Network disks and replacing qemu-block-curl|ssh with nbdkit
Peter Krempa
pkrempa at redhat.com
Wed Apr 20 07:36:29 UTC 2022
On Tue, Apr 19, 2022 at 15:00:58 -0500, Jonathon Jongsma wrote:
> On 4/19/22 12:31 PM, Richard W.M. Jones wrote:
> > On Tue, Apr 19, 2022 at 11:40:49AM -0500, Jonathon Jongsma wrote:
> > > Well, As far as I can tell, there is no valid XML for exercising
> > > http auth. The schema for http(s) sources does not include any
> > > <auth> element [1]. And the schema for the <auth> element [2]
> > > requires a <secret> element with a required 'type' attribute, and
> > > the only choices for 'type' are 'ceph' or 'iscsi', neither of which
> > > apply to http authentication.
> > >
> > > So it looks to me like http auth was never supported, rather than a
> > > regression. It also seems that it would require some additional
> > > schema changes to support this.
> > >
> > >
> > > [1] https://gitlab.com/libvirt/libvirt/-/blob/136b821f183deb0b58c571211f6917985bed3308/src/conf/schemas/domaincommon.rng#L1974
> > >
> > > [2]https://gitlab.com/libvirt/libvirt/-/blob/136b821f183deb0b58c571211f6917985bed3308/src/conf/schemas/domaincommon.rng#L6969
> >
> > As noted in my other reply, simple http auth is not practically very
> > useful for the kinds of sources we want to access, so if libvirt never
> > supported it I wouldn't bother adding that complexity now.
>
>
> As far as I can tell, we haven't ever supported it. But it is possible that
> I missed something in my digging, so if anybody has any recollection of http
> auth being supported in the past, please chime in.
I don't think it was really supported. There were some bits present
which made me to think that it was supported in the -drive code, so I've
forward ported the functionality to the -blockdev code, but when I
actually try it we don't setup the 'secret' object which is supposed to
store the password and thus end up crashing in qemuBlockStorageSourceGetCURLProps
I'll post patches to address that, but the question is whether we want
to bother with actually supporting the password authentication or not,
because the simpler approach to fixing the bug is to simply allow it.
More information about the libvir-list
mailing list