[libvirt] [PATCH 5/5] qemu/rbd: improve rbd device specification
Tommi Virtanen
tommi.virtanen at dreamhost.com
Fri Sep 16 16:52:35 UTC 2011
On Thu, Sep 15, 2011 at 13:52, Sage Weil <sage at newdream.net> wrote:
> +static int buildRBDString(virConnectPtr conn,
...
> + /* look up secret */
> + snprintf(idDomain, sizeof(idDomain), "%s/%s", disk->authId,
> + disk->authDomain);
> + sec = virSecretLookupByUsage(conn,
> + VIR_SECRET_USAGE_TYPE_CEPH,
> + idDomain);
...
> + secret = (char *)conn->secretDriver->getValue(sec, &secret_size, 0,
> + VIR_SECRET_GET_VALUE_INTERNAL_CALL);
> + /* qemu/librbd wants it base64 encoded */
> + base64_encode_alloc(secret, secret_size, &base64);
> + virBufferEscape(opt, ":", ":key=%s:auth_supported=cephx\\;none",
> + base64);
If I'm reading this right, that puts the ceph secret on the kvm
command line. That's not good, that makes it visible to anyone on the
host.
More information about the libvir-list
mailing list