[Qemu-devel] [PATCH] iotests: 205: support luks format

[Qemu-devel] [PATCH] iotests: 205: support luks format

[Vladimir Sementsov-Ogievskiy]

Support default luks options in VM.add_drive and in new library
function qemu_img_create. Use it in 205 iotests.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---

instead of
  [PATCH] iotests: 205: support only raw format

let's just support luks. This patch also makes it simple to support
luks in any other python iotest.

 tests/qemu-iotests/205        |  4 ++--
 tests/qemu-iotests/iotests.py | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/tests/qemu-iotests/205 b/tests/qemu-iotests/205
index 10388920dc..e7b2eae51d 100644
--- a/tests/qemu-iotests/205
+++ b/tests/qemu-iotests/205
@@ -22,7 +22,7 @@ import os
 import sys
 import iotests
 import time
-from iotests import qemu_img, qemu_io, filter_qemu_io, QemuIoInteractive
+from iotests import qemu_img_create, qemu_io, filter_qemu_io, QemuIoInteractive
 
 nbd_sock = 'nbd_sock'
 nbd_uri = 'nbd+unix:///exp?socket=' + nbd_sock
@@ -31,7 +31,7 @@ disk = os.path.join(iotests.test_dir, 'disk')
 
 class TestNbdServerRemove(iotests.QMPTestCase):
     def setUp(self):
-        qemu_img('create', '-f', iotests.imgfmt, disk, '1M')
+        qemu_img_create('-f', iotests.imgfmt, disk, '1M')
 
         self.vm = iotests.VM().add_drive(disk)
         self.vm.launch()
diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
index 5a10b2d534..4b9a4445cd 100644
--- a/tests/qemu-iotests/iotests.py
+++ b/tests/qemu-iotests/iotests.py
@@ -58,6 +58,13 @@ qemu_default_machine = os.environ.get('QEMU_DEFAULT_MACHINE')
 socket_scm_helper = os.environ.get('SOCKET_SCM_HELPER', 'socket_scm_helper')
 debug = False
 
+luks_default_secret_id = 'luks_secret_default_iotests_id'
+luks_default_secret_data = '12345'
+luks_default_secret_object = 'secret,id=' + luks_default_secret_id + \
+                             ',data=' + luks_default_secret_data
+luks_default_key_secret_opt = 'key-secret=' + luks_default_secret_id
+
+
 def qemu_img(*args):
     '''Run qemu-img and return the exit code'''
     devnull = open('/dev/null', 'r+')
@@ -66,6 +73,25 @@ def qemu_img(*args):
         sys.stderr.write('qemu-img received signal %i: %s\n' % (-exitcode, ' '.join(qemu_img_args + list(args))))
     return exitcode
 
+def qemu_img_create(*args):
+    args = list(args)
+
+    # default luks support
+    if '-f' in args and args[args.index('-f') + 1] == 'luks':
+        if '-o' in args:
+            i = args.index('-o')
+            if 'key-secret' not in args[i + 1]:
+                args[i + 1].append(luks_default_key_secret_opt)
+                args.insert(i + 2, '--object')
+                args.insert(i + 3, luks_default_secret_object)
+        else:
+            args = ['-o', luks_default_key_secret_opt,
+                    '--object', luks_default_secret_object] + args
+
+    args.insert(0, 'create')
+
+    return qemu_img(*args)
+
 def qemu_img_verbose(*args):
     '''Run qemu-img without suppressing its output and return the exit code'''
     exitcode = subprocess.call(qemu_img_args + list(args))
@@ -263,6 +289,13 @@ class VM(qtest.QEMUQtestMachine):
         if opts:
             options.append(opts)
 
+        if format == 'luks' and 'key-secret' not in opts:
+            # default luks support
+            if luks_default_secret_object not in self._args:
+                self.add_object(luks_default_secret_object)
+
+            options.append(luks_default_key_secret_opt)
+
         self._args.append('-drive')
         self._args.append(','.join(options))
         self._num_drives += 1
-- 
2.11.1

Re: [Qemu-devel] [PATCH] iotests: 205: support luks format

[Daniel P. Berrangé]

On Tue, Feb 06, 2018 at 08:16:42PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> Support default luks options in VM.add_drive and in new library
> function qemu_img_create. Use it in 205 iotests.
> 
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
> 
> instead of
>   [PATCH] iotests: 205: support only raw format
> 
> let's just support luks. This patch also makes it simple to support
> luks in any other python iotest.
> 
>  tests/qemu-iotests/205        |  4 ++--
>  tests/qemu-iotests/iotests.py | 33 +++++++++++++++++++++++++++++++++
>  2 files changed, 35 insertions(+), 2 deletions(-)
> 

> diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
> index 5a10b2d534..4b9a4445cd 100644
> --- a/tests/qemu-iotests/iotests.py
> +++ b/tests/qemu-iotests/iotests.py
> @@ -58,6 +58,13 @@ qemu_default_machine = os.environ.get('QEMU_DEFAULT_MACHINE')
>  socket_scm_helper = os.environ.get('SOCKET_SCM_HELPER', 'socket_scm_helper')
>  debug = False
>  
> +luks_default_secret_id = 'luks_secret_default_iotests_id'

Can we just call this  "keysec0", so we matchh convention used by
the shell script based tests.

> +luks_default_secret_data = '12345'

The 'check' script exports an environment variable IMGKEYSECRET
that is intended to be used as the default password for LUKS.

> +luks_default_secret_object = 'secret,id=' + luks_default_secret_id + \
> +                             ',data=' + luks_default_secret_data
> +luks_default_key_secret_opt = 'key-secret=' + luks_default_secret_id


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [Qemu-devel] [PATCH] iotests: 205: support luks format

[Vladimir Sementsov-Ogievskiy]

06.02.2018 20:29, Daniel P. Berrangé wrote:
> On Tue, Feb 06, 2018 at 08:16:42PM +0300, Vladimir Sementsov-Ogievskiy wrote:
>> Support default luks options in VM.add_drive and in new library
>> function qemu_img_create. Use it in 205 iotests.
>>
>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
>> ---
>>
>> instead of
>>    [PATCH] iotests: 205: support only raw format
>>
>> let's just support luks. This patch also makes it simple to support
>> luks in any other python iotest.
>>
>>   tests/qemu-iotests/205        |  4 ++--
>>   tests/qemu-iotests/iotests.py | 33 +++++++++++++++++++++++++++++++++
>>   2 files changed, 35 insertions(+), 2 deletions(-)
>>
>> diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
>> index 5a10b2d534..4b9a4445cd 100644
>> --- a/tests/qemu-iotests/iotests.py
>> +++ b/tests/qemu-iotests/iotests.py
>> @@ -58,6 +58,13 @@ qemu_default_machine = os.environ.get('QEMU_DEFAULT_MACHINE')
>>   socket_scm_helper = os.environ.get('SOCKET_SCM_HELPER', 'socket_scm_helper')
>>   debug = False
>>   
>> +luks_default_secret_id = 'luks_secret_default_iotests_id'
> Can we just call this  "keysec0", so we matchh convention used by
> the shell script based tests.

Here I'm trying to avoid intersection with some user-defined id.

>
>> +luks_default_secret_data = '12345'
> The 'check' script exports an environment variable IMGKEYSECRET
> that is intended to be used as the default password for LUKS.

agree, missed this.

>
>> +luks_default_secret_object = 'secret,id=' + luks_default_secret_id + \
>> +                             ',data=' + luks_default_secret_data
>> +luks_default_key_secret_opt = 'key-secret=' + luks_default_secret_id
>
> Regards,
> Daniel


-- 
Best regards,
Vladimir

Re: [Qemu-devel] [PATCH] iotests: 205: support luks format

[Eric Blake]

On 02/06/2018 11:57 AM, Vladimir Sementsov-Ogievskiy wrote:

>>> +luks_default_secret_id = 'luks_secret_default_iotests_id'
>> Can we just call this  "keysec0", so we matchh convention used by
>> the shell script based tests.
> 
> Here I'm trying to avoid intersection with some user-defined id.
> 

You're overthinking it.  We are only using this in the testsuite, and 
nothing else in the testsuite is using 'keysec0' for anything except the 
id of the secret to pass to encrypted disks.  The longer name doesn't 
add any protection.  It might be different if we were trying to provide 
a reusable library for contexts outside the testsuite, but since we are 
not doing that, we can rely on 'make check' failing as evidence if we 
have any collisions in naming choices that need long name munging as a 
workaround.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Re: [Qemu-devel] [PATCH] iotests: 205: support luks format

[Vladimir Sementsov-Ogievskiy]

06.02.2018 21:04, Eric Blake wrote:
> On 02/06/2018 11:57 AM, Vladimir Sementsov-Ogievskiy wrote:
>
>>>> +luks_default_secret_id = 'luks_secret_default_iotests_id'
>>> Can we just call this  "keysec0", so we matchh convention used by
>>> the shell script based tests.
>>
>> Here I'm trying to avoid intersection with some user-defined id.
>>
>
> You're overthinking it.  We are only using this in the testsuite, and 
> nothing else in the testsuite is using 'keysec0' for anything except 
> the id of the secret to pass to encrypted disks.  The longer name 
> doesn't add any protection.  It might be different if we were trying 
> to provide a reusable library for contexts outside the testsuite, but 
> since we are not doing that, we can rely on 'make check' failing as 
> evidence if we have any collisions in naming choices that need long 
> name munging as a workaround.
>

Ok

-- 
Best regards,
Vladimir

Re: [Qemu-devel] [PATCH] iotests: 205: support luks format

[Daniel P. Berrangé]

On Tue, Feb 06, 2018 at 08:57:38PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> 06.02.2018 20:29, Daniel P. Berrangé wrote:
> > On Tue, Feb 06, 2018 at 08:16:42PM +0300, Vladimir Sementsov-Ogievskiy wrote:
> > > Support default luks options in VM.add_drive and in new library
> > > function qemu_img_create. Use it in 205 iotests.
> > > 
> > > Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> > > ---
> > > 
> > > instead of
> > >    [PATCH] iotests: 205: support only raw format
> > > 
> > > let's just support luks. This patch also makes it simple to support
> > > luks in any other python iotest.
> > > 
> > >   tests/qemu-iotests/205        |  4 ++--
> > >   tests/qemu-iotests/iotests.py | 33 +++++++++++++++++++++++++++++++++
> > >   2 files changed, 35 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/tests/qemu-iotests/iotests.py b/tests/qemu-iotests/iotests.py
> > > index 5a10b2d534..4b9a4445cd 100644
> > > --- a/tests/qemu-iotests/iotests.py
> > > +++ b/tests/qemu-iotests/iotests.py
> > > @@ -58,6 +58,13 @@ qemu_default_machine = os.environ.get('QEMU_DEFAULT_MACHINE')
> > >   socket_scm_helper = os.environ.get('SOCKET_SCM_HELPER', 'socket_scm_helper')
> > >   debug = False
> > > +luks_default_secret_id = 'luks_secret_default_iotests_id'
> > Can we just call this  "keysec0", so we matchh convention used by
> > the shell script based tests.
> 
> Here I'm trying to avoid intersection with some user-defined id.

The "user" here is the person writing individual I/O tests. They already
have to know to avoid keysec0 because that's the standard we've defined
for the shell based scripts. So I don't see any benefit to divering in
the Python - just doubles the stuff they need to remember.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|