Prefer 'on' | 'off' over 'yes' | 'no' for bool options
Update some docs and test cases to use 'on' | 'off' as the preferred value for bool options. Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
166310299a
commit
4d7beeab38
@ -65,7 +65,7 @@ encrypted session.
|
|||||||
.. parsed-literal::
|
.. parsed-literal::
|
||||||
|
|
||||||
|qemu_system| [...OPTIONS...] \
|
|qemu_system| [...OPTIONS...] \
|
||||||
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=no \
|
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=off \
|
||||||
-vnc :1,tls-creds=tls0 -monitor stdio
|
-vnc :1,tls-creds=tls0 -monitor stdio
|
||||||
|
|
||||||
In the above example ``/etc/pki/qemu`` should contain at least three
|
In the above example ``/etc/pki/qemu`` should contain at least three
|
||||||
@ -84,12 +84,12 @@ connecting. The server will request that the client provide a
|
|||||||
certificate, which it will then validate against the CA certificate.
|
certificate, which it will then validate against the CA certificate.
|
||||||
This is a good choice if deploying in an environment with a private
|
This is a good choice if deploying in an environment with a private
|
||||||
internal certificate authority. It uses the same syntax as previously,
|
internal certificate authority. It uses the same syntax as previously,
|
||||||
but with ``verify-peer`` set to ``yes`` instead.
|
but with ``verify-peer`` set to ``on`` instead.
|
||||||
|
|
||||||
.. parsed-literal::
|
.. parsed-literal::
|
||||||
|
|
||||||
|qemu_system| [...OPTIONS...] \
|
|qemu_system| [...OPTIONS...] \
|
||||||
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
|
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
|
||||||
-vnc :1,tls-creds=tls0 -monitor stdio
|
-vnc :1,tls-creds=tls0 -monitor stdio
|
||||||
|
|
||||||
.. _vnc_005fsec_005fcertificate_005fpw:
|
.. _vnc_005fsec_005fcertificate_005fpw:
|
||||||
@ -103,7 +103,7 @@ authentication to provide two layers of authentication for clients.
|
|||||||
.. parsed-literal::
|
.. parsed-literal::
|
||||||
|
|
||||||
|qemu_system| [...OPTIONS...] \
|
|qemu_system| [...OPTIONS...] \
|
||||||
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
|
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
|
||||||
-vnc :1,tls-creds=tls0,password -monitor stdio
|
-vnc :1,tls-creds=tls0,password -monitor stdio
|
||||||
(qemu) change vnc password
|
(qemu) change vnc password
|
||||||
Password: ********
|
Password: ********
|
||||||
@ -145,7 +145,7 @@ x509 options:
|
|||||||
.. parsed-literal::
|
.. parsed-literal::
|
||||||
|
|
||||||
|qemu_system| [...OPTIONS...] \
|
|qemu_system| [...OPTIONS...] \
|
||||||
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \
|
-object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
|
||||||
-vnc :1,tls-creds=tls0,sasl -monitor stdio
|
-vnc :1,tls-creds=tls0,sasl -monitor stdio
|
||||||
|
|
||||||
.. _vnc_005fsetup_005fsasl:
|
.. _vnc_005fsetup_005fsasl:
|
||||||
|
@ -73,7 +73,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile,
|
|||||||
* The object can be created on the command line using
|
* The object can be created on the command line using
|
||||||
*
|
*
|
||||||
* -object authz-list-file,id=authz0,\
|
* -object authz-list-file,id=authz0,\
|
||||||
* filename=/etc/qemu/myvm-vnc.acl,refresh=yes
|
* filename=/etc/qemu/myvm-vnc.acl,refresh=on
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
struct QAuthZListFile {
|
struct QAuthZListFile {
|
||||||
|
@ -5027,7 +5027,7 @@ SRST
|
|||||||
Note the use of quotes due to the x509 distinguished name
|
Note the use of quotes due to the x509 distinguished name
|
||||||
containing whitespace, and escaping of ','.
|
containing whitespace, and escaping of ','.
|
||||||
|
|
||||||
``-object authz-listfile,id=id,filename=path,refresh=yes|no``
|
``-object authz-listfile,id=id,filename=path,refresh=on|off``
|
||||||
Create an authorization object that will control access to
|
Create an authorization object that will control access to
|
||||||
network services.
|
network services.
|
||||||
|
|
||||||
@ -5072,7 +5072,7 @@ SRST
|
|||||||
|
|
||||||
# |qemu_system| \\
|
# |qemu_system| \\
|
||||||
... \\
|
... \\
|
||||||
-object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=yes \\
|
-object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=on \\
|
||||||
...
|
...
|
||||||
|
|
||||||
``-object authz-pam,id=id,service=string``
|
``-object authz-pam,id=id,service=string``
|
||||||
|
@ -84,7 +84,7 @@ echo
|
|||||||
echo "== check plain client to TLS server fails =="
|
echo "== check plain client to TLS server fails =="
|
||||||
|
|
||||||
nbd_server_start_tcp_socket \
|
nbd_server_start_tcp_socket \
|
||||||
--object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \
|
--object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \
|
||||||
--tls-creds tls0 \
|
--tls-creds tls0 \
|
||||||
-f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log"
|
-f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log"
|
||||||
|
|
||||||
@ -129,7 +129,7 @@ echo "== check TLS with authorization =="
|
|||||||
nbd_server_stop
|
nbd_server_stop
|
||||||
|
|
||||||
nbd_server_start_tcp_socket \
|
nbd_server_start_tcp_socket \
|
||||||
--object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \
|
--object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \
|
||||||
--object "authz-simple,id=authz0,identity=CN=localhost,, \
|
--object "authz-simple,id=authz0,identity=CN=localhost,, \
|
||||||
O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \
|
O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \
|
||||||
--tls-authz authz0 \
|
--tls-authz authz0 \
|
||||||
|
Loading…
Reference in New Issue
Block a user