External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-21 20:15:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

virsh: Add --tls-destination option for migrate command

Browse Source 
This option can be used to override the destination host name used for
TLS verification.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
This commit is contained in:
Jiri Denemark 2019-12-03 16:20:57 +01:00
parent c11706cc25
commit 5c7cd74a52
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
tools/virsh-domain.c
View File

@ -10566,6 +10566,10 @@ static const vshCmdOptDef opts_migrate[] = {
.type = VSH_OT_INT,
.help = N_("migration bandwidth limit in MiB/s")
},
{.name = "tls-destination",
.type = VSH_OT_STRING,
.help = N_("override the destination host name used for TLS verification")
},
{.name = NULL}
};
@ -10789,6 +10793,13 @@ doMigrate(void *opaque)
goto save_error;
}
if (vshCommandOptStringReq(ctl, cmd, "tls-destination", &opt) < 0)
goto out;
if (opt &&
virTypedParamsAddString(&params, &nparams, &maxparams,
VIR_MIGRATE_PARAM_TLS_DESTINATION, opt) < 0)
goto save_error;
if (vshCommandOptBool(cmd, "live"))
flags |= VIR_MIGRATE_LIVE;
if (vshCommandOptBool(cmd, "p2p"))

8
tools/virsh.pod
View File

@ -2174,7 +2174,7 @@ I<domain> I<desturi> [I<migrateuri>] [I<graphicsuri>] [I<listen-address>] [I<dna
[I<auto-converge-increment>] [I<--persistent-xml> B<file>] [I<--tls>]
[I<--postcopy-bandwidth> B<bandwidth>]
[I<--parallel> [I<--parallel-connections> B<connections>]]
[I<--bandwidth> B<bandwidth>]
[I<--bandwidth> B<bandwidth>] [I<--tls-destination> B<hostname>]
Migrate domain to another host. Add I<--live> for live migration; <--p2p>
for peer-2-peer migration; I<--direct> for direct migration; or I<--tunnelled>
@ -2267,7 +2267,11 @@ respectively. I<--comp-xbzrle-cache> sets size of page cache in bytes.
Providing I<--tls> causes the migration to use the host configured TLS setup
(see migrate_tls_x509_cert_dir in /etc/libvirt/qemu.conf) in order to perform
the migration of the domain. Usage requires proper TLS setup for both source
and target.
and target. Normally the TLS certificate from the destination host must match
the host's name for TLS verification to succeed. When the certificate does not
match the destination hostname and the expected cetificate's hostname is
known, I<--tls-destination> can be used to pass the expected B<hostname> when
starting the migration.
I<--parallel> option will cause migration data to be sent over multiple
parallel connections. The number of such connections can be set using