mirror of
https://github.com/libvirt/libvirt.git
synced 2025-02-25 18:55:26 -06:00
qemu: migration: Don't pass around secAlias
The alias of the secret for decrypting the TLS passphrase is useless besides for TLS setup. Stop passing it around. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa
parent
2cbc026b5d
commit
4e1330ab36
@ -2296,7 +2296,6 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
|
|||||||
bool relabel = false;
|
bool relabel = false;
|
||||||
int rv;
|
int rv;
|
||||||
char *tlsAlias = NULL;
|
char *tlsAlias = NULL;
|
||||||
char *secAlias = NULL;
|
|
||||||
|
|
||||||
virNWFilterReadLockFilterUpdates();
|
virNWFilterReadLockFilterUpdates();
|
||||||
|
|
||||||
@ -2505,7 +2504,7 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
|
|||||||
if (flags & VIR_MIGRATE_TLS) {
|
if (flags & VIR_MIGRATE_TLS) {
|
||||||
if (qemuMigrationParamsEnableTLS(driver, vm, true,
|
if (qemuMigrationParamsEnableTLS(driver, vm, true,
|
||||||
QEMU_ASYNC_JOB_MIGRATION_IN,
|
QEMU_ASYNC_JOB_MIGRATION_IN,
|
||||||
&tlsAlias, &secAlias, NULL,
|
&tlsAlias, NULL,
|
||||||
migParams) < 0)
|
migParams) < 0)
|
||||||
goto stopjob;
|
goto stopjob;
|
||||||
} else {
|
} else {
|
||||||
@ -2596,7 +2595,6 @@ qemuMigrationDstPrepareAny(virQEMUDriverPtr driver,
|
|||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
VIR_FREE(tlsAlias);
|
VIR_FREE(tlsAlias);
|
||||||
VIR_FREE(secAlias);
|
|
||||||
qemuProcessIncomingDefFree(incoming);
|
qemuProcessIncomingDefFree(incoming);
|
||||||
VIR_FREE(xmlout);
|
VIR_FREE(xmlout);
|
||||||
VIR_FORCE_CLOSE(dataFD[0]);
|
VIR_FORCE_CLOSE(dataFD[0]);
|
||||||
@ -3371,7 +3369,6 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
|
|||||||
qemuDomainObjPrivatePtr priv = vm->privateData;
|
qemuDomainObjPrivatePtr priv = vm->privateData;
|
||||||
qemuMigrationCookiePtr mig = NULL;
|
qemuMigrationCookiePtr mig = NULL;
|
||||||
char *tlsAlias = NULL;
|
char *tlsAlias = NULL;
|
||||||
char *secAlias = NULL;
|
|
||||||
qemuMigrationIOThreadPtr iothread = NULL;
|
qemuMigrationIOThreadPtr iothread = NULL;
|
||||||
int fd = -1;
|
int fd = -1;
|
||||||
unsigned long migrate_speed = resource ? resource : priv->migMaxBandwidth;
|
unsigned long migrate_speed = resource ? resource : priv->migMaxBandwidth;
|
||||||
@ -3455,7 +3452,7 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
|
|||||||
|
|
||||||
if (qemuMigrationParamsEnableTLS(driver, vm, false,
|
if (qemuMigrationParamsEnableTLS(driver, vm, false,
|
||||||
QEMU_ASYNC_JOB_MIGRATION_OUT,
|
QEMU_ASYNC_JOB_MIGRATION_OUT,
|
||||||
&tlsAlias, &secAlias, hostname,
|
&tlsAlias, hostname,
|
||||||
migParams) < 0)
|
migParams) < 0)
|
||||||
goto error;
|
goto error;
|
||||||
} else {
|
} else {
|
||||||
@ -3675,7 +3672,6 @@ qemuMigrationSrcRun(virQEMUDriverPtr driver,
|
|||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
VIR_FREE(tlsAlias);
|
VIR_FREE(tlsAlias);
|
||||||
VIR_FREE(secAlias);
|
|
||||||
VIR_FORCE_CLOSE(fd);
|
VIR_FORCE_CLOSE(fd);
|
||||||
virDomainDefFree(persistDef);
|
virDomainDefFree(persistDef);
|
||||||
qemuMigrationCookieFree(mig);
|
qemuMigrationCookieFree(mig);
|
||||||
|
|||||||
@ -809,7 +809,6 @@ qemuMigrationParamsSetString(qemuMigrationParamsPtr migParams,
|
|||||||
* @tlsListen: server or client
|
* @tlsListen: server or client
|
||||||
* @asyncJob: Migration job to join
|
* @asyncJob: Migration job to join
|
||||||
* @tlsAlias: alias to be generated for TLS object
|
* @tlsAlias: alias to be generated for TLS object
|
||||||
* @secAlias: alias to be generated for a secinfo object
|
|
||||||
* @hostname: hostname of the migration destination
|
* @hostname: hostname of the migration destination
|
||||||
* @migParams: migration parameters to set
|
* @migParams: migration parameters to set
|
||||||
*
|
*
|
||||||
@ -825,7 +824,6 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
|
|||||||
bool tlsListen,
|
bool tlsListen,
|
||||||
int asyncJob,
|
int asyncJob,
|
||||||
char **tlsAlias,
|
char **tlsAlias,
|
||||||
char **secAlias,
|
|
||||||
const char *hostname,
|
const char *hostname,
|
||||||
qemuMigrationParamsPtr migParams)
|
qemuMigrationParamsPtr migParams)
|
||||||
{
|
{
|
||||||
@ -833,6 +831,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
|
|||||||
virJSONValuePtr tlsProps = NULL;
|
virJSONValuePtr tlsProps = NULL;
|
||||||
virJSONValuePtr secProps = NULL;
|
virJSONValuePtr secProps = NULL;
|
||||||
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
|
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
|
||||||
|
const char *secAlias = NULL;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
|
|
||||||
if (!cfg->migrateTLSx509certdir) {
|
if (!cfg->migrateTLSx509certdir) {
|
||||||
@ -849,26 +848,28 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* If there's a secret, then grab/store it now using the connection */
|
/* If there's a secret, then grab/store it now using the connection */
|
||||||
if (cfg->migrateTLSx509secretUUID &&
|
if (cfg->migrateTLSx509secretUUID) {
|
||||||
!(priv->migSecinfo =
|
if (!(priv->migSecinfo =
|
||||||
qemuDomainSecretInfoTLSNew(priv, QEMU_MIGRATION_TLS_ALIAS_BASE,
|
qemuDomainSecretInfoTLSNew(priv, QEMU_MIGRATION_TLS_ALIAS_BASE,
|
||||||
cfg->migrateTLSx509secretUUID)))
|
cfg->migrateTLSx509secretUUID)))
|
||||||
goto error;
|
goto error;
|
||||||
|
secAlias = priv->migSecinfo->s.aes.alias;
|
||||||
|
}
|
||||||
|
|
||||||
if (qemuDomainGetTLSObjects(priv->qemuCaps, priv->migSecinfo,
|
if (qemuDomainGetTLSObjects(priv->qemuCaps, priv->migSecinfo,
|
||||||
cfg->migrateTLSx509certdir, tlsListen,
|
cfg->migrateTLSx509certdir, tlsListen,
|
||||||
cfg->migrateTLSx509verify,
|
cfg->migrateTLSx509verify,
|
||||||
QEMU_MIGRATION_TLS_ALIAS_BASE,
|
QEMU_MIGRATION_TLS_ALIAS_BASE,
|
||||||
&tlsProps, tlsAlias, &secProps, secAlias) < 0)
|
&tlsProps, tlsAlias, &secProps, NULL) < 0)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
/* Ensure the domain doesn't already have the TLS objects defined...
|
/* Ensure the domain doesn't already have the TLS objects defined...
|
||||||
* This should prevent any issues just in case some cleanup wasn't
|
* This should prevent any issues just in case some cleanup wasn't
|
||||||
* properly completed (both src and dst use the same alias) or
|
* properly completed (both src and dst use the same alias) or
|
||||||
* some other error path between now and perform . */
|
* some other error path between now and perform . */
|
||||||
qemuDomainDelTLSObjects(driver, vm, asyncJob, *secAlias, *tlsAlias);
|
qemuDomainDelTLSObjects(driver, vm, asyncJob, secAlias, *tlsAlias);
|
||||||
|
|
||||||
if (qemuDomainAddTLSObjects(driver, vm, asyncJob, *secAlias, &secProps,
|
if (qemuDomainAddTLSObjects(driver, vm, asyncJob, secAlias, &secProps,
|
||||||
*tlsAlias, &tlsProps) < 0)
|
*tlsAlias, &tlsProps) < 0)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
|
|||||||
@ -98,7 +98,6 @@ qemuMigrationParamsEnableTLS(virQEMUDriverPtr driver,
|
|||||||
bool tlsListen,
|
bool tlsListen,
|
||||||
int asyncJob,
|
int asyncJob,
|
||||||
char **tlsAlias,
|
char **tlsAlias,
|
||||||
char **secAlias,
|
|
||||||
const char *hostname,
|
const char *hostname,
|
||||||
qemuMigrationParamsPtr migParams);
|
qemuMigrationParamsPtr migParams);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user