From: Josh Durgin <josh.durgin@dreamhost.com>
To: libvir-list@redhat.com, qemu-devel@nongnu.org
Cc: ceph-devel@vger.kernel.org,
"Daniel P. Berrange" <berrange@redhat.com>,
Kevin Wolf <kwolf@redhat.com>
Subject: passing secrets to block devices
Date: Thu, 20 Oct 2011 11:30:42 -0700 [thread overview]
Message-ID: <4EA068D2.4030101@dreamhost.com> (raw)
We're working on libvirt support for block device authentication [1]. To
authenticate, rbd needs a username and a secret. Normally, to
avoid putting the secret on the command line, you can store the secret
in a file and pass the file to qemu, but when this is automated,
there's no good way to know when the file can be removed. There are
a few ways to pass the secret to qemu that avoid this problem:
1) pass an fd to an unlinked file containing the secret
This is the simplest method, but it sounds like qemu developers don't
like fd passing from libvirt. [2]
2) start guests paused, without disks requiring authentication, then
use the drive_add monitor command to attach them
This would make disks with authentication somewhat of a special case
in libvirt, but would be simple to implement, and require no qemu changes.
3) start guests paused, then send the secret via a new QMP/HMP
command (block_set_conf <key> <value>?)
This is a larger change, but it would be more generally useful for
changing configuration at runtime.
What do you think is the best approach?
[1] http://permalink.gmane.org/gmane.comp.file-systems.ceph.devel/4129
[2] http://lists.gnu.org/archive/html/qemu-devel/2011-08/msg02494.html
WARNING: multiple messages have this Message-ID (diff)
From: Josh Durgin <josh.durgin@dreamhost.com>
To: libvir-list@redhat.com, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, ceph-devel@vger.kernel.org
Subject: [Qemu-devel] passing secrets to block devices
Date: Thu, 20 Oct 2011 11:30:42 -0700 [thread overview]
Message-ID: <4EA068D2.4030101@dreamhost.com> (raw)
We're working on libvirt support for block device authentication [1]. To
authenticate, rbd needs a username and a secret. Normally, to
avoid putting the secret on the command line, you can store the secret
in a file and pass the file to qemu, but when this is automated,
there's no good way to know when the file can be removed. There are
a few ways to pass the secret to qemu that avoid this problem:
1) pass an fd to an unlinked file containing the secret
This is the simplest method, but it sounds like qemu developers don't
like fd passing from libvirt. [2]
2) start guests paused, without disks requiring authentication, then
use the drive_add monitor command to attach them
This would make disks with authentication somewhat of a special case
in libvirt, but would be simple to implement, and require no qemu changes.
3) start guests paused, then send the secret via a new QMP/HMP
command (block_set_conf <key> <value>?)
This is a larger change, but it would be more generally useful for
changing configuration at runtime.
What do you think is the best approach?
[1] http://permalink.gmane.org/gmane.comp.file-systems.ceph.devel/4129
[2] http://lists.gnu.org/archive/html/qemu-devel/2011-08/msg02494.html
next reply other threads:[~2011-10-20 18:30 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-20 18:30 Josh Durgin [this message]
2011-10-20 18:30 ` [Qemu-devel] passing secrets to block devices Josh Durgin
2011-10-20 19:24 ` Daniel P. Berrange
2011-10-20 19:24 ` [Qemu-devel] " Daniel P. Berrange
2011-10-20 21:48 ` Josh Durgin
2011-10-20 21:48 ` [Qemu-devel] " Josh Durgin
2011-10-21 1:37 ` shu ming
2011-10-21 1:37 ` shu ming
2011-10-21 7:05 ` Daniel P. Berrange
2011-10-21 7:05 ` Daniel P. Berrange
2011-10-21 7:05 ` Daniel P. Berrange
2011-10-21 7:05 ` [Qemu-devel] " Daniel P. Berrange
2011-10-21 8:30 ` Kevin Wolf
2011-10-21 8:30 ` [Qemu-devel] " Kevin Wolf
2011-10-21 8:40 ` Daniel P. Berrange
2011-10-21 8:40 ` [Qemu-devel] " Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EA068D2.4030101@dreamhost.com \
--to=josh.durgin@dreamhost.com \
--cc=berrange@redhat.com \
--cc=ceph-devel@vger.kernel.org \
--cc=kwolf@redhat.com \
--cc=libvir-list@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.