提交 0701abcb 编写于 作者: G Gema Gomez 提交者: John Ferlan

qemu: Add support for using AES secret for SCSI hotplug

Support for virtio disks was added in commit id 'fceeeda2', but not for
SCSI drives. Add the secret for the server when hotplugging a SCSI drive.
No need to make any adjustments for unplug since that's handled during
the qemuDomainDetachDiskDevice call to qemuDomainRemoveDiskDevice in
the qemuDomainDetachDeviceDiskLive switch.

Added a test to/for the command line processing to show the command line
options when adding a SCSI drive for the guest.
上级 8550e858
...@@ -601,13 +601,16 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, ...@@ -601,13 +601,16 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
char *devstr = NULL; char *devstr = NULL;
bool driveAdded = false; bool driveAdded = false;
bool encobjAdded = false; bool encobjAdded = false;
bool secobjAdded = false;
char *drivealias = NULL; char *drivealias = NULL;
int ret = -1; int ret = -1;
int rv; int rv;
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
virJSONValuePtr encobjProps = NULL; virJSONValuePtr encobjProps = NULL;
virJSONValuePtr secobjProps = NULL;
qemuDomainDiskPrivatePtr diskPriv; qemuDomainDiskPrivatePtr diskPriv;
qemuDomainSecretInfoPtr encinfo; qemuDomainSecretInfoPtr encinfo;
qemuDomainSecretInfoPtr secinfo;
if (qemuDomainPrepareDisk(driver, vm, disk, NULL, false) < 0) if (qemuDomainPrepareDisk(driver, vm, disk, NULL, false) < 0)
goto cleanup; goto cleanup;
...@@ -639,6 +642,12 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, ...@@ -639,6 +642,12 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
goto error; goto error;
diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk); diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk);
secinfo = diskPriv->secinfo;
if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) {
if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0)
goto error;
}
encinfo = diskPriv->encinfo; encinfo = diskPriv->encinfo;
if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0) if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0)
goto error; goto error;
...@@ -657,6 +666,15 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, ...@@ -657,6 +666,15 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
qemuDomainObjEnterMonitor(driver, vm); qemuDomainObjEnterMonitor(driver, vm);
if (secobjProps) {
rv = qemuMonitorAddObject(priv->mon, "secret", secinfo->s.aes.alias,
secobjProps);
secobjProps = NULL; /* qemuMonitorAddObject consumes */
if (rv < 0)
goto exit_monitor;
secobjAdded = true;
}
if (encobjProps) { if (encobjProps) {
rv = qemuMonitorAddObject(priv->mon, "secret", encinfo->s.aes.alias, rv = qemuMonitorAddObject(priv->mon, "secret", encinfo->s.aes.alias,
encobjProps); encobjProps);
...@@ -682,6 +700,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, ...@@ -682,6 +700,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
ret = 0; ret = 0;
cleanup: cleanup:
virJSONValueFree(secobjProps);
virJSONValueFree(encobjProps); virJSONValueFree(encobjProps);
qemuDomainSecretDiskDestroy(disk); qemuDomainSecretDiskDestroy(disk);
VIR_FREE(devstr); VIR_FREE(devstr);
...@@ -696,6 +715,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, ...@@ -696,6 +715,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn,
VIR_WARN("Unable to remove drive %s (%s) after failed " VIR_WARN("Unable to remove drive %s (%s) after failed "
"qemuMonitorAddDevice", drivealias, drivestr); "qemuMonitorAddDevice", drivealias, drivestr);
} }
if (secobjAdded)
ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias));
if (encobjAdded) if (encobjAdded)
ignore_value(qemuMonitorDelObject(priv->mon, encinfo->s.aes.alias)); ignore_value(qemuMonitorDelObject(priv->mon, encinfo->s.aes.alias));
if (orig_err) { if (orig_err) {
......
...@@ -18,6 +18,7 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ ...@@ -18,6 +18,7 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
-monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ -monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \
-no-acpi \ -no-acpi \
-boot c \ -boot c \
-device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x3 \
-usb \ -usb \
-drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \ -drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \ -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
...@@ -28,5 +29,14 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ ...@@ -28,5 +29,14 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\ mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
6322,file.password-secret=virtio-disk0-secret0,format=raw,if=none,\ 6322,file.password-secret=virtio-disk0-secret0,format=raw,if=none,\
id=drive-virtio-disk0' \ id=drive-virtio-disk0' \
-device virtio-blk-pci,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,\ -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
id=virtio-disk0 id=virtio-disk0 \
-object secret,id=scsi0-0-0-0-secret0,\
data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
-drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\
6322,file.password-secret=scsi0-0-0-0-secret0,format=raw,if=none,\
id=drive-scsi0-0-0-0,cache=none' \
-device scsi-disk,bus=scsi0.0,channel=0,scsi-id=0,lun=0,\
drive=drive-scsi0-0-0-0,id=scsi0-0-0-0
...@@ -32,7 +32,20 @@ ...@@ -32,7 +32,20 @@
</source> </source>
<target dev='vda' bus='virtio'/> <target dev='vda' bus='virtio'/>
</disk> </disk>
<disk type='network' device='disk'>
<driver name='qemu' type='raw' cache='none'/>
<auth username='myname'>
<secret type='ceph' usage='mycluster_myname'/>
</auth>
<source protocol='rbd' name='pool/image'>
<host name='mon1.example.org' port='6321'/>
<host name='mon2.example.org' port='6322'/>
<host name='mon3.example.org' port='6322'/>
</source>
<target bus='scsi' dev='sda'/>
</disk>
<controller type='usb' index='0'/> <controller type='usb' index='0'/>
<controller type='scsi' index='0' model='virtio-scsi'/>
<controller type='ide' index='0'/> <controller type='ide' index='0'/>
<controller type='pci' index='0' model='pci-root'/> <controller type='pci' index='0' model='pci-root'/>
<input type='mouse' bus='ps2'/> <input type='mouse' bus='ps2'/>
......
...@@ -864,7 +864,7 @@ mymain(void) ...@@ -864,7 +864,7 @@ mymain(void)
DO_TEST("disk-drive-network-rbd-auth", NONE); DO_TEST("disk-drive-network-rbd-auth", NONE);
# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT # ifdef HAVE_GNUTLS_CIPHER_ENCRYPT
DO_TEST("disk-drive-network-rbd-auth-AES", DO_TEST("disk-drive-network-rbd-auth-AES",
QEMU_CAPS_OBJECT_SECRET); QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI);
# endif # endif
DO_TEST("disk-drive-network-rbd-ipv6", NONE); DO_TEST("disk-drive-network-rbd-ipv6", NONE);
DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE); DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册