This reverts commit 60390a2192e7b38aee18db6ce7fb740498709737.
The commit's rationale
Currently RBD passwords must be provided on the command line
via
$QEMU -drive file=rbd:pool/image:id=myname:\
key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
auth_supported=cephx
This is insecure because the key is visible in the OS process
listing.
is invalid. You can easily avoid passing keys on the command line by
using "keyfile" instead of "key". In fact, the Ceph documentation
calls use of key "not recommended". But the most common way to
provide keys is a keyring. The default keyrings should be just fine
for most users. When they aren't, you can configure your own keyrings
with "keyring" or override the key with "keyfile".
The commit adds parameter password-secret to -drive. Support for it
was included in -blockdev, but reverted in the previous commit due to
concerns about the QMP interface. Revert it from -drive, too.
Cc: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
block/rbd.c | 47 -----------------------------------------------
1 file changed, 47 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
index 103ce44..5a58d3e 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -16,7 +16,6 @@
#include "qapi/error.h"
#include "qemu/error-report.h"
#include "block/block_int.h"
-#include "crypto/secret.h"
#include "qemu/cutils.h"
#include "qapi/qmp/qstring.h"
@@ -225,26 +224,6 @@ done:
return;
}
-
-static int qemu_rbd_set_auth(rados_t cluster, const char *secretid,
- Error **errp)
-{
- if (secretid == 0) {
- return 0;
- }
-
- gchar *secret = qcrypto_secret_lookup_as_base64(secretid,
- errp);
- if (!secret) {
- return -1;
- }
-
- rados_conf_set(cluster, "key", secret);
- g_free(secret);
-
- return 0;
-}
-
static int qemu_rbd_set_keypairs(rados_t cluster, const char *keypairs,
Error **errp)
{
@@ -322,11 +301,6 @@ static QemuOptsList runtime_opts = {
/*
* server.* extracted manually, see qemu_rbd_array_opts()
*/
- {
- .name = "password-secret",
- .type = QEMU_OPT_STRING,
- .help = "ID of secret providing the password",
- },
/*
* Keys for qemu_rbd_parse_filename(), not in the QAPI schema
@@ -366,14 +340,11 @@ static int qemu_rbd_create(const char *filename, QemuOpts *opts, Error **errp)
int64_t objsize;
int obj_order = 0;
const char *pool, *name, *conf, *clientname, *keypairs;
- const char *secretid;
rados_t cluster;
rados_ioctx_t io_ctx;
QDict *options = NULL;
int ret = 0;
- secretid = qemu_opt_get(opts, "password-secret");
-
/* Read out options */
bytes = ROUND_UP(qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0),
BDRV_SECTOR_SIZE);
@@ -426,11 +397,6 @@ static int qemu_rbd_create(const char *filename, QemuOpts *opts, Error **errp)
goto shutdown;
}
- if (qemu_rbd_set_auth(cluster, secretid, errp) < 0) {
- ret = -EIO;
- goto shutdown;
- }
-
ret = rados_connect(cluster);
if (ret < 0) {
error_setg_errno(errp, -ret, "error connecting");
@@ -596,7 +562,6 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
{
BDRVRBDState *s = bs->opaque;
const char *pool, *snap, *conf, *clientname, *name, *keypairs;
- const char *secretid;
QemuOpts *opts;
Error *local_err = NULL;
char *mon_host = NULL;
@@ -618,8 +583,6 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
goto failed_opts;
}
- secretid = qemu_opt_get(opts, "password-secret");
-
pool = qemu_opt_get(opts, "pool");
conf = qemu_opt_get(opts, "conf");
snap = qemu_opt_get(opts, "snapshot");
@@ -661,11 +624,6 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict *options, int flags,
}
}
- if (qemu_rbd_set_auth(s->cluster, secretid, errp) < 0) {
- r = -EIO;
- goto failed_shutdown;
- }
-
/*
* Fallback to more conservative semantics if setting cache
* options fails. Ignore errors from setting rbd_cache because the
@@ -1105,11 +1063,6 @@ static QemuOptsList qemu_rbd_create_opts = {
.type = QEMU_OPT_SIZE,
.help = "RBD object size"
},
- {
- .name = "password-secret",
- .type = QEMU_OPT_STRING,
- .help = "ID of secret providing the password",
- },
{ /* end of list */ }
}
};
--
2.7.4