提交 c9f7a04e 编写于 作者: J John Ferlan

qemu.conf: Clarify the various _tls_x509_cert_dir descriptions

https://bugzilla.redhat.com/show_bug.cgi?id=1458630

Apparantly commit id 'dc4c2f75' wasn't specific enough, so here's
a few more clarifications.
上级 9e02e434
...@@ -13,8 +13,9 @@ ...@@ -13,8 +13,9 @@
# #
# dh-params.pem - the DH params configuration file # dh-params.pem - the DH params configuration file
# #
# If the directory does not exist or contain the necessary files, QEMU # If the directory does not exist, libvirtd will fail to start. If the
# domains will fail to start if they are configured to use TLS. # directory doesn't contain the necessary files, QEMU domains will fail
# to start if they are configured to use TLS.
# #
# In order to overwrite the default path alter the following. This path # In order to overwrite the default path alter the following. This path
# definition will be used as the default path for other *_tls_x509_cert_dir # definition will be used as the default path for other *_tls_x509_cert_dir
...@@ -87,8 +88,9 @@ ...@@ -87,8 +88,9 @@
# In order to override the default TLS certificate location for # In order to override the default TLS certificate location for
# vnc certificates, supply a valid path to the certificate directory. # vnc certificates, supply a valid path to the certificate directory.
# If the provided path does not exist then the default_tls_x509_cert_dir # If the provided path does not exist, libvirtd will fail to start.
# path will be used. # If the path is not provided, but vnc_tls = 1, then the
# default_tls_x509_cert_dir path will be used.
# #
#vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
...@@ -172,8 +174,9 @@ ...@@ -172,8 +174,9 @@
# In order to override the default TLS certificate location for # In order to override the default TLS certificate location for
# spice certificates, supply a valid path to the certificate directory. # spice certificates, supply a valid path to the certificate directory.
# If the provided path does not exist then the default_tls_x509_cert_dir # If the provided path does not exist, libvirtd will fail to start.
# path will be used. # If the path is not provided, but spice_tls = 1, then the
# default_tls_x509_cert_dir path will be used.
# #
#spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" #spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice"
...@@ -224,8 +227,9 @@ ...@@ -224,8 +227,9 @@
# In order to override the default TLS certificate location for character # In order to override the default TLS certificate location for character
# device TCP certificates, supply a valid path to the certificate directory. # device TCP certificates, supply a valid path to the certificate directory.
# If the provided path does not exist then the default_tls_x509_cert_dir # If the provided path does not exist, libvirtd will fail to start.
# path will be used. # If the path is not provided, but chardev_tls = 1, then the
# default_tls_x509_cert_dir path will be used.
# #
#chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev" #chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev"
...@@ -276,8 +280,9 @@ ...@@ -276,8 +280,9 @@
# This is used to authenticate the VxHS block device clients to the VxHS # This is used to authenticate the VxHS block device clients to the VxHS
# server. # server.
# #
# If the provided path does not exist then the default_tls_x509_cert_dir # If the provided path does not exist, libvirtd will fail to start.
# path will be used. # If the path is not provided, but vxhs_tls = 1, then the
# default_tls_x509_cert_dir path will be used.
# #
# VxHS block device clients expect the client certificate and key to be # VxHS block device clients expect the client certificate and key to be
# present in the certificate directory along with the CA master certificate. # present in the certificate directory along with the CA master certificate.
...@@ -294,7 +299,8 @@ ...@@ -294,7 +299,8 @@
# In order to override the default TLS certificate location for migration # In order to override the default TLS certificate location for migration
# certificates, supply a valid path to the certificate directory. If the # certificates, supply a valid path to the certificate directory. If the
# provided path does not exist then the default_tls_x509_cert_dir path # provided path does not exist, libvirtd will fail to start. If the path is
# not provided, but migrate_tls = 1, then the default_tls_x509_cert_dir path
# will be used. Once/if a default certificate is enabled/defined, migration # will be used. Once/if a default certificate is enabled/defined, migration
# will then be able to use the certificate via migration API flags. # will then be able to use the certificate via migration API flags.
# #
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册