xenbits.xensource.com Git - libvirt.git/commit

author	Ashish Mittal <Ashish.Mittal@veritas.com>
	Wed, 30 Aug 2017 15:32:33 +0000 (11:32 -0400)
committer	John Ferlan <jferlan@redhat.com>
	Thu, 28 Sep 2017 13:45:14 +0000 (09:45 -0400)
commit	bd6fdcd80662b4b3f510559b8bc702ea0a6b3b6d
tree	9728bd9428a78c40540149cba4c6a89dc203d50f	tree
parent	6209bb32e5b6d8c15d55422bb4716b3b31c1c7b2	commit \| diff

conf: Introduce TLS options for VxHS block device clients

Add a new TLS X.509 certificate type - "vxhs". This will handle the
creation of a TLS certificate capability for properly configured
VxHS network block device clients.

The following describes the behavior of TLS for VxHS block device:

  (1) Two new options have been added in /etc/libvirt/qemu.conf
      to control TLS behavior with VxHS block devices
      "vxhs_tls" and "vxhs_tls_x509_cert_dir".
  (2) Setting "vxhs_tls=1" in /etc/libvirt/qemu.conf will enable
      TLS for VxHS block devices.
  (3) "vxhs_tls_x509_cert_dir" can be set to the full path where the
      TLS CA certificate and the client certificate and keys are saved.
      If this value is missing, the "default_tls_x509_cert_dir" will be
      used instead. If the environment is not configured properly the
      authentication to the VxHS server will fail.

Signed-off-by: Ashish Mittal <Ashish.Mittal@veritas.com>
Signed-off-by: John Ferlan <jferlan@redhat.com>

src/qemu/libvirtd_qemu.aug		diff \| blob \| blame \| history
src/qemu/qemu.conf		diff \| blob \| blame \| history
src/qemu/qemu_conf.c		diff \| blob \| blame \| history
src/qemu/qemu_conf.h		diff \| blob \| blame \| history
src/qemu/test_libvirtd_qemu.aug.in		diff \| blob \| blame \| history