Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hos

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hos

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters
Date:	Thu, 26 May 2016 09:05:37 -0600
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

On 05/26/2016 12:12 AM, Amit Shah wrote:
> From: "Daniel P. Berrange" <address@hidden>
> 
> Define two new migration parameters to be used with TLS encryption.
> The 'tls-creds' parameter provides the ID of an instance of the
> 'tls-creds' object type, or rather a subclass such as 'tls-creds-x509'.
> Providing these credentials will enable use of TLS on the migration
> data stream.
> 

> +++ b/qapi-schema.json

> +# @tls-hostname: hostname of the target host for the migration. This is
> +#                required when using x509 based TLS credentials and the
> +#                migration URI does not already include a hostname. For
> +#                example if using fd: or exec: based migration, the
> +#                hostname must be provided so that the server's x509
> +#                certificate identity canbe validated. (Since 2.7)

s/canbe/can be/


> +#
> +# @tls-hostname: hostname of the target host for the migration. This is
> +#                required when using x509 based TLS credentials and the
> +#                migration URI does not already include a hostname. For
> +#                example if using fd: or exec: based migration, the
> +#                hostname must be provided so that the server's x509
> +#                certificate identity canbe validated. (Since 2.7)

and again

> @@ -667,6 +702,21 @@
>  #                          auto-converge detects that migration is not making
>  #                          progress. The default value is 10. (Since 2.7)
>  #
> +# @tls-creds: ID of the 'tls-creds' object that provides credentials for
> +#             establishing a TLS connection over the migration data channel.
> +#             On the outgoing side of the migration, the credentials must
> +#             be for a 'client' endpoint, while for the incoming side the
> +#             credentials must be for a 'server' endpoint. Setting this
> +#             will enable TLS for all migrations. The default is unset,
> +#             resulting in unsecured migration at the QEMU level. (Since 2.6)

Missed a swap to call out 2.7

> +#
> +# @tls-hostname: hostname of the target host for the migration. This is
> +#                required when using x509 based TLS credentials and the
> +#                migration URI does not already include a hostname. For
> +#                example if using fd: or exec: based migration, the
> +#                hostname must be provided so that the server's x509
> +#                certificate identity canbe validated. (Since 2.6)

can be, 2.7

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL 16/28] migration: convert exec socket protocol to use QIOChannel, (continued)
- [Qemu-devel] [PULL 16/28] migration: convert exec socket protocol to use QIOChannel, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 17/28] migration: convert RDMA to use QIOChannel interface, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 18/28] migration: convert savevm to use QIOChannel for writing to files, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 20/28] migration: delete QEMUSizedBuffer struct, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 19/28] migration: delete QEMUFile buffer implementation, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 21/28] migration: delete QEMUFile sockets implementation, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 22/28] migration: delete QEMUFile stdio implementation, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 24/28] migration: don't use an array for storing migrate parameters, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 23/28] migration: move definition of struct QEMUFile back into qemu-file.c, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters, Amit Shah, 2016/05/26
  - Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters, Eric Blake <=
    - Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters, Amit Shah, 2016/05/27
    - Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters, Daniel P. Berrange, 2016/05/31
- [Qemu-devel] [PULL 26/28] migration: add support for encrypting data with TLS, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 27/28] migration: remove support for non-iovec based write handlers, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 28/28] migration: remove qemu_get_fd method from QEMUFile, Amit Shah, 2016/05/26
- Re: [Qemu-devel] [PULL 00/28] migration: support for TLS, Peter Maydell, 2016/05/26

Prev by Date: Re: [Qemu-devel] [PULL 10/28] migration: add reporting of errors for outgoing migration
Next by Date: Re: [Qemu-devel] [libvirt] inconsistent handling of "qemu64" CPU model
Previous by thread: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters
Next by thread: Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters
Index(es):
- Date
- Thread