External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

qemu: domain: Setup secret for TLS key for nbd/vxhs disks

Browse Source 
Setup the TLS secret when preparing a virStorageSource for use.

https://bugzilla.redhat.com/show_bug.cgi?id=1602328

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
This commit is contained in:
Peter Krempa 2020-06-30 15:39:41 +02:00
parent 470d322e0c
commit 423711aef2
1 changed files with 31 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/qemu/qemu_domain.c
View File

@ -9537,7 +9537,9 @@ qemuDomainPrepareChardevSource(virDomainDefPtr def,
static int static int
qemuProcessPrepareStorageSourceTLSVxhs(virStorageSourcePtr src, qemuProcessPrepareStorageSourceTLSVxhs(virStorageSourcePtr src,
virQEMUDriverConfigPtr cfg) virQEMUDriverConfigPtr cfg,
qemuDomainObjPrivatePtr priv,
const char *parentAlias)
{ {
/* VxHS uses only client certificates and thus has no need for /* VxHS uses only client certificates and thus has no need for
* the server-key.pem nor a secret that could be used to decrypt * the server-key.pem nor a secret that could be used to decrypt
@ -9550,9 +9552,19 @@ qemuProcessPrepareStorageSourceTLSVxhs(virStorageSourcePtr src,
src->tlsFromConfig = true; src->tlsFromConfig = true;
} }
if (src->haveTLS == VIR_TRISTATE_BOOL_YES) if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
src->tlsAlias = qemuAliasTLSObjFromSrcAlias(parentAlias);
src->tlsCertdir = g_strdup(cfg->vxhsTLSx509certdir); src->tlsCertdir = g_strdup(cfg->vxhsTLSx509certdir);
if (cfg->vxhsTLSx509secretUUID) {
qemuDomainStorageSourcePrivatePtr srcpriv = qemuDomainStorageSourcePrivateFetch(src);
if (!(srcpriv->tlsKeySecret = qemuDomainSecretInfoTLSNew(priv, src->tlsAlias,
cfg->vxhsTLSx509secretUUID)))
return -1;
}
}
return 0; return 0;
} }
@ -9560,7 +9572,8 @@ qemuProcessPrepareStorageSourceTLSVxhs(virStorageSourcePtr src,
static int static int
qemuProcessPrepareStorageSourceTLSNBD(virStorageSourcePtr src, qemuProcessPrepareStorageSourceTLSNBD(virStorageSourcePtr src,
virQEMUDriverConfigPtr cfg, virQEMUDriverConfigPtr cfg,
virQEMUCapsPtr qemuCaps) qemuDomainObjPrivatePtr priv,
const char *parentAlias)
{ {
if (src->haveTLS == VIR_TRISTATE_BOOL_ABSENT) { if (src->haveTLS == VIR_TRISTATE_BOOL_ABSENT) {
if (cfg->nbdTLS) if (cfg->nbdTLS)
@ -9571,13 +9584,22 @@ qemuProcessPrepareStorageSourceTLSNBD(virStorageSourcePtr src,
} }
if (src->haveTLS == VIR_TRISTATE_BOOL_YES) { if (src->haveTLS == VIR_TRISTATE_BOOL_YES) {
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_NBD_TLS)) { if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_NBD_TLS)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("this qemu does not support TLS transport for NBD")); _("this qemu does not support TLS transport for NBD"));
return -1; return -1;
} }
src->tlsAlias = qemuAliasTLSObjFromSrcAlias(parentAlias);
src->tlsCertdir = g_strdup(cfg->nbdTLSx509certdir); src->tlsCertdir = g_strdup(cfg->nbdTLSx509certdir);
if (cfg->nbdTLSx509secretUUID) {
qemuDomainStorageSourcePrivatePtr srcpriv = qemuDomainStorageSourcePrivateFetch(src);
if (!(srcpriv->tlsKeySecret = qemuDomainSecretInfoTLSNew(priv, src->tlsAlias,
cfg->nbdTLSx509secretUUID)))
return -1;
}
} }
return 0; return 0;
@ -9599,19 +9621,19 @@ static int
qemuDomainPrepareStorageSourceTLS(virStorageSourcePtr src, qemuDomainPrepareStorageSourceTLS(virStorageSourcePtr src,
virQEMUDriverConfigPtr cfg, virQEMUDriverConfigPtr cfg,
const char *parentAlias, const char *parentAlias,
virQEMUCapsPtr qemuCaps) qemuDomainObjPrivatePtr priv)
{ {
if (virStorageSourceGetActualType(src) != VIR_STORAGE_TYPE_NETWORK) if (virStorageSourceGetActualType(src) != VIR_STORAGE_TYPE_NETWORK)
return 0; return 0;
switch ((virStorageNetProtocol) src->protocol) { switch ((virStorageNetProtocol) src->protocol) {
case VIR_STORAGE_NET_PROTOCOL_VXHS: case VIR_STORAGE_NET_PROTOCOL_VXHS:
if (qemuProcessPrepareStorageSourceTLSVxhs(src, cfg) < 0) if (qemuProcessPrepareStorageSourceTLSVxhs(src, cfg, priv, parentAlias) < 0)
return -1; return -1;
break; break;
case VIR_STORAGE_NET_PROTOCOL_NBD: case VIR_STORAGE_NET_PROTOCOL_NBD:
if (qemuProcessPrepareStorageSourceTLSNBD(src, cfg, qemuCaps) < 0) if (qemuProcessPrepareStorageSourceTLSNBD(src, cfg, priv, parentAlias) < 0)
return -1; return -1;
break; break;
@ -9640,10 +9662,6 @@ qemuDomainPrepareStorageSourceTLS(virStorageSourcePtr src,
return -1; return -1;
} }
if (src->haveTLS == VIR_TRISTATE_BOOL_YES &&
!(src->tlsAlias = qemuAliasTLSObjFromSrcAlias(parentAlias)))
return -1;
return 0; return 0;
} }
@ -12128,7 +12146,7 @@ qemuDomainPrepareDiskSourceLegacy(virDomainDiskDefPtr disk,
return -1; return -1;
if (qemuDomainPrepareStorageSourceTLS(disk->src, cfg, disk->info.alias, if (qemuDomainPrepareStorageSourceTLS(disk->src, cfg, disk->info.alias,
priv->qemuCaps) < 0) priv) < 0)
return -1; return -1;
return 0; return 0;
@ -12164,7 +12182,7 @@ qemuDomainPrepareStorageSourceBlockdev(virDomainDiskDefPtr disk,
return -1; return -1;
if (qemuDomainPrepareStorageSourceTLS(src, cfg, src->nodestorage, if (qemuDomainPrepareStorageSourceTLS(src, cfg, src->nodestorage,
priv->qemuCaps) < 0) priv) < 0)
return -1; return -1;
return 0; return 0;