aboutsummaryrefslogtreecommitdiff
path: root/qapi-schema.json
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2017-03-15 16:16:03 +0000
committerJuan Quintela <quintela@redhat.com>2017-03-16 08:57:08 +0100
commit4af245dc3e6e5c96405b3edb9d75657504256469 (patch)
tree9c0fa921914c6ab94ab964db401397cbf349de07 /qapi-schema.json
parent1ffb5dfd35888cd9de78cc97d3e3e3cb1f3c4887 (diff)
migration: use "" as the default for tls-creds/hostname
The tls-creds parameter has a default value of NULL indicating that TLS should not be used. Setting it to non-NULL enables use of TLS. Once tls-creds are set to a non-NULL value via the monitor, it isn't possible to set them back to NULL again, due to current implementation limitations. The empty string is not a valid QObject identifier, so this switches to use "" as the default, indicating that TLS will not be used The tls-hostname parameter has a default value of NULL indicating the the hostname from the migrate connection URI should be used. Again, once tls-hostname is set non-NULL, to override the default hostname for x509 cert validation, it isn't possible to reset it back to NULL via the monitor. The empty string is not a valid hostname, so this switches to use "" as the default, indicating that the migrate URI hostname should be used. Using "" as the default for both, also means that the monitor commands "info migrate_parameters" / "query-migrate-parameters" will report existance of tls-creds/tls-parameters even when set to their default values. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Diffstat (limited to 'qapi-schema.json')
-rw-r--r--qapi-schema.json4
1 files changed, 4 insertions, 0 deletions
diff --git a/qapi-schema.json b/qapi-schema.json
index 32b4a4b782..eb9bf67bd9 100644
--- a/qapi-schema.json
+++ b/qapi-schema.json
@@ -1036,6 +1036,8 @@
# credentials must be for a 'server' endpoint. Setting this
# will enable TLS for all migrations. The default is unset,
# resulting in unsecured migration at the QEMU level. (Since 2.7)
+# An empty string means that QEMU will use plain text mode for
+# migration, rather than TLS (Since 2.9)
#
# @tls-hostname: #optional hostname of the target host for the migration. This
# is required when using x509 based TLS credentials and the
@@ -1043,6 +1045,8 @@
# example if using fd: or exec: based migration, the
# hostname must be provided so that the server's x509
# certificate identity can be validated. (Since 2.7)
+# An empty string means that QEMU will use the hostname
+# associated with the migration URI, if any. (Since 2.9)
#
# @max-bandwidth: to set maximum speed for migration. maximum speed in
# bytes per second. (Since 2.8)