[libvirt] [PATCH v5 00/16] Use secret objects to pass iSCSI passwords
John Ferlan
jferlan at redhat.com
Sun Oct 15 13:13:18 UTC 2017
ping?
Tks -
John
On 10/05/2017 09:22 AM, John Ferlan wrote:
> v4: https://www.redhat.com/archives/libvir-list/2017-September/msg00944.html
>
> Changes since v4 are minor - mostly to change from 3.8.0 to 3.9.0... Update
> the news.xml once <auth> is allowed for <source>. Add a news.xml to describe
> the bug fix. Beyond that - merge changes up to git commit '5d7659027'.
>
> I ran the changes through my Coverity checker too.
>
> Repeated from the cover of v4:
>
> v3: https://www.redhat.com/archives/libvir-list/2017-September/msg00881.html
>
> Difference with v3:
>
> Add patch 3 to perform virStorageSourceCopy for qemu and storage source
> private data.
>
> Adjust the move encinfo from private disk to private disk src to handle
> the Copy for the @encinfo too
>
> Repeated from cover of v3 (although perhaps just too much information for
> the eyes to consume):
>
> v2: https://www.redhat.com/archives/libvir-list/2017-September/msg00466.html
>
> Changes since v2:
>
> * Former Patch 1 & 2 were pushed
>
> * New Patch 1 is former Patches 3 and parts of 4 combined appropriately
> -> Allow <auth> under <disk> or <source> - keep track of where it was found
> so that format prints in the right place
> -> Cleaned up the tests and new xml/args files
>
> * Patch 2 is part of the former patch 6 - just the new _virStorageSource
>
> * Patch 3 is new - to introduced an allocator for domain_conf to create
> a _virStorageSource
>
> * Patch 4 is new - as stated found that the @diskPriv->encinfo wasn't
> cleaned up properly
>
> * Patch 5 is the rest of the former patch 6
>
> * Patch 6 is the former patch 7 with some minor adjustments to allow
> <encryption> to follow <auth> and be both child of <disk> and <source>
>
> * Patch 7 is the former patch 10 with minor change to perform free of
> encinfo properly (e.g. from patch 4)
>
> * Patch 8 is former patch 5 and 9 combined
>
> * Patch 9 is new - to use the virStorageSource for iscsisrc instead of
> just three fields we wanted
>
> * Patch 10 is new to alter the existing hostdevPriv to use diskSrcPriv
>
> * Patch 11 is new to remove the hostdevPriv as it's no longer necesary
>
> * Patch 12 is new to split up a change in qemuBuildSCSIiSCSIHostdevDrvStr
> from the last patch
>
> * Patch 13 is the former patch 13
>
> * Patch 14 is altered to accomodate the hostdev usage if virStorageSource
> for iscsisrc->src instead of that hack that was there before.
>
> John Ferlan (16):
> conf: Add/Allow parsing the auth in the disk source
> qemu: Introduce privateData for _virStorageSource
> qemu: Introduce qemuDomainStorageSourceCopy
> conf: Introduce virDomainDiskStorageSourceNew
> qemu: Add missing encinfo cleanup
> qemu: Relocate qemuDomainSecretInfoPtr from disk private
> conf: Add/Allow parsing the encryption in the disk source
> qemu: Move encinfo from private disk to private disk src
> docs: Add news article regarding auth/encryption placement
> conf,qemu: Replace iscsisrc fields with virStorageSourcePtr
> qemu: Use private disksrc for iscsi instead of private hostdev
> qemu: Remove private hostdev
> qemu: Refactor qemuBuildSCSIiSCSIHostdevDrvStr slightly
> qemu: Get capabilities to use iscsi password-secret argument
> qemu: Use secret objects to pass iSCSI passwords
> docs: Add news article to describe iSCSI usage of secret object
>
> docs/formatdomain.html.in | 82 ++++---
> docs/news.xml | 23 ++
> docs/schemas/domaincommon.rng | 48 +++-
> src/conf/domain_conf.c | 255 ++++++++++++++++-----
> src/conf/domain_conf.h | 10 +-
> src/lxc/lxc_native.c | 2 +-
> src/qemu/qemu_block.c | 64 +++++-
> src/qemu/qemu_blockjob.c | 2 +-
> src/qemu/qemu_capabilities.c | 2 +
> src/qemu/qemu_capabilities.h | 1 +
> src/qemu/qemu_command.c | 84 +++++--
> src/qemu/qemu_command.h | 3 +-
> src/qemu/qemu_domain.c | 162 +++++++++----
> src/qemu/qemu_domain.h | 37 ++-
> src/qemu/qemu_driver.c | 8 +-
> src/qemu/qemu_hotplug.c | 71 +++++-
> src/qemu/qemu_parse_command.c | 4 +-
> src/util/virstoragefile.c | 2 +
> src/util/virstoragefile.h | 5 +
> src/vbox/vbox_common.c | 2 +-
> src/xenconfig/xen_common.c | 2 +-
> src/xenconfig/xen_sxpr.c | 2 +-
> src/xenconfig/xen_xl.c | 2 +-
> .../qemuargv2xml-disk-drive-network-rbd-auth.xml | 6 +-
> tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml | 1 +
> tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml | 1 +
> tests/qemucapabilitiesdata/caps_2.9.0.ppc64le.xml | 1 +
> tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml | 1 +
> tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml | 1 +
> ...xml2argv-disk-drive-network-iscsi-auth-AES.args | 41 ++++
> ...uxml2argv-disk-drive-network-iscsi-auth-AES.xml | 43 ++++
> ...ml2argv-disk-drive-network-source-auth-both.xml | 51 +++++
> ...emuxml2argv-disk-drive-network-source-auth.args | 32 +++
> ...qemuxml2argv-disk-drive-network-source-auth.xml | 45 ++++
> ...ml2argv-hostdev-scsi-virtio-iscsi-auth-AES.args | 45 ++++
> ...xml2argv-hostdev-scsi-virtio-iscsi-auth-AES.xml | 48 ++++
> .../qemuxml2argv-luks-disks-source-both.xml | 40 ++++
> .../qemuxml2argv-luks-disks-source.args | 62 +++++
> .../qemuxml2argv-luks-disks-source.xml | 81 +++++++
> tests/qemuxml2argvtest.c | 14 ++
> ...muxml2xmlout-disk-drive-network-source-auth.xml | 49 ++++
> .../qemuxml2xmlout-luks-disks-source.xml | 84 +++++++
> .../qemuxml2xmlout-luks-disks.xml | 46 +++-
> tests/qemuxml2xmltest.c | 2 +
> tests/virhostdevtest.c | 2 +-
> tests/virstoragetest.c | 6 +
> 46 files changed, 1356 insertions(+), 219 deletions(-)
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES.args
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth-both.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.args
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-source-auth.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AES.args
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AES.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source-both.xml
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.args
> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-luks-disks-source.xml
> create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-disk-drive-network-source-auth.xml
> create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks-source.xml
> mode change 120000 => 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-luks-disks.xml
>
More information about the libvir-list
mailing list