From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50097) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZbNPB-000747-Tn for qemu-devel@nongnu.org; Mon, 14 Sep 2015 02:38:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZbNPA-0001vW-KF for qemu-devel@nongnu.org; Mon, 14 Sep 2015 02:38:21 -0400 Date: Mon, 14 Sep 2015 14:38:10 +0800 From: Fam Zheng Message-ID: <20150914063810.GA31803@ad.nay.redhat.com> References: <1441951252-13439-1-git-send-email-famz@redhat.com> <55F2F141.3000809@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [Qemu-devel] [PATCH] iscsi: Add chap and "initiator-name" etc as per drive options List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake , ronnie sahlberg Cc: Kevin Wolf , Paolo Bonzini , Peter Lieven , qemu-devel , qemu-block@nongnu.org On Fri, 09/11 08:27, ronnie sahlberg wrote: > On Fri, Sep 11, 2015 at 8:20 AM, Eric Blake wrote: > > On 09/11/2015 12:00 AM, Fam Zheng wrote: > >> Previously we use "-iscsi id=target-iqn,user=foo,password=bar,..." to > >> specify iscsi connection parameters, unfortunately it doesn't work with > >> qemu-img. > >> > >> This patch adds per drive options to iscsi driver so that at least > >> qemu-img can use the "json:{...}" filename magic. > >> > >> Signed-off-by: Fam Zheng > >> --- > >> block/iscsi.c | 83 +++++++++++++++++++++++++++++++++++++++++++++-------------- > >> 1 file changed, 64 insertions(+), 19 deletions(-) > > > > It would be nice to also add a matching BlockdevOptionsIscsi to > > qapi/block-core.json, to allow setting these structured options from > > QMP. Separate patch is fine, but we need to do the work for ALL of the > > remaining block devices eventually, and now that you are structuring the > > command line is a good time to think about it. > > > > > >> static void iscsi_nop_timed_event(void *opaque) > >> @@ -1229,6 +1253,27 @@ static QemuOptsList runtime_opts = { > >> .name = "filename", > >> .type = QEMU_OPT_STRING, > >> .help = "URL to the iscsi image", > >> + },{ > >> + .name = "user", > >> + .type = QEMU_OPT_STRING, > >> + .help = "username for CHAP authentication to target", > >> + },{ > >> + .name = "password", > >> + .type = QEMU_OPT_STRING, > >> + .help = "password for CHAP authentication to target", > >> + },{ > > > > Also, this requires passing the password in the command line. We > > _really_ need to solve the problem of allowing the password to be passed > > via a fd or other QMP command, rather than on the command line. > > > Passing via command line is evil. It should still be possible to pass > all this via a config file to qemu : > > """ > ... > Howto use a configuration file to set iSCSI configuration options: > @example > cat >iscsi.conf < [iscsi "iqn.target.name"] > user = "me" > password = "my password" > initiator-name = "iqn.qemu.test:my-initiator" > header-digest = "CRC32C" > EOF > > qemu-system-i386 -drive file=iscsi://127.0.0.1/iqn.qemu.test/1 \ > -readconfig iscsi.conf > @end example > ... > """ I agree passing password with clear text command line is bad, but -readconfig doesn't work for qemu-img and qemu-io. Any idea how to make that work? Fam