提交 29e68c93 编写于 作者: Z Zhang Bo 提交者: Daniel P. Berrangé

admin: Introduce virAdmServerUpdateTlsFiles

The server needs to use CA certificate, CRL, server certificate/key to
complete the TLS handshake. If these files change, we needed to restart
libvirtd for them to take effect. This API can update the TLS context
*ONLINE* without restarting libvirtd.
Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com>
Signed-off-by: NZhang Bo <oscar.zhangbo@huawei.com>
Signed-off-by: NWu Qingliang <wuqingliang4@huawei.com>
上级 b4611786
...@@ -402,6 +402,9 @@ int virAdmServerSetClientLimits(virAdmServerPtr srv, ...@@ -402,6 +402,9 @@ int virAdmServerSetClientLimits(virAdmServerPtr srv,
int nparams, int nparams,
unsigned int flags); unsigned int flags);
int virAdmServerUpdateTlsFiles(virAdmServerPtr srv,
unsigned int flags);
int virAdmConnectGetLoggingOutputs(virAdmConnectPtr conn, int virAdmConnectGetLoggingOutputs(virAdmConnectPtr conn,
char **outputs, char **outputs,
unsigned int flags); unsigned int flags);
......
...@@ -181,6 +181,11 @@ struct admin_server_set_client_limits_args { ...@@ -181,6 +181,11 @@ struct admin_server_set_client_limits_args {
unsigned int flags; unsigned int flags;
}; };
struct admin_server_update_tls_files_args {
admin_nonnull_server srv;
unsigned int flags;
};
struct admin_connect_get_logging_outputs_args { struct admin_connect_get_logging_outputs_args {
unsigned int flags; unsigned int flags;
}; };
...@@ -314,5 +319,10 @@ enum admin_procedure { ...@@ -314,5 +319,10 @@ enum admin_procedure {
/** /**
* @generate: both * @generate: both
*/ */
ADMIN_PROC_CONNECT_SET_LOGGING_FILTERS = 17 ADMIN_PROC_CONNECT_SET_LOGGING_FILTERS = 17,
/**
* @generate: both
*/
ADMIN_PROC_SERVER_UPDATE_TLS_FILES = 18
}; };
...@@ -367,3 +367,12 @@ adminServerSetClientLimits(virNetServerPtr srv, ...@@ -367,3 +367,12 @@ adminServerSetClientLimits(virNetServerPtr srv,
return 0; return 0;
} }
int
adminServerUpdateTlsFiles(virNetServerPtr srv,
unsigned int flags)
{
virCheckFlags(0, -1);
return virNetServerUpdateTlsFiles(srv);
}
...@@ -67,3 +67,6 @@ int adminServerSetClientLimits(virNetServerPtr srv, ...@@ -67,3 +67,6 @@ int adminServerSetClientLimits(virNetServerPtr srv,
virTypedParameterPtr params, virTypedParameterPtr params,
int nparams, int nparams,
unsigned int flags); unsigned int flags);
int adminServerUpdateTlsFiles(virNetServerPtr srv,
unsigned int flags);
...@@ -1078,6 +1078,36 @@ virAdmServerSetClientLimits(virAdmServerPtr srv, ...@@ -1078,6 +1078,36 @@ virAdmServerSetClientLimits(virAdmServerPtr srv,
return ret; return ret;
} }
/**
* virAdmServerUpdateTlsFiles:
* @srv: a valid server object reference
* @flags: extra flags; not used yet, so callers should always pass 0
*
* Notify server to update tls file, such as cacert, cacrl, server cert / key.
*
* Returns 0 if the TLS files have been updated successfully or -1 in case of an
* error.
*/
int
virAdmServerUpdateTlsFiles(virAdmServerPtr srv,
unsigned int flags)
{
int ret = -1;
VIR_DEBUG("srv=%p, flags=0x%x", srv, flags);
virResetLastError();
virCheckAdmServerGoto(srv, error);
if ((ret = remoteAdminServerUpdateTlsFiles(srv, flags)) < 0)
goto error;
return ret;
error:
virDispatchError(NULL);
return ret;
}
/** /**
* virAdmConnectGetLoggingOutputs: * virAdmConnectGetLoggingOutputs:
* @conn: pointer to an active admin connection * @conn: pointer to an active admin connection
......
...@@ -31,6 +31,7 @@ xdr_admin_server_lookup_client_args; ...@@ -31,6 +31,7 @@ xdr_admin_server_lookup_client_args;
xdr_admin_server_lookup_client_ret; xdr_admin_server_lookup_client_ret;
xdr_admin_server_set_client_limits_args; xdr_admin_server_set_client_limits_args;
xdr_admin_server_set_threadpool_parameters_args; xdr_admin_server_set_threadpool_parameters_args;
xdr_admin_server_update_tls_files_args;
# datatypes.h # datatypes.h
virAdmClientClass; virAdmClientClass;
......
...@@ -38,6 +38,7 @@ LIBVIRT_ADMIN_2.0.0 { ...@@ -38,6 +38,7 @@ LIBVIRT_ADMIN_2.0.0 {
virAdmClientClose; virAdmClientClose;
virAdmServerGetClientLimits; virAdmServerGetClientLimits;
virAdmServerSetClientLimits; virAdmServerSetClientLimits;
virAdmServerUpdateTlsFiles;
}; };
LIBVIRT_ADMIN_3.0.0 { LIBVIRT_ADMIN_3.0.0 {
......
...@@ -118,6 +118,10 @@ struct admin_server_set_client_limits_args { ...@@ -118,6 +118,10 @@ struct admin_server_set_client_limits_args {
} params; } params;
u_int flags; u_int flags;
}; };
struct admin_server_update_tls_files_args {
admin_nonnull_server srv;
u_int flags;
};
struct admin_connect_get_logging_outputs_args { struct admin_connect_get_logging_outputs_args {
u_int flags; u_int flags;
}; };
...@@ -158,4 +162,5 @@ enum admin_procedure { ...@@ -158,4 +162,5 @@ enum admin_procedure {
ADMIN_PROC_CONNECT_GET_LOGGING_FILTERS = 15, ADMIN_PROC_CONNECT_GET_LOGGING_FILTERS = 15,
ADMIN_PROC_CONNECT_SET_LOGGING_OUTPUTS = 16, ADMIN_PROC_CONNECT_SET_LOGGING_OUTPUTS = 16,
ADMIN_PROC_CONNECT_SET_LOGGING_FILTERS = 17, ADMIN_PROC_CONNECT_SET_LOGGING_FILTERS = 17,
ADMIN_PROC_SERVER_UPDATE_TLS_FILES = 18,
}; };
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册