diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c index 21ea1a69eabd0a6600d56055f311351fe726089f..c2cfcf409dad6fff7a2d61a62b322bec1b1f17b7 100644 --- a/tools/virsh-domain.c +++ b/tools/virsh-domain.c @@ -10566,6 +10566,10 @@ static const vshCmdOptDef opts_migrate[] = { .type = VSH_OT_INT, .help = N_("migration bandwidth limit in MiB/s") }, + {.name = "tls-destination", + .type = VSH_OT_STRING, + .help = N_("override the destination host name used for TLS verification") + }, {.name = NULL} }; @@ -10789,6 +10793,13 @@ doMigrate(void *opaque) goto save_error; } + if (vshCommandOptStringReq(ctl, cmd, "tls-destination", &opt) < 0) + goto out; + if (opt && + virTypedParamsAddString(¶ms, &nparams, &maxparams, + VIR_MIGRATE_PARAM_TLS_DESTINATION, opt) < 0) + goto save_error; + if (vshCommandOptBool(cmd, "live")) flags |= VIR_MIGRATE_LIVE; if (vshCommandOptBool(cmd, "p2p")) diff --git a/tools/virsh.pod b/tools/virsh.pod index a8331154e103660cc0b65a721e34096fa8191790..aaf1eba825f4243fe70fc38bd246c3c1206c0212 100644 --- a/tools/virsh.pod +++ b/tools/virsh.pod @@ -2174,7 +2174,7 @@ I I [I] [I] [I] [I] [I<--persistent-xml> B] [I<--tls>] [I<--postcopy-bandwidth> B] [I<--parallel> [I<--parallel-connections> B]] -[I<--bandwidth> B] +[I<--bandwidth> B] [I<--tls-destination> B] Migrate domain to another host. Add I<--live> for live migration; <--p2p> for peer-2-peer migration; I<--direct> for direct migration; or I<--tunnelled> @@ -2267,7 +2267,11 @@ respectively. I<--comp-xbzrle-cache> sets size of page cache in bytes. Providing I<--tls> causes the migration to use the host configured TLS setup (see migrate_tls_x509_cert_dir in /etc/libvirt/qemu.conf) in order to perform the migration of the domain. Usage requires proper TLS setup for both source -and target. +and target. Normally the TLS certificate from the destination host must match +the host's name for TLS verification to succeed. When the certificate does not +match the destination hostname and the expected cetificate's hostname is +known, I<--tls-destination> can be used to pass the expected B when +starting the migration. I<--parallel> option will cause migration data to be sent over multiple parallel connections. The number of such connections can be set using