virsh: Add --tls-destination option for migrate command

This option can be used to override the destination host name used for TLS verification. Signed-off-by: N Jiri Denemark <jdenemar@redhat.com> Reviewed-by: N Pavel Hrdina <phrdina@redhat.com>

virsh: Add --tls-destination option for migrate command
This option can be used to override the destination host name used for TLS verification. Signed-off-by: N Jiri Denemark <jdenemar@redhat.com> Reviewed-by: N Pavel Hrdina <phrdina@redhat.com>
5c7cd74a · Jiri Denemark · c11706cc · 5c7cd74a · 5c7cd74a
隐藏空白更改
内联并排

Showing with 17 addition and 2 deletion

tools/virsh-domain.c tools/virsh-domain.c +11 -0

tools/virsh.pod tools/virsh.pod +6 -2

未找到文件。
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -10566,6 +10566,10 @@ static const vshCmdOptDef opts_migrate[] = {
     .type = VSH_OT_INT,
     .help = N_("migration bandwidth limit in MiB/s")
    },
+    {.name = "tls-destination",
+     .type = VSH_OT_STRING,
+     .help = N_("override the destination host name used for TLS verification")
+    },
    {.name = NULL}
 };

@@ -10789,6 +10793,13 @@ doMigrate(void *opaque)
            goto save_error;
    }

+    if (vshCommandOptStringReq(ctl, cmd, "tls-destination", &opt) < 0)
+        goto out;
+    if (opt &&
+        virTypedParamsAddString(&params, &nparams, &maxparams,
+                                VIR_MIGRATE_PARAM_TLS_DESTINATION, opt) < 0)
+        goto save_error;
+
    if (vshCommandOptBool(cmd, "live"))
        flags |= VIR_MIGRATE_LIVE;
    if (vshCommandOptBool(cmd, "p2p"))

--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -2174,7 +2174,7 @@ I<domain> I<desturi> [I<migrateuri>] [I<graphicsuri>] [I<listen-address>] [I<dna
 [I<auto-converge-increment>] [I<--persistent-xml> B<file>] [I<--tls>]
 [I<--postcopy-bandwidth> B<bandwidth>]
 [I<--parallel> [I<--parallel-connections> B<connections>]]
-[I<--bandwidth> B<bandwidth>]
+[I<--bandwidth> B<bandwidth>] [I<--tls-destination> B<hostname>]

 Migrate domain to another host.  Add I<--live> for live migration; <--p2p>
 for peer-2-peer migration; I<--direct> for direct migration; or I<--tunnelled>
@@ -2267,7 +2267,11 @@ respectively. I<--comp-xbzrle-cache> sets size of page cache in bytes.
 Providing I<--tls> causes the migration to use the host configured TLS setup
 (see migrate_tls_x509_cert_dir in /etc/libvirt/qemu.conf) in order to perform
 the migration of the domain. Usage requires proper TLS setup for both source
-and target.
+and target. Normally the TLS certificate from the destination host must match
+the host's name for TLS verification to succeed. When the certificate does not
+match the destination hostname and the expected cetificate's hostname is
+known, I<--tls-destination> can be used to pass the expected B<hostname> when
+starting the migration.

 I<--parallel> option will cause migration data to be sent over multiple
 parallel connections. The number of such connections can be set using