Re: [Qemu-devel] [PATCH v6 for-2.7 25/28] migration: define 'tls-creds'

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v6 for-2.7 25/28] migration: define 'tls-creds'

From:	Amit Shah
Subject:	Re: [Qemu-devel] [PATCH v6 for-2.7 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters
Date:	Wed, 25 May 2016 17:23:51 +0530

On (Wed) 27 Apr 2016 [11:05:15], Daniel P. Berrange wrote:
> Define two new migration parameters to be used with TLS encryption.
> The 'tls-creds' parameter provides the ID of an instance of the
> 'tls-creds' object type, or rather a subclass such as 'tls-creds-x509'.
> Providing these credentials will enable use of TLS on the migration
> data stream.
> 
> If using x509 certificates, together with a migration URI that does
> not include a hostname, the 'tls-hostname' parameter provides the
> hostname to use when verifying the server's x509 certificate. This
> allows TLS to be used in combination with fd: and exec: protocols
> where a TCP connection is established by a 3rd party outside of
> QEMU.
> 
> NB, this requires changing the migrate_set_parameter method in the
> HMP to accept a 's' (string) value instead of 'i' (integer). This
> is backwards compatible, because the parsing of strings allows the
> quotes to be optional, thus any integer is also a valid string.
> 
> Reviewed-by: Dr. David Alan Gilbert <address@hidden>
> Signed-off-by: Daniel P. Berrange <address@hidden>

> diff --git a/qapi-schema.json b/qapi-schema.json
> index 9aa14b4..12be303 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -617,11 +617,28 @@
>  # @x-cpu-throttle-increment: throttle percentage increase each time
>  #                            auto-converge detects that migration is not 
> making
>  #                            progress. The default value is 10. (Since 2.5)
> +#
> +# @tls-creds: ID of the 'tls-creds' object that provides credentials for
> +#             establishing a TLS connection over the migration data channel.
> +#             On the outgoing side of the migration, the credentials must
> +#             be for a 'client' endpoint, while for the incoming side the
> +#             credentials must be for a 'server' endpoint. Setting this
> +#             will enable TLS for all migrations. The default is unset,
> +#             resulting in unsecured migration at the QEMU level. (Since 2.6)

All these need to be "Since 2.7"

I've updated these in my branch, no respin required for this.

                Amit

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH v6 for-2.7 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters, Amit Shah <=

Prev by Date: Re: [Qemu-devel] [PATCH 1/3] scsi: megasas: use appropriate property buffer size
Next by Date: [Qemu-devel] [Bug 1585533] Re: cache-miss-rate / Invalid JSON
Previous by thread: Re: [Qemu-devel] [PATCH v6 for-2.7 24/28] migration: don't use an array for storing migrate parameters
Next by thread: [Qemu-devel] [PATCH v2] scsi: megasas: initialise local configuration data buffer
Index(es):
- Date
- Thread