External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-23 04:55:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: domain: Separate setup of TLS for VXHS disks from qemuDomainPrepareDiskSourceTLS

Browse Source 
Split out the code into a separate function so that all steps for a
storage protocol are contained and the original function is easily
extendable.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2018-05-29 13:40:16 +02:00
parent 2e22a5618c
commit 2396774b6a
1 changed files with 29 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/qemu/qemu_domain.c
View File

@ -9928,6 +9928,32 @@ qemuDomainPrepareChardevSource(virDomainDefPtr def,
} }
static int
qemuProcessPrepareStorageSourceTLSVxhs(virStorageSourcePtr src,
virQEMUDriverConfigPtr cfg)
{
/* VxHS uses only client certificates and thus has no need for
* the server-key.pem nor a secret that could be used to decrypt
* the it, so no need to add a secinfo for a secret UUID. */
if (src->haveTLS == VIR_TRISTATE_BOOL_ABSENT) {
if (cfg->vxhsTLS)
src->haveTLS = VIR_TRISTATE_BOOL_YES;
else
src->haveTLS = VIR_TRISTATE_BOOL_NO;
src->tlsFromConfig = true;
}
if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
if (VIR_STRDUP(src->tlsCertdir, cfg->vxhsTLSx509certdir) < 0)
return -1;
src->tlsVerify = true;
}
return 0;
}
/* qemuProcessPrepareDiskSourceTLS: /* qemuProcessPrepareDiskSourceTLS:
* @source: pointer to host interface data for disk device * @source: pointer to host interface data for disk device
* @cfg: driver configuration * @cfg: driver configuration
@ -9945,29 +9971,10 @@ qemuDomainPrepareDiskSourceTLS(virStorageSourcePtr src,
virStorageSourcePtr next; virStorageSourcePtr next;
for (next = src; virStorageSourceIsBacking(next); next = next->backingStore) { for (next = src; virStorageSourceIsBacking(next); next = next->backingStore) {
/* VxHS uses only client certificates and thus has no need for
* the server-key.pem nor a secret that could be used to decrypt
* the it, so no need to add a secinfo for a secret UUID. */
if (next->type == VIR_STORAGE_TYPE_NETWORK && if (next->type == VIR_STORAGE_TYPE_NETWORK &&
next->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS) { next->protocol == VIR_STORAGE_NET_PROTOCOL_VXHS &&
qemuProcessPrepareStorageSourceTLSVxhs(next, cfg) < 0)
if (next->haveTLS == VIR_TRISTATE_BOOL_ABSENT) {
if (cfg->vxhsTLS)
next->haveTLS = VIR_TRISTATE_BOOL_YES;
else
next->haveTLS = VIR_TRISTATE_BOOL_NO;
next->tlsFromConfig = true;
}
if (next->haveTLS == VIR_TRISTATE_BOOL_YES) {
/* Grab the vxhsTLSx509certdir and set the verify/listen values.
* NB: tlsAlias filled in during qemuDomainGetTLSObjects. */
if (VIR_STRDUP(next->tlsCertdir, cfg->vxhsTLSx509certdir) < 0)
return -1; return -1;
next->tlsVerify = true;
}
}
} }
return 0; return 0;