From: Eric Blake <eblake@redhat.com>
To: Amit Shah <amit.shah@redhat.com>,
Peter Maydell <peter.maydell@linaro.org>
Cc: qemu list <qemu-devel@nongnu.org>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Juan Quintela <quintela@redhat.com>
Subject: Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters
Date: Thu, 26 May 2016 09:05:37 -0600 [thread overview]
Message-ID: <574710C1.6070705@redhat.com> (raw)
In-Reply-To: <69ef1f36b0f882fc5ba9491fb272fa5f83ac1d3d.1464242913.git.amit.shah@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2713 bytes --]
On 05/26/2016 12:12 AM, Amit Shah wrote:
> From: "Daniel P. Berrange" <berrange@redhat.com>
>
> Define two new migration parameters to be used with TLS encryption.
> The 'tls-creds' parameter provides the ID of an instance of the
> 'tls-creds' object type, or rather a subclass such as 'tls-creds-x509'.
> Providing these credentials will enable use of TLS on the migration
> data stream.
>
> +++ b/qapi-schema.json
> +# @tls-hostname: hostname of the target host for the migration. This is
> +# required when using x509 based TLS credentials and the
> +# migration URI does not already include a hostname. For
> +# example if using fd: or exec: based migration, the
> +# hostname must be provided so that the server's x509
> +# certificate identity canbe validated. (Since 2.7)
s/canbe/can be/
> +#
> +# @tls-hostname: hostname of the target host for the migration. This is
> +# required when using x509 based TLS credentials and the
> +# migration URI does not already include a hostname. For
> +# example if using fd: or exec: based migration, the
> +# hostname must be provided so that the server's x509
> +# certificate identity canbe validated. (Since 2.7)
and again
> @@ -667,6 +702,21 @@
> # auto-converge detects that migration is not making
> # progress. The default value is 10. (Since 2.7)
> #
> +# @tls-creds: ID of the 'tls-creds' object that provides credentials for
> +# establishing a TLS connection over the migration data channel.
> +# On the outgoing side of the migration, the credentials must
> +# be for a 'client' endpoint, while for the incoming side the
> +# credentials must be for a 'server' endpoint. Setting this
> +# will enable TLS for all migrations. The default is unset,
> +# resulting in unsecured migration at the QEMU level. (Since 2.6)
Missed a swap to call out 2.7
> +#
> +# @tls-hostname: hostname of the target host for the migration. This is
> +# required when using x509 based TLS credentials and the
> +# migration URI does not already include a hostname. For
> +# example if using fd: or exec: based migration, the
> +# hostname must be provided so that the server's x509
> +# certificate identity canbe validated. (Since 2.6)
can be, 2.7
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
next prev parent reply other threads:[~2016-05-26 15:05 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-26 6:11 [Qemu-devel] [PULL 00/28] migration: support for TLS Amit Shah
2016-05-26 6:11 ` [Qemu-devel] [PULL 01/28] s390: use FILE instead of QEMUFile for creating text file Amit Shah
2016-05-26 6:11 ` [Qemu-devel] [PULL 02/28] io: avoid double-free when closing QIOChannelBuffer Amit Shah
2016-05-26 6:11 ` [Qemu-devel] [PULL 03/28] migration: remove use of qemu_bufopen from vmstate tests Amit Shah
2016-05-26 6:11 ` [Qemu-devel] [PULL 04/28] migration: ensure qemu_fflush() always writes full data amount Amit Shah
2016-05-26 6:11 ` [Qemu-devel] [PULL 05/28] migration: split migration hooks out of QEMUFileOps Amit Shah
2016-05-26 6:11 ` [Qemu-devel] [PULL 06/28] migration: introduce set_blocking function in QEMUFileOps Amit Shah
2016-05-26 6:11 ` [Qemu-devel] [PULL 07/28] migration: force QEMUFile to blocking mode for outgoing migration Amit Shah
2016-05-26 6:11 ` [Qemu-devel] [PULL 08/28] migration: introduce a new QEMUFile impl based on QIOChannel Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 09/28] migration: add helpers for creating QEMUFile from a QIOChannel Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 10/28] migration: add reporting of errors for outgoing migration Amit Shah
2016-05-26 15:00 ` Eric Blake
2016-05-31 15:16 ` Daniel P. Berrange
2016-06-06 8:38 ` Paolo Bonzini
2016-05-26 6:12 ` [Qemu-devel] [PULL 11/28] migration: convert post-copy to use QIOChannelBuffer Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 12/28] migration: convert unix socket protocol to use QIOChannel Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 13/28] migration: rename unix.c to socket.c Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 14/28] migration: convert tcp socket protocol to use QIOChannel Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 15/28] migration: convert fd " Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 16/28] migration: convert exec " Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 17/28] migration: convert RDMA to use QIOChannel interface Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 18/28] migration: convert savevm to use QIOChannel for writing to files Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 19/28] migration: delete QEMUFile buffer implementation Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 20/28] migration: delete QEMUSizedBuffer struct Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 21/28] migration: delete QEMUFile sockets implementation Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 22/28] migration: delete QEMUFile stdio implementation Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 23/28] migration: move definition of struct QEMUFile back into qemu-file.c Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 24/28] migration: don't use an array for storing migrate parameters Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and 'tls-hostname' migration parameters Amit Shah
2016-05-26 15:05 ` Eric Blake [this message]
2016-05-27 10:02 ` Amit Shah
2016-05-31 9:22 ` Daniel P. Berrange
2016-05-26 6:12 ` [Qemu-devel] [PULL 26/28] migration: add support for encrypting data with TLS Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 27/28] migration: remove support for non-iovec based write handlers Amit Shah
2016-05-26 6:12 ` [Qemu-devel] [PULL 28/28] migration: remove qemu_get_fd method from QEMUFile Amit Shah
2016-05-26 16:29 ` [Qemu-devel] [PULL 00/28] migration: support for TLS Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=574710C1.6070705@redhat.com \
--to=eblake@redhat.com \
--cc=amit.shah@redhat.com \
--cc=dgilbert@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.