server.type=tcp,\
|
|
|
|
file.server.host=192.168.0.1,file.server.port=9999,format=raw,if=none,\
|
|
|
|
id=drive-virtio-disk0,cache=none \
|
|
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
|
|
|
|
id=virtio-disk0 \
|
2017-09-28 17:41:21 +00:00
|
|
|
-object tls-creds-x509,id=objvirtio-disk1_tls0,dir=/etc/pki/libvirt-vxhs,\
|
qemu: Add TLS support for Veritas HyperScale (VxHS)
Alter qemu command line generation in order to possibly add TLS for
a suitably configured domain.
Sample TLS args generated by libvirt -
-object tls-creds-x509,id=objvirtio-disk0_tls0,dir=/etc/pki/qemu,\
endpoint=client,verify-peer=yes \
-drive file.driver=vxhs,file.tls-creds=objvirtio-disk0_tls0,\
file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc251,\
file.server.type=tcp,file.server.host=192.168.0.1,\
file.server.port=9999,format=raw,if=none,\
id=drive-virtio-disk0,cache=none \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
id=virtio-disk0
Update the qemuxml2argvtest with a couple of examples. One for a
simple case and the other a bit more complex where multiple VxHS disks
are added where at least one uses a VxHS that doesn't require TLS
credentials and thus sets the domain disk source attribute "tls = 'no'".
Update the hotplug to be able to handle processing the tlsAlias whether
it's to add the TLS object when hotplugging a disk or to remove the TLS
object when hot unplugging a disk. The hot plug/unplug code is largely
generic, but the addition code does make the VXHS specific checks only
because it needs to grab the correct config directory and generate the
object as the command line would do.
Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>
2017-08-30 15:06:00 +00:00
|
|
|
endpoint=client,verify-peer=yes \
|
|
|
|
-drive file.driver=vxhs,file.tls-creds=objvirtio-disk1_tls0,\
|
|
|
|
file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc252,file.server.type=tcp,\
|
|
|
|
file.server.host=192.168.0.2,file.server.port=9999,format=raw,if=none,\
|
|
|
|
id=drive-virtio-disk1,cache=none \
|
|
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,\
|
|
|
|
id=virtio-disk1 \
|
|
|
|
-drive file.driver=vxhs,file.vdisk-id=eb90327c-8302-4725-9e1b-4e85ed4dc253,\
|
|
|
|
file.server.type=tcp,file.server.host=192.168.0.3,file.server.port=9999,\
|
|
|
|
format=raw,if=none,id=drive-virtio-disk2,cache=none \
|
|
|
|
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk2,\
|
|
|
|
id=virtio-disk2
|