From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505522975303370.7254342268443; Fri, 15 Sep 2017 17:49:35 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3BBBB3B9; Sat, 16 Sep 2017 00:49:34 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 19C2160475; Sat, 16 Sep 2017 00:49:34 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D6A003FA56; Sat, 16 Sep 2017 00:49:33 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UOe1013104 for ; Fri, 15 Sep 2017 20:30:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id F263618179; Sat, 16 Sep 2017 00:30:24 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id BBD51179FF for ; Sat, 16 Sep 2017 00:30:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3BBBB3B9 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:04 -0400 Message-Id: <20170916003017.32502-2-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 01/14] util: Move virSecretUsageType to virsecret.h X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Sat, 16 Sep 2017 00:49:34 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Move the virSecretUsageType into the util. Signed-off-by: John Ferlan --- src/conf/domain_conf.c | 1 + src/conf/secret_conf.c | 4 +--- src/conf/secret_conf.h | 2 -- src/qemu/qemu_parse_command.c | 2 +- src/storage/storage_driver.c | 1 + src/util/virsecret.c | 2 ++ src/util/virsecret.h | 3 +++ tools/virsh-secret.c | 2 +- 8 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index cc5e79b70..8dca1357c 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -53,6 +53,7 @@ #include "device_conf.h" #include "network_conf.h" #include "virtpm.h" +#include "virsecret.h" #include "virstring.h" #include "virnetdev.h" #include "virnetdevmacvlan.h" diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c index bd085b7e4..989705234 100644 --- a/src/conf/secret_conf.c +++ b/src/conf/secret_conf.c @@ -30,6 +30,7 @@ #include "secret_conf.h" #include "virsecretobj.h" #include "virerror.h" +#include "virsecret.h" #include "virstring.h" #include "virxml.h" #include "viruuid.h" @@ -38,9 +39,6 @@ =20 VIR_LOG_INIT("conf.secret_conf"); =20 -VIR_ENUM_IMPL(virSecretUsage, VIR_SECRET_USAGE_TYPE_LAST, - "none", "volume", "ceph", "iscsi", "tls") - void virSecretDefFree(virSecretDefPtr def) { diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h index e0d9465a0..aa81651d4 100644 --- a/src/conf/secret_conf.h +++ b/src/conf/secret_conf.h @@ -26,8 +26,6 @@ # include "internal.h" # include "virutil.h" =20 -VIR_ENUM_DECL(virSecretUsage) - typedef struct _virSecretDef virSecretDef; typedef virSecretDef *virSecretDefPtr; struct _virSecretDef { diff --git a/src/qemu/qemu_parse_command.c b/src/qemu/qemu_parse_command.c index 8cb96a24a..ac9076190 100644 --- a/src/qemu/qemu_parse_command.c +++ b/src/qemu/qemu_parse_command.c @@ -28,9 +28,9 @@ #include "dirname.h" #include "viralloc.h" #include "virlog.h" +#include "virsecret.h" #include "virstring.h" #include "c-ctype.h" -#include "secret_conf.h" =20 #define VIR_FROM_THIS VIR_FROM_QEMU =20 diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c index 7cf5943cb..59ccc8036 100644 --- a/src/storage/storage_driver.c +++ b/src/storage/storage_driver.c @@ -48,6 +48,7 @@ #include "virfile.h" #include "virfdstream.h" #include "configmake.h" +#include "virsecret.h" #include "virstring.h" #include "viraccessapicheck.h" //#include "dirname.h" diff --git a/src/util/virsecret.c b/src/util/virsecret.c index aded8028b..4dd19cdf5 100644 --- a/src/util/virsecret.c +++ b/src/util/virsecret.c @@ -32,6 +32,8 @@ =20 VIR_LOG_INIT("util.secret"); =20 +VIR_ENUM_IMPL(virSecretUsage, VIR_SECRET_USAGE_TYPE_LAST, + "none", "volume", "ceph", "iscsi", "tls") =20 void virSecretLookupDefClear(virSecretLookupTypeDefPtr def) diff --git a/src/util/virsecret.h b/src/util/virsecret.h index 4506fb36e..a56e0c0c5 100644 --- a/src/util/virsecret.h +++ b/src/util/virsecret.h @@ -24,8 +24,11 @@ =20 # include "internal.h" =20 +# include "virutil.h" # include "virxml.h" =20 +VIR_ENUM_DECL(virSecretUsage) + typedef enum { VIR_SECRET_LOOKUP_TYPE_NONE, VIR_SECRET_LOOKUP_TYPE_UUID, diff --git a/tools/virsh-secret.c b/tools/virsh-secret.c index cd788b687..52f067652 100644 --- a/tools/virsh-secret.c +++ b/tools/virsh-secret.c @@ -32,9 +32,9 @@ #include "viralloc.h" #include "virfile.h" #include "virutil.h" +#include "virsecret.h" #include "virstring.h" #include "virtime.h" -#include "conf/secret_conf.h" =20 static virSecretPtr virshCommandOptSecret(vshControl *ctl, const vshCmd *cmd, const char **nam= e) --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505525950286590.0219314582081; Fri, 15 Sep 2017 18:39:10 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AF5655F7B1; Sat, 16 Sep 2017 01:39:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ECE2D60A9D; Sat, 16 Sep 2017 01:39:07 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 54A2741F77; Sat, 16 Sep 2017 01:39:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UP76013110 for ; Fri, 15 Sep 2017 20:30:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id 57D2418179; Sat, 16 Sep 2017 00:30:25 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 20317179FF for ; Sat, 16 Sep 2017 00:30:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com AF5655F7B1 Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:05 -0400 Message-Id: <20170916003017.32502-3-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 02/14] util: Fix secret generation in virStorageSourceParseRBDColonString X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Sat, 16 Sep 2017 01:39:09 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Commit id '5604c056' used the wrong API to generate the --- src/util/virstoragefile.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index e94ad32f0..1040e9a17 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -44,6 +44,7 @@ #include "virbuffer.h" #include "virjson.h" #include "virstorageencryption.h" +#include "virsecret.h" =20 #define VIR_FROM_THIS VIR_FROM_STORAGE =20 @@ -2546,7 +2547,7 @@ virStorageSourceParseRBDColonString(const char *rbdst= r, goto error; =20 if (VIR_STRDUP(authdef->secrettype, - virStorageAuthTypeToString(VIR_STORAGE_AUTH_TYP= E_CEPHX)) < 0) + virSecretUsageTypeToString(VIR_SECRET_USAGE_TYP= E_CEPH)) < 0) goto error; src->auth =3D authdef; authdef =3D NULL; --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505522997007156.4743959128101; Fri, 15 Sep 2017 17:49:57 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AF6BF356F8; Sat, 16 Sep 2017 00:49:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 510E57F1B8; Sat, 16 Sep 2017 00:49:55 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 550E0410B4; Sat, 16 Sep 2017 00:49:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UPCF013116 for ; Fri, 15 Sep 2017 20:30:25 -0400 Received: by smtp.corp.redhat.com (Postfix) id B31C518179; Sat, 16 Sep 2017 00:30:25 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7AB16179FF for ; Sat, 16 Sep 2017 00:30:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com AF6BF356F8 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:06 -0400 Message-Id: <20170916003017.32502-4-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 03/14] conf: Add/Allow parsing the auth in the disk source X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Sat, 16 Sep 2017 00:49:56 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since the virStorageAuthDefPtr auth; is a member of _virStorageSource it really should be allowed to be a subelement of the disk for the RBD and iSCSI prototcols. That way we can set up to allow the element to be formatted within the disk source. For now just allow the format in the RNG and read it in domain_conf. Modify the qemuxml2argvtest to add a parse failure when there is an as a child of *and* an as a child of . The virschematest will read the new test files and validate from a RNG viewpoint things are fine Signed-off-by: John Ferlan --- docs/schemas/domaincommon.rng | 20 +++++++- src/conf/domain_conf.c | 53 ++++++++++++++++++= ++-- ...v-disk-drive-network-iscsi-source-auth-both.xml | 36 +++++++++++++++ ...l2argv-disk-drive-network-iscsi-source-auth.xml | 43 ++++++++++++++++++ ...rgv-disk-drive-network-rbd-source-auth-both.xml | 45 ++++++++++++++++++ ...xml2argv-disk-drive-network-rbd-source-auth.xml | 42 +++++++++++++++++ tests/qemuxml2argvtest.c | 2 + 7 files changed, 237 insertions(+), 4 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= iscsi-source-auth-both.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= iscsi-source-auth.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= rbd-source-auth-both.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= rbd-source-auth.xml diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index c9a4f7a9a..139f1eea2 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1578,11 +1578,29 @@ + + + =20 + + + + + iscsi + + + + + + + + + + @@ -1601,7 +1619,6 @@ sheepdog - iscsi ftp ftps tftp @@ -1644,6 +1661,7 @@ + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 8dca1357c..5c0218cdf 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -8107,6 +8107,29 @@ virDomainDiskSourcePoolDefParse(xmlNodePtr node, } =20 =20 +static int +virDomainDiskSourceAuthParse(xmlNodePtr node, + virStorageAuthDefPtr *authdefsrc) +{ + xmlNodePtr child; + virStorageAuthDefPtr authdef; + + for (child =3D node->children; child; child =3D child->next) { + if (child->type =3D=3D XML_ELEMENT_NODE && + virXMLNodeNameEqual(child, "auth")) { + + if (!(authdef =3D virStorageAuthDefParse(node->doc, child))) + return -1; + + *authdefsrc =3D authdef; + return 0; + } + } + + return 0; +} + + int virDomainDiskSourceParse(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -8193,6 +8216,9 @@ virDomainDiskSourceParse(xmlNodePtr node, goto cleanup; } =20 + if (virDomainDiskSourceAuthParse(node, &src->auth) < 0) + goto cleanup; + /* People sometimes pass a bogus '' source path when they mean to omit= the * source element completely (e.g. CDROM without media). This is just a * little compatibility check to help those broken apps */ @@ -8770,6 +8796,7 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, char *serial =3D NULL; char *startupPolicy =3D NULL; virStorageAuthDefPtr authdef =3D NULL; + bool diskAuth =3D false; char *tray =3D NULL; char *removable =3D NULL; char *logical_block_size =3D NULL; @@ -8819,6 +8846,16 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlop= t, if (virDomainDiskSourceParse(cur, ctxt, def->src) < 0) goto error; =20 + /* If we've already found an as a child of and + * we find one as a child of , then force an error to + * avoid ambiguity */ + if (diskAuth && def->src->auth) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("an definition already found for " + "the definition")); + goto error; + } + source =3D true; =20 startupPolicy =3D virXMLPropString(cur, "startupPolicy"); @@ -8874,10 +8911,20 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlo= pt, !(flags & VIR_DOMAIN_DEF_PARSE_INACTIVE)) { if (virDomainDiskDefMirrorParse(def, cur, ctxt) < 0) goto error; - } else if (!authdef && + } else if (!diskAuth && virXMLNodeNameEqual(cur, "auth")) { + diskAuth =3D true; if (!(authdef =3D virStorageAuthDefParse(node->doc, cur))) goto error; + + /* If we've already parsed and found an child, + * then generate an error to avoid ambiguity */ + if (source && def->src->auth) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("an definition already found for " + "disk source")); + goto error; + } } else if (virXMLNodeNameEqual(cur, "iotune")) { if (virDomainDiskDefIotuneParse(def, ctxt) < 0) goto error; @@ -9111,8 +9158,8 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, =20 def->dst =3D target; target =3D NULL; - def->src->auth =3D authdef; - authdef =3D NULL; + if (diskAuth) + VIR_STEAL_PTR(def->src->auth, authdef); def->src->encryption =3D encryption; encryption =3D NULL; def->domain_name =3D domain_name; diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-s= ource-auth-both.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-networ= k-iscsi-source-auth-both.xml new file mode 100644 index 000000000..9f14f489f --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-source-a= uth-both.xml @@ -0,0 +1,36 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + + + + + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-s= ource-auth.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-isc= si-source-auth.xml new file mode 100644 index 000000000..af2d51fe9 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-source-a= uth.xml @@ -0,0 +1,43 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-sou= rce-auth-both.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= rbd-source-auth-both.xml new file mode 100644 index 000000000..62a781cd3 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-source-aut= h-both.xml @@ -0,0 +1,45 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-sou= rce-auth.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-s= ource-auth.xml new file mode 100644 index 000000000..d25e4148b --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-source-aut= h.xml @@ -0,0 +1,42 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + +
+ + + + + + + + + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index c8c479cbd..d16b3b7b8 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -919,6 +919,8 @@ mymain(void) DO_TEST("disk-drive-network-iscsi-auth", NONE); DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-secrettype-invalid"= , NONE); DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-wrong-secrettype", = NONE); + DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-source-auth-both", NONE); + DO_TEST_PARSE_ERROR("disk-drive-network-rbd-source-auth-both", NONE); DO_TEST("disk-drive-network-iscsi-lun", QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_SCSI_BLOCK); --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505522690617639.2952791886373; Fri, 15 Sep 2017 17:44:50 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AD8664E4C2; Sat, 16 Sep 2017 00:44:48 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 883B67F1B6; Sat, 16 Sep 2017 00:44:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5A9F31843762; Sat, 16 Sep 2017 00:44:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UQx4013121 for ; Fri, 15 Sep 2017 20:30:26 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7610918179; Sat, 16 Sep 2017 00:30:26 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2EFB1179FF for ; Sat, 16 Sep 2017 00:30:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com AD8664E4C2 Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:07 -0400 Message-Id: <20170916003017.32502-5-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 04/14] conf: Move auth formatting to disk source X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Sat, 16 Sep 2017 00:44:49 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Alter the output of the formatting to be a child of the disk's source rather than a child of the disk. Update the various test outputs for existing disk tests to conform to the new view. Add tests to validate that if the was found in , then the resulting xml2xml and xml2arg works just fine. The two new .args file are exact copies of the non "-source" version of the file. Update the virstoragetest to handle that the output will now be part of the stanza in the rbd output. Signed-off-by: John Ferlan --- docs/formatdomain.html.in | 68 +++++++++++++-----= ---- src/conf/domain_conf.c | 15 +++-- .../qemuargv2xml-disk-drive-network-iscsi-auth.xml | 6 +- .../qemuargv2xml-disk-drive-network-rbd-auth.xml | 6 +- ...2argv-disk-drive-network-iscsi-source-auth.args | 31 ++++++++++ ...ml2argv-disk-drive-network-rbd-source-auth.args | 29 +++++++++ tests/qemuxml2argvtest.c | 2 + .../qemuxml2xmlout-disk-backing-chains-active.xml | 6 +- ...qemuxml2xmlout-disk-backing-chains-inactive.xml | 6 +- ...emuxml2xmlout-disk-drive-network-iscsi-auth.xml | 12 ++-- ...xmlout-disk-drive-network-iscsi-source-auth.xml | 47 +++++++++++++++ .../qemuxml2xmlout-disk-drive-network-rbd-auth.xml | 6 +- ...l2xmlout-disk-drive-network-rbd-source-auth.xml | 47 +++++++++++++++ .../qemuxml2xmlout-disk-source-pool-mode.xml | 3 - tests/qemuxml2xmltest.c | 2 + tests/virstoragetest.c | 6 ++ 16 files changed, 235 insertions(+), 57 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= iscsi-source-auth.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= rbd-source-auth.args create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-netw= ork-iscsi-source-auth.xml create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-netw= ork-rbd-source-auth.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 3b78bbeb8..f56479953 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2293,11 +2293,11 @@ <host name=3D"hostname" port=3D"7000"/> <snapshot name=3D"snapname"/> <config file=3D"/path/to/file"/> + <auth username=3D'myuser'> + <secret type=3D'ceph' usage=3D'mypassid'/> + </auth> </source> <target dev=3D"hdc" bus=3D"ide"/> - <auth username=3D'myuser'> - <secret type=3D'ceph' usage=3D'mypassid'/> - </auth> </disk> <disk type=3D'block' device=3D'cdrom'> <driver name=3D'qemu' type=3D'raw'/> @@ -2366,20 +2366,20 @@ <driver name=3D'qemu' type=3D'raw'/> <source protocol=3D'iscsi' name=3D'iqn.2013-07.com.example:iscsi-no= pool/2'> <host name=3D'example.com' port=3D'3260'/> + <auth username=3D'myuser'> + <secret type=3D'iscsi' usage=3D'libvirtiscsi'/> + </auth> </source> - <auth username=3D'myuser'> - <secret type=3D'iscsi' usage=3D'libvirtiscsi'/> - </auth> <target dev=3D'vda' bus=3D'virtio'/> </disk> <disk type=3D'network' device=3D'lun'> <driver name=3D'qemu' type=3D'raw'/> <source protocol=3D'iscsi' name=3D'iqn.2013-07.com.example:iscsi-no= pool/1'> <host name=3D'example.com' port=3D'3260'/> + <auth username=3D'myuser'> + <secret type=3D'iscsi' usage=3D'libvirtiscsi'/> + </auth> </source> - <auth username=3D'myuser'> - <secret type=3D'iscsi' usage=3D'libvirtiscsi'/> - </auth> <target dev=3D'sdb' bus=3D'scsi'/> </disk> <disk type=3D'volume' device=3D'disk'> @@ -2650,6 +2650,28 @@ protocol. Supported for 'rbd' since 1.2.= 11 (QEMU only). +
auth
+
Since libvirt 3.8.0, the + auth element is supported for a disk + type "network" that is using a source + element with the protocol attributes "rbd" or "is= csi". + If present, the auth element provides the + authentication credentials needed to access the source. It + includes a mandatory attribute username, which + identifies the username to use during authentication, as well + as a sub-element secret with mandatory + attribute type, to tie back to + a libvirt secret object that + holds the actual password or other credentials (the domain XML + intentionally does not expose the password, only the reference + to the object that does manage the password). + Known secret types are "ceph" for Ceph RBD network sources and + "iscsi" for CHAP authentication of iSCSI targets. + Both will require either a uuid attribute + with the UUID of the secret object or a usage + attribute matching the key that was specified in the + secret object. +
=20

@@ -3119,25 +3141,15 @@ are available, each defaulting to 0.

auth
-
The auth element is supported for a disk - type "network" that is using a source - element with the protocol attributes "rbd" or "iscsi". - If present, the auth element provides the - authentication credentials needed to access the source. It - includes a mandatory attribute username, which - identifies the username to use during authentication, as well - as a sub-element secret with mandatory - attribute type, to tie back to - a libvirt secret object that - holds the actual password or other credentials (the domain XML - intentionally does not expose the password, only the reference - to the object that does manage the password). - Known secret types are "ceph" for Ceph RBD network sources and - "iscsi" for CHAP authentication of iSCSI targets. - Both will require either a uuid attribute - with the UUID of the secret object or a usage - attribute matching the key that was specified in the - secret object. libvirt 0.9.7 +
Starting with libvirt 3.8.0 the + auth element moved to be a sub-element of the + source element. The element may still be read as + a disk sub-element, but on output will be moved + to be a source sub-element. It is invalid to use + auth as both a sub-element of disk + and source. The auth element was + introduced as a disk sub-element in + libvirt 0.9.7.
geometry
The optional geometry element provides the diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 5c0218cdf..542d14ed6 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -21829,6 +21829,16 @@ virDomainDiskSourceFormatInternal(virBufferPtr buf, goto error; } =20 + /* Storage Source formatting will not carry through the blunder + * that disk source formatting had at one time to format the + * for a volume source type. The information is + * kept in the storage pool and would be overwritten anyway. + * So avoid formatting it for volumes. */ + if (src->auth && src->type !=3D VIR_STORAGE_TYPE_VOLUME) { + if (virStorageAuthDefFormat(&childBuf, src->auth) < 0) + goto error; + } + if (virXMLFormatElement(buf, "source", &attrBuf, &childBuf) < 0) goto error; } @@ -22014,11 +22024,6 @@ virDomainDiskDefFormat(virBufferPtr buf, virBufferAddLit(buf, "/>\n"); } =20 - if (def->src->auth) { - if (virStorageAuthDefFormat(buf, def->src->auth) < 0) - return -1; - } - if (virDomainDiskSourceFormat(buf, def->src, def->startupPolicy, flags) < 0) return -1; diff --git a/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-iscsi-a= uth.xml b/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-iscsi-auth= .xml index 1773b460b..08a82ee2e 100644 --- a/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-iscsi-auth.xml +++ b/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-iscsi-auth.xml @@ -16,11 +16,11 @@ /usr/bin/qemu-system-i686 - - - + + +
diff --git a/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-aut= h.xml b/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-auth.xml index 3f30296c0..e1326b925 100644 --- a/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-auth.xml +++ b/tests/qemuargv2xmldata/qemuargv2xml-disk-drive-network-rbd-auth.xml @@ -22,13 +22,13 @@ - - - + + +
diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-s= ource-auth.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-is= csi-source-auth.args new file mode 100644 index 000000000..756e49ca1 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-source-a= uth.args @@ -0,0 +1,31 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i686 \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-usb \ +-drive file=3Discsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@exampl= e.org:\ +6000/iqn.1992-01.com.example%3Astorage/1,format=3Draw,if=3Dnone,\ +id=3Ddrive-virtio-disk0 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x3,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 \ +-drive file=3Discsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@exampl= e.org:\ +6000/iqn.1992-01.com.example%3Astorage/2,format=3Draw,if=3Dnone,\ +id=3Ddrive-virtio-disk1 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk1,\ +id=3Dvirtio-disk1 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-sou= rce-auth.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-= source-auth.args new file mode 100644 index 000000000..e3958e571 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-source-aut= h.args @@ -0,0 +1,29 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i686 \ +-name QEMUGuest1 \ +-S \ +-M pc \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-usb \ +-drive file=3D/dev/HostVG/QEMUGuest1,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ +-device ide-drive,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-= 0 \ +-drive 'file=3Drbd:pool/image:id=3Dmyname:\ +key=3DQVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=3D:\ +auth_supported=3Dcephx\;none:mon_host=3Dmon1.example.org\:6321\;mon2.examp= le.org\:\ +6322\;mon3.example.org\:6322,format=3Draw,if=3Dnone,id=3Ddrive-virtio-disk= 0' \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x3,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index d16b3b7b8..69548cc15 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -917,6 +917,7 @@ mymain(void) DO_TEST("disk-drive-network-nbd-unix", NONE); DO_TEST("disk-drive-network-iscsi", NONE); DO_TEST("disk-drive-network-iscsi-auth", NONE); + DO_TEST("disk-drive-network-iscsi-source-auth", NONE); DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-secrettype-invalid"= , NONE); DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-wrong-secrettype", = NONE); DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-source-auth-both", NONE); @@ -929,6 +930,7 @@ mymain(void) DO_TEST("disk-drive-network-rbd", NONE); DO_TEST("disk-drive-network-sheepdog", NONE); DO_TEST("disk-drive-network-rbd-auth", NONE); + DO_TEST("disk-drive-network-rbd-source-auth", NONE); # ifdef HAVE_GNUTLS_CIPHER_ENCRYPT DO_TEST("disk-drive-network-rbd-auth-AES", QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI); diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-ac= tive.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-acti= ve.xml index 83d47df56..79fa64d28 100644 --- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-active.xml +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-active.xml @@ -71,13 +71,13 @@ - - - + + + diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-in= active.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-in= active.xml index a9db12ba4..f74c38fec 100644 --- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-inactive.= xml +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-backing-chains-inactive.= xml @@ -40,13 +40,13 @@ - - - + + +
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-isc= si-auth.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-is= csi-auth.xml index 543b26e45..24a2ea939 100644 --- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-iscsi-auth= .xml +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-iscsi-auth= .xml @@ -16,22 +16,22 @@ /usr/bin/qemu-system-i686 - - - + + +
- - - + + +
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-isc= si-source-auth.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-net= work-iscsi-source-auth.xml new file mode 100644 index 000000000..24a2ea939 --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-iscsi-sour= ce-auth.xml @@ -0,0 +1,47 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + + + + + + +
+ + + + + + + + + + +
+ + +
+ + + + + + + diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-rbd= -auth.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-rbd-= auth.xml index b18335c1b..c5c40176c 100644 --- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-rbd-auth.x= ml +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-rbd-auth.x= ml @@ -22,13 +22,13 @@ - - - + + +
diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-rbd= -source-auth.xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-netwo= rk-rbd-source-auth.xml new file mode 100644 index 000000000..c5c40176c --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-rbd-source= -auth.xml @@ -0,0 +1,47 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + +
+ + + + + + + + + + + + +
+ + +
+ + +
+ + + + + + + diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-source-pool-mode.= xml b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-source-pool-mode.xml index a14ed7b97..34fa4cb52 100644 --- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-source-pool-mode.xml +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-source-pool-mode.xml @@ -40,9 +40,6 @@
- - - diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 0a87cedf2..90ffb040b 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -468,9 +468,11 @@ mymain(void) DO_TEST("disk-drive-network-nbd-unix", NONE); DO_TEST("disk-drive-network-iscsi", NONE); DO_TEST("disk-drive-network-iscsi-auth", NONE); + DO_TEST("disk-drive-network-iscsi-source-auth", NONE); DO_TEST("disk-drive-network-gluster", NONE); DO_TEST("disk-drive-network-rbd", NONE); DO_TEST("disk-drive-network-rbd-auth", NONE); + DO_TEST("disk-drive-network-rbd-source-auth", NONE); DO_TEST("disk-drive-network-rbd-ipv6", NONE); DO_TEST("disk-drive-network-rbd-ceph-env", NONE); DO_TEST("disk-drive-network-sheepdog", NONE); diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index 60e3164b0..46d12c0e6 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -1361,6 +1361,9 @@ mymain(void) TEST_BACKING_PARSE("rbd:testshare:id=3Dasdf:mon_host=3Dexample.com", "\n" " \n" + " \n" + " \n" + " \n" "\n"); TEST_BACKING_PARSE("nbd:example.org:6000:exportname=3Dblah", "\n" @@ -1526,6 +1529,9 @@ mymain(void) "}", "\n" " \n" + " \n" + " \n" + " \n" "\n"); TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"rbd\"," "\"image\":\"test\"," --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505522726971870.3925751450877; Fri, 15 Sep 2017 17:45:26 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7E2BA8763A; Sat, 16 Sep 2017 00:45:25 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CE72917145; Sat, 16 Sep 2017 00:45:24 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9283B4ED30; Sat, 16 Sep 2017 00:45:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UQIJ013134 for ; Fri, 15 Sep 2017 20:30:27 -0400 Received: by smtp.corp.redhat.com (Postfix) id F265A424C; Sat, 16 Sep 2017 00:30:26 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id BBAD4179FF for ; Sat, 16 Sep 2017 00:30:26 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 7E2BA8763A Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:08 -0400 Message-Id: <20170916003017.32502-6-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 05/14] docs: Add news article regarding auth placement X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Sat, 16 Sep 2017 00:45:26 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Signed-off-by: John Ferlan --- docs/news.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index a5c3d1d90..e79ff4349 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -25,6 +25,17 @@
+ + + conf: Move the auth definition to disk source + + + Rather than having the auth element be a child of t= he + disk element move to a child of a source + element. Still recognize on input the legacy child dependency; + however, when writing out the XML the new format will be generat= ed. + +
--=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505525976814473.5810272884196; Fri, 15 Sep 2017 18:39:36 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7A09B8765C; Sat, 16 Sep 2017 01:39:35 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 58A3F60468; Sat, 16 Sep 2017 01:39:35 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 20CF5410B1; Sat, 16 Sep 2017 01:39:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0URJG013145 for ; Fri, 15 Sep 2017 20:30:27 -0400 Received: by smtp.corp.redhat.com (Postfix) id 89992179FF; Sat, 16 Sep 2017 00:30:27 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5267B424C for ; Sat, 16 Sep 2017 00:30:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 7A09B8765C Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:09 -0400 Message-Id: <20170916003017.32502-7-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 06/14] qemu: Introduce privateData for _virStorageSource X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Sat, 16 Sep 2017 01:39:35 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since the secret information is really _virStorageSource specific piece of data, let's create a privateData object for _virStorageSource and move the @secinfo from _qemuDomainDiskPrivate into a new _qemuDomainDiskSrcPrivate structure and manage it from there. Signed-off-by: John Ferlan --- src/conf/domain_conf.c | 5 +++++ src/conf/domain_conf.h | 1 + src/qemu/qemu_command.c | 6 ++++-- src/qemu/qemu_domain.c | 54 +++++++++++++++++++++++++++++++++++++++++--= ---- src/qemu/qemu_domain.h | 17 +++++++++++---- src/qemu/qemu_hotplug.c | 11 +++++++--- src/util/virstoragefile.c | 1 + src/util/virstoragefile.h | 3 +++ 8 files changed, 83 insertions(+), 15 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 542d14ed6..a3900488f 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -1720,6 +1720,11 @@ virDomainDiskDefNew(virDomainXMLOptionPtr xmlopt) !(ret->privateData =3D xmlopt->privateData.diskNew())) goto error; =20 + if (xmlopt && + xmlopt->privateData.diskSrcNew && + !(ret->src->privateData =3D xmlopt->privateData.diskSrcNew())) + goto error; + return ret; =20 error: diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index bb3b6f0c3..f6c9417b4 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2620,6 +2620,7 @@ struct _virDomainXMLPrivateDataCallbacks { /* note that private data for devices are not copied when using * virDomainDefCopy and similar functions */ virDomainXMLPrivateDataNewFunc diskNew; + virDomainXMLPrivateDataNewFunc diskSrcNew; virDomainXMLPrivateDataNewFunc hostdevNew; virDomainXMLPrivateDataNewFunc vcpuNew; virDomainXMLPrivateDataNewFunc chrSourceNew; diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index d553df57f..898a60f3b 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1340,7 +1340,8 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk, { int actualType =3D virStorageSourceGetActualType(disk->src); qemuDomainDiskPrivatePtr diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk); - qemuDomainSecretInfoPtr secinfo =3D diskPriv->secinfo; + qemuDomainDiskSrcPrivatePtr diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVA= TE(disk->src); + qemuDomainSecretInfoPtr secinfo =3D diskSrcPriv->secinfo; qemuDomainSecretInfoPtr encinfo =3D diskPriv->encinfo; virJSONValuePtr srcprops =3D NULL; char *source =3D NULL; @@ -2171,7 +2172,8 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd, bool driveBoot =3D false; virDomainDiskDefPtr disk =3D def->disks[i]; qemuDomainDiskPrivatePtr diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(dis= k); - qemuDomainSecretInfoPtr secinfo =3D diskPriv->secinfo; + qemuDomainDiskSrcPrivatePtr diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_P= RIVATE(disk->src); + qemuDomainSecretInfoPtr secinfo =3D diskSrcPriv->secinfo; qemuDomainSecretInfoPtr encinfo =3D diskPriv->encinfo; =20 /* PowerPC pseries based VMs do not support floppy device */ diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 05f8e9488..94b6d87d6 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -921,11 +921,52 @@ qemuDomainDiskPrivateDispose(void *obj) { qemuDomainDiskPrivatePtr priv =3D obj; =20 - qemuDomainSecretInfoFree(&priv->secinfo); qemuDomainSecretInfoFree(&priv->encinfo); } =20 =20 +static virClassPtr qemuDomainDiskSrcPrivateClass; +static void qemuDomainDiskSrcPrivateDispose(void *obj); + +static int +qemuDomainDiskSrcPrivateOnceInit(void) +{ + qemuDomainDiskSrcPrivateClass =3D virClassNew(virClassForObject(), + "qemuDomainDiskSrcPrivate", + sizeof(qemuDomainDiskSrcPr= ivate), + qemuDomainDiskSrcPrivateDi= spose); + if (!qemuDomainDiskSrcPrivateClass) + return -1; + else + return 0; +} + +VIR_ONCE_GLOBAL_INIT(qemuDomainDiskSrcPrivate) + +static virObjectPtr +qemuDomainDiskSrcPrivateNew(void) +{ + qemuDomainDiskSrcPrivatePtr priv; + + if (qemuDomainDiskSrcPrivateInitialize() < 0) + return NULL; + + if (!(priv =3D virObjectNew(qemuDomainDiskSrcPrivateClass))) + return NULL; + + return (virObjectPtr) priv; +} + + +static void +qemuDomainDiskSrcPrivateDispose(void *obj) +{ + qemuDomainDiskSrcPrivatePtr priv =3D obj; + + qemuDomainSecretInfoFree(&priv->secinfo); +} + + static virClassPtr qemuDomainHostdevPrivateClass; static void qemuDomainHostdevPrivateDispose(void *obj); =20 @@ -1294,12 +1335,11 @@ qemuDomainSecretInfoTLSNew(virConnectPtr conn, void qemuDomainSecretDiskDestroy(virDomainDiskDefPtr disk) { - qemuDomainDiskPrivatePtr diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk); - - if (!diskPriv || !diskPriv->secinfo) + qemuDomainDiskSrcPrivatePtr diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVA= TE(disk->src); + if (!diskSrcPriv || !diskSrcPriv->secinfo) return; =20 - qemuDomainSecretInfoFree(&diskPriv->secinfo); + qemuDomainSecretInfoFree(&diskSrcPriv->secinfo); } =20 =20 @@ -1345,6 +1385,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn, { virStorageSourcePtr src =3D disk->src; qemuDomainDiskPrivatePtr diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk); + qemuDomainDiskSrcPrivatePtr diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVA= TE(disk->src); =20 if (qemuDomainSecretDiskCapable(src)) { virSecretUsageType usageType =3D VIR_SECRET_USAGE_TYPE_ISCSI; @@ -1352,7 +1393,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn, if (src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_RBD) usageType =3D VIR_SECRET_USAGE_TYPE_CEPH; =20 - if (!(diskPriv->secinfo =3D + if (!(diskSrcPriv->secinfo =3D qemuDomainSecretInfoNew(conn, priv, disk->info.alias, usageType, src->auth->username, &src->auth->seclookupdef, false))) @@ -2276,6 +2317,7 @@ virDomainXMLPrivateDataCallbacks virQEMUDriverPrivate= DataCallbacks =3D { .alloc =3D qemuDomainObjPrivateAlloc, .free =3D qemuDomainObjPrivateFree, .diskNew =3D qemuDomainDiskPrivateNew, + .diskSrcNew =3D qemuDomainDiskSrcPrivateNew, .vcpuNew =3D qemuDomainVcpuPrivateNew, .hostdevNew =3D qemuDomainHostdevPrivateNew, .chrSourceNew =3D qemuDomainChrSourcePrivateNew, diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index b291dc308..d212812dd 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -346,10 +346,6 @@ struct _qemuDomainDiskPrivate { =20 bool migrating; /* the disk is being migrated */ =20 - /* for storage devices using auth/secret - * NB: *not* to be written to qemu domain object XML */ - qemuDomainSecretInfoPtr secinfo; - /* for storage devices using encryption/secret * Can have both and for some disks * NB:*not* to be written to qemu domain object XML */ @@ -360,6 +356,19 @@ struct _qemuDomainDiskPrivate { bool removable; /* device media can be removed/changed */ }; =20 +# define QEMU_DOMAIN_DISK_SRC_PRIVATE(src) \ + ((qemuDomainDiskSrcPrivatePtr) (src)->privateData) + +typedef struct _qemuDomainDiskSrcPrivate qemuDomainDiskSrcPrivate; +typedef qemuDomainDiskSrcPrivate *qemuDomainDiskSrcPrivatePtr; +struct _qemuDomainDiskSrcPrivate { + virObject parent; + + /* for each storage source using auth/secret + * NB: *not* to be written to qemu domain object XML */ + qemuDomainSecretInfoPtr secinfo; +}; + # define QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev) \ ((qemuDomainHostdevPrivatePtr) (hostdev)->privateData) =20 diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 7dd6e5fd9..2942772c2 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -218,6 +218,7 @@ qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver, char *driveAlias =3D NULL; qemuDomainObjPrivatePtr priv =3D vm->privateData; qemuDomainDiskPrivatePtr diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk); + qemuDomainDiskSrcPrivatePtr diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVA= TE(disk->src); const char *format =3D NULL; char *sourcestr =3D NULL; =20 @@ -259,7 +260,7 @@ qemuDomainChangeEjectableMedia(virQEMUDriverPtr driver, } =20 if (!virStorageSourceIsEmpty(newsrc)) { - if (qemuGetDriveSourceString(newsrc, diskPriv->secinfo, &sourcestr= ) < 0) + if (qemuGetDriveSourceString(newsrc, diskSrcPriv->secinfo, &source= str) < 0) goto error; =20 if (virStorageSourceGetActualType(newsrc) !=3D VIR_STORAGE_TYPE_DI= R) { @@ -329,6 +330,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn, virJSONValuePtr secobjProps =3D NULL; virJSONValuePtr encobjProps =3D NULL; qemuDomainDiskPrivatePtr diskPriv; + qemuDomainDiskSrcPrivatePtr diskSrcPriv; qemuDomainSecretInfoPtr secinfo; qemuDomainSecretInfoPtr encinfo; =20 @@ -366,7 +368,8 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn, goto error; =20 diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk); - secinfo =3D diskPriv->secinfo; + diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVATE(disk->src); + secinfo =3D diskSrcPriv->secinfo; if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES) { if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0) goto error; @@ -621,6 +624,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, virJSONValuePtr encobjProps =3D NULL; virJSONValuePtr secobjProps =3D NULL; qemuDomainDiskPrivatePtr diskPriv; + qemuDomainDiskSrcPrivatePtr diskSrcPriv; qemuDomainSecretInfoPtr encinfo; qemuDomainSecretInfoPtr secinfo; =20 @@ -654,7 +658,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, goto error; =20 diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk); - secinfo =3D diskPriv->secinfo; + diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVATE(disk->src); + secinfo =3D diskSrcPriv->secinfo; if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES) { if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0) goto error; diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index 1040e9a17..39cda9c89 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2271,6 +2271,7 @@ virStorageSourceClear(virStorageSourcePtr def) =20 virStorageNetHostDefFree(def->nhosts, def->hosts); virStorageAuthDefFree(def->auth); + virObjectUnref(def->privateData); =20 VIR_FREE(def->nodestorage); VIR_FREE(def->nodeformat); diff --git a/src/util/virstoragefile.h b/src/util/virstoragefile.h index 6c388b1a5..005f22d8e 100644 --- a/src/util/virstoragefile.h +++ b/src/util/virstoragefile.h @@ -27,6 +27,7 @@ # include =20 # include "virbitmap.h" +# include "virobject.h" # include "virseclabel.h" # include "virstorageencryption.h" # include "virutil.h" @@ -239,6 +240,8 @@ struct _virStorageSource { virStorageAuthDefPtr auth; virStorageEncryptionPtr encryption; =20 + virObjectPtr privateData; /* Usable to store hypervisor specific data = */ + char *driverName; int format; /* virStorageFileFormat in domain backing chains, but * pool-specific enum for storage volumes */ --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505523016255580.7620536408958; Fri, 15 Sep 2017 17:50:16 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 38EBCC04B927; Sat, 16 Sep 2017 00:50:15 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 145347F1B8; Sat, 16 Sep 2017 00:50:15 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id CA7D01843762; Sat, 16 Sep 2017 00:50:14 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UR97013156 for ; Fri, 15 Sep 2017 20:30:27 -0400 Received: by smtp.corp.redhat.com (Postfix) id E298F179FF; Sat, 16 Sep 2017 00:30:27 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id AC074424C for ; Sat, 16 Sep 2017 00:30:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 38EBCC04B927 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:10 -0400 Message-Id: <20170916003017.32502-8-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 07/14] conf: Add/Allow parsing the encryption in the disk source X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Sat, 16 Sep 2017 00:50:15 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since the virStorageEncryptionPtr encryption; is a member of _virStorageSource it really should be allowed to be a subelement of the disk for various disk formats: Source{File|Dir|Block|Volume} SourceProtocol{RBD|ISCSI|NBD|Gluster|Simple|HTTP} NB: Simple includes sheepdog, ftp, ftps, tftp That way we can set up to allow the element to be formatted within the disk source. For now just allow the format in the RNG and read it in domain_conf. Modify the qemuxml2argvtest to add a parse failure when there is an as a child of *and* an as a child of . The virschematest will read the new test files and validate from a RNG viewpoint things are fine. The luks-disks-source file has various formats to test, but not all valid/invalid. Signed-off-by: John Ferlan --- docs/schemas/domaincommon.rng | 30 ++++++++ src/conf/domain_conf.c | 56 +++++++++++++-- .../qemuxml2argv-luks-disks-source-both.xml | 40 +++++++++++ .../qemuxml2argv-luks-disks-source.xml | 81 ++++++++++++++++++= ++++ tests/qemuxml2argvtest.c | 1 + 5 files changed, 202 insertions(+), 6 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-b= oth.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.x= ml diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 139f1eea2..d1ef25b7b 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -1469,6 +1469,9 @@ + + + @@ -1490,6 +1493,9 @@ + + + @@ -1509,6 +1515,9 @@ + + + @@ -1581,6 +1590,9 @@ + + + @@ -1598,6 +1610,9 @@ + + + =20 @@ -1611,6 +1626,9 @@ + + + =20 @@ -1626,6 +1644,9 @@ + + + =20 @@ -1638,6 +1659,9 @@ + + + =20 @@ -1650,6 +1674,9 @@ + + + =20 @@ -1690,6 +1717,9 @@ + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index a3900488f..2a52462d0 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -8135,6 +8135,29 @@ virDomainDiskSourceAuthParse(xmlNodePtr node, } =20 =20 +static int +virDomainDiskSourceEncryptionParse(xmlNodePtr node, + virStorageEncryptionPtr *encryptionsrc) +{ + xmlNodePtr child; + virStorageEncryptionPtr encryption =3D NULL; + + for (child =3D node->children; child; child =3D child->next) { + if (child->type =3D=3D XML_ELEMENT_NODE && + virXMLNodeNameEqual(child, "encryption")) { + + if (!(encryption =3D virStorageEncryptionParseNode(node->doc, = child))) + return -1; + + *encryptionsrc =3D encryption; + return 0; + } + } + + return 0; +} + + int virDomainDiskSourceParse(xmlNodePtr node, xmlXPathContextPtr ctxt, @@ -8224,6 +8247,9 @@ virDomainDiskSourceParse(xmlNodePtr node, if (virDomainDiskSourceAuthParse(node, &src->auth) < 0) goto cleanup; =20 + if (virDomainDiskSourceEncryptionParse(node, &src->encryption) < 0) + goto cleanup; + /* People sometimes pass a bogus '' source path when they mean to omit= the * source element completely (e.g. CDROM without media). This is just a * little compatibility check to help those broken apps */ @@ -8798,6 +8824,7 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, char *bus =3D NULL; char *devaddr =3D NULL; virStorageEncryptionPtr encryption =3D NULL; + bool diskEncryption =3D false; char *serial =3D NULL; char *startupPolicy =3D NULL; virStorageAuthDefPtr authdef =3D NULL; @@ -8861,6 +8888,15 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlop= t, goto error; } =20 + /* Similarly for - it's a child of too + * and we cannot find in both places */ + if (diskEncryption && def->src->encryption) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("an definition already found= for " + "the definition")); + goto error; + } + source =3D true; =20 startupPolicy =3D virXMLPropString(cur, "startupPolicy"); @@ -8943,12 +8979,20 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlo= pt, virXMLNodeNameEqual(cur, "state")) { /* Legacy back-compat. Don't add any more attributes here */ devaddr =3D virXMLPropString(cur, "devaddr"); - } else if (encryption =3D=3D NULL && + } else if (!diskEncryption && virXMLNodeNameEqual(cur, "encryption")) { - encryption =3D virStorageEncryptionParseNode(node->doc, - cur); - if (encryption =3D=3D NULL) + diskEncryption =3D true; + if (!(encryption =3D virStorageEncryptionParseNode(node->doc, = cur))) goto error; + + /* If we've already parsed and found an = child, + * then generate an error to avoid ambiguity */ + if (source && def->src->encryption) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("an definition already found= for " + "disk source")); + goto error; + } } else if (!serial && virXMLNodeNameEqual(cur, "serial")) { serial =3D (char *)xmlNodeGetContent(cur); @@ -9165,8 +9209,8 @@ virDomainDiskDefParseXML(virDomainXMLOptionPtr xmlopt, target =3D NULL; if (diskAuth) VIR_STEAL_PTR(def->src->auth, authdef); - def->src->encryption =3D encryption; - encryption =3D NULL; + if (diskEncryption) + VIR_STEAL_PTR(def->src->encryption, encryption); def->domain_name =3D domain_name; domain_name =3D NULL; def->serial =3D serial; diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml= b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml new file mode 100644 index 000000000..c4b762a1e --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml @@ -0,0 +1,40 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + + + + +
+ + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml b/te= sts/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml new file mode 100644 index 000000000..293877df9 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml @@ -0,0 +1,81 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + +
+ + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 69548cc15..9a8caaa38 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1652,6 +1652,7 @@ mymain(void) DO_TEST_FAILURE("luks-disks", QEMU_CAPS_OBJECT_SECRET); # endif DO_TEST_PARSE_ERROR("luks-disk-invalid", NONE); + DO_TEST_PARSE_ERROR("luks-disks-source-both", QEMU_CAPS_OBJECT_SECRET); =20 DO_TEST("memtune", NONE); DO_TEST("memtune-unlimited", NONE); --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505522748187712.7405502576606; Fri, 15 Sep 2017 17:45:48 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 24BE27EBDC; Sat, 16 Sep 2017 00:45:47 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EC85A5D96A; Sat, 16 Sep 2017 00:45:46 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 820281864DC3; Sat, 16 Sep 2017 00:45:46 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0USke013163 for ; Fri, 15 Sep 2017 20:30:28 -0400 Received: by smtp.corp.redhat.com (Postfix) id 4952A179FF; Sat, 16 Sep 2017 00:30:28 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 124E4424C for ; Sat, 16 Sep 2017 00:30:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 24BE27EBDC Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:11 -0400 Message-Id: <20170916003017.32502-9-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 08/14] conf: Move LUKS encryption formatting to disk source X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Sat, 16 Sep 2017 00:45:47 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Alter the output of the formatting to be a child of the disk's source rather than a child of the disk for LUKS encryption, but keep the legacy QCOW encryption as a child of disk. Update the various test outputs for existing disk tests to conform to the new view. The qemuxml2xmlout-luks-disks.xml used to be a link to the "source" tests/qemuxml2argvdata/qemuxml2argv-luks-disks.xml, but with the change to move LUKS output to a child of , the output file now will differ. While a link would still work, that would require changing the source file which wasn't the goal. Add tests to validate that if the was found in , then the resulting xml2xml and xml2arg works just fine. Signed-off-by: John Ferlan --- docs/formatdomain.html.in | 13 +++- src/conf/domain_conf.c | 12 ++++ .../qemuxml2argv-luks-disks-source.args | 62 ++++++++++++++++ tests/qemuxml2argvtest.c | 1 + .../qemuxml2xmlout-luks-disks-source.xml | 84 ++++++++++++++++++= ++++ .../qemuxml2xmlout-luks-disks.xml | 48 ++++++++++++- tests/qemuxml2xmltest.c | 1 + 7 files changed, 219 insertions(+), 2 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.a= rgs create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-sour= ce.xml mode change 120000 =3D> 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luk= s-disks.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index f56479953..5facb512a 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -2672,6 +2672,14 @@ attribute matching the key that was specified in the secret object.
+
Since libvirt 3.8.0, the + encryption can be a sub-element of the + source element for non "qcow" encrypted storage + sources (currently only "luks"). If present, specifies how the + storage source is encrypted. See the + Storage Encryption + page for more information. +
=20

@@ -3073,7 +3081,10 @@ Since 0.8.8

encryption
-
If present, specifies how the volume is encrypted. See +
Starting with libvirt 3.8.0 the + encryption element for non "qcow" encrypted storage + sources moved to be a sub-element of the source eleme= nt. + If present, specifies how the volume is encrypted using "qcow". See the Storage Encryption page for more information.
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 2a52462d0..5851bba44 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -21888,6 +21888,14 @@ virDomainDiskSourceFormatInternal(virBufferPtr buf, goto error; } =20 + /* For encryption formatting that's not the old/default QCOW + * format, let's format the in source. This started + * with LUKS encryption */ + if (src->encryption && + src->encryption->format >=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUK= S && + virStorageEncryptionFormat(&childBuf, src->encryption) < 0) + return -1; + if (virXMLFormatElement(buf, "source", &attrBuf, &childBuf) < 0) goto error; } @@ -22207,7 +22215,11 @@ virDomainDiskDefFormat(virBufferPtr buf, virBufferEscapeString(buf, "%s\n", def->wwn); virBufferEscapeString(buf, "%s\n", def->vendor); virBufferEscapeString(buf, "%s\n", def->product); + + /* Only for the older QCOW encryption - format the + * as a child of . Others will now format as child of */ if (def->src->encryption && + def->src->encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_= QCOW && virStorageEncryptionFormat(buf, def->src->encryption) < 0) return -1; virDomainDeviceInfoFormat(buf, &def->info, diff --git a/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args b/t= ests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args new file mode 100644 index 000000000..fec46945c --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args @@ -0,0 +1,62 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-x86_64 \ +-name encryptdisk \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-encryptdisk/master-key.aes \ +-M pc-i440fx-2.1 \ +-m 1024 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,\ +path=3D/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-usb \ +-object secret,id=3Dvirtio-disk0-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk,\ +key-secret=3Dvirtio-disk0-luks-secret0,format=3Dluks,if=3Dnone,id=3Ddrive-= virtio-disk0 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 \ +-object secret,id=3Dvirtio-disk1-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3D/storage/guest_disks/encryptdisk2,\ +key-secret=3Dvirtio-disk1-luks-secret0,format=3Dluks,if=3Dnone,id=3Ddrive-= virtio-disk1 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x5,drive=3Ddrive-virtio-disk1,\ +id=3Dvirtio-disk1 \ +-object secret,id=3Dvirtio-disk2-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3Discsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@exampl= e.org:\ +6000/iqn.1992-01.com.example%3Astorage/1,key-secret=3Dvirtio-disk2-luks-se= cret0,\ +format=3Dluks,if=3Dnone,id=3Ddrive-virtio-disk2 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x6,drive=3Ddrive-virtio-disk2,\ +id=3Dvirtio-disk2 \ +-object secret,id=3Dvirtio-disk3-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file=3Discsi://iscsi.example.com:3260/demo-target/3,\ +key-secret=3Dvirtio-disk3-luks-secret0,format=3Dluks,if=3Dnone,id=3Ddrive-= virtio-disk3 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x7,drive=3Ddrive-virtio-disk3,\ +id=3Dvirtio-disk3 \ +-object secret,id=3Dvirtio-disk4-luks-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive 'file=3Drbd:pool/image:auth_supported=3Dnone:mon_host=3Dmon1.exampl= e.org\:\ +6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\ +key-secret=3Dvirtio-disk4-luks-secret0,format=3Dluks,if=3Dnone,\ +id=3Ddrive-virtio-disk4' \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x8,drive=3Ddrive-virtio-disk4,\ +id=3Dvirtio-disk4 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3 diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 9a8caaa38..d7d9270d6 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1648,6 +1648,7 @@ mymain(void) DO_TEST("encrypted-disk-usage", NONE); # ifdef HAVE_GNUTLS_CIPHER_ENCRYPT DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET); + DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET); # else DO_TEST_FAILURE("luks-disks", QEMU_CAPS_OBJECT_SECRET); # endif diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml = b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml new file mode 100644 index 000000000..1cad3af7a --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml @@ -0,0 +1,84 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + +
+ + + + + + + + + +
+ + + + + + + + + + + + + +
+ + + + + + + + + +
+ + + + + + + + + + + + +
+ + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml b/tests= /qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml deleted file mode 120000 index b59dc672f..000000000 --- a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml +++ /dev/null @@ -1 +0,0 @@ -../qemuxml2argvdata/qemuxml2argv-luks-disks.xml \ No newline at end of file diff --git a/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml b/tests= /qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml new file mode 100644 index 000000000..a16a550b0 --- /dev/null +++ b/tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml @@ -0,0 +1,47 @@ + + encryptdisk + 496898a6-e6ff-f7c8-5dc2-3cf410945ee9 + 1048576 + 524288 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-x86_64 + + + + + + + + +
+ + + + + + + + + +
+ + +
+ + + + + +
+ + + diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 90ffb040b..110fb12ea 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -576,6 +576,7 @@ mymain(void) DO_TEST("encrypted-disk", NONE); DO_TEST("encrypted-disk-usage", NONE); DO_TEST("luks-disks", NONE); + DO_TEST("luks-disks-source", NONE); DO_TEST("memtune", NONE); DO_TEST("memtune-unlimited", NONE); DO_TEST("blkiotune", NONE); --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505522770837980.3822093127125; Fri, 15 Sep 2017 17:46:10 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 633AE369C4; Sat, 16 Sep 2017 00:46:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3A233675C0; Sat, 16 Sep 2017 00:46:09 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F279E1843762; Sat, 16 Sep 2017 00:46:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0USE9013170 for ; Fri, 15 Sep 2017 20:30:28 -0400 Received: by smtp.corp.redhat.com (Postfix) id A5D52424C; Sat, 16 Sep 2017 00:30:28 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6EC3A1817C for ; Sat, 16 Sep 2017 00:30:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 633AE369C4 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:12 -0400 Message-Id: <20170916003017.32502-10-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 09/14] docs: Add news article for encryption in disk source X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Sat, 16 Sep 2017 00:46:10 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Signed-off-by: John Ferlan --- docs/news.xml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index e79ff4349..8ed0509e6 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -36,6 +36,19 @@ however, when writing out the XML the new format will be generat= ed. + + + conf: Move the encryption definition to disk source + + + Rather than having the encryption element for the "= luks" + encryption format be a child of the disk element mo= ve + to a child of a source element. Still recognize on = input + the legacy child dependency; however, when writing out the XML t= he + new format will be generated. This does not apply to the legacy + "qcow" (or default) encryption format. + +
--=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 150552599743646.29330136290298; Fri, 15 Sep 2017 18:39:57 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 38166356F0; Sat, 16 Sep 2017 01:39:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1A705424C; Sat, 16 Sep 2017 01:39:56 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id DC0AF410B4; Sat, 16 Sep 2017 01:39:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UTYE013176 for ; Fri, 15 Sep 2017 20:30:29 -0400 Received: by smtp.corp.redhat.com (Postfix) id 0BD8D179FF; Sat, 16 Sep 2017 00:30:29 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id C81DD424C for ; Sat, 16 Sep 2017 00:30:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 38166356F0 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:13 -0400 Message-Id: <20170916003017.32502-11-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 10/14] qemu: Move encinfo from private disk to private disk src X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Sat, 16 Sep 2017 01:39:56 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Since the encryption information can also be disk source specific move it from _qemuDomainDiskPrivate to _qemuDomainDiskSrcPrivate. Signed-off-by: John Ferlan --- src/qemu/qemu_command.c | 6 ++---- src/qemu/qemu_domain.c | 16 +++------------- src/qemu/qemu_domain.h | 10 +++++----- src/qemu/qemu_hotplug.c | 8 ++------ 4 files changed, 12 insertions(+), 28 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 898a60f3b..c851823e7 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1339,10 +1339,9 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk, virQEMUCapsPtr qemuCaps) { int actualType =3D virStorageSourceGetActualType(disk->src); - qemuDomainDiskPrivatePtr diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk); qemuDomainDiskSrcPrivatePtr diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVA= TE(disk->src); qemuDomainSecretInfoPtr secinfo =3D diskSrcPriv->secinfo; - qemuDomainSecretInfoPtr encinfo =3D diskPriv->encinfo; + qemuDomainSecretInfoPtr encinfo =3D diskSrcPriv->encinfo; virJSONValuePtr srcprops =3D NULL; char *source =3D NULL; int ret =3D -1; @@ -2171,10 +2170,9 @@ qemuBuildDiskDriveCommandLine(virCommandPtr cmd, unsigned int bootindex =3D 0; bool driveBoot =3D false; virDomainDiskDefPtr disk =3D def->disks[i]; - qemuDomainDiskPrivatePtr diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(dis= k); qemuDomainDiskSrcPrivatePtr diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_P= RIVATE(disk->src); qemuDomainSecretInfoPtr secinfo =3D diskSrcPriv->secinfo; - qemuDomainSecretInfoPtr encinfo =3D diskPriv->encinfo; + qemuDomainSecretInfoPtr encinfo =3D diskSrcPriv->encinfo; =20 /* PowerPC pseries based VMs do not support floppy device */ if (disk->device =3D=3D VIR_DOMAIN_DISK_DEVICE_FLOPPY && diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 94b6d87d6..9e465aa68 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -884,7 +884,6 @@ qemuDomainSecretInfoFree(qemuDomainSecretInfoPtr *secin= fo) =20 =20 static virClassPtr qemuDomainDiskPrivateClass; -static void qemuDomainDiskPrivateDispose(void *obj); =20 static int qemuDomainDiskPrivateOnceInit(void) @@ -892,7 +891,7 @@ qemuDomainDiskPrivateOnceInit(void) qemuDomainDiskPrivateClass =3D virClassNew(virClassForObject(), "qemuDomainDiskPrivate", sizeof(qemuDomainDiskPrivate), - qemuDomainDiskPrivateDispose); + NULL); if (!qemuDomainDiskPrivateClass) return -1; else @@ -916,15 +915,6 @@ qemuDomainDiskPrivateNew(void) } =20 =20 -static void -qemuDomainDiskPrivateDispose(void *obj) -{ - qemuDomainDiskPrivatePtr priv =3D obj; - - qemuDomainSecretInfoFree(&priv->encinfo); -} - - static virClassPtr qemuDomainDiskSrcPrivateClass; static void qemuDomainDiskSrcPrivateDispose(void *obj); =20 @@ -964,6 +954,7 @@ qemuDomainDiskSrcPrivateDispose(void *obj) qemuDomainDiskSrcPrivatePtr priv =3D obj; =20 qemuDomainSecretInfoFree(&priv->secinfo); + qemuDomainSecretInfoFree(&priv->encinfo); } =20 =20 @@ -1384,7 +1375,6 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn, virDomainDiskDefPtr disk) { virStorageSourcePtr src =3D disk->src; - qemuDomainDiskPrivatePtr diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk); qemuDomainDiskSrcPrivatePtr diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVA= TE(disk->src); =20 if (qemuDomainSecretDiskCapable(src)) { @@ -1401,7 +1391,7 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn, } =20 if (qemuDomainDiskHasEncryptionSecret(src)) { - if (!(diskPriv->encinfo =3D + if (!(diskSrcPriv->encinfo =3D qemuDomainSecretInfoNew(conn, priv, disk->info.alias, VIR_SECRET_USAGE_TYPE_VOLUME, NULL, &src->encryption->secrets[0]->secloo= kupdef, diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index d212812dd..853384236 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -346,11 +346,6 @@ struct _qemuDomainDiskPrivate { =20 bool migrating; /* the disk is being migrated */ =20 - /* for storage devices using encryption/secret - * Can have both and for some disks - * NB:*not* to be written to qemu domain object XML */ - qemuDomainSecretInfoPtr encinfo; - /* information about the device */ bool tray; /* device has tray */ bool removable; /* device media can be removed/changed */ @@ -367,6 +362,11 @@ struct _qemuDomainDiskSrcPrivate { /* for each storage source using auth/secret * NB: *not* to be written to qemu domain object XML */ qemuDomainSecretInfoPtr secinfo; + + /* for storage devices using encryption/secret + * Can have both and for some disks + * NB:*not* to be written to qemu domain object XML */ + qemuDomainSecretInfoPtr encinfo; }; =20 # define QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev) \ diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 2942772c2..7cc595161 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -329,7 +329,6 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn, const char *src =3D virDomainDiskGetSource(disk); virJSONValuePtr secobjProps =3D NULL; virJSONValuePtr encobjProps =3D NULL; - qemuDomainDiskPrivatePtr diskPriv; qemuDomainDiskSrcPrivatePtr diskSrcPriv; qemuDomainSecretInfoPtr secinfo; qemuDomainSecretInfoPtr encinfo; @@ -367,7 +366,6 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn, if (qemuDomainSecretDiskPrepare(conn, priv, disk) < 0) goto error; =20 - diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk); diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVATE(disk->src); secinfo =3D diskSrcPriv->secinfo; if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES) { @@ -375,7 +373,7 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn, goto error; } =20 - encinfo =3D diskPriv->encinfo; + encinfo =3D diskSrcPriv->encinfo; if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0) goto error; =20 @@ -623,7 +621,6 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver); virJSONValuePtr encobjProps =3D NULL; virJSONValuePtr secobjProps =3D NULL; - qemuDomainDiskPrivatePtr diskPriv; qemuDomainDiskSrcPrivatePtr diskSrcPriv; qemuDomainSecretInfoPtr encinfo; qemuDomainSecretInfoPtr secinfo; @@ -657,7 +654,6 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, if (qemuDomainSecretDiskPrepare(conn, priv, disk) < 0) goto error; =20 - diskPriv =3D QEMU_DOMAIN_DISK_PRIVATE(disk); diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVATE(disk->src); secinfo =3D diskSrcPriv->secinfo; if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES) { @@ -665,7 +661,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, goto error; } =20 - encinfo =3D diskPriv->encinfo; + encinfo =3D diskSrcPriv->encinfo; if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0) goto error; =20 --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505526017860832.1264351711302; Fri, 15 Sep 2017 18:40:17 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BFF107E427; Sat, 16 Sep 2017 01:40:16 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9E0CB39BB; Sat, 16 Sep 2017 01:40:16 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 68924410B7; Sat, 16 Sep 2017 01:40:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UTt0013182 for ; Fri, 15 Sep 2017 20:30:29 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6DB77179FF; Sat, 16 Sep 2017 00:30:29 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3677B424C for ; Sat, 16 Sep 2017 00:30:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com BFF107E427 Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:14 -0400 Message-Id: <20170916003017.32502-12-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 11/14] qemu: Add disk secret object hash table to _qemuDomainObjPrivate X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Sat, 16 Sep 2017 01:40:17 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Currently when an AES secret object is added to the domain for either a network disk, a LUKS encryption secret, or for a SCSI hostdev there is no way for domain restart to be able to connect or determine which secret by secrettype and uuid or usage was used in order to generate the object. So, in order to be able to lookup which secret generated the object, this patch will create and manage a private object hash table that tracks when a disk using the secret object is added or removed in order to be able to "rebuild" the secret. This information will be recorded in the domain private XML file so that when libvirtd restarts, we can rebuild and determine which secret was used. The qemuDomainObjDiskSecretObjectAliasEntryLookup helper is currently unused, but it's purpose would be to find the object alias in the table and return the usageType and seclookupdef that created the object. Could be quite useful for something. Signed-off-by: John Ferlan --- src/qemu/qemu_domain.c | 293 ++++++++++++++++++++++++++++++++++++++++++++= ++++ src/qemu/qemu_domain.h | 6 + src/qemu/qemu_hotplug.c | 29 ++++- 3 files changed, 322 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 9e465aa68..29882bbfb 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -43,6 +43,7 @@ #include "domain_event.h" #include "virtime.h" #include "virnetdevopenvswitch.h" +#include "virsecret.h" #include "virstoragefile.h" #include "virstring.h" #include "virthreadjob.h" @@ -123,6 +124,15 @@ struct _qemuDomainLogContext { virLogManagerPtr manager; }; =20 + +typedef struct _qemuDomainDiskSecretObjectAliasEntry qemuDomainDiskSecretO= bjectAliasEntry; +typedef qemuDomainDiskSecretObjectAliasEntry *qemuDomainDiskSecretObjectAl= iasEntryPtr; +struct _qemuDomainDiskSecretObjectAliasEntry { + virSecretUsageType usageType; + virSecretLookupTypeDef seclookupdef; +}; + + static virClassPtr qemuDomainLogContextClass; static virClassPtr qemuDomainSaveCookieClass; =20 @@ -626,6 +636,255 @@ qemuDomainJobInfoToParams(qemuDomainJobInfoPtr jobInf= o, } =20 =20 +/* Free memory used by an entry */ +static void +qemuDomainObjDiskSecretObjectAliasEntryFree(void *payload, + const void *name ATTRIBUTE_UNU= SED) +{ + qemuDomainDiskSecretObjectAliasEntryPtr entry =3D payload; + + if (!entry) + return; + + virSecretLookupDefClear(&entry->seclookupdef); +} + + +/* qemuDomainObjDiskSecretObjectAliasEntryInsert: + * @priv: Pointer to qemuDomainPrivateData + * @objalias: Alias used to create the Disk Secret object + * @usageType: Secret usage type + * @seclookupdef: Secret lookup def use to create the secret object + * + * Using the provided @objalias, create or update the entry in the + * @priv->diskSecretObjectAlias hash table with the provided + * @usageType and @seclookupdef used to create the disk secret object. + * + * Returns 0 on success, -1 on failure + */ +static int +qemuDomainObjDiskSecretObjectAliasEntryInsert(qemuDomainObjPrivatePtr priv, + const char *objalias, + virSecretUsageType usageType, + virSecretLookupTypeDefPtr se= clookupdef) +{ + qemuDomainDiskSecretObjectAliasEntryPtr entry =3D NULL; + + if ((entry =3D virHashLookup(priv->diskSecretObjectAlias, objalias))) { + /* Replace the previous */ + virSecretLookupDefClear(&entry->seclookupdef); + } else { + if (VIR_ALLOC(entry) < 0) + return -1; + + if (virHashAddEntry(priv->diskSecretObjectAlias, objalias, entry) = < 0) { + VIR_FREE(entry); + return -1; + } + } + entry->usageType =3D usageType; + virSecretLookupDefCopy(&entry->seclookupdef, seclookupdef); + + return 0; +} + + +/* qemuDomainObjDiskSecretObjectAliasEntryLookup: + * @priv: Pointer to qemuDomainPrivateData + * @alias: Alias used to create the Disk Secret object + * @usageType: Secret usage type + * @seclookupdef: Secret lookup def use to create the secret object + * + * Using the provided @alias, lookup the entry in the + * @priv->diskSecretObjectAlias hash table. If found fill in + * @usageType and @seclookupdef. + * + * Returns 0 on success, -1 on failure + */ +static int ATTRIBUTE_UNUSED +qemuDomainObjDiskSecretObjectAliasEntryLookup(qemuDomainObjPrivatePtr priv, + const char *objalias, + virSecretUsageType *usageTyp= e, + virSecretLookupTypeDefPtr se= clookupdef) +{ + qemuDomainDiskSecretObjectAliasEntryPtr entry =3D NULL; + + if (!(entry =3D virHashLookup(priv->diskSecretObjectAlias, objalias)))= { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot find disk secret object alias '%s'"), + objalias); + return -1; + } + + *usageType =3D entry->usageType; + virSecretLookupDefCopy(seclookupdef, &entry->seclookupdef); + return 0; +} + + +/* qemuDomainObjDiskSecretObjectAliasEntryRemove: + * @priv: Pointer to qemuDomainPrivateData + * @alias: Alias used to create the Disk Secret object + * + * Using the provided @alias, remove the entry in the + * @priv->diskSecretObjectAlias hash table. + * + * Returns 0 on success, -1 on failure + */ +int +qemuDomainObjDiskSecretObjectAliasEntryRemove(qemuDomainObjPrivatePtr priv, + const char *objalias) +{ + qemuDomainDiskSecretObjectAliasEntryPtr entry =3D NULL; + + if (!(entry =3D virHashLookup(priv->diskSecretObjectAlias, objalias)))= { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot find disk secret object alias '%s'"), + objalias); + return -1; + } + + ignore_value(virHashRemoveEntry(priv->diskSecretObjectAlias, objalias)= ); + + return 0; +} + + +/* virHashForEach callback to write out each entry */ +static int +qemuDomainObjDiskSecretObjectAliasEntryFormat(void *payload, + const void *name, + void *opaque) +{ + qemuDomainDiskSecretObjectAliasEntryPtr entry =3D payload; + const char *objalias =3D name; + virBufferPtr buf =3D opaque; + const char *secrettype =3D virSecretUsageTypeToString(entry->usageType= ); + + virBufferAsprintf(buf, "\n", objalias); + virBufferAdjustIndent(buf, 2); + virSecretLookupFormatSecret(buf, secrettype, &entry->seclookupdef); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "\n"); + return 0; +} + + +/* qemuDomainObjPrivateXMLFormatDiskSecretObjectAlias: + * @buf: data buffer to write into + * @priv: Pointer to qemuDomainPrivateData + * + * Format the table to the domain private XML file - if there's + * any entries + */ +static void +qemuDomainObjPrivateXMLFormatDiskSecretObjectAlias(virBufferPtr buf, + qemuDomainObjPrivatePtr= priv) +{ + if (virHashSize(priv->diskSecretObjectAlias) <=3D 0) + return; + + virBufferAddLit(buf, "\n"); + virBufferAdjustIndent(buf, 2); + virHashForEach(priv->diskSecretObjectAlias, + qemuDomainObjDiskSecretObjectAliasEntryFormat, buf); + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "\n"); +} + + +static int +qemuDomainObjPrivateXMLParseDiskObject(xmlXPathContextPtr ctxt, + xmlNodePtr node, + qemuDomainObjPrivatePtr priv) +{ + int ret =3D -1; + char *objalias =3D NULL; + xmlNodePtr saved =3D ctxt->node; + xmlNodePtr secretnode =3D NULL; + const char *secrettype =3D NULL; + virSecretUsageType usageType; + virSecretLookupTypeDef seclookupdef =3D { 0 }; + + ctxt->node =3D node; + + if (!(objalias =3D virXMLPropString(node, "alias"))) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("missing 'alias' property for diskObject")); + return -1; + } + + if (!(secretnode =3D virXPathNode("./secret[1]", ctxt))) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("missing element")); + goto cleanup; + } + + if (virSecretLookupParseSecret(secretnode, &seclookupdef) < 0) + goto cleanup; + + if (!(secrettype =3D virXMLPropString(secretnode, "type"))) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("missing secret type attribute")); + goto cleanup; + } + + if ((usageType =3D virSecretUsageTypeFromString(secrettype)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("invalid secret type %s"), secrettype); + goto cleanup; + } + + if (qemuDomainObjDiskSecretObjectAliasEntryInsert(priv, objalias, + usageType, + &seclookupdef) < 0) + goto cleanup; + + ret =3D 0; + + cleanup: + VIR_FREE(objalias); + virSecretLookupDefClear(&seclookupdef); + ctxt->node =3D saved; + return ret; + +} + + +/* qemuDomainObjPrivateXMLParseDiskSecretObjectAlias: + * @ctx: xml context + * @priv: Pointer to qemuDomainPrivateData + * + * Parse the domain object xml looking for disk secret object entries. + * If found, add them into the hash table. + * + * Returns 0 on success, -1 on failure + */ +static int +qemuDomainObjPrivateXMLParseDiskSecretObjectAlias(xmlXPathContextPtr ctxt, + qemuDomainObjPrivatePtr = priv) +{ + int ret =3D -1; + int n; + size_t i; + xmlNodePtr *nodes =3D NULL; + + if ((n =3D virXPathNodeSet("./diskSecretObjectAlias/diskObject", + ctxt, &nodes)) < 0) + return -1; + + for (i =3D 0; i < n; i++) { + if (qemuDomainObjPrivateXMLParseDiskObject(ctxt, nodes[i], priv) <= 0) + goto cleanup; + } + ret =3D 0; + + cleanup: + VIR_FREE(nodes); + return ret; +} + + /* qemuDomainGetMasterKeyFilePath: * @libDir: Directory path to domain lib files * @@ -1388,6 +1647,14 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn, usageType, src->auth->username, &src->auth->seclookupdef, false))) return -1; + + if (diskSrcPriv->secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_= AES) { + if (qemuDomainObjDiskSecretObjectAliasEntryInsert(priv, + diskSrcPriv-= >secinfo->s.aes.alias, + usageType, + &src->auth->= seclookupdef) < 0) + return -1; + } } =20 if (qemuDomainDiskHasEncryptionSecret(src)) { @@ -1397,6 +1664,12 @@ qemuDomainSecretDiskPrepare(virConnectPtr conn, &src->encryption->secrets[0]->secloo= kupdef, true))) return -1; + + if (qemuDomainObjDiskSecretObjectAliasEntryInsert(priv, + diskSrcPriv->enc= info->s.aes.alias, + VIR_SECRET_USAGE= _TYPE_VOLUME, + &src->encryption= ->secrets[0]->seclookupdef)) + return -1; } =20 return 0; @@ -1452,6 +1725,14 @@ qemuDomainSecretHostdevPrepare(virConnectPtr conn, &iscsisrc->auth->seclookupdef, false))) return -1; + + if (hostdevPriv->secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_T= YPE_AES) { + if (qemuDomainObjDiskSecretObjectAliasEntryInsert(priv, + hostdevP= riv->secinfo->s.aes.alias, + VIR_SECR= ET_USAGE_TYPE_ISCSI, + &iscsisr= c->auth->seclookupdef) < 0) + return -1; + } } } =20 @@ -1742,12 +2023,17 @@ qemuDomainObjPrivateAlloc(void *opaque) if (!(priv->devs =3D virChrdevAlloc())) goto error; =20 + if (!(priv->diskSecretObjectAlias =3D + virHashCreate(15, qemuDomainObjDiskSecretObjectAliasEntryFree))) + goto error; + priv->migMaxBandwidth =3D QEMU_DOMAIN_MIG_BANDWIDTH_MAX; priv->driver =3D opaque; =20 return priv; =20 error: + virChrdevFree(priv->devs); VIR_FREE(priv); return NULL; } @@ -1795,6 +2081,8 @@ qemuDomainObjPrivateFree(void *data) =20 virCPUDefFree(priv->origCPU); =20 + virHashFree(priv->diskSecretObjectAlias); + VIR_FREE(priv); } =20 @@ -1981,6 +2269,8 @@ qemuDomainObjPrivateXMLFormat(virBufferPtr buf, if (priv->chardevStdioLogd) virBufferAddLit(buf, "\n"); =20 + qemuDomainObjPrivateXMLFormatDiskSecretObjectAlias(buf, priv); + return 0; } =20 @@ -2287,6 +2577,9 @@ qemuDomainObjPrivateXMLParse(xmlXPathContextPtr ctxt, priv->chardevStdioLogd =3D virXPathBoolean("boolean(./chardevStdioLogd= )", ctxt) =3D=3D 1; =20 + if (qemuDomainObjPrivateXMLParseDiskSecretObjectAlias(ctxt, priv) < 0) + goto error; + return 0; =20 error: diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 853384236..3eb528cae 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -321,6 +321,8 @@ struct _qemuDomainObjPrivate { =20 /* If true virtlogd is used as stdio handler for character devices. */ bool chardevStdioLogd; + + virHashTablePtr diskSecretObjectAlias; }; =20 # define QEMU_DOMAIN_PRIVATE(vm) \ @@ -797,6 +799,10 @@ void qemuDomainClearPrivatePaths(virDomainObjPtr vm); =20 virDomainDiskDefPtr qemuDomainDiskByName(virDomainDefPtr def, const char *= name); =20 +int +qemuDomainObjDiskSecretObjectAliasEntryRemove(qemuDomainObjPrivatePtr priv, + const char *objalias); + char *qemuDomainGetMasterKeyFilePath(const char *libDir); =20 int qemuDomainMasterKeyReadFile(qemuDomainObjPrivatePtr priv); diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 7cc595161..a544cecb9 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -443,10 +443,16 @@ qemuDomainAttachVirtioDiskDevice(virConnectPtr conn, VIR_WARN("Unable to remove drive %s (%s) after failed " "qemuMonitorAddDevice", drivealias, drivestr); } - if (secobjAdded) + if (secobjAdded) { ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias)= ); - if (encobjAdded) + qemuDomainObjDiskSecretObjectAliasEntryRemove(priv, + secinfo->s.aes.alias= ); + } + if (encobjAdded) { ignore_value(qemuMonitorDelObject(priv->mon, encinfo->s.aes.alias)= ); + qemuDomainObjDiskSecretObjectAliasEntryRemove(priv, + encinfo->s.aes.alias= ); + } if (qemuDomainObjExitMonitor(driver, vm) < 0) releaseaddr =3D false; virErrorRestore(&orig_err); @@ -728,10 +734,16 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, VIR_WARN("Unable to remove drive %s (%s) after failed " "qemuMonitorAddDevice", drivealias, drivestr); } - if (secobjAdded) + if (secobjAdded) { ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias)= ); - if (encobjAdded) + qemuDomainObjDiskSecretObjectAliasEntryRemove(priv, + secinfo->s.aes.alias= ); + } + if (encobjAdded) { ignore_value(qemuMonitorDelObject(priv->mon, encinfo->s.aes.alias)= ); + qemuDomainObjDiskSecretObjectAliasEntryRemove(priv, + encinfo->s.aes.alias= ); + } ignore_value(qemuDomainObjExitMonitor(driver, vm)); virErrorRestore(&orig_err); =20 @@ -3669,13 +3681,18 @@ qemuDomainRemoveDiskDevice(virQEMUDriverPtr driver, VIR_FREE(drivestr); =20 /* If it fails, then so be it - it was a best shot */ - if (objAlias) + if (objAlias) { ignore_value(qemuMonitorDelObject(priv->mon, objAlias)); + qemuDomainObjDiskSecretObjectAliasEntryRemove(priv, objAlias); + } + VIR_FREE(objAlias); =20 /* If it fails, then so be it - it was a best shot */ - if (encAlias) + if (encAlias) { ignore_value(qemuMonitorDelObject(priv->mon, encAlias)); + qemuDomainObjDiskSecretObjectAliasEntryRemove(priv, encAlias); + } VIR_FREE(encAlias); =20 if (qemuDomainObjExitMonitor(driver, vm) < 0) --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505522791780527.3608377504848; Fri, 15 Sep 2017 17:46:31 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 69D7537E68; Sat, 16 Sep 2017 00:46:30 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 42EA97F1AE; Sat, 16 Sep 2017 00:46:30 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0CCD241F78; Sat, 16 Sep 2017 00:46:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UTaM013189 for ; Fri, 15 Sep 2017 20:30:29 -0400 Received: by smtp.corp.redhat.com (Postfix) id C6A85179FF; Sat, 16 Sep 2017 00:30:29 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8E881424C for ; Sat, 16 Sep 2017 00:30:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 69D7537E68 Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:15 -0400 Message-Id: <20170916003017.32502-13-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 12/14] qemu: Get capabilities to use iscsi password-secret argument X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Sat, 16 Sep 2017 00:46:30 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Add the capability to use the blockdev-add query-qmp-schema option to find the 'password-secret' parameter that will allow the iSCSI code to use the master secret object (a/k/a AES) to encrypt the secret in an object and only need to provide the object id of tha secret on the command line thus obsfuscating the passphrase. Signed-off-by: John Ferlan --- src/qemu/qemu_capabilities.c | 4 ++++ src/qemu/qemu_capabilities.h | 3 +++ tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 + 6 files changed, 11 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index c690cb349..acf8799b3 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -439,6 +439,9 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST, "virtio-net.tx_queue_size", "chardev-reconnect", "virtio-gpu.max_outputs", + + /* 270 */ + "iscsi.password-secret", ); =20 =20 @@ -1810,6 +1813,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsObjec= tPropsIntelIOMMU[] =3D { static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] =3D { { "blockdev-add/arg-type/options/+gluster/debug-level", QEMU_CAPS_GLUS= TER_DEBUG_LEVEL}, { "blockdev-add/arg-type/+gluster/debug", QEMU_CAPS_GLUSTER_DEBUG_LEVE= L}, + { "blockdev-add/arg-type/+iscsi/password-secret", QEMU_CAPS_ISCSI_PASS= WORD_SECRET }, }; =20 struct virQEMUCapsObjectTypeProps { diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h index 85c390abf..c4e09522b 100644 --- a/src/qemu/qemu_capabilities.h +++ b/src/qemu/qemu_capabilities.h @@ -426,6 +426,9 @@ typedef enum { QEMU_CAPS_CHARDEV_RECONNECT, /* -chardev reconnect */ QEMU_CAPS_VIRTIO_GPU_MAX_OUTPUTS, /* -device virtio-(vga|gpu-*),max-ou= tputs=3D */ =20 + /* 270 */ + QEMU_CAPS_ISCSI_PASSWORD_SECRET, /* -drive file.driver=3Discsi,...,pas= sword-secret=3D */ + QEMU_CAPS_LAST /* this must always be the last item */ } virQEMUCapsFlags; =20 diff --git a/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml b/tests/qemu= capabilitiesdata/caps_2.10.0.x86_64.xml index 604921122..c341e56e9 100644 --- a/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml @@ -222,6 +222,7 @@ + 2010000 0 (v2.10.0) diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml b/tests/qemu= capabilitiesdata/caps_2.9.0.ppc64le.xml index a373a6db6..c5eb3951f 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml @@ -172,6 +172,7 @@ + 2009000 0 (v2.9.0) diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml b/tests/qemuca= pabilitiesdata/caps_2.9.0.s390x.xml index e80782cfb..99ad44ac5 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml @@ -137,6 +137,7 @@ + 2009000 0 diff --git a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml b/tests/qemuc= apabilitiesdata/caps_2.9.0.x86_64.xml index 3641d0332..bd446ff27 100644 --- a/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml +++ b/tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml @@ -220,6 +220,7 @@ + 2009000 0 (v2.9.0) --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505522812402313.04927579464857; Fri, 15 Sep 2017 17:46:52 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EDFE025BAA; Sat, 16 Sep 2017 00:46:50 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CD94D62462; Sat, 16 Sep 2017 00:46:50 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 994BF410B1; Sat, 16 Sep 2017 00:46:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UUeY013195 for ; Fri, 15 Sep 2017 20:30:30 -0400 Received: by smtp.corp.redhat.com (Postfix) id 51F8F424C; Sat, 16 Sep 2017 00:30:30 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 19D551817C for ; Sat, 16 Sep 2017 00:30:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EDFE025BAA Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:16 -0400 Message-Id: <20170916003017.32502-14-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 13/14] util: Add iSCSI auth/password-secret processing X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Sat, 16 Sep 2017 00:46:51 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" Generate the example for the iSCSI auth/password-secret similar to what's done for RBD. Signed-off-by: John Ferlan --- src/util/virstoragefile.c | 30 ++++++++++++++++++++++++++++++ tests/virstoragetest.c | 15 +++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c index 39cda9c89..38aa77f44 100644 --- a/src/util/virstoragefile.c +++ b/src/util/virstoragefile.c @@ -2937,10 +2937,13 @@ virStorageSourceParseBackingJSONiSCSI(virStorageSou= rcePtr src, const char *transport =3D virJSONValueObjectGetString(json, "transport= "); const char *portal =3D virJSONValueObjectGetString(json, "portal"); const char *target =3D virJSONValueObjectGetString(json, "target"); + const char *user =3D virJSONValueObjectGetString(json, "user"); + const char *secret =3D virJSONValueObjectGetString(json, "password-sec= ret"); const char *uri; char *port; unsigned int lun =3D 0; char *fulltarget =3D NULL; + virStorageAuthDefPtr authdef =3D NULL; int ret =3D -1; =20 /* legacy URI based syntax passed via 'filename' option */ @@ -2993,10 +2996,37 @@ virStorageSourceParseBackingJSONiSCSI(virStorageSou= rcePtr src, =20 VIR_STEAL_PTR(src->path, fulltarget); =20 + if (user) { + if (!secret) { + virReportError(VIR_ERR_INVALID_ARG, + _("missing 'password-secret' in iSCSI backing " + "definition for user '%s'"), user); + goto cleanup; + } + + /* formulate authdef for src->auth */ + if (VIR_ALLOC(authdef) < 0) + goto cleanup; + + if (VIR_STRDUP(authdef->username, user) < 0) + goto cleanup; + + if (VIR_STRDUP(authdef->secrettype, + virSecretUsageTypeToString(VIR_SECRET_USAGE_TYPE_IS= CSI)) < 0) + goto cleanup; + src->auth =3D authdef; + authdef =3D NULL; + + /* Cannot formulate a secretType (eg, usage or uuid) given + * what is provided. + */ + } + ret =3D 0; =20 cleanup: VIR_FREE(fulltarget); + virStorageAuthDefFree(authdef); return ret; } =20 diff --git a/tests/virstoragetest.c b/tests/virstoragetest.c index 46d12c0e6..1d3fc36c3 100644 --- a/tests/virstoragetest.c +++ b/tests/virstoragetest.c @@ -1577,6 +1577,21 @@ mymain(void) "\n" " \n" "\n"); + TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"iscsi\"," + "\"transport\":\"tcp\"," + "\"portal\":\"test.org:1234\"," + "\"target\":\"iqn.2016-12.com.virtt= est:emulated-iscsi-auth.target\"," + "\"lun\":6," + "\"user\":\"myname\"," + "\"password-secret\":\"virtio-disk1= -secret0\"" + "}" + "}", + "\n" + " \n" + " \n" + " \n" + " \n" + "\n"); TEST_BACKING_PARSE("json:{\"file\":{\"driver\":\"sheepdog\"," "\"vdi\":\"test\"," "\"server\":{ \"type\":\"inet\"," --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 14:02:44 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1505526038339698.8887710448241; Fri, 15 Sep 2017 18:40:38 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 578257E420; Sat, 16 Sep 2017 01:40:37 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 33405424C; Sat, 16 Sep 2017 01:40:37 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id F0AA71864DC5; Sat, 16 Sep 2017 01:40:36 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v8G0UUwa013203 for ; Fri, 15 Sep 2017 20:30:30 -0400 Received: by smtp.corp.redhat.com (Postfix) id DF8A5179FF; Sat, 16 Sep 2017 00:30:30 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-172.phx2.redhat.com [10.3.116.172]) by smtp.corp.redhat.com (Postfix) with ESMTP id 975A9424C for ; Sat, 16 Sep 2017 00:30:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 578257E420 Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 15 Sep 2017 20:30:17 -0400 Message-Id: <20170916003017.32502-15-jferlan@redhat.com> In-Reply-To: <20170916003017.32502-1-jferlan@redhat.com> References: <20170916003017.32502-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 14/14] qemu: Use secret objects to pass iSCSI passwords X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.27]); Sat, 16 Sep 2017 01:40:37 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1425757 The blockdev-add code provides a mechanism to sanely provide user and password-secret arguments for iscsi without placing them on the command line to be viewable by a 'ps -ef' type command or needing to create separate -iscsi devices for each disk/volume found. So modify the iSCSI command line building to check for the presence of the capability in order properly setup and use the domain master secret object to encrypt the password in a secret object and alter the parameters for the command line to utilize. Modify the xml2argvtest to exhibit the syntax for both disk and hostdev configurations. Signed-off-by: John Ferlan --- src/qemu/qemu_block.c | 64 ++++++++++++++++++- src/qemu/qemu_command.c | 73 ++++++++++++++++++= +--- src/qemu/qemu_command.h | 3 +- src/qemu/qemu_domain.c | 4 ++ src/qemu/qemu_hotplug.c | 49 ++++++++++++++- ...xml2argv-disk-drive-network-iscsi-auth-AES.args | 41 ++++++++++++ ...uxml2argv-disk-drive-network-iscsi-auth-AES.xml | 43 +++++++++++++ ...ml2argv-hostdev-scsi-virtio-iscsi-auth-AES.args | 45 +++++++++++++ ...xml2argv-hostdev-scsi-virtio-iscsi-auth-AES.xml | 48 ++++++++++++++ tests/qemuxml2argvtest.c | 10 +++ 10 files changed, 366 insertions(+), 14 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= iscsi-auth-AES.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= iscsi-auth-AES.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio= -iscsi-auth-AES.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio= -iscsi-auth-AES.xml diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 7fb12ea5a..057fb8233 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -482,6 +482,64 @@ qemuBlockStorageSourceGetGlusterProps(virStorageSource= Ptr src) } =20 =20 +static virJSONValuePtr +qemuBlockStorageSourceGetISCSIProps(virStorageSourcePtr src) +{ + const char *protocol =3D virStorageNetProtocolTypeToString(src->protoc= ol); + char *target =3D NULL; + char *lunStr =3D NULL; + char *username =3D NULL; + char *objalias =3D NULL; + unsigned int lun =3D 0; + virJSONValuePtr ret =3D NULL; + qemuDomainDiskSrcPrivatePtr diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVA= TE(src); + + /* { driver:"iscsi", + * transport:"tcp" ("iser" also possible) + * portal:"example.com", + * target:"iqn.2017-04.com.example:iscsi-disks", + * lun:1, + * [user:"username", + * password-secret:"secret-alias",] + * } + */ + + if (VIR_STRDUP(target, src->path) < 0) + goto cleanup; + + /* Separate the target and lun */ + if ((lunStr =3D strchr(target, '/'))) { + *(lunStr++) =3D '\0'; + if (virStrToLong_ui(lunStr, NULL, 10, &lun) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot parse target for lunStr '%s'"), + target); + goto cleanup; + } + } + + if (src->auth) { + username =3D src->auth->username; + objalias =3D diskSrcPriv->secinfo->s.aes.alias; + } + + ignore_value(virJSONValueObjectCreate(&ret, + "s:driver", protocol, + "s:portal", src->hosts[0].name, + "s:target", target, + "u:lun", lun, + "s:transport", "tcp", + "S:user", username, + "S:password-secret", objalias, + NULL)); + goto cleanup; + + cleanup: + VIR_FREE(target); + return ret; +} + + /** * qemuBlockStorageSourceGetBackendProps: * @src: disk source @@ -512,10 +570,14 @@ qemuBlockStorageSourceGetBackendProps(virStorageSourc= ePtr src) goto cleanup; break; =20 + case VIR_STORAGE_NET_PROTOCOL_ISCSI: + if (!(fileprops =3D qemuBlockStorageSourceGetISCSIProps(src))) + goto cleanup; + break; + case VIR_STORAGE_NET_PROTOCOL_NBD: case VIR_STORAGE_NET_PROTOCOL_RBD: case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG: - case VIR_STORAGE_NET_PROTOCOL_ISCSI: case VIR_STORAGE_NET_PROTOCOL_HTTP: case VIR_STORAGE_NET_PROTOCOL_HTTPS: case VIR_STORAGE_NET_PROTOCOL_FTP: diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index c851823e7..f9edf623c 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1319,7 +1319,8 @@ qemuDiskBusNeedsDeviceArg(int bus) * the legacy representation. */ static bool -qemuDiskSourceNeedsProps(virStorageSourcePtr src) +qemuDiskSourceNeedsProps(virStorageSourcePtr src, + virQEMUCapsPtr qemuCaps) { int actualType =3D virStorageSourceGetActualType(src); =20 @@ -1328,6 +1329,11 @@ qemuDiskSourceNeedsProps(virStorageSourcePtr src) src->nhosts > 1) return true; =20 + if (actualType =3D=3D VIR_STORAGE_TYPE_NETWORK && + src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_ISCSI && + virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET)) + return true; + return false; } =20 @@ -1346,7 +1352,7 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk, char *source =3D NULL; int ret =3D -1; =20 - if (qemuDiskSourceNeedsProps(disk->src) && + if (qemuDiskSourceNeedsProps(disk->src, qemuCaps) && !(srcprops =3D qemuBlockStorageSourceGetBackendProps(disk->src))) goto cleanup; =20 @@ -1412,7 +1418,9 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk, virBufferAsprintf(buf, "file.debug=3D%d,", cfg->glusterDebugLe= vel); } =20 - if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES) { + if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES && + disk->src->type =3D=3D VIR_STORAGE_TYPE_NETWORK && + disk->src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_RBD) { /* NB: If libvirt starts using the more modern option based * syntax to build the command line (e.g., "-drive driver=3Drb= d, * filename=3D%s,...") instead of the legacy model (e.g."-drive @@ -4846,10 +4854,13 @@ qemuBuildSCSIHostHostdevDrvStr(virDomainHostdevDefP= tr dev) } =20 static char * -qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDefPtr dev) +qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDefPtr dev, + virQEMUCapsPtr qemuCaps) { + char *netsource =3D NULL; char *source =3D NULL; - virStorageSource src; + virStorageSource src =3D { 0 }; + virJSONValuePtr srcprops =3D NULL; qemuDomainHostdevPrivatePtr hostdevPriv =3D QEMU_DOMAIN_HOSTDEV_PRIVAT= E(dev); =20 memset(&src, 0, sizeof(src)); @@ -4857,14 +4868,51 @@ qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDef= Ptr dev) virDomainHostdevSubsysSCSIPtr scsisrc =3D &dev->source.subsys.u.scsi; virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc =3D &scsisrc->u.iscsi; =20 + src.type =3D VIR_STORAGE_TYPE_NETWORK; src.protocol =3D VIR_STORAGE_NET_PROTOCOL_ISCSI; src.path =3D iscsisrc->path; src.hosts =3D iscsisrc->hosts; src.nhosts =3D iscsisrc->nhosts; =20 /* Rather than pull what we think we want - use the network disk code = */ - source =3D qemuBuildNetworkDriveStr(&src, hostdevPriv->secinfo); + if (qemuDiskSourceNeedsProps(&src, qemuCaps)) { + /* The next pile of code hunts and gathers as if @src were a disk. + * In particular, using private data... So a bit more chicanery is + * going to be required */ + qemuDomainDiskSrcPrivatePtr diskSrcPriv; + + if (!iscsisrc->auth->username) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("missing username for iSCSI auth")); + goto cleanup; + } + src.auth =3D iscsisrc->auth; + + if (VIR_ALLOC(src.privateData) < 0) + goto cleanup; + diskSrcPriv =3D QEMU_DOMAIN_DISK_SRC_PRIVATE(&src); + diskSrcPriv->secinfo =3D hostdevPriv->secinfo; + srcprops =3D qemuBlockStorageSourceGetBackendProps(&src); + VIR_FREE(src.privateData); + if (!srcprops) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("failed to build the backend props")); + goto cleanup; + } =20 + if (!(netsource =3D virQEMUBuildDriveCommandlineFromJSON(srcprops)= )) + goto cleanup; + if (virAsprintf(&source, "%s,if=3Dnone,format=3Draw", netsource) <= 0) + goto cleanup; + } else { + if (!(netsource =3D qemuBuildNetworkDriveStr(&src, hostdevPriv->se= cinfo))) + goto cleanup; + if (virAsprintf(&source, "file=3D%s,if=3Dnone,format=3Draw", netso= urce) < 0) + goto cleanup; + } + + cleanup: + VIR_FREE(netsource); return source; } =20 @@ -4907,7 +4955,8 @@ qemuBuildSCSIVHostHostdevDevStr(const virDomainDef *d= ef, } =20 char * -qemuBuildSCSIHostdevDrvStr(virDomainHostdevDefPtr dev) +qemuBuildSCSIHostdevDrvStr(virDomainHostdevDefPtr dev, + virQEMUCapsPtr qemuCaps) { virBuffer buf =3D VIR_BUFFER_INITIALIZER; char *source =3D NULL; @@ -4915,9 +4964,9 @@ qemuBuildSCSIHostdevDrvStr(virDomainHostdevDefPtr dev) virDomainHostdevSubsysSCSIPtr scsisrc =3D &dev->source.subsys.u.scsi; =20 if (scsisrc->protocol =3D=3D VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISC= SI) { - if (!(source =3D qemuBuildSCSIiSCSIHostdevDrvStr(dev))) + if (!(source =3D qemuBuildSCSIiSCSIHostdevDrvStr(dev, qemuCaps))) goto error; - virBufferAsprintf(&buf, "file=3D%s,if=3Dnone,format=3Draw", source= ); + virBufferAsprintf(&buf, "%s", source); } else { if (!(source =3D qemuBuildSCSIHostHostdevDrvStr(dev))) goto error; @@ -5414,10 +5463,14 @@ qemuBuildHostdevCommandLine(virCommandPtr cmd, /* SCSI */ if (virHostdevIsSCSIDevice(hostdev)) { if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SCSI_GENERIC)) { + qemuDomainHostdevPrivatePtr hostdevPriv =3D QEMU_DOMAIN_HO= STDEV_PRIVATE(hostdev); char *drvstr; =20 + if (qemuBuildDiskSecinfoCommandLine(cmd, hostdevPriv->seci= nfo) < 0) + return -1; + virCommandAddArg(cmd, "-drive"); - if (!(drvstr =3D qemuBuildSCSIHostdevDrvStr(hostdev))) + if (!(drvstr =3D qemuBuildSCSIHostdevDrvStr(hostdev, qemuC= aps))) return -1; virCommandAddArg(cmd, drvstr); VIR_FREE(drvstr); diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index 6fbfb3e5f..0008da1cb 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -158,7 +158,8 @@ char *qemuBuildUSBHostdevDevStr(const virDomainDef *def, virDomainHostdevDefPtr dev, virQEMUCapsPtr qemuCaps); =20 -char *qemuBuildSCSIHostdevDrvStr(virDomainHostdevDefPtr dev); +char *qemuBuildSCSIHostdevDrvStr(virDomainHostdevDefPtr dev, + virQEMUCapsPtr qemuCaps); =20 char *qemuBuildSCSIHostdevDevStr(const virDomainDef *def, virDomainHostdevDefPtr dev, diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 29882bbfb..94135218c 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1479,9 +1479,13 @@ qemuDomainSecretSetup(virConnectPtr conn, virSecretLookupTypeDefPtr seclookupdef, bool isLuks) { + bool iscsiHasPS =3D virQEMUCapsGet(priv->qemuCaps, + QEMU_CAPS_ISCSI_PASSWORD_SECRET); + if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) && virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) && (usageType =3D=3D VIR_SECRET_USAGE_TYPE_CEPH || + (usageType =3D=3D VIR_SECRET_USAGE_TYPE_ISCSI && iscsiHasPS) || usageType =3D=3D VIR_SECRET_USAGE_TYPE_VOLUME || usageType =3D=3D VIR_SECRET_USAGE_TYPE_TLS)) { if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias, diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index a544cecb9..17228d1b4 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -2449,6 +2449,7 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, virDomainHostdevDefPtr hostdev) { size_t i; + int rv; int ret =3D -1; qemuDomainObjPrivatePtr priv =3D vm->privateData; virErrorPtr orig_err; @@ -2458,7 +2459,12 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, bool teardowncgroup =3D false; bool teardownlabel =3D false; bool teardowndevice =3D false; + bool teardownsecobj =3D false; bool driveAdded =3D false; + bool secobjAdded =3D false; + virJSONValuePtr secobjProps =3D NULL; + qemuDomainHostdevPrivatePtr hostdevPriv; + qemuDomainSecretInfoPtr secinfo; =20 if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE_SCSI_GENERIC)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", @@ -2499,7 +2505,15 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, if (qemuDomainSecretHostdevPrepare(conn, priv, hostdev) < 0) goto cleanup; =20 - if (!(drvstr =3D qemuBuildSCSIHostdevDrvStr(hostdev))) + hostdevPriv =3D QEMU_DOMAIN_HOSTDEV_PRIVATE(hostdev); + secinfo =3D hostdevPriv->secinfo; + if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES) { + if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0) + goto cleanup; + teardownsecobj =3D true; + } + + if (!(drvstr =3D qemuBuildSCSIHostdevDrvStr(hostdev, priv->qemuCaps))) goto cleanup; =20 if (!(drivealias =3D qemuAliasFromHostdev(hostdev))) @@ -2513,6 +2527,15 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, =20 qemuDomainObjEnterMonitor(driver, vm); =20 + if (secobjProps) { + rv =3D qemuMonitorAddObject(priv->mon, "secret", secinfo->s.aes.al= ias, + secobjProps); + secobjProps =3D NULL; /* qemuMonitorAddObject consumes */ + if (rv < 0) + goto exit_monitor; + secobjAdded =3D true; + } + if (qemuMonitorAddDrive(priv->mon, drvstr) < 0) goto exit_monitor; driveAdded =3D true; @@ -2530,7 +2553,6 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, ret =3D 0; =20 cleanup: - qemuDomainSecretHostdevDestroy(hostdev); if (ret < 0) { qemuHostdevReAttachSCSIDevices(driver, vm->def->name, &hostdev, 1); if (teardowncgroup && qemuTeardownHostdevCgroup(vm, hostdev) < 0) @@ -2538,10 +2560,15 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, if (teardownlabel && qemuSecurityRestoreHostdevLabel(driver, vm, hostdev) < 0) VIR_WARN("Unable to restore host device labelling on hotplug f= ail"); + if (teardownsecobj) + qemuDomainObjDiskSecretObjectAliasEntryRemove(priv, + secinfo->s.aes.a= lias); if (teardowndevice && qemuDomainNamespaceTeardownHostdev(driver, vm, hostdev) < 0) VIR_WARN("Unable to remove host device from /dev"); } + qemuDomainSecretHostdevDestroy(hostdev); + virJSONValueFree(secobjProps); VIR_FREE(drivealias); VIR_FREE(drvstr); VIR_FREE(devstr); @@ -2554,6 +2581,8 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, "qemuMonitorAddDevice", drvstr, devstr); } + if (secobjAdded) + ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias)= ); ignore_value(qemuDomainObjExitMonitor(driver, vm)); virErrorRestore(&orig_err); =20 @@ -3865,6 +3894,7 @@ qemuDomainRemoveHostDevice(virQEMUDriverPtr driver, int ret =3D -1; qemuDomainObjPrivatePtr priv =3D vm->privateData; char *drivealias =3D NULL; + char *objAlias =3D NULL; bool is_vfio =3D false; =20 VIR_DEBUG("Removing host device %s from domain %p %s", @@ -3879,8 +3909,22 @@ qemuDomainRemoveHostDevice(virQEMUDriverPtr driver, if (!(drivealias =3D qemuAliasFromHostdev(hostdev))) goto cleanup; =20 + if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET= )) { + if (!(objAlias =3D + qemuDomainGetSecretAESAlias(hostdev->info->alias, false)= )) { + return -1; + } + } + qemuDomainObjEnterMonitor(driver, vm); qemuMonitorDriveDel(priv->mon, drivealias); + + /* If it fails, then so be it - it was a best shot */ + if (objAlias) { + ignore_value(qemuMonitorDelObject(priv->mon, objAlias)); + qemuDomainObjDiskSecretObjectAliasEntryRemove(priv, objAlias); + } + if (qemuDomainObjExitMonitor(driver, vm) < 0) goto cleanup; } @@ -3952,6 +3996,7 @@ qemuDomainRemoveHostDevice(virQEMUDriverPtr driver, =20 cleanup: VIR_FREE(drivealias); + VIR_FREE(objAlias); virObjectUnref(cfg); return ret; } diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-a= uth-AES.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi= -auth-AES.args new file mode 100644 index 000000000..5bc5f4f47 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES= .args @@ -0,0 +1,41 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i686 \ +-name QEMUGuest1 \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-M pc \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-usb \ +-object secret,id=3Dvirtio-disk0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file.driver=3Discsi,file.portal=3Dexample.org,\ +file.target=3Diqn.1992-01.com.example:storage,file.lun=3D1,file.transport= =3Dtcp,\ +file.user=3Dmyname,file.password-secret=3Dvirtio-disk0-secret0,format=3Dra= w,if=3Dnone,\ +id=3Ddrive-virtio-disk0 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x3,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 \ +-object secret,id=3Dvirtio-disk1-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file.driver=3Discsi,file.portal=3Dexample.org,\ +file.target=3Diqn.1992-01.com.example:storage,file.lun=3D2,file.transport= =3Dtcp,\ +file.user=3Dmyname,file.password-secret=3Dvirtio-disk1-secret0,format=3Dra= w,if=3Dnone,\ +id=3Ddrive-virtio-disk1 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk1,\ +id=3Dvirtio-disk1 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-a= uth-AES.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-= auth-AES.xml new file mode 100644 index 000000000..63919f100 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES= .xml @@ -0,0 +1,43 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-= auth-AES.args b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-isc= si-auth-AES.args new file mode 100644 index 000000000..c6051ecb0 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AE= S.args @@ -0,0 +1,45 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i686 \ +-name QEMUGuest2 \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest2/master-key.aes \ +-M pc \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9466-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest2/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-device virtio-scsi-pci,id=3Dscsi0,bus=3Dpci.0,addr=3D0x3 \ +-usb \ +-drive file=3D/dev/HostVG/QEMUGuest2,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ +-device ide-drive,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-= 0 \ +-object secret,id=3Dhostdev0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file.driver=3Discsi,file.portal=3Dexample.org,\ +file.target=3Diqn.1992-01.com.example:storage,file.lun=3D1,file.transport= =3Dtcp,\ +file.user=3Dmyname,file.password-secret=3Dhostdev0-secret0,if=3Dnone,forma= t=3Draw,\ +id=3Ddrive-hostdev0 \ +-device scsi-generic,bus=3Dscsi0.0,channel=3D0,scsi-id=3D2,lun=3D4,\ +drive=3Ddrive-hostdev0,id=3Dhostdev0 \ +-object secret,id=3Dhostdev1-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file.driver=3Discsi,file.portal=3Dexample.org,\ +file.target=3Diqn.1992-01.com.example:storage,file.lun=3D2,file.transport= =3Dtcp,\ +file.user=3Dmyname,file.password-secret=3Dhostdev1-secret0,if=3Dnone,forma= t=3Draw,\ +id=3Ddrive-hostdev1 \ +-device scsi-generic,bus=3Dscsi0.0,channel=3D0,scsi-id=3D2,lun=3D5,\ +drive=3Ddrive-hostdev1,id=3Dhostdev1 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x4 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-= auth-AES.xml b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscs= i-auth-AES.xml new file mode 100644 index 000000000..0f63f9887 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AE= S.xml @@ -0,0 +1,48 @@ + + QEMUGuest2 + c7a5fdbd-edaf-9466-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + +
+ + + + + + + + + + + + + + +
+ + + + + + + + +
+ + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index d7d9270d6..f07557f20 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -922,6 +922,10 @@ mymain(void) DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-wrong-secrettype", = NONE); DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-source-auth-both", NONE); DO_TEST_PARSE_ERROR("disk-drive-network-rbd-source-auth-both", NONE); +# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT + DO_TEST("disk-drive-network-iscsi-auth-AES", + QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_ISCSI_PASSWORD_SECRET); +# endif DO_TEST("disk-drive-network-iscsi-lun", QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_SCSI_BLOCK); @@ -2310,6 +2314,12 @@ mymain(void) DO_TEST("hostdev-scsi-virtio-iscsi-auth", QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE_SCSI_GENERIC); +# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT + DO_TEST("hostdev-scsi-virtio-iscsi-auth-AES", + QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI, + QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_OBJECT_SECRET, + QEMU_CAPS_ISCSI_PASSWORD_SECRET); +# endif DO_TEST("hostdev-scsi-vhost-scsi-ccw", QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE_VHOST_SCSI, QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_VIRTIO_CCW); --=20 2.13.5 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list