(* Config entry grouped by function - same order as example config *)
let default_tls_entry = str_entry "default_tls_x509_cert_dir"
| bool_entry "default_tls_x509_verify"
+ | str_entry "default_tls_x509_secret_uuid"
let vnc_entry = str_entry "vnc_listen"
| bool_entry "vnc_auto_unix_socket"
let chardev_entry = bool_entry "chardev_tls"
| str_entry "chardev_tls_x509_cert_dir"
| bool_entry "chardev_tls_x509_verify"
+ | str_entry "chardev_tls_x509_secret_uuid"
let nogfx_entry = bool_entry "nographics_allow_host_audio"
#
#default_tls_x509_verify = 1
+#
+# Libvirt assumes the server-key.pem file is unencrypted by default.
+# To use an encrypted server-key.pem file, the password to decrypt
+# the PEM file is required. This can be provided by creating a secret
+# object in libvirt and then to uncomment this setting to set the UUID
+# of the secret.
+#
+# NB This default all-zeros UUID will not work. Replace it with the
+# output from the UUID for the TLS secret from a 'virsh secret-list'
+# command and then uncomment the entry
+#
+#default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
# VNC is configured to listen on 127.0.0.1 by default.
# To make it listen on all public interfaces, uncomment
# this next option.
#chardev_tls_x509_verify = 1
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+# NB This default all-zeros UUID will not work. Replace it with the
+# output from the UUID for the TLS secret from a 'virsh secret-list'
+# command and then uncomment the entry
+#
+#chardev_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
# By default, if no graphical front end is configured, libvirt will disable
# QEMU audio output since directly talking to alsa/pulseaudio may not work
# with various security settings. If you know what you're doing, enable
VIR_FREE(cfg->nvramDir);
VIR_FREE(cfg->defaultTLSx509certdir);
+ VIR_FREE(cfg->defaultTLSx509secretUUID);
VIR_FREE(cfg->vncTLSx509certdir);
VIR_FREE(cfg->vncListen);
VIR_FREE(cfg->spiceSASLdir);
VIR_FREE(cfg->chardevTLSx509certdir);
+ VIR_FREE(cfg->chardevTLSx509secretUUID);
while (cfg->nhugetlbfs) {
cfg->nhugetlbfs--;
goto cleanup;
if (virConfGetValueBool(conf, "default_tls_x509_verify", &cfg->defaultTLSx509verify) < 0)
goto cleanup;
+ if (virConfGetValueString(conf, "default_tls_x509_secret_uuid",
+ &cfg->defaultTLSx509secretUUID) < 0)
+ goto cleanup;
+
if (virConfGetValueBool(conf, "vnc_auto_unix_socket", &cfg->vncAutoUnixSocket) < 0)
goto cleanup;
if (virConfGetValueBool(conf, "vnc_tls", &cfg->vncTLS) < 0)
goto cleanup;
if (rv == 0)
cfg->chardevTLSx509verify = cfg->defaultTLSx509verify;
+ if (virConfGetValueString(conf, "chardev_tls_x509_secret_uuid",
+ &cfg->chardevTLSx509secretUUID) < 0)
+ goto cleanup;
+ if (!cfg->chardevTLSx509secretUUID && cfg->defaultTLSx509secretUUID) {
+ if (VIR_STRDUP(cfg->chardevTLSx509secretUUID,
+ cfg->defaultTLSx509secretUUID) < 0)
+ goto cleanup;
+ }
if (virConfGetValueUInt(conf, "remote_websocket_port_min", &cfg->webSocketPortMin) < 0)
goto cleanup;
char *defaultTLSx509certdir;
bool defaultTLSx509verify;
+ char *defaultTLSx509secretUUID;
bool vncAutoUnixSocket;
bool vncTLS;
bool chardevTLS;
char *chardevTLSx509certdir;
bool chardevTLSx509verify;
+ char *chardevTLSx509secretUUID;
unsigned int remotePortMin;
unsigned int remotePortMax;
test Libvirtd_qemu.lns get conf =
{ "default_tls_x509_cert_dir" = "/etc/pki/qemu" }
{ "default_tls_x509_verify" = "1" }
+{ "default_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" }
{ "vnc_listen" = "0.0.0.0" }
{ "vnc_auto_unix_socket" = "1" }
{ "vnc_tls" = "1" }
{ "chardev_tls" = "1" }
{ "chardev_tls_x509_cert_dir" = "/etc/pki/libvirt-chardev" }
{ "chardev_tls_x509_verify" = "1" }
+{ "chardev_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" }
{ "nographics_allow_host_audio" = "1" }
{ "remote_display_port_min" = "5900" }
{ "remote_display_port_max" = "65535" }
projects / libvirt.git / commitdiff