From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: oscar.zhangbo@huawei.com, Zihao Chang <changzihao1@huawei.com>,
Markus Armbruster <armbru@redhat.com>,
xiexiangyou@huawei.com, qemu-devel@nongnu.org
Subject: Re: [PATCH v2 2/2] vnc: add qmp to support reload vnc tls certificates
Date: Mon, 18 Jan 2021 16:16:25 +0000 [thread overview]
Message-ID: <20210118161625.GE1799018@redhat.com> (raw)
In-Reply-To: <20210118161316.yptquytrr23yv4bs@sirius.home.kraxel.org>
On Mon, Jan 18, 2021 at 05:13:16PM +0100, Gerd Hoffmann wrote:
> Hi,
>
> > Or we could have a more generic "display-reload" command, which has
> > fields indicating what aspect to reload. eg a 'tls-certs: bool' field
> > to indicate reload of TLS certs in the display. This could be useful
> > if we wanted the ability to reload authz access control lists, though
> > we did actually wire them up to auto-reload using inotify.
>
> Maybe we should just use inotify-based reload for the certs too?
The authz access control is easy because it is just one file.
When updating the certs though, we have 1-4 files that need loading, and
they can only be reloaded once all of them are updated on disk. This gives
a synchronization challenge for use of inotify, as when we see 1 updated,
we don't know if we need to wait for the others to be updated or not.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
prev parent reply other threads:[~2021-01-18 16:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-07 14:30 [PATCH v2 0/2] support tls certificates reload Zihao Chang
2021-01-07 14:30 ` [PATCH v2 1/2] crypto: add reload for QCryptoTLSCredsClass Zihao Chang
2021-01-07 14:30 ` [PATCH v2 2/2] vnc: add qmp to support reload vnc tls certificates Zihao Chang
2021-01-15 13:37 ` Markus Armbruster
2021-01-15 13:47 ` Daniel P. Berrangé
2021-01-18 7:27 ` Zihao Chang
2021-01-18 14:22 ` Markus Armbruster
2021-01-18 14:27 ` Daniel P. Berrangé
2021-01-18 16:13 ` Gerd Hoffmann
2021-01-18 16:16 ` Daniel P. Berrangé [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210118161625.GE1799018@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=changzihao1@huawei.com \
--cc=kraxel@redhat.com \
--cc=oscar.zhangbo@huawei.com \
--cc=qemu-devel@nongnu.org \
--cc=xiexiangyou@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.