mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-05 22:05:47 +00:00
admin: Introduce virAdmServerUpdateTlsFiles
The server needs to use CA certificate, CRL, server certificate/key to complete the TLS handshake. If these files change, we needed to restart libvirtd for them to take effect. This API can update the TLS context *ONLINE* without restarting libvirtd. Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Zhang Bo <oscar.zhangbo@huawei.com> Signed-off-by: Wu Qingliang <wuqingliang4@huawei.com>
This commit is contained in:
parent
b461178639
commit
29e68c932f
@ -402,6 +402,9 @@ int virAdmServerSetClientLimits(virAdmServerPtr srv,
|
|||||||
int nparams,
|
int nparams,
|
||||||
unsigned int flags);
|
unsigned int flags);
|
||||||
|
|
||||||
|
int virAdmServerUpdateTlsFiles(virAdmServerPtr srv,
|
||||||
|
unsigned int flags);
|
||||||
|
|
||||||
int virAdmConnectGetLoggingOutputs(virAdmConnectPtr conn,
|
int virAdmConnectGetLoggingOutputs(virAdmConnectPtr conn,
|
||||||
char **outputs,
|
char **outputs,
|
||||||
unsigned int flags);
|
unsigned int flags);
|
||||||
|
@ -181,6 +181,11 @@ struct admin_server_set_client_limits_args {
|
|||||||
unsigned int flags;
|
unsigned int flags;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct admin_server_update_tls_files_args {
|
||||||
|
admin_nonnull_server srv;
|
||||||
|
unsigned int flags;
|
||||||
|
};
|
||||||
|
|
||||||
struct admin_connect_get_logging_outputs_args {
|
struct admin_connect_get_logging_outputs_args {
|
||||||
unsigned int flags;
|
unsigned int flags;
|
||||||
};
|
};
|
||||||
@ -314,5 +319,10 @@ enum admin_procedure {
|
|||||||
/**
|
/**
|
||||||
* @generate: both
|
* @generate: both
|
||||||
*/
|
*/
|
||||||
ADMIN_PROC_CONNECT_SET_LOGGING_FILTERS = 17
|
ADMIN_PROC_CONNECT_SET_LOGGING_FILTERS = 17,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @generate: both
|
||||||
|
*/
|
||||||
|
ADMIN_PROC_SERVER_UPDATE_TLS_FILES = 18
|
||||||
};
|
};
|
||||||
|
@ -367,3 +367,12 @@ adminServerSetClientLimits(virNetServerPtr srv,
|
|||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
adminServerUpdateTlsFiles(virNetServerPtr srv,
|
||||||
|
unsigned int flags)
|
||||||
|
{
|
||||||
|
virCheckFlags(0, -1);
|
||||||
|
|
||||||
|
return virNetServerUpdateTlsFiles(srv);
|
||||||
|
}
|
||||||
|
@ -67,3 +67,6 @@ int adminServerSetClientLimits(virNetServerPtr srv,
|
|||||||
virTypedParameterPtr params,
|
virTypedParameterPtr params,
|
||||||
int nparams,
|
int nparams,
|
||||||
unsigned int flags);
|
unsigned int flags);
|
||||||
|
|
||||||
|
int adminServerUpdateTlsFiles(virNetServerPtr srv,
|
||||||
|
unsigned int flags);
|
||||||
|
@ -1078,6 +1078,36 @@ virAdmServerSetClientLimits(virAdmServerPtr srv,
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* virAdmServerUpdateTlsFiles:
|
||||||
|
* @srv: a valid server object reference
|
||||||
|
* @flags: extra flags; not used yet, so callers should always pass 0
|
||||||
|
*
|
||||||
|
* Notify server to update tls file, such as cacert, cacrl, server cert / key.
|
||||||
|
*
|
||||||
|
* Returns 0 if the TLS files have been updated successfully or -1 in case of an
|
||||||
|
* error.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
virAdmServerUpdateTlsFiles(virAdmServerPtr srv,
|
||||||
|
unsigned int flags)
|
||||||
|
{
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
|
VIR_DEBUG("srv=%p, flags=0x%x", srv, flags);
|
||||||
|
virResetLastError();
|
||||||
|
|
||||||
|
virCheckAdmServerGoto(srv, error);
|
||||||
|
|
||||||
|
if ((ret = remoteAdminServerUpdateTlsFiles(srv, flags)) < 0)
|
||||||
|
goto error;
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
error:
|
||||||
|
virDispatchError(NULL);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* virAdmConnectGetLoggingOutputs:
|
* virAdmConnectGetLoggingOutputs:
|
||||||
* @conn: pointer to an active admin connection
|
* @conn: pointer to an active admin connection
|
||||||
|
@ -31,6 +31,7 @@ xdr_admin_server_lookup_client_args;
|
|||||||
xdr_admin_server_lookup_client_ret;
|
xdr_admin_server_lookup_client_ret;
|
||||||
xdr_admin_server_set_client_limits_args;
|
xdr_admin_server_set_client_limits_args;
|
||||||
xdr_admin_server_set_threadpool_parameters_args;
|
xdr_admin_server_set_threadpool_parameters_args;
|
||||||
|
xdr_admin_server_update_tls_files_args;
|
||||||
|
|
||||||
# datatypes.h
|
# datatypes.h
|
||||||
virAdmClientClass;
|
virAdmClientClass;
|
||||||
|
@ -38,6 +38,7 @@ LIBVIRT_ADMIN_2.0.0 {
|
|||||||
virAdmClientClose;
|
virAdmClientClose;
|
||||||
virAdmServerGetClientLimits;
|
virAdmServerGetClientLimits;
|
||||||
virAdmServerSetClientLimits;
|
virAdmServerSetClientLimits;
|
||||||
|
virAdmServerUpdateTlsFiles;
|
||||||
};
|
};
|
||||||
|
|
||||||
LIBVIRT_ADMIN_3.0.0 {
|
LIBVIRT_ADMIN_3.0.0 {
|
||||||
|
@ -118,6 +118,10 @@ struct admin_server_set_client_limits_args {
|
|||||||
} params;
|
} params;
|
||||||
u_int flags;
|
u_int flags;
|
||||||
};
|
};
|
||||||
|
struct admin_server_update_tls_files_args {
|
||||||
|
admin_nonnull_server srv;
|
||||||
|
u_int flags;
|
||||||
|
};
|
||||||
struct admin_connect_get_logging_outputs_args {
|
struct admin_connect_get_logging_outputs_args {
|
||||||
u_int flags;
|
u_int flags;
|
||||||
};
|
};
|
||||||
@ -158,4 +162,5 @@ enum admin_procedure {
|
|||||||
ADMIN_PROC_CONNECT_GET_LOGGING_FILTERS = 15,
|
ADMIN_PROC_CONNECT_GET_LOGGING_FILTERS = 15,
|
||||||
ADMIN_PROC_CONNECT_SET_LOGGING_OUTPUTS = 16,
|
ADMIN_PROC_CONNECT_SET_LOGGING_OUTPUTS = 16,
|
||||||
ADMIN_PROC_CONNECT_SET_LOGGING_FILTERS = 17,
|
ADMIN_PROC_CONNECT_SET_LOGGING_FILTERS = 17,
|
||||||
|
ADMIN_PROC_SERVER_UPDATE_TLS_FILES = 18,
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user