From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58970) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cv1fL-0007Xc-54 for qemu-devel@nongnu.org; Mon, 03 Apr 2017 09:05:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cv1fH-0002Ir-Vs for qemu-devel@nongnu.org; Mon, 03 Apr 2017 09:05:03 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34116) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cv1fH-0002IH-PJ for qemu-devel@nongnu.org; Mon, 03 Apr 2017 09:04:59 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id CFA3680468 for ; Mon, 3 Apr 2017 13:04:53 +0000 (UTC) Date: Mon, 3 Apr 2017 14:04:42 +0100 From: "Daniel P. Berrange" Message-ID: <20170403130442.GW2768@redhat.com> Reply-To: "Daniel P. Berrange" References: <1490621195-2228-1-git-send-email-armbru@redhat.com> <1490621195-2228-10-git-send-email-armbru@redhat.com> <20170403113703.GS2768@redhat.com> <44b23727-f5d4-0d64-0694-85c6dd601431@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <44b23727-f5d4-0d64-0694-85c6dd601431@redhat.com> Subject: Re: [Qemu-devel] [PATCH RFC v3 for-2.9 09/11] rbd: Revert -blockdev parameter password-secret List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Max Reitz Cc: Markus Armbruster , qemu-devel@nongnu.org, kwolf@redhat.com, jdurgin@redhat.com, jcody@redhat.com On Mon, Apr 03, 2017 at 02:42:48PM +0200, Max Reitz wrote: > On 03.04.2017 13:37, Daniel P. Berrange wrote: > > On Mon, Mar 27, 2017 at 03:26:33PM +0200, Markus Armbruster wrote: > >> This reverts a part of commit 8a47e8e. We're having second thoughts > >> on the QAPI schema (and thus the external interface), and haven't > >> reached consensus, yet. Issues include: > >> > >> * BlockdevOptionsRbd member @password-secret isn't actually a > >> password, it's a key generated by Ceph. > >> > >> * We're not sure where member @password-secret belongs (see the > >> previous commit). > >> > >> * How @password-secret interacts with settings from a configuration > >> file specified with @conf is undocumented. I suspect it's untested, > >> too. > >> > >> Let's avoid painting ourselves into a corner now, and revert the > >> feature for 2.9. > >> > >> Note that users can still configure an authentication key with a > >> configuration file. They probably do that anyway if they use Ceph > >> outside QEMU as well. > > > > NB, this makes blockdev-add largely useless for RBD from libvirt's POV, > > since we rely on the password-secret facility working to support apps > > like openstack which won't configure the global config file for RBD. > > > > Not a regression though, since blockdev-add is new - just means we won't > > be able to use the new feature yet :-( > > How does it make blockdev-add totally useless? The only thing you cannot > do is set passwords for rbd. Can this not be added as a new feature in > the future? Sure, if you want to run an rbd server without any auth its usable, just that isn't something you really want todo from a security pov. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|