diff options
author | John Ferlan <jferlan@redhat.com> | 2016-09-08 10:04:59 -0400 |
---|---|---|
committer | John Ferlan <jferlan@redhat.com> | 2016-10-19 15:40:29 -0400 |
commit | 3b668bb51ad0ed7f95fef0b0afafed47937c1495 (patch) | |
tree | 985b4b4af997d141141c4ece6d66dbb6d1c011d8 /src/qemu/qemu.conf | |
parent | 710d875fb7d1e3c584415105a67f66724d0ea89d (diff) | |
download | libvirt-3b668bb51ad0ed7f95fef0b0afafed47937c1495.tar.gz |
conf: Introduce {default|chardev}_tls_x509_secret_uuid
Add a new qemu.conf variables to store the UUID for the secret that could
be used to present credentials to access the TLS chardev. Since this will
be a server level and it's possible to use some sort of default, introduce
both the default and chardev logic at the same time making the setting of
the chardev check for it's own value, then if not present checking whether
the default value had been set.
Signed-off-by: John Ferlan <jferlan@redhat.com>
Diffstat (limited to 'src/qemu/qemu.conf')
-rw-r--r-- | src/qemu/qemu.conf | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index e4c2aae2ec..c4fcb6d435 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -28,6 +28,20 @@ # #default_tls_x509_verify = 1 +# +# Libvirt assumes the server-key.pem file is unencrypted by default. +# To use an encrypted server-key.pem file, the password to decrypt +# the PEM file is required. This can be provided by creating a secret +# object in libvirt and then to uncomment this setting to set the UUID +# of the secret. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#default_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + # VNC is configured to listen on 127.0.0.1 by default. # To make it listen on all public interfaces, uncomment # this next option. @@ -214,6 +228,16 @@ #chardev_tls_x509_verify = 1 +# Uncomment and use the following option to override the default secret +# UUID provided in the default_tls_x509_secret_uuid parameter. +# +# NB This default all-zeros UUID will not work. Replace it with the +# output from the UUID for the TLS secret from a 'virsh secret-list' +# command and then uncomment the entry +# +#chardev_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000" + + # By default, if no graphical front end is configured, libvirt will disable # QEMU audio output since directly talking to alsa/pulseaudio may not work # with various security settings. If you know what you're doing, enable |