From nobody Sat Apr 27 08:23:22 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1504639267688895.3836539109938; Tue, 5 Sep 2017 12:21:07 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BCA27C087355; Tue, 5 Sep 2017 19:21:05 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 988341836C; Tue, 5 Sep 2017 19:21:05 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1C1013FA59; Tue, 5 Sep 2017 19:21:05 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v85J9f6i001601 for ; Tue, 5 Sep 2017 15:09:41 -0400 Received: by smtp.corp.redhat.com (Postfix) id AAE1518121; Tue, 5 Sep 2017 19:09:41 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-120.phx2.redhat.com [10.3.116.120]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7255F619D6 for ; Tue, 5 Sep 2017 19:09:39 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com BCA27C087355 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Tue, 5 Sep 2017 15:09:34 -0400 Message-Id: <20170905190935.18247-2-jferlan@redhat.com> In-Reply-To: <20170905190935.18247-1-jferlan@redhat.com> References: <20170905190935.18247-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 1/2] qemu: Get capabilities for iscsi usage of password-secret argument X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 05 Sep 2017 19:21:06 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Add the capability to use the blockdev-add query-qmp-schema option to find the 'password-secret' parameter that will allow the iSCSI code to use the master secret object (a/k/a AES) to encrypt the secret in an object and only need to provide the object id of tha secret on the command line thus obsfuscating the passphrase. Signed-off-by: John Ferlan --- src/qemu/qemu_capabilities.c | 4 ++++ src/qemu/qemu_capabilities.h | 3 +++ tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 + 5 files changed, 10 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index e7ea6f4..86f27ee 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -439,6 +439,9 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, "virtio-net.tx_queue_size", "chardev-reconnect", "virtio-gpu.max_outputs", + + /* 270 */ + "iscsi.password-secret", ); =20 =20 @@ -1811,6 +1814,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsObjec= tPropsIntelIOMMU[] =3D { static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] =3D { { "blockdev-add/arg-type/options/+gluster/debug-level", QEMU_CAPS_GLUS= TER_DEBUG_LEVEL}, { "blockdev-add/arg-type/+gluster/debug", QEMU_CAPS_GLUSTER_DEBUG_LEVE= L}, + { "blockdev-add/arg-type/+iscsi/password-secret", QEMU_CAPS_ISCSI_PASS= WORD_SECRET }, }; =20 struct virQEMUCapsObjectTypeProps { diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index f32687d..665a772 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -426,6 +426,9 @@ typedef enum { QEMU_CAPS_CHARDEV_RECONNECT, /* -chardev reconnect */ QEMU_CAPS_VIRTIO_GPU_MAX_OUTPUTS, /* -device virtio-(vga|gpu-*),max-ou= tputs=3D */ =20 + /* 265 */ + QEMU_CAPS_ISCSI_PASSWORD_SECRET, /* -drive file.driver=3Discsi,...,pas= sword-secret=3D */ + QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; =20 diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml b/tests/qemu= capabilitiesdata/caps_2.9.0.ppc64le.xml index a373a6d..c5eb395 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml @@ -172,6 +172,7 @@ + 2009000 0 (v2.9.0) diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml b/tests/qemuca= pabilitiesdata/caps_2.9.0.s390x.xml index e80782c..99ad44a 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml @@ -137,6 +137,7 @@ + 2009000 0 diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_2.9.0.x86_64.xml index 3641d03..bd446ff 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml @@ -220,6 +220,7 @@ + 2009000 0 (v2.9.0) --=20 2.9.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sat Apr 27 08:23:22 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1504639520687967.3583291465807; Tue, 5 Sep 2017 12:25:20 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D48FBC07C581; Tue, 5 Sep 2017 19:25:18 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A403A61F31; Tue, 5 Sep 2017 19:25:18 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 62B0418045C2; Tue, 5 Sep 2017 19:25:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v85J9gDW001609 for ; Tue, 5 Sep 2017 15:09:42 -0400 Received: by smtp.corp.redhat.com (Postfix) id 12C8518121; Tue, 5 Sep 2017 19:09:42 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-120.phx2.redhat.com [10.3.116.120]) by smtp.corp.redhat.com (Postfix) with ESMTP id CE860619D2 for ; Tue, 5 Sep 2017 19:09:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D48FBC07C581 Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx08.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Tue, 5 Sep 2017 15:09:35 -0400 Message-Id: <20170905190935.18247-3-jferlan@redhat.com> In-Reply-To: <20170905190935.18247-1-jferlan@redhat.com> References: <20170905190935.18247-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 2/2] qemu: Use secret objects to pass iSCSI passwords X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 05 Sep 2017 19:25:19 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1425757 The blockdev-add code provides a mechanism to sanely provide user and password-secret arguments for iscsi without placing them on the command line to be viewable by a 'ps -ef' type command or needing to create separate -iscsi devices for each disk/volume found. So modify the iSCSI command line building to check for the presence of the capability in order properly setup and use the domain master secret object to encrypt the password in a secret object and alter the parameters for the command line to utilize. Modify the xml2argvtest to exhibit the syntax for both disk and hostdev configurations. Signed-off-by: John Ferlan --- src/qemu/qemu_command.c | 19 ++++++++- src/qemu/qemu_domain.c | 4 ++ ...xml2argv-disk-drive-network-iscsi-auth-AES.args | 39 ++++++++++++++++++ ...uxml2argv-disk-drive-network-iscsi-auth-AES.xml | 43 +++++++++++++++++++ ...ml2argv-hostdev-scsi-virtio-iscsi-auth-AES.args | 35 ++++++++++++++++ ...xml2argv-hostdev-scsi-virtio-iscsi-auth-AES.xml | 48 ++++++++++++++++++= ++++ tests/qemuxml2argvtest.c | 10 +++++ 7 files changed, 196 insertions(+), 2 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= iscsi-auth-AES.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= iscsi-auth-AES.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio= -iscsi-auth-AES.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio= -iscsi-auth-AES.xml diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index ed8cb6e..6012538 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -591,6 +591,7 @@ qemuBuildDiskSecinfoCommandLine(virCommandPtr cmd, =20 =20 /* qemuBuildGeneralSecinfoURI: + * @protocol: Disk source protocol * @uri: Pointer to the URI structure to add to * @secinfo: Pointer to the secret info data (if present) * @@ -602,7 +603,8 @@ qemuBuildDiskSecinfoCommandLine(virCommandPtr cmd, * -1 and error message if fail to add secret information */ static int -qemuBuildGeneralSecinfoURI(virURIPtr uri, +qemuBuildGeneralSecinfoURI(virStorageNetProtocol protocol, + virURIPtr uri, qemuDomainSecretInfoPtr secinfo) { if (!secinfo) @@ -628,6 +630,16 @@ qemuBuildGeneralSecinfoURI(virURIPtr uri, break; =20 case VIR_DOMAIN_SECRET_INFO_TYPE_AES: + /* NB: Cannot fill in @user here because that gets formatted into = the + * URI as "iscsi://{username}@{host}:{port}/{iqn}%3A{target}/{lun}= ", + * but the expectation is it'll be a file parameter "user=3D{usern= ame},". + * Still we don't want to return -1, so deal with this later */ + if (protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_ISCSI) + return 0; + else + return -1; + break; + case VIR_DOMAIN_SECRET_INFO_TYPE_LAST: return -1; } @@ -841,7 +853,7 @@ qemuBuildNetworkDriveURI(virStorageSourcePtr src, virAsprintf(&uri->query, "socket=3D%s", src->hosts->socket) < 0) goto cleanup; =20 - if (qemuBuildGeneralSecinfoURI(uri, secinfo) < 0) + if (qemuBuildGeneralSecinfoURI(src->protocol, uri, secinfo) < 0) goto cleanup; =20 if (VIR_STRDUP(uri->server, src->hosts->name) < 0) @@ -1418,6 +1430,9 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk, * filename=3D%s,...") instead of the legacy model (e.g."-drive * file=3D%s,..."), then the "file." prefix can be removed */ + if (disk->src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_ISCSI) + virBufferAsprintf(buf, "file.user=3D%s,", secinfo->s.aes.usern= ame); + virBufferAsprintf(buf, "file.password-secret=3D%s,", secinfo->s.aes.alias); } diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 9cff501..348b8e5 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1156,9 +1156,13 @@ qemuDomainSecretSetup(virConnectPtr conn, virSecretLookupTypeDefPtr seclookupdef, bool isLuks) { + bool iscsiHasPS =3D virQEMUCapsGet(priv->qemuCaps, + QEMU_CAPS_ISCSI_PASSWORD_SECRET); + if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) && virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) && (usageType =3D=3D VIR_SECRET_USAGE_TYPE_CEPH || + (usageType =3D=3D VIR_SECRET_USAGE_TYPE_ISCSI && iscsiHasPS) || usageType =3D=3D VIR_SECRET_USAGE_TYPE_VOLUME || usageType =3D=3D VIR_SECRET_USAGE_TYPE_TLS)) { if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias, diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-a= uth-AES.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi= -auth-AES.args new file mode 100644 index 0000000..5808f5d --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES= .args @@ -0,0 +1,39 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i686 \ +-name QEMUGuest1 \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-M pc \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-usb \ +-object secret,id=3Dvirtio-disk0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3Discsi://example.org:6000/iqn.1992-01.com.example%3Astorage/1= ,\ +file.user=3Dmyname,file.password-secret=3Dvirtio-disk0-secret0,format=3Dra= w,if=3Dnone,\ +id=3Ddrive-virtio-disk0 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x3,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 \ +-object secret,id=3Dvirtio-disk1-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3Discsi://example.org:6000/iqn.1992-01.com.example%3Astorage/2= ,\ +file.user=3Dmyname,file.password-secret=3Dvirtio-disk1-secret0,format=3Dra= w,if=3Dnone,\ +id=3Ddrive-virtio-disk1 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk1,\ +id=3Dvirtio-disk1 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-a= uth-AES.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-= auth-AES.xml new file mode 100644 index 0000000..63919f1 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES= .xml @@ -0,0 +1,43 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-= auth-AES.args b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-isc= si-auth-AES.args new file mode 100644 index 0000000..c77703e --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AE= S.args @@ -0,0 +1,35 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i686 \ +-name QEMUGuest2 \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest2/master-key.aes \ +-M pc \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9466-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest2/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-device virtio-scsi-pci,id=3Dscsi0,bus=3Dpci.0,addr=3D0x3 \ +-usb \ +-drive file=3D/dev/HostVG/QEMUGuest2,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ +-device ide-drive,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-= 0 \ +-drive file=3Discsi://example.org:3260/iqn.1992-01.com.example%3Astorage/1= ,\ +if=3Dnone,format=3Draw,id=3Ddrive-hostdev0 \ +-device scsi-generic,bus=3Dscsi0.0,channel=3D0,scsi-id=3D2,lun=3D4,\ +drive=3Ddrive-hostdev0,id=3Dhostdev0 \ +-drive file=3Discsi://example.org:3260/iqn.1992-01.com.example%3Astorage/2= ,\ +if=3Dnone,format=3Draw,id=3Ddrive-hostdev1 \ +-device scsi-generic,bus=3Dscsi0.0,channel=3D0,scsi-id=3D2,lun=3D5,\ +drive=3Ddrive-hostdev1,id=3Dhostdev1 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x4 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-= auth-AES.xml b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscs= i-auth-AES.xml new file mode 100644 index 0000000..0f63f98 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AE= S.xml @@ -0,0 +1,48 @@ + + QEMUGuest2 + c7a5fdbd-edaf-9466-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + +
+ + + + + + + + + + + + + + +
+ + + + + + + + +
+ + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index d6ada22..c0cfc66 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -917,6 +917,10 @@ mymain(void) DO_TEST("disk-drive-network-nbd-unix", NONE); DO_TEST("disk-drive-network-iscsi", NONE); DO_TEST("disk-drive-network-iscsi-auth", NONE); +# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT + DO_TEST("disk-drive-network-iscsi-auth-AES", + QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_ISCSI_PASSWORD_SECRET); +# endif DO_TEST("disk-drive-network-iscsi-lun", QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_SCSI_BLOCK); @@ -2301,6 +2305,12 @@ mymain(void) DO_TEST("hostdev-scsi-virtio-iscsi-auth", QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE_SCSI_GENERIC); +# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT + DO_TEST("hostdev-scsi-virtio-iscsi-auth-AES", + QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI, + QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_OBJECT_SECRET, + QEMU_CAPS_ISCSI_PASSWORD_SECRET); +# endif DO_TEST("hostdev-scsi-vhost-scsi-ccw", QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE_VHOST_SCSI, QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_VIRTIO_CCW); --=20 2.9.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list