From nobody Thu May 15 11:24:17 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1509718584808302.44128353056294; Fri, 3 Nov 2017 07:16:24 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3111933A161; Fri, 3 Nov 2017 14:16:23 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0FEAC5D978; Fri, 3 Nov 2017 14:16:23 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D0F0D3FCFD; Fri, 3 Nov 2017 14:16:22 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id vA3EFFQT026089 for ; Fri, 3 Nov 2017 10:15:15 -0400 Received: by smtp.corp.redhat.com (Postfix) id B1C9460460; Fri, 3 Nov 2017 14:15:15 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-117-45.phx2.redhat.com [10.3.117.45]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6744C60462 for ; Fri, 3 Nov 2017 14:15:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3111933A161 Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com From: John Ferlan To: libvir-list@redhat.com Date: Fri, 3 Nov 2017 10:15:03 -0400 Message-Id: <20171103141505.17422-7-jferlan@redhat.com> In-Reply-To: <20171103141505.17422-1-jferlan@redhat.com> References: <20171103141505.17422-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Subject: [libvirt] [REPOST PATCH v6 6/8] qemu: Use secret objects to pass iSCSI passwords X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 03 Nov 2017 14:16:23 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1425757 The blockdev-add code provides a mechanism to sanely provide user and password-secret arguments for iscsi without placing them on the command line to be viewable by a 'ps -ef' type command or needing to create separate -iscsi devices for each disk/volume found. So modify the iSCSI command line building to check for the presence of the capability in order properly setup and use the domain master secret object to encrypt the password in a secret object and alter the parameters for the command line to utilize. Modify the xml2argvtest to exhibit the syntax for both disk and hostdev configurations. Signed-off-by: John Ferlan --- src/qemu/qemu_block.c | 65 ++++++++++++++++++= +++- src/qemu/qemu_command.c | 65 +++++++++++++++++-= ---- src/qemu/qemu_command.h | 3 +- src/qemu/qemu_domain.c | 4 ++ src/qemu/qemu_hotplug.c | 50 ++++++++++++++++- ...xml2argv-disk-drive-network-iscsi-auth-AES.args | 41 ++++++++++++++ ...uxml2argv-disk-drive-network-iscsi-auth-AES.xml | 43 ++++++++++++++ ...ml2argv-hostdev-scsi-virtio-iscsi-auth-AES.args | 45 +++++++++++++++ ...xml2argv-hostdev-scsi-virtio-iscsi-auth-AES.xml | 48 ++++++++++++++++ tests/qemuxml2argvtest.c | 10 ++++ 10 files changed, 356 insertions(+), 18 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= iscsi-auth-AES.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-= iscsi-auth-AES.xml create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio= -iscsi-auth-AES.args create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio= -iscsi-auth-AES.xml diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 0761f89913..b32befb78d 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -560,6 +560,65 @@ qemuBlockStorageSourceGetVxHSProps(virStorageSourcePtr= src) } =20 =20 +static virJSONValuePtr +qemuBlockStorageSourceGetISCSIProps(virStorageSourcePtr src) +{ + const char *protocol =3D virStorageNetProtocolTypeToString(src->protoc= ol); + char *target =3D NULL; + char *lunStr =3D NULL; + char *username =3D NULL; + char *objalias =3D NULL; + unsigned int lun =3D 0; + virJSONValuePtr ret =3D NULL; + qemuDomainStorageSourcePrivatePtr srcPriv =3D + QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src); + + /* { driver:"iscsi", + * transport:"tcp", ("iser" also possible) + * portal:"example.com", + * target:"iqn.2017-04.com.example:iscsi-disks", + * lun:1, + * user:"username", + * password-secret:"secret-alias", + * } + */ + + if (VIR_STRDUP(target, src->path) < 0) + goto cleanup; + + /* Separate the target and lun */ + if ((lunStr =3D strchr(target, '/'))) { + *(lunStr++) =3D '\0'; + if (virStrToLong_ui(lunStr, NULL, 10, &lun) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot parse target for lunStr '%s'"), + target); + goto cleanup; + } + } + + if (src->auth) { + username =3D src->auth->username; + objalias =3D srcPriv->secinfo->s.aes.alias; + } + + ignore_value(virJSONValueObjectCreate(&ret, + "s:driver", protocol, + "s:portal", src->hosts[0].name, + "s:target", target, + "u:lun", lun, + "s:transport", "tcp", + "S:user", username, + "S:password-secret", objalias, + NULL)); + goto cleanup; + + cleanup: + VIR_FREE(target); + return ret; +} + + /** * qemuBlockStorageSourceGetBackendProps: * @src: disk source @@ -600,10 +659,14 @@ qemuBlockStorageSourceGetBackendProps(virStorageSourc= ePtr src) return NULL; break; =20 + case VIR_STORAGE_NET_PROTOCOL_ISCSI: + if (!(fileprops =3D qemuBlockStorageSourceGetISCSIProps(src))) + return NULL; + break; + case VIR_STORAGE_NET_PROTOCOL_NBD: case VIR_STORAGE_NET_PROTOCOL_RBD: case VIR_STORAGE_NET_PROTOCOL_SHEEPDOG: - case VIR_STORAGE_NET_PROTOCOL_ISCSI: case VIR_STORAGE_NET_PROTOCOL_HTTP: case VIR_STORAGE_NET_PROTOCOL_HTTPS: case VIR_STORAGE_NET_PROTOCOL_FTP: diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 908c3d21a9..ce1304e5db 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1312,7 +1312,8 @@ qemuDiskBusNeedsDeviceArg(int bus) * the legacy representation. */ static bool -qemuDiskSourceNeedsProps(virStorageSourcePtr src) +qemuDiskSourceNeedsProps(virStorageSourcePtr src, + virQEMUCapsPtr qemuCaps) { int actualType =3D virStorageSourceGetActualType(src); =20 @@ -1325,6 +1326,11 @@ qemuDiskSourceNeedsProps(virStorageSourcePtr src) src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_VXHS) return true; =20 + if (actualType =3D=3D VIR_STORAGE_TYPE_NETWORK && + src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_ISCSI && + virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET)) + return true; + return false; } =20 @@ -1368,7 +1374,7 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk, char *source =3D NULL; int ret =3D -1; =20 - if (qemuDiskSourceNeedsProps(disk->src) && + if (qemuDiskSourceNeedsProps(disk->src, qemuCaps) && !(srcprops =3D qemuDiskSourceGetProps(disk->src))) goto cleanup; =20 @@ -1434,7 +1440,9 @@ qemuBuildDriveSourceStr(virDomainDiskDefPtr disk, virBufferAsprintf(buf, "file.debug=3D%d,", cfg->glusterDebugLe= vel); } =20 - if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES) { + if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES && + disk->src->type =3D=3D VIR_STORAGE_TYPE_NETWORK && + disk->src->protocol =3D=3D VIR_STORAGE_NET_PROTOCOL_RBD) { /* NB: If libvirt starts using the more modern option based * syntax to build the command line (e.g., "-drive driver=3Drb= d, * filename=3D%s,...") instead of the legacy model (e.g."-drive @@ -4947,22 +4955,36 @@ qemuBuildSCSIHostHostdevDrvStr(virDomainHostdevDefP= tr dev) } =20 static char * -qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDefPtr dev) +qemuBuildSCSIiSCSIHostdevDrvStr(virDomainHostdevDefPtr dev, + virQEMUCapsPtr qemuCaps) { char *source =3D NULL; char *netsource =3D NULL; + virJSONValuePtr srcprops =3D NULL; virDomainHostdevSubsysSCSIPtr scsisrc =3D &dev->source.subsys.u.scsi; virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc =3D &scsisrc->u.iscsi; qemuDomainStorageSourcePrivatePtr srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(iscsisrc->src); =20 - /* Rather than pull what we think we want - use the network disk code = */ - netsource =3D qemuBuildNetworkDriveStr(iscsisrc->src, srcPriv ? - srcPriv->secinfo : NULL); - if (!netsource) - goto cleanup; - if (virAsprintf(&source, "file=3D%s,if=3Dnone,format=3Draw", netsource= ) < 0) - goto cleanup; + if (qemuDiskSourceNeedsProps(iscsisrc->src, qemuCaps)) { + if (!(srcprops =3D qemuDiskSourceGetProps(iscsisrc->src))) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("failed to build the backend props")); + goto cleanup; + } + + if (!(netsource =3D virQEMUBuildDriveCommandlineFromJSON(srcprops)= )) + goto cleanup; + if (virAsprintf(&source, "%s,if=3Dnone,format=3Draw", netsource) <= 0) + goto cleanup; + } else { + /* Rather than pull what we think we want - use the network disk c= ode */ + if (!(netsource =3D qemuBuildNetworkDriveStr(iscsisrc->src, srcPri= v ? + srcPriv->secinfo : NULL= ))) + goto cleanup; + if (virAsprintf(&source, "file=3D%s,if=3Dnone,format=3Draw", netso= urce) < 0) + goto cleanup; + } =20 cleanup: VIR_FREE(netsource); @@ -5008,7 +5030,8 @@ qemuBuildSCSIVHostHostdevDevStr(const virDomainDef *d= ef, } =20 char * -qemuBuildSCSIHostdevDrvStr(virDomainHostdevDefPtr dev) +qemuBuildSCSIHostdevDrvStr(virDomainHostdevDefPtr dev, + virQEMUCapsPtr qemuCaps) { virBuffer buf =3D VIR_BUFFER_INITIALIZER; char *source =3D NULL; @@ -5016,7 +5039,7 @@ qemuBuildSCSIHostdevDrvStr(virDomainHostdevDefPtr dev) virDomainHostdevSubsysSCSIPtr scsisrc =3D &dev->source.subsys.u.scsi; =20 if (scsisrc->protocol =3D=3D VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE_ISC= SI) { - if (!(source =3D qemuBuildSCSIiSCSIHostdevDrvStr(dev))) + if (!(source =3D qemuBuildSCSIiSCSIHostdevDrvStr(dev, qemuCaps))) goto error; virBufferAsprintf(&buf, "%s", source); } else { @@ -5515,10 +5538,24 @@ qemuBuildHostdevCommandLine(virCommandPtr cmd, /* SCSI */ if (virHostdevIsSCSIDevice(hostdev)) { if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_SCSI_GENERIC)) { + virDomainHostdevSubsysSCSIPtr scsisrc =3D + &hostdev->source.subsys.u.scsi; char *drvstr; =20 + if (scsisrc->protocol =3D=3D VIR_DOMAIN_HOSTDEV_SCSI_PROTO= COL_TYPE_ISCSI) { + virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc =3D + &scsisrc->u.iscsi; + qemuDomainStorageSourcePrivatePtr srcPriv =3D + QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(iscsisrc->src); + + if (qemuBuildDiskSecinfoCommandLine(cmd, srcPriv ? + srcPriv->secinfo : + NULL) < 0) + return -1; + } + virCommandAddArg(cmd, "-drive"); - if (!(drvstr =3D qemuBuildSCSIHostdevDrvStr(hostdev))) + if (!(drvstr =3D qemuBuildSCSIHostdevDrvStr(hostdev, qemuC= aps))) return -1; virCommandAddArg(cmd, drvstr); VIR_FREE(drvstr); diff --git a/src/qemu/qemu_command.h b/src/qemu/qemu_command.h index dd01a42a40..e51f4da5ff 100644 --- a/src/qemu/qemu_command.h +++ b/src/qemu/qemu_command.h @@ -151,7 +151,8 @@ char *qemuBuildUSBHostdevDevStr(const virDomainDef *def, virDomainHostdevDefPtr dev, virQEMUCapsPtr qemuCaps); =20 -char *qemuBuildSCSIHostdevDrvStr(virDomainHostdevDefPtr dev); +char *qemuBuildSCSIHostdevDrvStr(virDomainHostdevDefPtr dev, + virQEMUCapsPtr qemuCaps); =20 char *qemuBuildSCSIHostdevDevStr(const virDomainDef *def, virDomainHostdevDefPtr dev, diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index f4ce1ad71e..5021450fa1 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1184,9 +1184,13 @@ qemuDomainSecretSetup(virConnectPtr conn, virSecretLookupTypeDefPtr seclookupdef, bool isLuks) { + bool iscsiHasPS =3D virQEMUCapsGet(priv->qemuCaps, + QEMU_CAPS_ISCSI_PASSWORD_SECRET); + if (virCryptoHaveCipher(VIR_CRYPTO_CIPHER_AES256CBC) && virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET) && (usageType =3D=3D VIR_SECRET_USAGE_TYPE_CEPH || + (usageType =3D=3D VIR_SECRET_USAGE_TYPE_ISCSI && iscsiHasPS) || usageType =3D=3D VIR_SECRET_USAGE_TYPE_VOLUME || usageType =3D=3D VIR_SECRET_USAGE_TYPE_TLS)) { if (qemuDomainSecretAESSetup(conn, priv, secinfo, srcalias, diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index ad274a9959..b4984378ee 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -2259,6 +2259,7 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, virDomainHostdevDefPtr hostdev) { size_t i; + int rv; int ret =3D -1; qemuDomainObjPrivatePtr priv =3D vm->privateData; virErrorPtr orig_err; @@ -2269,6 +2270,12 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, bool teardownlabel =3D false; bool teardowndevice =3D false; bool driveAdded =3D false; + bool secobjAdded =3D false; + virJSONValuePtr secobjProps =3D NULL; + virDomainHostdevSubsysSCSIPtr scsisrc =3D &hostdev->source.subsys.u.sc= si; + virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc =3D &scsisrc->u.iscsi; + qemuDomainStorageSourcePrivatePtr srcPriv; + qemuDomainSecretInfoPtr secinfo; =20 if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE_SCSI_GENERIC)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", @@ -2309,7 +2316,14 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, if (qemuDomainSecretHostdevPrepare(conn, priv, hostdev) < 0) goto cleanup; =20 - if (!(drvstr =3D qemuBuildSCSIHostdevDrvStr(hostdev))) + srcPriv =3D QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(iscsisrc->src); + secinfo =3D srcPriv->secinfo; + if (secinfo && secinfo->type =3D=3D VIR_DOMAIN_SECRET_INFO_TYPE_AES) { + if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0) + goto cleanup; + } + + if (!(drvstr =3D qemuBuildSCSIHostdevDrvStr(hostdev, priv->qemuCaps))) goto cleanup; =20 if (!(drivealias =3D qemuAliasFromHostdev(hostdev))) @@ -2323,6 +2337,15 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, =20 qemuDomainObjEnterMonitor(driver, vm); =20 + if (secobjProps) { + rv =3D qemuMonitorAddObject(priv->mon, "secret", secinfo->s.aes.al= ias, + secobjProps); + secobjProps =3D NULL; /* qemuMonitorAddObject consumes */ + if (rv < 0) + goto exit_monitor; + secobjAdded =3D true; + } + if (qemuMonitorAddDrive(priv->mon, drvstr) < 0) goto exit_monitor; driveAdded =3D true; @@ -2340,7 +2363,6 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, ret =3D 0; =20 cleanup: - qemuDomainSecretHostdevDestroy(hostdev); if (ret < 0) { qemuHostdevReAttachSCSIDevices(driver, vm->def->name, &hostdev, 1); if (teardowncgroup && qemuTeardownHostdevCgroup(vm, hostdev) < 0) @@ -2352,6 +2374,8 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, qemuDomainNamespaceTeardownHostdev(driver, vm, hostdev) < 0) VIR_WARN("Unable to remove host device from /dev"); } + qemuDomainSecretHostdevDestroy(hostdev); + virJSONValueFree(secobjProps); VIR_FREE(drivealias); VIR_FREE(drvstr); VIR_FREE(devstr); @@ -2364,6 +2388,8 @@ qemuDomainAttachHostSCSIDevice(virConnectPtr conn, "qemuMonitorAddDevice", drvstr, devstr); } + if (secobjAdded) + ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias)= ); ignore_value(qemuDomainObjExitMonitor(driver, vm)); virErrorRestore(&orig_err); =20 @@ -3822,6 +3848,7 @@ qemuDomainRemoveHostDevice(virQEMUDriverPtr driver, int ret =3D -1; qemuDomainObjPrivatePtr priv =3D vm->privateData; char *drivealias =3D NULL; + char *objAlias =3D NULL; bool is_vfio =3D false; =20 VIR_DEBUG("Removing host device %s from domain %p %s", @@ -3833,11 +3860,29 @@ qemuDomainRemoveHostDevice(virQEMUDriverPtr driver, } =20 if (hostdev->source.subsys.type =3D=3D VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_= SCSI) { + virDomainHostdevSubsysSCSIPtr scsisrc =3D &hostdev->source.subsys.= u.scsi; + virDomainHostdevSubsysSCSIiSCSIPtr iscsisrc =3D &scsisrc->u.iscsi; + if (!(drivealias =3D qemuAliasFromHostdev(hostdev))) goto cleanup; =20 + /* Look for the markers that the iSCSI hostdev was added with a + * secret object to manage the username/password. If present, let's + * attempt to remove the object as well. */ + if (scsisrc->protocol =3D=3D VIR_DOMAIN_HOSTDEV_SCSI_PROTOCOL_TYPE= _ISCSI && + virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET= ) && + qemuDomainSecretDiskCapable(iscsisrc->src)) { + if (!(objAlias =3D qemuDomainGetSecretAESAlias(hostdev->info->= alias, false))) + goto cleanup; + } + qemuDomainObjEnterMonitor(driver, vm); qemuMonitorDriveDel(priv->mon, drivealias); + + /* If it fails, then so be it - it was a best shot */ + if (objAlias) + ignore_value(qemuMonitorDelObject(priv->mon, objAlias)); + if (qemuDomainObjExitMonitor(driver, vm) < 0) goto cleanup; } @@ -3909,6 +3954,7 @@ qemuDomainRemoveHostDevice(virQEMUDriverPtr driver, =20 cleanup: VIR_FREE(drivealias); + VIR_FREE(objAlias); virObjectUnref(cfg); return ret; } diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-a= uth-AES.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi= -auth-AES.args new file mode 100644 index 0000000000..5bc5f4f477 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES= .args @@ -0,0 +1,41 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i686 \ +-name QEMUGuest1 \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ +-M pc \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest1/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-usb \ +-object secret,id=3Dvirtio-disk0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file.driver=3Discsi,file.portal=3Dexample.org,\ +file.target=3Diqn.1992-01.com.example:storage,file.lun=3D1,file.transport= =3Dtcp,\ +file.user=3Dmyname,file.password-secret=3Dvirtio-disk0-secret0,format=3Dra= w,if=3Dnone,\ +id=3Ddrive-virtio-disk0 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x3,drive=3Ddrive-virtio-disk0,\ +id=3Dvirtio-disk0 \ +-object secret,id=3Dvirtio-disk1-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file.driver=3Discsi,file.portal=3Dexample.org,\ +file.target=3Diqn.1992-01.com.example:storage,file.lun=3D2,file.transport= =3Dtcp,\ +file.user=3Dmyname,file.password-secret=3Dvirtio-disk1-secret0,format=3Dra= w,if=3Dnone,\ +id=3Ddrive-virtio-disk1 \ +-device virtio-blk-pci,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk1,\ +id=3Dvirtio-disk1 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-a= uth-AES.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-= auth-AES.xml new file mode 100644 index 0000000000..63919f1000 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth-AES= .xml @@ -0,0 +1,43 @@ + + QEMUGuest1 + c7a5fdbd-edaf-9455-926a-d65c16db1809 + 219136 + 219136 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-= auth-AES.args b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-isc= si-auth-AES.args new file mode 100644 index 0000000000..c6051ecb07 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AE= S.args @@ -0,0 +1,45 @@ +LC_ALL=3DC \ +PATH=3D/bin \ +HOME=3D/home/test \ +USER=3Dtest \ +LOGNAME=3Dtest \ +QEMU_AUDIO_DRV=3Dnone \ +/usr/bin/qemu-system-i686 \ +-name QEMUGuest2 \ +-S \ +-object secret,id=3DmasterKey0,format=3Draw,\ +file=3D/tmp/lib/domain--1-QEMUGuest2/master-key.aes \ +-M pc \ +-m 214 \ +-smp 1,sockets=3D1,cores=3D1,threads=3D1 \ +-uuid c7a5fdbd-edaf-9466-926a-d65c16db1809 \ +-nographic \ +-nodefaults \ +-chardev socket,id=3Dcharmonitor,path=3D/tmp/lib/domain--1-QEMUGuest2/moni= tor.sock,\ +server,nowait \ +-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dreadline \ +-no-acpi \ +-boot c \ +-device virtio-scsi-pci,id=3Dscsi0,bus=3Dpci.0,addr=3D0x3 \ +-usb \ +-drive file=3D/dev/HostVG/QEMUGuest2,format=3Draw,if=3Dnone,id=3Ddrive-ide= 0-0-0 \ +-device ide-drive,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-= 0 \ +-object secret,id=3Dhostdev0-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file.driver=3Discsi,file.portal=3Dexample.org,\ +file.target=3Diqn.1992-01.com.example:storage,file.lun=3D1,file.transport= =3Dtcp,\ +file.user=3Dmyname,file.password-secret=3Dhostdev0-secret0,if=3Dnone,forma= t=3Draw,\ +id=3Ddrive-hostdev0 \ +-device scsi-generic,bus=3Dscsi0.0,channel=3D0,scsi-id=3D2,lun=3D4,\ +drive=3Ddrive-hostdev0,id=3Dhostdev0 \ +-object secret,id=3Dhostdev1-secret0,\ +data=3D9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=3DmasterKey0,iv=3DAAECAwQFBgcICQoLDA0ODw=3D=3D,format=3Dbase64 \ +-drive file.driver=3Discsi,file.portal=3Dexample.org,\ +file.target=3Diqn.1992-01.com.example:storage,file.lun=3D2,file.transport= =3Dtcp,\ +file.user=3Dmyname,file.password-secret=3Dhostdev1-secret0,if=3Dnone,forma= t=3Draw,\ +id=3Ddrive-hostdev1 \ +-device scsi-generic,bus=3Dscsi0.0,channel=3D0,scsi-id=3D2,lun=3D5,\ +drive=3Ddrive-hostdev1,id=3Dhostdev1 \ +-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x4 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-= auth-AES.xml b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscs= i-auth-AES.xml new file mode 100644 index 0000000000..0f63f98872 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-hostdev-scsi-virtio-iscsi-auth-AE= S.xml @@ -0,0 +1,48 @@ + + QEMUGuest2 + c7a5fdbd-edaf-9466-926a-d65c16db1809 + 219100 + 219100 + 1 + + hvm + + + + destroy + restart + destroy + + /usr/bin/qemu-system-i686 + + + +
+ + + + + + + + + + + + + + +
+ + + + + + + + +
+ + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index 2e07b85aa6..00fc16f8a2 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -933,6 +933,10 @@ mymain(void) DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-secrettype-invalid"= , NONE); DO_TEST_PARSE_ERROR("disk-drive-network-iscsi-auth-wrong-secrettype", = NONE); DO_TEST_PARSE_ERROR("disk-drive-network-source-auth-both", NONE); +# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT + DO_TEST("disk-drive-network-iscsi-auth-AES", + QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_ISCSI_PASSWORD_SECRET); +# endif DO_TEST("disk-drive-network-iscsi-lun", QEMU_CAPS_NODEFCONFIG, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_SCSI_BLOCK); @@ -2335,6 +2339,12 @@ mymain(void) DO_TEST("hostdev-scsi-virtio-iscsi-auth", QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE_SCSI_GENERIC); +# ifdef HAVE_GNUTLS_CIPHER_ENCRYPT + DO_TEST("hostdev-scsi-virtio-iscsi-auth-AES", + QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_VIRTIO_SCSI, + QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_OBJECT_SECRET, + QEMU_CAPS_ISCSI_PASSWORD_SECRET); +# endif DO_TEST("hostdev-scsi-vhost-scsi-ccw", QEMU_CAPS_VIRTIO_SCSI, QEMU_CAPS_DEVICE_VHOST_SCSI, QEMU_CAPS_DEVICE_SCSI_GENERIC, QEMU_CAPS_VIRTIO_CCW); --=20 2.13.6 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list