NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

qemu: pass iscsi authorization credentials

Browse Source 
A better way to do this would be to use a configuration file like

   [iscsi "target-name"]
   user = name
   password = pwd

and pass it via -readconfig.  This would remove the username and password
from the "ps" output.  For now, however, keep this solution.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Paolo Bonzini 2013-03-21 12:53:54 +01:00 committed by Osier Yang
parent 6dca6d84ed
commit 523207fe8c
3 changed files with 70 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
src/qemu/qemu_command.c
View File

@ -2134,8 +2134,8 @@ qemuBuildRBDString(virConnectPtr conn,
VIR_FREE(base64); VIR_FREE(base64);
} else { } else {
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("rbd username '%s' specified but secret not found"), _("%s username '%s' specified but secret not found"),
disk->auth.username); "rbd", disk->auth.username);
goto error; goto error;
} }
} else { } else {
@ -2303,6 +2303,7 @@ qemuParseDriveURIString(virDomainDiskDefPtr def, virURIPtr uri,
char *transp = NULL; char *transp = NULL;
char *sock = NULL; char *sock = NULL;
char *volimg = NULL; char *volimg = NULL;
char *secret = NULL;
if (VIR_ALLOC(def->hosts) < 0) if (VIR_ALLOC(def->hosts) < 0)
goto no_memory; goto no_memory;
@ -2363,6 +2364,16 @@ qemuParseDriveURIString(virDomainDiskDefPtr def, virURIPtr uri,
def->src = NULL; def->src = NULL;
} }
if (uri->user) {
secret = strchr(uri->user, ':');
if (secret)
*secret = '\0';
def->auth.username = strdup(uri->user);
if (!def->auth.username)
goto no_memory;
}
def->nhosts = 1; def->nhosts = 1;
ret = 0; ret = 0;
@ -2486,14 +2497,20 @@ error:
} }
static int static int
qemuBuildDriveURIString(virDomainDiskDefPtr disk, virBufferPtr opt, qemuBuildDriveURIString(virConnectPtr conn,
const char *scheme) virDomainDiskDefPtr disk, virBufferPtr opt,
const char *scheme, virSecretUsageType secretType)
{ {
int ret = -1; int ret = -1;
int port = 0; int port = 0;
virSecretPtr sec = NULL;
char *secret = NULL;
size_t secret_size;
char *tmpscheme = NULL; char *tmpscheme = NULL;
char *volimg = NULL; char *volimg = NULL;
char *sock = NULL; char *sock = NULL;
char *user = NULL;
char *builturi = NULL; char *builturi = NULL;
const char *transp = NULL; const char *transp = NULL;
virURI uri = { virURI uri = {
@ -2529,8 +2546,42 @@ qemuBuildDriveURIString(virDomainDiskDefPtr disk, virBufferPtr opt,
virAsprintf(&sock, "socket=%s", disk->hosts->socket) < 0) virAsprintf(&sock, "socket=%s", disk->hosts->socket) < 0)
goto no_memory; goto no_memory;
if (disk->auth.username && secretType != VIR_SECRET_USAGE_TYPE_NONE) {
/* look up secret */
switch (disk->auth.secretType) {
case VIR_DOMAIN_DISK_SECRET_TYPE_UUID:
sec = virSecretLookupByUUID(conn,
disk->auth.secret.uuid);
break;
case VIR_DOMAIN_DISK_SECRET_TYPE_USAGE:
sec = virSecretLookupByUsage(conn, secretType,
disk->auth.secret.usage);
break;
}
if (sec) {
secret = (char *)conn->secretDriver->getValue(sec, &secret_size, 0,
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
if (secret == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("could not get the value of the secret for username %s"),
disk->auth.username);
ret = -1;
goto cleanup;
}
if (virAsprintf(&user, "%s:%s", disk->auth.username, secret) < 0)
goto no_memory;
} else {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("%s username '%s' specified but secret not found"),
scheme, disk->auth.username);
ret = -1;
goto cleanup;
}
}
uri.scheme = tmpscheme; /* gluster+<transport> */ uri.scheme = tmpscheme; /* gluster+<transport> */
uri.server = disk->hosts->name; uri.server = disk->hosts->name;
uri.user = user;
uri.port = port; uri.port = port;
uri.path = volimg; uri.path = volimg;
uri.query = sock; uri.query = sock;
@ -2554,21 +2605,23 @@ no_memory:
} }
static int static int
qemuBuildGlusterString(virDomainDiskDefPtr disk, virBufferPtr opt) qemuBuildGlusterString(virConnectPtr conn, virDomainDiskDefPtr disk, virBufferPtr opt)
{ {
return qemuBuildDriveURIString(disk, opt, "gluster"); return qemuBuildDriveURIString(conn, disk, opt, "gluster",
VIR_SECRET_USAGE_TYPE_NONE);
} }
#define QEMU_DEFAULT_NBD_PORT "10809" #define QEMU_DEFAULT_NBD_PORT "10809"
static int static int
qemuBuildISCSIString(virDomainDiskDefPtr disk, virBufferPtr opt) qemuBuildISCSIString(virConnectPtr conn, virDomainDiskDefPtr disk, virBufferPtr opt)
{ {
return qemuBuildDriveURIString(disk, opt, "iscsi"); return qemuBuildDriveURIString(conn, disk, opt, "iscsi",
VIR_SECRET_USAGE_TYPE_ISCSI);
} }
static int static int
qemuBuildNBDString(virDomainDiskDefPtr disk, virBufferPtr opt) qemuBuildNBDString(virConnectPtr conn, virDomainDiskDefPtr disk, virBufferPtr opt)
{ {
const char *transp; const char *transp;
@ -2583,7 +2636,8 @@ qemuBuildNBDString(virDomainDiskDefPtr disk, virBufferPtr opt)
&& !disk->hosts->name) && !disk->hosts->name)
|| (disk->hosts->transport == VIR_DOMAIN_DISK_PROTO_TRANS_UNIX || (disk->hosts->transport == VIR_DOMAIN_DISK_PROTO_TRANS_UNIX
&& disk->hosts->socket && disk->hosts->socket[0] != '/')) && disk->hosts->socket && disk->hosts->socket[0] != '/'))
return qemuBuildDriveURIString(disk, opt, "nbd"); return qemuBuildDriveURIString(conn, disk, opt, "nbd",
VIR_SECRET_USAGE_TYPE_NONE);
virBufferAddLit(opt, "file=nbd:"); virBufferAddLit(opt, "file=nbd:");
@ -2735,7 +2789,7 @@ qemuBuildDriveStr(virConnectPtr conn ATTRIBUTE_UNUSED,
} else if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK) { } else if (disk->type == VIR_DOMAIN_DISK_TYPE_NETWORK) {
switch (disk->protocol) { switch (disk->protocol) {
case VIR_DOMAIN_DISK_PROTOCOL_NBD: case VIR_DOMAIN_DISK_PROTOCOL_NBD:
if (qemuBuildNBDString(disk, &opt) < 0) if (qemuBuildNBDString(conn, disk, &opt) < 0)
goto error; goto error;
virBufferAddChar(&opt, ','); virBufferAddChar(&opt, ',');
break; break;
@ -2746,12 +2800,12 @@ qemuBuildDriveStr(virConnectPtr conn ATTRIBUTE_UNUSED,
virBufferAddChar(&opt, ','); virBufferAddChar(&opt, ',');
break; break;
case VIR_DOMAIN_DISK_PROTOCOL_GLUSTER: case VIR_DOMAIN_DISK_PROTOCOL_GLUSTER:
if (qemuBuildGlusterString(disk, &opt) < 0) if (qemuBuildGlusterString(conn, disk, &opt) < 0)
goto error; goto error;
virBufferAddChar(&opt, ','); virBufferAddChar(&opt, ',');
break; break;
case VIR_DOMAIN_DISK_PROTOCOL_ISCSI: case VIR_DOMAIN_DISK_PROTOCOL_ISCSI:
if (qemuBuildISCSIString(disk, &opt) < 0) if (qemuBuildISCSIString(conn, disk, &opt) < 0)
goto error; goto error;
virBufferAddChar(&opt, ','); virBufferAddChar(&opt, ',');
break; break;

1
tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.args Normal file
View File

@ -0,0 +1 @@
LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test /usr/bin/qemu -S -M pc -m 214 -smp 1 -nographic -monitor unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -usb -drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org/iqn.1992-01.com.example,if=virtio,format=raw -net none -serial none -parallel none

2
tests/qemuxml2argvtest.c
View File

@ -503,6 +503,8 @@ mymain(void)
QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT); QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT);
DO_TEST("disk-drive-network-iscsi", DO_TEST("disk-drive-network-iscsi",
QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT); QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT);
DO_TEST("disk-drive-network-iscsi-auth",
QEMU_CAPS_DRIVE, QEMU_CAPS_DRIVE_FORMAT);
DO_TEST("disk-drive-network-iscsi-lun", DO_TEST("disk-drive-network-iscsi-lun",
QEMU_CAPS_DRIVE, QEMU_CAPS_DEVICE, QEMU_CAPS_DRIVE_FORMAT, QEMU_CAPS_DRIVE, QEMU_CAPS_DEVICE, QEMU_CAPS_DRIVE_FORMAT,
QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_VIRTIO_SCSI,