1. 25 5月, 2016 1 次提交
  2. 23 5月, 2016 3 次提交
  3. 20 5月, 2016 10 次提交
    • J
      qemu: Utilize qemu secret objects for RBD auth/secret · a1344f70
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1182074
      
      If they're available and we need to pass secrets to qemu, then use the
      qemu domain secret object in order to pass the secrets for RBD volumes
      instead of passing the base64 encoded secret on the command line.
      
      The goal is to make AES secrets the default and have no user interaction
      required in order to allow using the AES mechanism. If the mechanism
      is not available, then fall back to the current plain mechanism using
      a base64 encoded secret.
      
      New APIs:
      
      qemu_domain.c:
        qemuDomainGetSecretAESAlias:
          Generate/return the secret object alias for an AES Secret Info type.
          This will be called from qemuDomainSecretAESSetup.
      
        qemuDomainSecretAESSetup: (private)
          This API handles the details of the generation of the AES secret
          and saves the pieces that need to be passed to qemu in order for
          the secret to be decrypted. The encrypted secret based upon the
          domain master key, an initialization vector (16 byte random value),
          and the stored secret. Finally, the requirement from qemu is the IV
          and encrypted secret are to be base64 encoded.
      
      qemu_command.c:
        qemuBuildSecretInfoProps: (private)
          Generate/return a JSON properties object for the AES secret to
          be used by both the command building and eventually the hotplug
          code in order to add the secret object. Code was designed so that
          in the future perhaps hotplug could use it if it made sense.
      
        qemuBuildObjectSecretCommandLine (private)
          Generate and add to the command line the -object secret for the
          secret. This will be required for the subsequent RBD reference
          to the object.
      
        qemuBuildDiskSecinfoCommandLine (private)
          Handle adding the AES secret object.
      
      Adjustments:
      
      qemu_domain.c:
        The qemuDomainSecretSetup was altered to call either the AES or Plain
        Setup functions based upon whether AES secrets are possible (we have
        the encryption API) or not, we have secrets, and of course if the
        protocol source is RBD.
      
      qemu_command.c:
        Adjust the qemuBuildRBDSecinfoURI API's in order to generate the
        specific command options for an AES secret, such as:
      
          -object secret,id=$alias,keyid=$masterKey,data=$base64encodedencrypted,
                  format=base64
          -drive file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\
                 mon_host=mon1.example.org\:6321,password-secret=$alias,...
      
        where the 'id=' value is the secret object alias generated by
        concatenating the disk alias and "-aesKey0". The 'keyid= $masterKey'
        is the master key shared with qemu, and the -drive syntax will
        reference that alias as the 'password-secret'. For the -drive
        syntax, the 'id=myname' is kept to define the username, while the
        'key=$base64 encoded secret' is removed.
      
        While according to the syntax described for qemu commit '60390a21'
        or as seen in the email archive:
      
          https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg04083.html
      
        it is possible to pass a plaintext password via a file, the qemu
        commit 'ac1d8878' describes the more feature rich 'keyid=' option
        based upon the shared masterKey.
      
      Add tests for checking/comparing output.
      
      NB: For hotplug, since the hotplug code doesn't add command line
          arguments, passing the encoded secret directly to the monitor
          will suffice.
      a1344f70
    • P
      qemu_command: refactor spice channel code · 2c8e7555
      Pavel Hrdina 提交于
      This prepares the code for other listen types.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      2c8e7555
    • P
      graphics: resolve address for listen type network in qemu_process · 78a09aa0
      Pavel Hrdina 提交于
      Both VNC and SPICE requires the same code to resolve address for listen
      type network.  Remove code duplication and create a new function that
      will be used in qemuProcessSetupGraphics().
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      78a09aa0
    • P
      qemu_command: move sasl parameter after port and addr definition · 858d7b6c
      Pavel Hrdina 提交于
      This is required for following patches where new listen types will be
      introduced.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      858d7b6c
    • P
      graphics: rename gListen to glisten · 6bd0cd3b
      Pavel Hrdina 提交于
      We have both in the code.  Let's use only one format.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      6bd0cd3b
    • J
      Do not mask QEMU_CAPS_DEVICE in qemuBuildDriveStr · a84fce35
      Ján Tomko 提交于
      For some disk types (SD), we want to emit the syntax
      we used for disks before -device was available even
      if QEMU supports -device.
      
      Use the qemuDiskBusNeedsDeviceArg helper to figure out
      whether to use the old or new syntax.
      a84fce35
    • J
      Introduce qemuDiskBusNeedsDeviceArg · 2e33ef48
      Ján Tomko 提交于
      Replace the two uses of the withDeviceArg bool in
      qemuBuildDiskDriveCommandLine and allow this function to be reused in
      qemuBuildDriveStr.
      2e33ef48
    • J
      Assume QEMU_CAPS_DEVICE in qemuBuildDiskDriveCommandLine · cd3b06b7
      Ján Tomko 提交于
      We no longer need to handle -usbdevice and the withDeviceArg
      logic becomes clearer.
      cd3b06b7
    • J
      Remove DISK_BUS_XEN support from qemuBuildDiskDriveCommandLine · 936b8652
      Ján Tomko 提交于
      We have stopped supporting Xenner some time ago.
      936b8652
    • J
      qemu: always add -nodefaults · 0586cf98
      Ján Tomko 提交于
      Since we always asumme support of QEMU_CAPS_DEVICE.
      0586cf98
  4. 17 5月, 2016 3 次提交
    • A
      qemu: Drop QEMU_CAPS_VIRTIO_BLK_SG_IO · 0e8a72a5
      Andrea Bolognani 提交于
      The only QEMU versions that don't have such capability are <0.11,
      which we no longer support anyway
      0e8a72a5
    • A
      qemu: Drop QEMU_CAPS_CPU_HOST · 859743c2
      Andrea Bolognani 提交于
      The only QEMU versions that don't have such capability are <0.11,
      which we no longer support anyway
      859743c2
    • A
      qemu: Drop QEMU_CAPS_PCI_ROMBAR · 8531b85b
      Andrea Bolognani 提交于
      The only QEMU versions that don't have such capability are <0.12,
      which we no longer support anyway.
      
      Additionally, this solves the issue of some QEMU binaries being
      reported as not having such capability just because they lacked
      the {kvm-}pci-assign QMP object.
      8531b85b
  5. 16 5月, 2016 8 次提交
  6. 12 5月, 2016 1 次提交
  7. 10 5月, 2016 1 次提交
  8. 09 5月, 2016 4 次提交
  9. 06 5月, 2016 3 次提交
  10. 04 5月, 2016 2 次提交
  11. 03 5月, 2016 2 次提交
  12. 02 5月, 2016 2 次提交