From nobody Wed Apr 24 18:49:08 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) client-ip=205.139.110.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1575299046; cv=none; d=zohomail.com; s=zohoarc; b=Nwmie5w0vtfUR6boeptwXiRdUvDDVO3jvOnO/xTJw8RFEkRWr+EdZjrMLbyJrkPlJGIEkonEOD451p9sv5pv52oPqlfQoWTWPQPPyulg6tdQCDudl01Zb6Yk3HaMRzzr3lrobz4L5OjH2HShJshvnNJS40Y/MyVcZACpHEla97s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1575299046; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=nQAMP0wzZB2mjCp6X9dCorX7o9KTfA6xN8aqLtt9LW4=; b=HljtcujaJP/8MGSZ/j1G+thkr3q/PcQtj/rPw70Hscyns0+2bVoFJVK9QmvThXCjvG+nXBjnElmcgvykGje+WhvRRAziWr+FLo1E1aPDwfS6gmgwmVAU6nvnc/ZtX/EKC3+9MENBlqTZy+8LRrVkAJIceSITmqm3qOVmzU5eBng= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) by mx.zohomail.com with SMTPS id 1575299046127265.7699651038274; Mon, 2 Dec 2019 07:04:06 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-326-yKGa-r1ZNvOEfYKX7mg_WQ-1; Mon, 02 Dec 2019 10:04:00 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 38F5118C35C0; Mon, 2 Dec 2019 15:03:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0A32A600CC; Mon, 2 Dec 2019 15:03:55 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id ACD475BC02; Mon, 2 Dec 2019 15:03:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id xB2F3eY3030613 for ; Mon, 2 Dec 2019 10:03:40 -0500 Received: by smtp.corp.redhat.com (Postfix) id 7141F600CA; Mon, 2 Dec 2019 15:03:40 +0000 (UTC) Received: from dhcp-16-105.lcy.redhat.com (unknown [10.42.16.105]) by smtp.corp.redhat.com (Postfix) with ESMTP id E25E3600C9; Mon, 2 Dec 2019 15:03:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1575299044; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=nQAMP0wzZB2mjCp6X9dCorX7o9KTfA6xN8aqLtt9LW4=; b=XuapKEVx2zdhrDneiRvASAlDdKn7jKoXAAx2B3kQCzlIBvhcB2josi9VC67Szo7fnr50QV 5PcaRS99m7Uw2aaun6Uqt1XnkBfBKu1W5UJqbGkEyxeDyHTqWoiwHfZBX7Yud9Gbw4l1zy 3RVSTU8lnxcdu3mqcyh7TbZyj/S5ez4= From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Date: Mon, 2 Dec 2019 15:03:30 +0000 Message-Id: <20191202150331.173475-7-berrange@redhat.com> In-Reply-To: <20191202150331.173475-1-berrange@redhat.com> References: <20191202150331.173475-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 6/7] secrets: add support for running secret driver in embedded mode X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-MC-Unique: yKGa-r1ZNvOEfYKX7mg_WQ-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) This enables support for running the secret driver embedded to the calling application process using a URI: secret:///embed?root=3D/some/path When using the embedded mode with a root=3D/var/tmp/embed, the driver will use the following paths: configDir: /var/tmp/embed/etc/secrets stateDir: /var/tmp/embed/run/secrets These are identical whether the embedded driver is privileged or unprivileged. This compares with the system instance which uses configDir: /etc/libvirt/secrets stateDir: /var/lib/libvirt/secrets When an embedded instance of the secret driver is open, any other embedded drivers will automatically use the embedded secret driver. Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/drivers.html.in | 1 + docs/drvsecret.html.in | 82 ++++++++++++++++++++++++++++++++++++++ src/secret/secret_driver.c | 46 ++++++++++++++++----- 3 files changed, 118 insertions(+), 11 deletions(-) create mode 100644 docs/drvsecret.html.in diff --git a/docs/drivers.html.in b/docs/drivers.html.in index 4539eedbcd..cb1ddc9212 100644 --- a/docs/drivers.html.in +++ b/docs/drivers.html.in @@ -8,6 +8,7 @@
  • Hypervisor drivers
  • Storage drivers
  • Node device driver
    • +
  • Secret driver
    • =20

    diff --git a/docs/drvsecret.html.in b/docs/drvsecret.html.in new file mode 100644 index 0000000000..9a05fe1f09 --- /dev/null +++ b/docs/drvsecret.html.in @@ -0,0 +1,82 @@ + + + + +

    Secret information management

    + +

    + The secrets driver in libvirt provides a simple interface for + storing and retrieving secret information. +

    + +

    Connections to SECRET driver

    + +

    + The libvirt SECRET driver is a multi-instance driver, providing a sing= le + system wide privileged driver (the "system" instance), and per-user + unprivileged drivers (the "session" instance). A connection to the sec= ret + driver is automatically available when opening a connection to one of = the + stateful primary hypervisor drivers. It is none the less also possible= to + explicitly open just the secret driver, using the URI protocol "secret" + Some example connection URIs for the driver are: +

    + +
    +secret:///session                      (local access to per-user instance)
+secret+unix:///session                 (local access to per-user instance)
+
+secret:///system                       (local access to system instance)
+secret+unix:///system                  (local access to system instance)
+secret://example.com/system            (remote access, TLS/x509)
+secret+tcp://example.com/system        (remote access, SASl/Kerberos)
+secret+ssh://root@example.com/system   (remote access, SSH tunnelled)
+
    + +

    Embedded driver

    + +

    + Since 6.0.0 the secret driver has experimental support for operating + in an embedded mode. In this scenario, rather than connecting to + the libvirtd daemon, the secret driver runs in the client application + process directly. To open the driver in embedded mode the app use the + new URI path and specify a virtual root directory under which the + driver will create content. +

    + + 
    +      secret:///embed?root=3D/some/dir
+
    + +

    + Under the specified root directory the following locations will + be used +

    + + 
    +/some/dir
+  |
+  +- etc
+  |   |
+  |   +- secrets
+  |
+  +- run
+      |
+      +- secrets
+
    + +

    + The application is responsible for recursively purging the contents + of this directory tree once they no longer require a connection, + though it can also be left intact for reuse when opening a future + connection. +

    + +

    + The range of functionality is intended to be on a par with that + seen when using the traditional system or session libvirt connections + to QEMU. Normal practice would be to open the secret driver in embed= ded + mode any time one of the other drivers is opened in embedded mode so + that the two drivers can interact in-process. +

    + + diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index d248121327..c791bde2f9 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -55,6 +55,8 @@ typedef virSecretDriverState *virSecretDriverStatePtr; struct _virSecretDriverState { virMutex lock; bool privileged; /* readonly */ + bool embedded; /* readonly */ + int embeddedRefs; virSecretObjListPtr secrets; char *stateDir; char *configDir; @@ -456,12 +458,6 @@ secretStateInitialize(bool privileged, virStateInhibitCallback callback G_GNUC_UNUSED, void *opaque G_GNUC_UNUSED) { - if (root !=3D NULL) { - virReportError(VIR_ERR_INVALID_ARG, "%s", - _("Driver does not support embedded mode")); - return -1; - } - if (VIR_ALLOC(driver) < 0) return VIR_DRV_STATE_INIT_ERROR; =20 @@ -474,8 +470,12 @@ secretStateInitialize(bool privileged, =20 driver->secretEventState =3D virObjectEventStateNew(); driver->privileged =3D privileged; + driver->embedded =3D root !=3D NULL; =20 - if (privileged) { + if (root) { + driver->configDir =3D g_strdup_printf("%s/etc/secrets", root); + driver->stateDir =3D g_strdup_printf("%s/run/secrets", root); + } else if (privileged) { driver->configDir =3D g_strdup_printf("%s/libvirt/secrets", SYSCON= FDIR); driver->stateDir =3D g_strdup_printf("%s/libvirt/secrets", RUNSTAT= EDIR); } else { @@ -552,19 +552,42 @@ secretConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } =20 - if (!virConnectValidateURIPath(conn->uri->path, - "secret", - driver->privileged)) - return VIR_DRV_OPEN_ERROR; + if (driver->embedded) { + if (STRNEQ(conn->uri->path, "/embed")) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("URI must be secret:///embed")); + return VIR_DRV_OPEN_ERROR; + } + } else { + if (!virConnectValidateURIPath(conn->uri->path, + "secret", + driver->privileged)) + return VIR_DRV_OPEN_ERROR; + } =20 if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; =20 + if (driver->embedded) { + secretDriverLock(); + if (driver->embeddedRefs =3D=3D 0) + virSetConnectSecret(conn); + driver->embeddedRefs++; + secretDriverUnlock(); + } + return VIR_DRV_OPEN_SUCCESS; } =20 static int secretConnectClose(virConnectPtr conn G_GNUC_UNUSED) { + if (driver->embedded) { + secretDriverLock(); + driver->embeddedRefs--; + if (driver->embeddedRefs =3D=3D 0) + virSetConnectSecret(NULL); + secretDriverUnlock(); + } return 0; } =20 @@ -657,6 +680,7 @@ static virHypervisorDriver secretHypervisorDriver =3D { static virConnectDriver secretConnectDriver =3D { .localOnly =3D true, .uriSchemes =3D (const char *[]){ "secret", NULL }, + .embeddable =3D true, .hypervisorDriver =3D &secretHypervisorDriver, .secretDriver =3D &secretDriver, }; --=20 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list