qemu: Add support for using AES secret for SCSI hotplug

Support for virtio disks was added in commit id 'fceeeda', but not for SCSI drives. Add the secret for the server when hotplugging a SCSI drive. No need to make any adjustments for unplug since that's handled during the qemuDomainDetachDiskDevice call to qemuDomainRemoveDiskDevice in the qemuDomainDetachDeviceDiskLive switch. Added a test to/for the command line processing to show the command line options when adding a SCSI drive for the guest.
2025-02-22 11:22:23 +00:00 · 2016-10-09 16:51:09 +01:00 · 2016-10-09 16:51:09 +01:00 · 0701abcb3b
commit 0701abcb3b
parent 8550e8585e
4 changed files with 47 additions and 3 deletions
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@ -601,13 +601,16 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
    char *devstr = NULL;
    bool driveAdded = false;
    bool encobjAdded = false;
+    bool secobjAdded = false;
    char *drivealias = NULL;
    int ret = -1;
    int rv;
    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
    virJSONValuePtr encobjProps = NULL;
+    virJSONValuePtr secobjProps = NULL;
    qemuDomainDiskPrivatePtr diskPriv;
    qemuDomainSecretInfoPtr encinfo;
+    qemuDomainSecretInfoPtr secinfo;

    if (qemuDomainPrepareDisk(driver, vm, disk, NULL, false) < 0)
        goto cleanup;
@ -639,6 +642,12 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
        goto error;

    diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
+    secinfo = diskPriv->secinfo;
+    if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
+        if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0)
+            goto error;
+    }
+
    encinfo = diskPriv->encinfo;
    if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0)
        goto error;
@ -657,6 +666,15 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,

    qemuDomainObjEnterMonitor(driver, vm);

+    if (secobjProps) {
+        rv = qemuMonitorAddObject(priv->mon, "secret", secinfo->s.aes.alias,
+                                  secobjProps);
+        secobjProps = NULL; /* qemuMonitorAddObject consumes */
+        if (rv < 0)
+            goto exit_monitor;
+        secobjAdded = true;
+    }
+
    if (encobjProps) {
        rv = qemuMonitorAddObject(priv->mon, "secret", encinfo->s.aes.alias,
                                  encobjProps);
@ -682,6 +700,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
    ret = 0;

 cleanup:
+    virJSONValueFree(secobjProps);
    virJSONValueFree(encobjProps);
    qemuDomainSecretDiskDestroy(disk);
    VIR_FREE(devstr);
@ -696,6 +715,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
        VIR_WARN("Unable to remove drive %s (%s) after failed "
                 "qemuMonitorAddDevice", drivealias, drivestr);
    }
+    if (secobjAdded)
+        ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias));
    if (encobjAdded)
        ignore_value(qemuMonitorDelObject(priv->mon, encinfo->s.aes.alias));
    if (orig_err) {
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args
@ -18,6 +18,7 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
 -monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
 -no-acpi \
 -boot c \
+-device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x3 \
 -usb \
 -drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
 -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
@ -28,5 +29,14 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
 mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
 6322,file.password-secret=virtio-disk0-secret0,format=raw,if=none,\
 id=drive-virtio-disk0' \
-device virtio-blk-pci,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,\
-id=virtio-disk0
+-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
+id=virtio-disk0 \
+-object secret,id=scsi0-0-0-0-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
+mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
+6322,file.password-secret=scsi0-0-0-0-secret0,format=raw,if=none,\
+id=drive-scsi0-0-0-0,cache=none' \
+-device scsi-disk,bus=scsi0.0,channel=0,scsi-id=0,lun=0,\
+drive=drive-scsi0-0-0-0,id=scsi0-0-0-0
--- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml
@ -32,7 +32,20 @@
      </source>
      <target dev='vda' bus='virtio'/>
    </disk>
+    <disk type='network' device='disk'>
+      <driver name='qemu' type='raw' cache='none'/>
+      <auth username='myname'>
+        <secret type='ceph' usage='mycluster_myname'/>
+      </auth>
+      <source protocol='rbd' name='pool/image'>
+        <host name='mon1.example.org' port='6321'/>
+        <host name='mon2.example.org' port='6322'/>
+        <host name='mon3.example.org' port='6322'/>
+      </source>
+      <target bus='scsi' dev='sda'/>
+    </disk>
    <controller type='usb' index='0'/>
+    <controller type='scsi' index='0' model='virtio-scsi'/>
    <controller type='ide' index='0'/>
    <controller type='pci' index='0' model='pci-root'/>
    <input type='mouse' bus='ps2'/>
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@ -864,7 +864,7 @@ mymain(void)
    DO_TEST("disk-drive-network-rbd-auth", NONE);
 # ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
    DO_TEST("disk-drive-network-rbd-auth-AES",
-            QEMU_CAPS_OBJECT_SECRET);
+            QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI);
 # endif
    DO_TEST("disk-drive-network-rbd-ipv6", NONE);
    DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE);