Re: Hiding auth key string for the qemu process

[Josh Durgin <josh.durgin@inktank.com>]

On 09/22/2013 12:54 PM, Andrey Korolyov wrote:
> Hello,
>
> Since it was a long time from enabling cephx by default and we may
> think that everyone using it, is seems worthy to introduce bits of
> code hiding the key from cmdline. First applicable place for such
> improvement is most-likely OpenStack envs with their sparse security
> and usage of admin key as default one.

I doubt most people are using the admin keyring, since the docs for
openstack show different users for images and volumes, but it's worth
tackling this again.

Basically this requires changing QEMU and making libvirt use the new 
interface when it's available. There was some discussion [1] and an rfc
[2] a while back regarding this. The same approach of modifying the
bdrv_set_key command should work, but IIRC there was a complication
that could be corrected. QEMU attempted to read the device size before
pausing the vm and waiting for the password (cephx secret in this
case), but with rbd the size isn't available until after the driver has
the secret with which to connect to the cluster. If the vm were paused
before the size of the disk was read, the patches would be simpler.

It's probably not too hard to rework those patches if anyone's
interested in picking them up.

Josh

[1] http://www.redhat.com/archives/libvir-list/2011-October/msg00998.html
[2] http://lists.gnu.org/archive/html/qemu-devel/2011-11/msg01337.html