[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH v4 0/3] Support CHAP authentication for iscsi pool



https://bugzilla.redhat.com/show_bug.cgi?id=957294

Based on reviews of the the v2/v3 changes to the storage backend drivers
regarding the call to perform the authentication, see (and followups):

https://www.redhat.com/archives/libvir-list/2013-July/msg00910.html

I moved the authentication of the pool back into the startPool callback
instread of the findPoolSources() as was done for the original patches, see:

https://www.redhat.com/archives/libvir-list/2013-May/msg01887.html
https://www.redhat.com/archives/libvir-list/2013-May/msg01886.html

Although the plain text option was removed.

In order to achieve the goal of getting the secret, the startPool path
needed a connection to a driver, so like the nwfilter_driver I chose a
qemu connection.  Deciding whether to use a privileged connection or not
was made based on the privileged value set during storage driver state
initialization.  Maintaining that state allows for the decision further
in the storageDriverAutostart() code to make the connection.

Adjusted the existing rbd authentication to take advantage of this as well.
>From what I see in just reading the code, this path would have sent a NULL
'conn' to the virStorageBackendRBDOpenRADOSConn() via the call from
volStorageBackendRBDRefreshVolInfo() (eg, refreshPool()) and would have
failed with a "failed to find the secret").  Whether this was a latent issue
or not - I'm not quite sure. This code follows Osier's original change to
be sure to call he secret driver 'secretGetValue' directly rather than
through the virSecretGetValue() API.

Using the same connection paradigm for the chap/iscsi authentication path
in order to access the secret driver 'secretGetValue' directly rather than
through the virSecretGetValue() API.

John Ferlan (3):
  Add a privileged field to storageDriverState
  Adjust 'ceph' authentication secret usage for rbd pool.
  storage: Support "chap" authentication for iscsi pool

 src/conf/storage_conf.h             |   1 +
 src/storage/storage_backend_iscsi.c | 111 +++++++++++++++++++++++++++++++++++-
 src/storage/storage_backend_rbd.c   |  21 ++++++-
 src/storage/storage_driver.c        |  19 ++++--
 4 files changed, 145 insertions(+), 7 deletions(-)

-- 
1.8.1.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]