From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=34357 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OOt7I-0006Nm-Gj
	for qemu-devel@nongnu.org; Wed, 16 Jun 2010 09:57:21 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <berrange@redhat.com>) id 1OOt7G-0003J3-Kd
	for qemu-devel@nongnu.org; Wed, 16 Jun 2010 09:57:20 -0400
Received: from mx1.redhat.com ([209.132.183.28]:2112)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <berrange@redhat.com>) id 1OOt7G-0003Il-CW
	for qemu-devel@nongnu.org; Wed, 16 Jun 2010 09:57:18 -0400
Date: Wed, 16 Jun 2010 14:57:09 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: [Qemu-devel] [CFR 2/10] qmp: block_passwd command
Message-ID: <20100616135709.GP13996@redhat.com>
References: <1276619430-15871-1-git-send-email-aliguori@us.ibm.com>
	<1276619430-15871-3-git-send-email-aliguori@us.ibm.com>
	<4C17AE0A.1010200@codemonkey.ws> <4C18D29A.4040601@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4C18D29A.4040601@redhat.com>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>
Cc: Luiz Capitulino <lcapitulino@redhat.com>, Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>, Markus Armbruster <armbru@redhat.com>, qemu-devel@nongnu.org

On Wed, Jun 16, 2010 at 03:33:14PM +0200, Kevin Wolf wrote:
> Am 15.06.2010 18:44, schrieb Anthony Liguori:
> > On 06/15/2010 11:30 AM, Anthony Liguori wrote:
> >> block_passwd
> >> ------------
> >>    
> > 
> > I dislike abbreviations.  I also think that we should make commands 
> > verbs.  So I'd like to change the name to set_block_password and then we 
> > can alias block_passwd to that command if we need to.
> 
> Actually, I think this command should be removed and passwords should
> always be set as a blkdevice_add parameter when attaching an image.

That doesn't work for people adding devices on the command line though,
because you don't want the password exposed in ARGV. It could be useful
to separate the passwords from the device config, both here and wrt to 
VNC (and SPICE in future) instead set them by reference.

eg, register two named secrets  with associated keys

    add_secret secret1 123456
    add_secret secret2 123456

Then you can reference that secret in all the devices added

    blockdev_add  file=foo.qcow1,password=secret1
    blockdev_add  file=foo.qcow2,password=secret2
    blockdev_add  file=foo.qcow3,password=secret1
    graphics_add  type=vnc,password=secret1

On the command line the user could easily specify a config file with
the named secrets

   #cat > secrets.cfg <<EOF
   secret1 = 123465
   secret2 = abcd
   EOF
   qemu -secrets secrets.cfg  -blockdev file=foo.qcow1,password=secret1


It also means that if management apps are logging all monitor commands
for purposes of debugging, or bug reporting, they don't have to worry
so much about exposing their password. just blacklist the 'add_secret'
command from logging and still get the full device configs logged with
the important details.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|