External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-21 20:15:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: domain: Always assume QEMU_CAPS_ISCSI_PASSWORD_SECRET

Browse Source 
QEMU supports the 'password-secret' parameter to pass a QCryptoSecret
since 2.9. Remove the alternate plaintext logic.

Unfortunately this had a ripple effect of removing qemuCaps from a lot
of functions.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2021-09-21 18:06:05 +02:00
parent 3d13acc3bc
commit 900270a24f
9 changed files with 43 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/qemu/qemu_command.c
View File

@ -1194,8 +1194,7 @@ qemuDiskBusIsSD(int bus)
* the legacy representation.
*/
static bool
qemuDiskSourceNeedsProps(virStorageSource *src,
virQEMUCaps *qemuCaps)
qemuDiskSourceNeedsProps(virStorageSource *src)
{
int actualType = virStorageSourceGetActualType(src);
@ -1209,8 +1208,7 @@ qemuDiskSourceNeedsProps(virStorageSource *src,
return true;
if (actualType == VIR_STORAGE_TYPE_NETWORK &&
src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI &&
virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET))
src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI)
return true;
if (actualType == VIR_STORAGE_TYPE_NETWORK &&
@ -1272,7 +1270,6 @@ qemuBuildDriveSourcePR(virBuffer *buf,
static int
qemuBuildDriveSourceStr(virDomainDiskDef *disk,
virQEMUCaps *qemuCaps,
virBuffer *buf)
{
int actualType = virStorageSourceGetActualType(disk->src);
@ -1288,7 +1285,7 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk,
encinfo = srcpriv->encinfo;
}
if (qemuDiskSourceNeedsProps(disk->src, qemuCaps) &&
if (qemuDiskSourceNeedsProps(disk->src) &&
!(srcprops = qemuDiskSourceGetProps(disk->src)))
return -1;
@ -1469,7 +1466,7 @@ qemuBuildDriveStr(virDomainDiskDef *disk,
int detect_zeroes = virDomainDiskGetDetectZeroesMode(disk->discard,
disk->detect_zeroes);
if (qemuBuildDriveSourceStr(disk, qemuCaps, &opt) < 0)
if (qemuBuildDriveSourceStr(disk, &opt) < 0)
return NULL;
if (!qemuDiskBusIsSD(disk->bus)) {
@ -4556,8 +4553,7 @@ qemuBuildHubCommandLine(virCommand *cmd,
static char *
qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDef *dev,
virQEMUCaps *qemuCaps)
qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDef *dev)
{
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
g_autofree char *netsource = NULL;
@ -4567,7 +4563,7 @@ qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDef *dev,
qemuDomainStorageSourcePrivate *srcPriv =
QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(iscsisrc->src);
if (qemuDiskSourceNeedsProps(iscsisrc->src, qemuCaps)) {
if (qemuDiskSourceNeedsProps(iscsisrc->src)) {
if (!(srcprops = qemuDiskSourceGetProps(iscsisrc->src)))
return NULL;
if (!(netsource = virQEMUBuildDriveCommandlineFromJSON(srcprops)))
@ -4612,8 +4608,7 @@ qemuBuildSCSIVHostHostdevDevStr(const virDomainDef *def,
}
static char *
qemuBuildSCSIHostdevDrvStr(virDomainHostdevDef *dev,
virQEMUCaps *qemuCaps)
qemuBuildSCSIHostdevDrvStr(virDomainHostdevDef *dev)
{
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
g_autofree char *source = NULL;
@ -4621,7 +4616,7 @@ qemuBuildSCSIHostdevDrvStr(virDomainHostdevDef *dev,
virDomainHostdevSubsysSCSI *scsisrc = &dev->source.subsys.u.scsi;
if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI) {
if (!(source = qemuBuildSCSIiSCSIHostdevDrvStr(dev, qemuCaps)))
if (!(source = qemuBuildSCSIiSCSIHostdevDrvStr(dev)))
return NULL;
virBufferAdd(&buf, source, -1);
} else {
@ -5170,7 +5165,7 @@ qemuBuildHostdevSCSIAttachPrepare(virDomainHostdevDef *hostdev,
} else {
if (scsisrc->protocol == VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI)
src = scsisrc->u.iscsi.src;
ret->driveCmd = qemuBuildSCSIHostdevDrvStr(hostdev, qemuCaps);
ret->driveCmd = qemuBuildSCSIHostdevDrvStr(hostdev);
ret->driveAlias = qemuAliasFromHostdev(hostdev);
*backendAlias = ret->driveAlias;
}

131
src/qemu/qemu_domain.c
View File

@ -1093,43 +1093,6 @@ qemuDomainVideoPrivateDispose(void *obj)
}
/* qemuDomainSecretPlainSetup:
* @secinfo: Pointer to secret info
* @usageType: The virSecretUsageType
* @username: username to use for authentication (may be NULL)
* @seclookupdef: Pointer to seclookupdef data
*
* Taking a secinfo, fill in the plaintext information
*
* Returns 0 on success, -1 on failure with error message
*/
static int
qemuDomainSecretPlainSetup(qemuDomainSecretInfo *secinfo,
virSecretUsageType usageType,
const char *username,
virSecretLookupTypeDef *seclookupdef)
{
VIR_IDENTITY_AUTORESTORE virIdentity *oldident = virIdentityElevateCurrent();
g_autoptr(virConnect) conn = virGetConnectSecret();
int ret = -1;
if (!oldident)
return -1;
if (!conn)
return -1;
secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_PLAIN;
secinfo->s.plain.username = g_strdup(username);
ret = virSecretGetSecretString(conn, seclookupdef, usageType,
&secinfo->s.plain.secret,
&secinfo->s.plain.secretlen);
return ret;
}
/* qemuDomainSecretAESSetup:
* @priv: pointer to domain private object
* @alias: alias of the secret
@ -1229,35 +1192,6 @@ qemuDomainSecretAESSetupFromSecret(qemuDomainObjPrivate *priv,
}
/* qemuDomainSecretInfoNewPlain:
* @usageType: Secret usage type
* @username: username
* @lookupDef: lookup def describing secret
*
* Helper function to create a secinfo to be used for secinfo consumers. This
* sets up a 'plain' (unencrypted) secret for legacy consumers.
*
* Returns @secinfo on success, NULL on failure. Caller is responsible
* to eventually free @secinfo.
*/
static qemuDomainSecretInfo *
qemuDomainSecretInfoNewPlain(virSecretUsageType usageType,
const char *username,
virSecretLookupTypeDef *lookupDef)
{
qemuDomainSecretInfo *secinfo = NULL;
secinfo = g_new0(qemuDomainSecretInfo, 1);
if (qemuDomainSecretPlainSetup(secinfo, usageType, username, lookupDef) < 0) {
g_clear_pointer(&secinfo, qemuDomainSecretInfoFree);
return NULL;
}
return secinfo;
}
/**
* qemuDomainSecretInfoTLSNew:
* @priv: pointer to domain private object
@ -1366,7 +1300,6 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
const char *aliasformat)
{
qemuDomainStorageSourcePrivate *srcPriv;
bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET);
bool hasAuth = qemuDomainStorageSourceHasAuth(src);
bool hasEnc = qemuDomainDiskHasEncryptionSecret(src);
@ -1384,19 +1317,11 @@ qemuDomainSecretStorageSourcePrepare(qemuDomainObjPrivate *priv,
if (src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
usageType = VIR_SECRET_USAGE_TYPE_CEPH;
if (src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI && !iscsiHasPS) {
srcPriv->secinfo = qemuDomainSecretInfoNewPlain(usageType,
src->auth->username,
&src->auth->seclookupdef);
} else {
srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasprotocol,
"auth",
usageType,
src->auth->username,
&src->auth->seclookupdef);
}
if (!srcPriv->secinfo)
if (!(srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv, aliasprotocol,
"auth",
usageType,
src->auth->username,
&src->auth->seclookupdef)))
return -1;
}
@ -4777,15 +4702,6 @@ qemuDomainValidateStorageSource(virStorageSource *src,
return -1;
}
/* Use QEMU_CAPS_ISCSI_PASSWORD_SECRET as witness that iscsi 'initiator-name'
* option is available, it was introduced at the same time. */
if (src->initiator.iqn &&
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("iSCSI initiator IQN not supported with this QEMU binary"));
return -1;
}
if (src->sliceStorage) {
/* In pre-blockdev era we can't configure the slice so we can allow them
* only for detected backing store entries as they are populated
@ -5322,7 +5238,6 @@ qemuDomainChrDefPostParse(virDomainChrDef *chr,
*/
static int
qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDomainDiskDef *disk,
virQEMUCaps *qemuCaps,
unsigned int parseFlags)
{
qemuDomainStorageSourcePrivate *priv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
@ -5344,8 +5259,7 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDomainDiskDef *disk,
* status XML */
if (virStorageSourceGetActualType(disk->src) == VIR_STORAGE_TYPE_NETWORK &&
(disk->src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD ||
(disk->src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI &&
virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET))))
disk->src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI))
restoreAuthSecret = true;
}
@ -5385,7 +5299,6 @@ qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDomainDiskDef *disk,
static int
qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
virQEMUCaps *qemuCaps,
unsigned int parseFlags)
{
/* set default disk types and drivers */
@ -5402,8 +5315,7 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDef *disk,
disk->mirror->format == VIR_STORAGE_FILE_NONE)
disk->mirror->format = VIR_STORAGE_FILE_RAW;
if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, qemuCaps,
parseFlags) < 0)
if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, parseFlags) < 0)
return -1;
/* regenerate TLS alias for old status XMLs */
@ -5507,7 +5419,6 @@ qemuDomainVsockDefPostParse(virDomainVsockDef *vsock)
*/
static int
qemuDomainDeviceHostdevDefPostParseRestoreSecAlias(virDomainHostdevDef *hostdev,
virQEMUCaps *qemuCaps,
unsigned int parseFlags)
{
qemuDomainStorageSourcePrivate *priv;
@ -5521,7 +5432,6 @@ qemuDomainDeviceHostdevDefPostParseRestoreSecAlias(virDomainHostdevDef *hostdev,
if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS ||
hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI ||
scsisrc->protocol != VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISCSI ||
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET) ||
!qemuDomainStorageSourceHasAuth(iscsisrc->src))
return 0;
@ -5611,8 +5521,7 @@ qemuDomainHostdevDefPostParse(virDomainHostdevDef *hostdev,
{
virDomainHostdevSubsys *subsys = &hostdev->source.subsys;
if (qemuDomainDeviceHostdevDefPostParseRestoreSecAlias(hostdev, qemuCaps,
parseFlags) < 0)
if (qemuDomainDeviceHostdevDefPostParseRestoreSecAlias(hostdev, parseFlags) < 0)
return -1;
if (qemuDomainDeviceHostdevDefPostParseRestoreBackendAlias(hostdev, qemuCaps,
@ -5732,8 +5641,7 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDef *dev,
break;
case VIR_DOMAIN_DEVICE_DISK:
ret = qemuDomainDeviceDiskDefPostParse(dev->data.disk, qemuCaps,
parseFlags);
ret = qemuDomainDeviceDiskDefPostParse(dev->data.disk, parseFlags);
break;
case VIR_DOMAIN_DEVICE_VIDEO:
@ -10863,24 +10771,15 @@ qemuDomainPrepareHostdev(virDomainHostdevDef *hostdev,
}
if (src->auth) {
bool iscsiHasPS = virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET);
virSecretUsageType usageType = VIR_SECRET_USAGE_TYPE_ISCSI;
qemuDomainStorageSourcePrivate *srcPriv = qemuDomainStorageSourcePrivateFetch(src);
if (!iscsiHasPS) {
srcPriv->secinfo = qemuDomainSecretInfoNewPlain(usageType,
src->auth->username,
&src->auth->seclookupdef);
} else {
srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv,
backendalias,
NULL,
usageType,
src->auth->username,
&src->auth->seclookupdef);
}
if (!srcPriv->secinfo)
if (!(srcPriv->secinfo = qemuDomainSecretAESSetupFromSecret(priv,
backendalias,
NULL,
usageType,
src->auth->username,
&src->auth->seclookupdef)))
return -1;
}
}

12
tests/qemuxml2argvdata/disk-network-iscsi.args
View File

@ -27,14 +27,16 @@ QEMU_AUDIO_DRV=none \
-boot strict=on \
-device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x2 \
-usb \
-drive file=iscsi://example.org:6000/iqn.1992-01.com.example/0,format=raw,if=none,id=drive-virtio-disk0 \
-drive file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example,file.lun=0,file.transport=tcp,format=raw,if=none,id=drive-virtio-disk0 \
-device virtio-blk-pci,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
-drive file=iscsi://example.org:6000/iqn.1992-01.com.example/1,format=raw,if=none,id=drive-virtio-disk1 \
-drive file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example,file.lun=1,file.transport=tcp,format=raw,if=none,id=drive-virtio-disk1 \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 \
-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:6000/iqn.1992-01.com.example%3Astorage/1,format=raw,if=none,id=drive-virtio-disk2 \
-object secret,id=virtio-disk2-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,file.user=myname,file.password-secret=virtio-disk2-auth-secret0,format=raw,if=none,id=drive-virtio-disk2 \
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk2,id=virtio-disk2 \
-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:6000/iqn.1992-01.com.example%3Astorage/2,format=raw,if=none,id=drive-virtio-disk3 \
-object secret,id=virtio-disk3-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example:storage,file.lun=2,file.transport=tcp,file.user=myname,file.password-secret=virtio-disk3-auth-secret0,format=raw,if=none,id=drive-virtio-disk3 \
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk3,id=virtio-disk3 \
-drive file=iscsi://example.org:3260/iqn.1992-01.com.example/0,format=raw,if=none,id=drive-scsi0-0-0-0 \
-drive file.driver=iscsi,file.portal=example.org:3260,file.target=iqn.1992-01.com.example,file.lun=0,file.transport=tcp,format=raw,if=none,id=drive-scsi0-0-0-0 \
-device scsi-block,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0 \
-msg timestamp=on

3
tests/qemuxml2argvdata/disk-network-source-auth.args
View File

@ -26,7 +26,8 @@ QEMU_AUDIO_DRV=none \
-no-acpi \
-boot strict=on \
-usb \
-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:6000/iqn.1992-01.com.example%3Astorage/1,format=raw,if=none,id=drive-virtio-disk0 \
-object secret,id=virtio-disk0-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,file.user=myname,file.password-secret=virtio-disk0-auth-secret0,format=raw,if=none,id=drive-virtio-disk0 \
-device virtio-blk-pci,bus=pci.0,addr=0x2,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
-object secret,id=virtio-disk1-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:6322,file.password-secret=virtio-disk1-auth-secret0,format=raw,if=none,id=drive-virtio-disk1' \

4
tests/qemuxml2argvdata/disk-source-pool-mode.args
View File

@ -28,11 +28,11 @@ QEMU_AUDIO_DRV=none \
-usb \
-drive file=/some/block/device/unit:0:0:1,format=raw,if=none,id=drive-ide0-0-1,readonly=on \
-device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 \
-drive file=iscsi://iscsi.example.com:3260/demo-target/2,format=raw,if=none,id=drive-ide0-0-2,readonly=on \
-drive file.driver=iscsi,file.portal=iscsi.example.com:3260,file.target=demo-target,file.lun=2,file.transport=tcp,format=raw,if=none,id=drive-ide0-0-2,readonly=on \
-device ide-cd,bus=ide.0,unit=2,drive=drive-ide0-0-2,id=ide0-0-2 \
-drive file=/tmp/idedisk.img,format=raw,if=none,id=drive-ide0-0-3 \
-device ide-hd,bus=ide.0,unit=3,drive=drive-ide0-0-3,id=ide0-0-3,bootindex=1 \
-drive file=iscsi://iscsi.example.com:3260/demo-target/3,format=raw,if=none,id=drive-ide0-0-4,readonly=on \
-drive file.driver=iscsi,file.portal=iscsi.example.com:3260,file.target=demo-target,file.lun=3,file.transport=tcp,format=raw,if=none,id=drive-ide0-0-4,readonly=on \
-device ide-cd,bus=ide.0,unit=4,drive=drive-ide0-0-4,id=ide0-0-4 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 \
-msg timestamp=on

5
tests/qemuxml2argvdata/luks-disks-source-qcow2.args
View File

@ -32,11 +32,12 @@ QEMU_AUDIO_DRV=none \
-object secret,id=virtio-disk1-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file=/storage/guest_disks/encryptdisk2,encrypt.format=luks,encrypt.key-secret=virtio-disk1-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk1 \
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,id=virtio-disk1 \
-object secret,id=virtio-disk2-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-object secret,id=virtio-disk2-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:6000/iqn.1992-01.com.example%3Astorage/1,encrypt.format=luks,encrypt.key-secret=virtio-disk2-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk2 \
-drive file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,file.user=myname,file.password-secret=virtio-disk2-auth-secret0,encrypt.format=luks,encrypt.key-secret=virtio-disk2-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk2 \
-device virtio-blk-pci,bus=pci.0,addr=0x2,drive=drive-virtio-disk2,id=virtio-disk2 \
-object secret,id=virtio-disk3-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file=iscsi://iscsi.example.com:3260/demo-target/3,encrypt.format=luks,encrypt.key-secret=virtio-disk3-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk3 \
-drive file.driver=iscsi,file.portal=iscsi.example.com:3260,file.target=demo-target,file.lun=3,file.transport=tcp,encrypt.format=luks,encrypt.key-secret=virtio-disk3-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk3 \
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk3,id=virtio-disk3 \
-object secret,id=virtio-disk4-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive 'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:6322,encrypt.format=luks,encrypt.key-secret=virtio-disk4-encryption-secret0,format=qcow2,if=none,id=drive-virtio-disk4' \

5
tests/qemuxml2argvdata/luks-disks-source.args
View File

@ -32,11 +32,12 @@ QEMU_AUDIO_DRV=none \
-object secret,id=virtio-disk1-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file=/storage/guest_disks/encryptdisk2,key-secret=virtio-disk1-encryption-secret0,format=luks,if=none,id=drive-virtio-disk1 \
-device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,id=virtio-disk1 \
-object secret,id=virtio-disk2-auth-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-object secret,id=virtio-disk2-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file=iscsi://myname:AQCVn5hO6HzFAhAAq0NCv8jtJcIcE+HOBlMQ1A@example.org:6000/iqn.1992-01.com.example%3Astorage/1,key-secret=virtio-disk2-encryption-secret0,format=luks,if=none,id=drive-virtio-disk2 \
-drive file.driver=iscsi,file.portal=example.org:6000,file.target=iqn.1992-01.com.example:storage,file.lun=1,file.transport=tcp,file.user=myname,file.password-secret=virtio-disk2-auth-secret0,key-secret=virtio-disk2-encryption-secret0,format=luks,if=none,id=drive-virtio-disk2 \
-device virtio-blk-pci,bus=pci.0,addr=0x2,drive=drive-virtio-disk2,id=virtio-disk2 \
-object secret,id=virtio-disk3-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive file=iscsi://iscsi.example.com:3260/demo-target/3,key-secret=virtio-disk3-encryption-secret0,format=luks,if=none,id=drive-virtio-disk3 \
-drive file.driver=iscsi,file.portal=iscsi.example.com:3260,file.target=demo-target,file.lun=3,file.transport=tcp,key-secret=virtio-disk3-encryption-secret0,format=luks,if=none,id=drive-virtio-disk3 \
-device virtio-blk-pci,bus=pci.0,addr=0x6,drive=drive-virtio-disk3,id=virtio-disk3 \
-object secret,id=virtio-disk4-encryption-secret0,data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive 'file=rbd:pool/image:auth_supported=none:mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:6322,key-secret=virtio-disk4-encryption-secret0,format=luks,if=none,id=drive-virtio-disk4' \

2
tests/qemuxml2argvdata/name-escape.args
View File

@ -39,7 +39,7 @@ QEMU_AUDIO_DRV=spice \
-vnc unix:/tmp/lib/domain--1-foo=1,,bar=2/vnc.sock \
-spice unix,addr=/tmp/lib/domain--1-foo=1,,bar=2/spice.sock,gl=on,rendernode=/dev/dri/foo,,bar,seamless-migration=on \
-device cirrus-vga,id=video0,bus=pci.0,addr=0x2 \
-drive file=iscsi://example.foo.org:3260/iqn.1992-01.com.example%3Amy,,storage/1,if=none,format=raw,id=drive-hostdev0 \
-drive file.driver=iscsi,file.portal=example.foo.org:3260,file.target=iqn.1992-01.com.example:my,,storage,file.lun=1,file.transport=tcp,if=none,format=raw,id=drive-hostdev0 \
-device scsi-generic,bus=scsi0.0,channel=0,scsi-id=0,lun=4,drive=drive-hostdev0,id=hostdev0 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 \
-msg timestamp=on

3
tests/qemuxml2argvtest.c
View File

@ -1353,8 +1353,7 @@ mymain(void)
DO_TEST("disk-network-iscsi", QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_SCSI_BLOCK);
DO_TEST("disk-network-iscsi-modern",
QEMU_CAPS_VIRTIO_SCSI,
QEMU_CAPS_SCSI_BLOCK,
QEMU_CAPS_ISCSI_PASSWORD_SECRET);
QEMU_CAPS_SCSI_BLOCK);
DO_TEST_CAPS_VER("disk-network-iscsi", "2.12.0");
DO_TEST_CAPS_LATEST("disk-network-iscsi");
DO_TEST_PARSE_ERROR_NOCAPS("disk-network-iscsi-auth-secrettype-invalid");