[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hos
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters |
Date: |
Thu, 26 May 2016 09:05:37 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 05/26/2016 12:12 AM, Amit Shah wrote:
> From: "Daniel P. Berrange" <address@hidden>
>
> Define two new migration parameters to be used with TLS encryption.
> The 'tls-creds' parameter provides the ID of an instance of the
> 'tls-creds' object type, or rather a subclass such as 'tls-creds-x509'.
> Providing these credentials will enable use of TLS on the migration
> data stream.
>
> +++ b/qapi-schema.json
> +# @tls-hostname: hostname of the target host for the migration. This is
> +# required when using x509 based TLS credentials and the
> +# migration URI does not already include a hostname. For
> +# example if using fd: or exec: based migration, the
> +# hostname must be provided so that the server's x509
> +# certificate identity canbe validated. (Since 2.7)
s/canbe/can be/
> +#
> +# @tls-hostname: hostname of the target host for the migration. This is
> +# required when using x509 based TLS credentials and the
> +# migration URI does not already include a hostname. For
> +# example if using fd: or exec: based migration, the
> +# hostname must be provided so that the server's x509
> +# certificate identity canbe validated. (Since 2.7)
and again
> @@ -667,6 +702,21 @@
> # auto-converge detects that migration is not making
> # progress. The default value is 10. (Since 2.7)
> #
> +# @tls-creds: ID of the 'tls-creds' object that provides credentials for
> +# establishing a TLS connection over the migration data channel.
> +# On the outgoing side of the migration, the credentials must
> +# be for a 'client' endpoint, while for the incoming side the
> +# credentials must be for a 'server' endpoint. Setting this
> +# will enable TLS for all migrations. The default is unset,
> +# resulting in unsecured migration at the QEMU level. (Since 2.6)
Missed a swap to call out 2.7
> +#
> +# @tls-hostname: hostname of the target host for the migration. This is
> +# required when using x509 based TLS credentials and the
> +# migration URI does not already include a hostname. For
> +# example if using fd: or exec: based migration, the
> +# hostname must be provided so that the server's x509
> +# certificate identity canbe validated. (Since 2.6)
can be, 2.7
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- [Qemu-devel] [PULL 16/28] migration: convert exec socket protocol to use QIOChannel, (continued)
- [Qemu-devel] [PULL 16/28] migration: convert exec socket protocol to use QIOChannel, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 17/28] migration: convert RDMA to use QIOChannel interface, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 18/28] migration: convert savevm to use QIOChannel for writing to files, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 20/28] migration: delete QEMUSizedBuffer struct, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 19/28] migration: delete QEMUFile buffer implementation, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 21/28] migration: delete QEMUFile sockets implementation, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 22/28] migration: delete QEMUFile stdio implementation, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 24/28] migration: don't use an array for storing migrate parameters, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 23/28] migration: move definition of struct QEMUFile back into qemu-file.c, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters, Amit Shah, 2016/05/26
- Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters,
Eric Blake <=
- [Qemu-devel] [PULL 26/28] migration: add support for encrypting data with TLS, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 27/28] migration: remove support for non-iovec based write handlers, Amit Shah, 2016/05/26
- [Qemu-devel] [PULL 28/28] migration: remove qemu_get_fd method from QEMUFile, Amit Shah, 2016/05/26
- Re: [Qemu-devel] [PULL 00/28] migration: support for TLS, Peter Maydell, 2016/05/26