[libvirt] [PATCHv7 2/2] domain: conf: Fix secret type checking for network volumes

Ján Tomko jtomko at redhat.com
Mon Feb 3 17:05:14 UTC 2014 

On 01/30/2014 07:57 PM, Adam Walters wrote:
> On Thu, Jan 30, 2014 at 9:46 AM, Ján Tomko <jtomko at redhat.com
> <mailto:jtomko at redhat.com>> wrote:
> 
>     On 01/23/2014 08:45 PM, Adam Walters wrote:
>     > This patch fixes the secret type checking done in the
>     > virDomainDiskDefParseXML function. Previously, it would not allow any
>     > volumes that utilized a secret. This patch is a simple bypass of the
>     > checking code for volumes.
>     >
>     > Signed-off-by: Adam Walters <adam at pandorasboxen.com
>     <mailto:adam at pandorasboxen.com>>
>     > ---
>     >  src/conf/domain_conf.c | 6 ++++--
>     >  1 file changed, 4 insertions(+), 2 deletions(-)
>     >
>     > diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>     > index 28e24f9..773dc26 100644
>     > --- a/src/conf/domain_conf.c
>     > +++ b/src/conf/domain_conf.c
>     > @@ -5418,7 +5418,8 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt,
>     >          cur = cur->next;
>     >      }
>     >
>     > -    if (auth_secret_usage != -1 && auth_secret_usage !=
>     expected_secret_usage) {
>     > +    if (auth_secret_usage != -1 && auth_secret_usage !=
>     expected_secret_usage &&
>     > +        def->type != VIR_DOMAIN_DISK_TYPE_VOLUME) {
>     >          virReportError(VIR_ERR_INTERNAL_ERROR,
>     >                         _("invalid secret type '%s'"),
>     >                         virSecretUsageTypeTypeToString(auth_secret_usage));
> 
>     So an rbd volume can have a secret when the pool has auth set to none?
>     Otherwise it seems the volume's secret data might get overwritten by
>     qemuTranslateDiskSourcePoolAuth.
> 
> 
> The purpose of this is to bypass the secret type checking for volumes (not
> just RBD volumes).

This check is blocking it for iscsi volumes too, even though we have it as an
example in formatdomain.html


> 
> Above this section of code, but in the same function, there is some code that
> populates the
> expected_secret_usage variable. Looking back on it now, I think I may have an
> alternative solution.
> I think I might be able to set expected_secret_usage properly by referencing
> def->srcpool->pooltype
> above this to check it like is done for non-storage pool RBD disks.
> 

Volume translation is done on domain start-up. This function doing the
checking is done on domain definition and the pool might not yet be available.

Jan


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140203/3ffe784f/attachment-0001.sig>

More information about the libvir-list mailing list