[Qemu-devel] [PATCH v2 0/2] migration: fixes to handling tls-hostname/tls-creds

[Qemu-devel] [PATCH v2 0/2] migration: fixes to handling tls-hostname/tls-creds

[Daniel P. Berrange]

The need for these two patches was identified during implementation  of
TLS encrypted migration in libvirt.

Daniel P. Berrange (2):
  migration: allow clearing migration string parameters
  migration: always report tls-creds & tls-hostname migrate parameters

 migration/migration.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

-- 
2.9.3

[Qemu-devel] [PATCH v2 1/2] migration: allow clearing migration string parameters

[Daniel P. Berrange]

Some of the migration parameters are strings, which default to NULL,
eg tls-hostname and tls-creds.

The mgmt app will set the tls-creds parameter on both source and target
QEMU instances, in order to trigger use of TLS for migration.

After performing a TLS encrypted migration though, migration might be
used for other reasons - for example, to save the QEMU state to a file.
We need TLS turned off when doing this, but the migrate-set-parameters
QAPI command does not provide any facility to clear/reset parameters
to their default state.

If you simply omit the tls_creds parameter in migrate-set-parameters,
then 'has_tls_creds' will be false and so no action will be taken. JSON
allows a parameter to have a nil value, but the QEMU JSON visitor will
reject that when deserializing into a QObject.

The migration code has no need to distinguish "" vs NULL for the TLS
hostname or TLS credentials object name, since "" is invalid in both
cases. This enables clearing of tls-hostname and tls-creds by
treating "" as equivalent to NULL.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 migration/migration.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index c6ae69d..a8cb56e 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -872,11 +872,19 @@ void qmp_migrate_set_parameters(MigrationParameters *params, Error **errp)
     }
     if (params->has_tls_creds) {
         g_free(s->parameters.tls_creds);
-        s->parameters.tls_creds = g_strdup(params->tls_creds);
+        if (*params->tls_creds == '\0') {
+            s->parameters.tls_creds = NULL;
+        } else {
+            s->parameters.tls_creds = g_strdup(params->tls_creds);
+        }
     }
     if (params->has_tls_hostname) {
         g_free(s->parameters.tls_hostname);
-        s->parameters.tls_hostname = g_strdup(params->tls_hostname);
+        if (*params->tls_hostname == '\0') {
+            s->parameters.tls_hostname = NULL;
+        } else {
+            s->parameters.tls_hostname = g_strdup(params->tls_hostname);
+        }
     }
     if (params->has_max_bandwidth) {
         s->parameters.max_bandwidth = params->max_bandwidth;
-- 
2.9.3

[Qemu-devel] [PATCH v2 2/2] migration: always report tls-creds & tls-hostname migrate parameters

[Daniel P. Berrange]

Currently the query-migrate-parameters command will omit reporting
of the tls-creds & tls-hostname parameters if their value is NULL.
This makes it impossible for an app to detect if these parameters
are supported by QEMU, without trying to actually set them and
catching the error. Since the code is treating "" and NULL as
equivalent, we can simply always report these values and give them
a value of "". This allows apps like libvirt to detect the fact
that these parameters are supported by QEMU.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 migration/migration.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/migration/migration.c b/migration/migration.c
index a8cb56e..760f104 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -581,10 +581,12 @@ MigrationParameters *qmp_query_migrate_parameters(Error **errp)
     params->cpu_throttle_initial = s->parameters.cpu_throttle_initial;
     params->has_cpu_throttle_increment = true;
     params->cpu_throttle_increment = s->parameters.cpu_throttle_increment;
-    params->has_tls_creds = !!s->parameters.tls_creds;
-    params->tls_creds = g_strdup(s->parameters.tls_creds);
-    params->has_tls_hostname = !!s->parameters.tls_hostname;
-    params->tls_hostname = g_strdup(s->parameters.tls_hostname);
+    params->has_tls_creds = true;
+    params->tls_creds = g_strdup(s->parameters.tls_creds ?
+                                 s->parameters.tls_creds : "");
+    params->has_tls_hostname = true;
+    params->tls_hostname = g_strdup(s->parameters.tls_hostname ?
+                                    s->parameters.tls_hostname : "");
     params->has_max_bandwidth = true;
     params->max_bandwidth = s->parameters.max_bandwidth;
     params->has_downtime_limit = true;
-- 
2.9.3

Re: [Qemu-devel] [PATCH v2 2/2] migration: always report tls-creds & tls-hostname migrate parameters

[John Ferlan]

On 03/02/2017 07:37 AM, Daniel P. Berrange wrote:
> Currently the query-migrate-parameters command will omit reporting
> of the tls-creds & tls-hostname parameters if their value is NULL.
> This makes it impossible for an app to detect if these parameters
> are supported by QEMU, without trying to actually set them and
> catching the error. Since the code is treating "" and NULL as
> equivalent, we can simply always report these values and give them
> a value of "". This allows apps like libvirt to detect the fact
> that these parameters are supported by QEMU.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  migration/migration.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 

Should the query-migrate-parameters description in qapi-schema.json also
be updated?  Anywhere else I haven't found yet either...

Naively asking - would the plan be to also get these changes accepted
for previous releases w/ tls-creds/hostname support? (2.7, 2.8). Mostly
curious - not that it matters since the query will tell me the answer.

John

> diff --git a/migration/migration.c b/migration/migration.c
> index a8cb56e..760f104 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -581,10 +581,12 @@ MigrationParameters *qmp_query_migrate_parameters(Error **errp)
>      params->cpu_throttle_initial = s->parameters.cpu_throttle_initial;
>      params->has_cpu_throttle_increment = true;
>      params->cpu_throttle_increment = s->parameters.cpu_throttle_increment;
> -    params->has_tls_creds = !!s->parameters.tls_creds;
> -    params->tls_creds = g_strdup(s->parameters.tls_creds);
> -    params->has_tls_hostname = !!s->parameters.tls_hostname;
> -    params->tls_hostname = g_strdup(s->parameters.tls_hostname);
> +    params->has_tls_creds = true;
> +    params->tls_creds = g_strdup(s->parameters.tls_creds ?
> +                                 s->parameters.tls_creds : "");
> +    params->has_tls_hostname = true;
> +    params->tls_hostname = g_strdup(s->parameters.tls_hostname ?
> +                                    s->parameters.tls_hostname : "");
>      params->has_max_bandwidth = true;
>      params->max_bandwidth = s->parameters.max_bandwidth;
>      params->has_downtime_limit = true;
> 

Re: [Qemu-devel] [PATCH v2 2/2] migration: always report tls-creds & tls-hostname migrate parameters

[Daniel P. Berrange]

On Thu, Mar 02, 2017 at 08:19:29AM -0500, John Ferlan wrote:
> 
> 
> On 03/02/2017 07:37 AM, Daniel P. Berrange wrote:
> > Currently the query-migrate-parameters command will omit reporting
> > of the tls-creds & tls-hostname parameters if their value is NULL.
> > This makes it impossible for an app to detect if these parameters
> > are supported by QEMU, without trying to actually set them and
> > catching the error. Since the code is treating "" and NULL as
> > equivalent, we can simply always report these values and give them
> > a value of "". This allows apps like libvirt to detect the fact
> > that these parameters are supported by QEMU.
> > 
> > Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> > ---
> >  migration/migration.c | 10 ++++++----
> >  1 file changed, 6 insertions(+), 4 deletions(-)
> > 
> 
> Should the query-migrate-parameters description in qapi-schema.json also
> be updated?  Anywhere else I haven't found yet either...

That's just a code example, the actual parameters are documented against
the MigrationParameters struct definition. That said, we might as well
update the example too.

> Naively asking - would the plan be to also get these changes accepted
> for previous releases w/ tls-creds/hostname support? (2.7, 2.8). Mostly
> curious - not that it matters since the query will tell me the answer.

QEMU only maintains one stable branch, but I think we could add these
to 2.8

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

Re: [Qemu-devel] [PATCH v2 2/2] migration: always report tls-creds & tls-hostname migrate parameters

[Eric Blake]

[-- Attachment #1: Type: text/plain, Size: 984 bytes --]

On 03/02/2017 06:37 AM, Daniel P. Berrange wrote:
> Currently the query-migrate-parameters command will omit reporting
> of the tls-creds & tls-hostname parameters if their value is NULL.
> This makes it impossible for an app to detect if these parameters
> are supported by QEMU, without trying to actually set them and
> catching the error. Since the code is treating "" and NULL as
> equivalent, we can simply always report these values and give them
> a value of "". This allows apps like libvirt to detect the fact
> that these parameters are supported by QEMU.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  migration/migration.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)

The .c changes look fine, but I agree that we want to document the
special-case of "" in the .json file.  Looking forward to v3.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]

Re: [Qemu-devel] [PATCH v2 1/2] migration: allow clearing migration string parameters

[Eric Blake]

[-- Attachment #1: Type: text/plain, Size: 2747 bytes --]

On 03/02/2017 06:37 AM, Daniel P. Berrange wrote:
> Some of the migration parameters are strings, which default to NULL,
> eg tls-hostname and tls-creds.
> 
> The mgmt app will set the tls-creds parameter on both source and target
> QEMU instances, in order to trigger use of TLS for migration.
> 
> After performing a TLS encrypted migration though, migration might be
> used for other reasons - for example, to save the QEMU state to a file.
> We need TLS turned off when doing this, but the migrate-set-parameters
> QAPI command does not provide any facility to clear/reset parameters
> to their default state.
> 
> If you simply omit the tls_creds parameter in migrate-set-parameters,
> then 'has_tls_creds' will be false and so no action will be taken. JSON
> allows a parameter to have a nil value, but the QEMU JSON visitor will
> reject that when deserializing into a QObject.
> 
> The migration code has no need to distinguish "" vs NULL for the TLS
> hostname or TLS credentials object name, since "" is invalid in both
> cases. This enables clearing of tls-hostname and tls-creds by
> treating "" as equivalent to NULL.

It's also worth documenting in the .json file that "" is special-cased.
But the C code change looks okay (with your explanation on v1 that the
has_* parameters are not used internally).

> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  migration/migration.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/migration/migration.c b/migration/migration.c
> index c6ae69d..a8cb56e 100644
> --- a/migration/migration.c
> +++ b/migration/migration.c
> @@ -872,11 +872,19 @@ void qmp_migrate_set_parameters(MigrationParameters *params, Error **errp)
>      }
>      if (params->has_tls_creds) {
>          g_free(s->parameters.tls_creds);
> -        s->parameters.tls_creds = g_strdup(params->tls_creds);
> +        if (*params->tls_creds == '\0') {
> +            s->parameters.tls_creds = NULL;
> +        } else {
> +            s->parameters.tls_creds = g_strdup(params->tls_creds);
> +        }
>      }
>      if (params->has_tls_hostname) {
>          g_free(s->parameters.tls_hostname);
> -        s->parameters.tls_hostname = g_strdup(params->tls_hostname);
> +        if (*params->tls_hostname == '\0') {
> +            s->parameters.tls_hostname = NULL;
> +        } else {
> +            s->parameters.tls_hostname = g_strdup(params->tls_hostname);
> +        }
>      }
>      if (params->has_max_bandwidth) {
>          s->parameters.max_bandwidth = params->max_bandwidth;
> 

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]