[Libguestfs] [PATCH] launch: libvirt: Implement drive secrets (RHBZ#1159016).

Daniel P. Berrange berrange at redhat.com
Fri Oct 31 11:13:44 UTC 2014 

On Fri, Oct 31, 2014 at 11:04:25AM +0000, Richard W.M. Jones wrote:
> Implement the GUESTFS_ADD_DRIVE_OPTS_SECRET argument of
> guestfs_add_drive_opts.  For libvirt we have to save the secret in
> libvirtd first, get a UUID, and then pass the UUID back through the
> domain XML.
> ---
>  src/launch-libvirt.c | 227 ++++++++++++++++++++++++++++++++++++++++++++++++++-
>  1 file changed, 224 insertions(+), 3 deletions(-)
> 
> diff --git a/src/launch-libvirt.c b/src/launch-libvirt.c
> index 7206b33..45e215c 100644
> --- a/src/launch-libvirt.c
> +++ b/src/launch-libvirt.c

> +static int
> +add_secret (guestfs_h *g, struct backend_libvirt_data *data, const struct drive *drv)
> +{

> +  debug (g, "libvirt secret XML:\n%s", xml);
> +
> +  /* Pass the XML to libvirt. */
> +  secret = virSecretDefineXML (data->conn, (const char *) xml, 0);
> +  if (secret == NULL) {
> +    libvirt_error (g, _("could not define libvirt secret"));
> +    return -1;
> +  }
> +
> +  /* Set the secret. */
> +  if (virSecretSetValue (secret,
> +                         (const unsigned char *) drv->src.secret,
> +                         strlen (drv->src.secret),
> +                         0) == -1) {
> +    libvirt_error (g, _("could not set libvirt secret value"));
> +    return -1;
> +  }

So the value for 'secret' that we're passing into the add_drive_opts()
method for the plain QEMU backend has to be base64 encoded, because
the value is passed as-is to QEMU on the CLI.

When the libvirt QEMU driver feches the secret value, it will apply
base64 encoding before adding it to the QEMU CLI. IOW, the virSecret
object must store the raw value, not the base64 value.

So I think you need to have a base64 decode step here before calling
virSecretSetValue.

We should probably also clarify the docs to say that the value passed
to add_drive_opts() should be the base64 encoded value of the secret.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the Libguestfs mailing list