mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-23 06:23:10 +00:00
virsh: Add --tls-destination option for migrate command
This option can be used to override the destination host name used for TLS verification. Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
This commit is contained in:
parent
c11706cc25
commit
5c7cd74a52
@ -10566,6 +10566,10 @@ static const vshCmdOptDef opts_migrate[] = {
|
|||||||
.type = VSH_OT_INT,
|
.type = VSH_OT_INT,
|
||||||
.help = N_("migration bandwidth limit in MiB/s")
|
.help = N_("migration bandwidth limit in MiB/s")
|
||||||
},
|
},
|
||||||
|
{.name = "tls-destination",
|
||||||
|
.type = VSH_OT_STRING,
|
||||||
|
.help = N_("override the destination host name used for TLS verification")
|
||||||
|
},
|
||||||
{.name = NULL}
|
{.name = NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -10789,6 +10793,13 @@ doMigrate(void *opaque)
|
|||||||
goto save_error;
|
goto save_error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (vshCommandOptStringReq(ctl, cmd, "tls-destination", &opt) < 0)
|
||||||
|
goto out;
|
||||||
|
if (opt &&
|
||||||
|
virTypedParamsAddString(¶ms, &nparams, &maxparams,
|
||||||
|
VIR_MIGRATE_PARAM_TLS_DESTINATION, opt) < 0)
|
||||||
|
goto save_error;
|
||||||
|
|
||||||
if (vshCommandOptBool(cmd, "live"))
|
if (vshCommandOptBool(cmd, "live"))
|
||||||
flags |= VIR_MIGRATE_LIVE;
|
flags |= VIR_MIGRATE_LIVE;
|
||||||
if (vshCommandOptBool(cmd, "p2p"))
|
if (vshCommandOptBool(cmd, "p2p"))
|
||||||
|
@ -2174,7 +2174,7 @@ I<domain> I<desturi> [I<migrateuri>] [I<graphicsuri>] [I<listen-address>] [I<dna
|
|||||||
[I<auto-converge-increment>] [I<--persistent-xml> B<file>] [I<--tls>]
|
[I<auto-converge-increment>] [I<--persistent-xml> B<file>] [I<--tls>]
|
||||||
[I<--postcopy-bandwidth> B<bandwidth>]
|
[I<--postcopy-bandwidth> B<bandwidth>]
|
||||||
[I<--parallel> [I<--parallel-connections> B<connections>]]
|
[I<--parallel> [I<--parallel-connections> B<connections>]]
|
||||||
[I<--bandwidth> B<bandwidth>]
|
[I<--bandwidth> B<bandwidth>] [I<--tls-destination> B<hostname>]
|
||||||
|
|
||||||
Migrate domain to another host. Add I<--live> for live migration; <--p2p>
|
Migrate domain to another host. Add I<--live> for live migration; <--p2p>
|
||||||
for peer-2-peer migration; I<--direct> for direct migration; or I<--tunnelled>
|
for peer-2-peer migration; I<--direct> for direct migration; or I<--tunnelled>
|
||||||
@ -2267,7 +2267,11 @@ respectively. I<--comp-xbzrle-cache> sets size of page cache in bytes.
|
|||||||
Providing I<--tls> causes the migration to use the host configured TLS setup
|
Providing I<--tls> causes the migration to use the host configured TLS setup
|
||||||
(see migrate_tls_x509_cert_dir in /etc/libvirt/qemu.conf) in order to perform
|
(see migrate_tls_x509_cert_dir in /etc/libvirt/qemu.conf) in order to perform
|
||||||
the migration of the domain. Usage requires proper TLS setup for both source
|
the migration of the domain. Usage requires proper TLS setup for both source
|
||||||
and target.
|
and target. Normally the TLS certificate from the destination host must match
|
||||||
|
the host's name for TLS verification to succeed. When the certificate does not
|
||||||
|
match the destination hostname and the expected cetificate's hostname is
|
||||||
|
known, I<--tls-destination> can be used to pass the expected B<hostname> when
|
||||||
|
starting the migration.
|
||||||
|
|
||||||
I<--parallel> option will cause migration data to be sent over multiple
|
I<--parallel> option will cause migration data to be sent over multiple
|
||||||
parallel connections. The number of such connections can be set using
|
parallel connections. The number of such connections can be set using
|
||||||
|
Loading…
Reference in New Issue
Block a user