From 0701abcb3ba78ba27cf1f47e01b3d9607ad37b72 Mon Sep 17 00:00:00 2001 From: Gema Gomez Date: Sun, 9 Oct 2016 16:51:09 +0100 Subject: [PATCH] qemu: Add support for using AES secret for SCSI hotplug Support for virtio disks was added in commit id 'fceeeda', but not for SCSI drives. Add the secret for the server when hotplugging a SCSI drive. No need to make any adjustments for unplug since that's handled during the qemuDomainDetachDiskDevice call to qemuDomainRemoveDiskDevice in the qemuDomainDetachDeviceDiskLive switch. Added a test to/for the command line processing to show the command line options when adding a SCSI drive for the guest. --- src/qemu/qemu_hotplug.c | 21 +++++++++++++++++++ ...2argv-disk-drive-network-rbd-auth-AES.args | 14 +++++++++++-- ...l2argv-disk-drive-network-rbd-auth-AES.xml | 13 ++++++++++++ tests/qemuxml2argvtest.c | 2 +- 4 files changed, 47 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index bcae1b6bdb..9746a06cb5 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -601,13 +601,16 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, char *devstr = NULL; bool driveAdded = false; bool encobjAdded = false; + bool secobjAdded = false; char *drivealias = NULL; int ret = -1; int rv; virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); virJSONValuePtr encobjProps = NULL; + virJSONValuePtr secobjProps = NULL; qemuDomainDiskPrivatePtr diskPriv; qemuDomainSecretInfoPtr encinfo; + qemuDomainSecretInfoPtr secinfo; if (qemuDomainPrepareDisk(driver, vm, disk, NULL, false) < 0) goto cleanup; @@ -639,6 +642,12 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, goto error; diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk); + secinfo = diskPriv->secinfo; + if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) { + if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0) + goto error; + } + encinfo = diskPriv->encinfo; if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0) goto error; @@ -657,6 +666,15 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, qemuDomainObjEnterMonitor(driver, vm); + if (secobjProps) { + rv = qemuMonitorAddObject(priv->mon, "secret", secinfo->s.aes.alias, + secobjProps); + secobjProps = NULL; /* qemuMonitorAddObject consumes */ + if (rv < 0) + goto exit_monitor; + secobjAdded = true; + } + if (encobjProps) { rv = qemuMonitorAddObject(priv->mon, "secret", encinfo->s.aes.alias, encobjProps); @@ -682,6 +700,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, ret = 0; cleanup: + virJSONValueFree(secobjProps); virJSONValueFree(encobjProps); qemuDomainSecretDiskDestroy(disk); VIR_FREE(devstr); @@ -696,6 +715,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, VIR_WARN("Unable to remove drive %s (%s) after failed " "qemuMonitorAddDevice", drivealias, drivestr); } + if (secobjAdded) + ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias)); if (encobjAdded) ignore_value(qemuMonitorDelObject(priv->mon, encinfo->s.aes.alias)); if (orig_err) { diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args index 07d01b6ee7..d5361367f9 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args @@ -18,6 +18,7 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ -monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ -no-acpi \ -boot c \ +-device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x3 \ -usb \ -drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \ -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \ @@ -28,5 +29,14 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\ 6322,file.password-secret=virtio-disk0-secret0,format=raw,if=none,\ id=drive-virtio-disk0' \ --device virtio-blk-pci,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,\ -id=virtio-disk0 +-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ +id=virtio-disk0 \ +-object secret,id=scsi0-0-0-0-secret0,\ +data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ +-drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\ +mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\ +6322,file.password-secret=scsi0-0-0-0-secret0,format=raw,if=none,\ +id=drive-scsi0-0-0-0,cache=none' \ +-device scsi-disk,bus=scsi0.0,channel=0,scsi-id=0,lun=0,\ +drive=drive-scsi0-0-0-0,id=scsi0-0-0-0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml index ac2e942090..885fb11271 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml @@ -32,7 +32,20 @@ + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 8e7cac29d8..90d6aafe56 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -864,7 +864,7 @@ mymain(void) DO_TEST("disk-drive-network-rbd-auth", NONE); # ifdef HAVE_GNUTLS_CIPHER_ENCRYPT DO_TEST("disk-drive-network-rbd-auth-AES", - QEMU_CAPS_OBJECT_SECRET); + QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI); # endif DO_TEST("disk-drive-network-rbd-ipv6", NONE); DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE); -- GitLab