[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v6 for-2.7 25/28] migration: define 'tls-creds'
From: |
Amit Shah |
Subject: |
Re: [Qemu-devel] [PATCH v6 for-2.7 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters |
Date: |
Wed, 25 May 2016 17:23:51 +0530 |
On (Wed) 27 Apr 2016 [11:05:15], Daniel P. Berrange wrote:
> Define two new migration parameters to be used with TLS encryption.
> The 'tls-creds' parameter provides the ID of an instance of the
> 'tls-creds' object type, or rather a subclass such as 'tls-creds-x509'.
> Providing these credentials will enable use of TLS on the migration
> data stream.
>
> If using x509 certificates, together with a migration URI that does
> not include a hostname, the 'tls-hostname' parameter provides the
> hostname to use when verifying the server's x509 certificate. This
> allows TLS to be used in combination with fd: and exec: protocols
> where a TCP connection is established by a 3rd party outside of
> QEMU.
>
> NB, this requires changing the migrate_set_parameter method in the
> HMP to accept a 's' (string) value instead of 'i' (integer). This
> is backwards compatible, because the parsing of strings allows the
> quotes to be optional, thus any integer is also a valid string.
>
> Reviewed-by: Dr. David Alan Gilbert <address@hidden>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> diff --git a/qapi-schema.json b/qapi-schema.json
> index 9aa14b4..12be303 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -617,11 +617,28 @@
> # @x-cpu-throttle-increment: throttle percentage increase each time
> # auto-converge detects that migration is not
> making
> # progress. The default value is 10. (Since 2.5)
> +#
> +# @tls-creds: ID of the 'tls-creds' object that provides credentials for
> +# establishing a TLS connection over the migration data channel.
> +# On the outgoing side of the migration, the credentials must
> +# be for a 'client' endpoint, while for the incoming side the
> +# credentials must be for a 'server' endpoint. Setting this
> +# will enable TLS for all migrations. The default is unset,
> +# resulting in unsecured migration at the QEMU level. (Since 2.6)
All these need to be "Since 2.7"
I've updated these in my branch, no respin required for this.
Amit
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-devel] [PATCH v6 for-2.7 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters,
Amit Shah <=