[libvirt] [REPOST PATCH v6 6/8] qemu: Use secret objects to pass iSCSI passwords

Peter Krempa pkrempa at redhat.com
Thu Nov 23 18:24:38 UTC 2017


On Thu, Nov 23, 2017 at 15:32:43 +0100, Peter Krempa wrote:
> On Wed, Nov 08, 2017 at 08:15:59 -0500, John Ferlan wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1425757
> > 
> > The blockdev-add code provides a mechanism to sanely provide user
> > and password-secret arguments for iscsi without placing them on the
> > command line to be viewable by a 'ps -ef' type command or needing
> > to create separate -iscsi devices for each disk/volume found.
> > 
> > So modify the iSCSI command line building to check for the presence
> > of the capability in order properly setup and use the domain master
> > secret object to encrypt the password in a secret object and alter
> > the parameters for the command line to utilize.
> > 
> > Modify the xml2argvtest to exhibit the syntax for both disk and
> > hostdev configurations.
> > 
> > Signed-off-by: John Ferlan <jferlan at redhat.com>
> > ---
> >  src/qemu/qemu_command.c                            | 65 +++++++++++++++++-----
> >  src/qemu/qemu_command.h                            |  3 +-
> >  src/qemu/qemu_domain.c                             |  4 ++
> >  src/qemu/qemu_hotplug.c                            | 50 ++++++++++++++++-
> >  ...xml2argv-disk-drive-network-iscsi-auth-AES.args | 41 ++++++++++++++
> >  ...uxml2argv-disk-drive-network-iscsi-auth-AES.xml | 43 ++++++++++++++
> >  ...ml2argv-hostdev-scsi-virtio-iscsi-auth-AES.args | 45 +++++++++++++++
> >  ...xml2argv-hostdev-scsi-virtio-iscsi-auth-AES.xml | 48 ++++++++++++++++
> >  tests/qemuxml2argvtest.c                           | 10 ++++
> >  9 files changed, 292 insertions(+), 17 deletions(-)
> >  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES.args
> >  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES.xml
> >  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AES.args
> >  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AES.xml
> > 
> > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> > index 577c76b44b..f0724223f2 100644
> > --- a/src/qemu/qemu_command.c
> > +++ b/src/qemu/qemu_command.c
> 
> [...]
> 
> > @@ -1573,7 +1579,9 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk,
> >              virBufferAsprintf(buf, "file.debug=%d,", cfg->glusterDebugLevel);
> >      }
> >  
> > -    if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
> > +    if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES &&
> > +        disk->src->type == VIR_STORAGE_TYPE_NETWORK &&
> > +        disk->src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD) {
> 
> This hunk is misplaced. if 'srcprops' is present no additional
> parameters should be added via this syntax. The same applies also to the
> gluster hunk above.
> 
> I'll post a patch to move them and then you can commit this patch
> without this hunk.

The cleanup patch is now pushed as 6197d5726b
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20171123/876c91c0/attachment-0001.sig>


More information about the libvir-list mailing list