Commit Graph

5 Commits

Author SHA1 Message Date
Peter Krempa
2c4c347c4b qemu: block: Use 'auto-read-only' instead of 'read-only' for backing chain
To allow using -blockdev with blockjobs QEMU needs to reopen files in
read-write mode when modifying the backing chain. To achieve this we
need to use 'auto-read-only' for the backing files rather than the
normal 'read-only' property. That way qemu knows that the files need to
be reopened.

Note that the format drivers (e.g. qcow2) are still opened with the
read-only property enabled when being a member of the backing chain
since they are supposed to be immutable unless a block job is started.

QEMU v4.0 (since commit 23dece19da4) allows also dynamic behaviour for
auto-read-only which allows us to use sVirt as we only grant write
permissions to files when doing a blockjob.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-07-18 17:59:34 +02:00
Peter Krempa
1cb98a1fb3 qemu: block: Add support for RBD authentication for blockdev
To allow using -blockdev with RBD we need to support the recently added
RBD authentication.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-07-10 13:37:51 +02:00
Peter Krempa
538703ba6f tests: qemublock: Switch to qcow2+luks in test files
The next patch will forbid the old qcow2 encryption completely. Remove
it from the tests.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2018-06-05 08:11:12 +02:00
Peter Krempa
b8240fe704 qemu: block: Don't nest storage layer properties into format layer
Reference the storage via node name rather than inlining it. This is
the approach that will be used with -blockdev/blockdev-add since it
allows more control and is more future proof.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-23 13:18:23 +02:00
Peter Krempa
18458e8fd1 tests: qemublock: Add test combining authentication and encryption
iscsi and rbd support authentication of the connection. Combine it with
encryption of qcow2.

The top level disk image would generate the following '-drive' cmdline:

-drive file=rbd:rbdpool/rbdimg:id=testuser-rbd:auth_supported=cephx\;none:
            mon_host=host1.example.com\;host2.example.com,
            file.password-secret=node-a-s-secalias,encrypt.format=luks,
            encrypt.key-secret=node-b-f-encalias,format=qcow2,
            if=none,id=drive-dummy
-device virtio-blk-pci,scsi=off,drive=drive-dummy,id=dummy

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
2018-05-07 16:03:46 +02:00