mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-09 01:18:00 +03:00
qemu: domain: Regenerate auth/enc secret aliases when restoring status XML
Previously we did not store the aliases but rather re-generated them when unplug was necessary. This is very cumbersome since the knowledge when and which alias to use needs to be stored in the hotplug code as well. While this patch will not strictly improve this situation since there still will be two places containing this code it at least will allow to remove the mess from the disk-unplug code and will prevent introducing more mess when adding blockdev support. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
ecd785dd84
commit
7c6b00b8fe
@ -5856,8 +5856,91 @@ qemuDomainChrDefPostParse(virDomainChrDefPtr chr,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* qemuDomainDeviceDiskDefPostParseRestoreSecAlias:
|
||||||
|
*
|
||||||
|
* Re-generate aliases for objects related to the storage source if they
|
||||||
|
* were not stored in the status XML by an older libvirt.
|
||||||
|
*
|
||||||
|
* Note that qemuCaps should be always present for a status XML.
|
||||||
|
*/
|
||||||
|
static int
|
||||||
|
qemuDomainDeviceDiskDefPostParseRestoreSecAlias(virDomainDiskDefPtr disk,
|
||||||
|
virQEMUCapsPtr qemuCaps,
|
||||||
|
unsigned int parseFlags)
|
||||||
|
{
|
||||||
|
qemuDomainStorageSourcePrivatePtr priv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
|
||||||
|
bool restoreAuthSecret = false;
|
||||||
|
bool restoreEncSecret = false;
|
||||||
|
char *authalias = NULL;
|
||||||
|
char *encalias = NULL;
|
||||||
|
int ret = -1;
|
||||||
|
|
||||||
|
if (!(parseFlags & VIR_DOMAIN_DEF_PARSE_STATUS) ||
|
||||||
|
!qemuCaps ||
|
||||||
|
virStorageSourceIsEmpty(disk->src) ||
|
||||||
|
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_SECRET))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
/* network storage authentication secret */
|
||||||
|
if (disk->src->auth &&
|
||||||
|
(!priv || !priv->secinfo)) {
|
||||||
|
|
||||||
|
/* only RBD and iSCSI (with capability) were supporting authentication
|
||||||
|
* using secret object at the time we did not format the alias into the
|
||||||
|
* status XML */
|
||||||
|
if (virStorageSourceGetActualType(disk->src) == VIR_STORAGE_TYPE_NETWORK &&
|
||||||
|
(disk->src->protocol == VIR_STORAGE_NET_PROTOCOL_RBD ||
|
||||||
|
(disk->src->protocol == VIR_STORAGE_NET_PROTOCOL_ISCSI &&
|
||||||
|
virQEMUCapsGet(qemuCaps, QEMU_CAPS_ISCSI_PASSWORD_SECRET))))
|
||||||
|
restoreAuthSecret = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* disk encryption secret */
|
||||||
|
if (disk->src->encryption &&
|
||||||
|
disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
|
||||||
|
(!priv || !priv->encinfo))
|
||||||
|
restoreEncSecret = true;
|
||||||
|
|
||||||
|
if (!restoreAuthSecret && !restoreEncSecret)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
if (!priv) {
|
||||||
|
if (!(disk->src->privateData = qemuDomainStorageSourcePrivateNew()))
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
priv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(disk->src);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (restoreAuthSecret) {
|
||||||
|
if (!(authalias = qemuDomainGetSecretAESAlias(disk->info.alias, false)))
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->secinfo, &authalias) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (restoreEncSecret) {
|
||||||
|
if (!(encalias = qemuDomainGetSecretAESAlias(disk->info.alias, true)))
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
if (qemuStorageSourcePrivateDataAssignSecinfo(&priv->encinfo, &encalias) < 0)
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = 0;
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
VIR_FREE(authalias);
|
||||||
|
VIR_FREE(encalias);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
qemuDomainDeviceDiskDefPostParse(virDomainDiskDefPtr disk,
|
qemuDomainDeviceDiskDefPostParse(virDomainDiskDefPtr disk,
|
||||||
|
virQEMUCapsPtr qemuCaps,
|
||||||
|
unsigned int parseFlags,
|
||||||
virQEMUDriverConfigPtr cfg)
|
virQEMUDriverConfigPtr cfg)
|
||||||
{
|
{
|
||||||
/* set default disk types and drivers */
|
/* set default disk types and drivers */
|
||||||
@ -5891,6 +5974,10 @@ qemuDomainDeviceDiskDefPostParse(virDomainDiskDefPtr disk,
|
|||||||
disk->mirror->format = VIR_STORAGE_FILE_RAW;
|
disk->mirror->format = VIR_STORAGE_FILE_RAW;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (qemuDomainDeviceDiskDefPostParseRestoreSecAlias(disk, qemuCaps,
|
||||||
|
parseFlags) < 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -5982,7 +6069,8 @@ qemuDomainDeviceDefPostParse(virDomainDeviceDefPtr dev,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case VIR_DOMAIN_DEVICE_DISK:
|
case VIR_DOMAIN_DEVICE_DISK:
|
||||||
ret = qemuDomainDeviceDiskDefPostParse(dev->data.disk, cfg);
|
ret = qemuDomainDeviceDiskDefPostParse(dev->data.disk, qemuCaps,
|
||||||
|
parseFlags, cfg);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case VIR_DOMAIN_DEVICE_VIDEO:
|
case VIR_DOMAIN_DEVICE_VIDEO:
|
||||||
|
@ -317,6 +317,11 @@
|
|||||||
<encryption format='luks'>
|
<encryption format='luks'>
|
||||||
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
|
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
|
||||||
</encryption>
|
</encryption>
|
||||||
|
<privateData>
|
||||||
|
<objects>
|
||||||
|
<secret type='encryption' alias='virtio-disk1-luks-secret0'/>
|
||||||
|
</objects>
|
||||||
|
</privateData>
|
||||||
</source>
|
</source>
|
||||||
<backingStore/>
|
<backingStore/>
|
||||||
<target dev='vdb' bus='virtio'/>
|
<target dev='vdb' bus='virtio'/>
|
||||||
@ -350,6 +355,12 @@
|
|||||||
<encryption format='luks'>
|
<encryption format='luks'>
|
||||||
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
|
<secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
|
||||||
</encryption>
|
</encryption>
|
||||||
|
<privateData>
|
||||||
|
<objects>
|
||||||
|
<secret type='auth' alias='virtio-disk3-secret0'/>
|
||||||
|
<secret type='encryption' alias='virtio-disk3-luks-secret0'/>
|
||||||
|
</objects>
|
||||||
|
</privateData>
|
||||||
</source>
|
</source>
|
||||||
<backingStore/>
|
<backingStore/>
|
||||||
<target dev='vdd' bus='virtio'/>
|
<target dev='vdd' bus='virtio'/>
|
||||||
@ -381,6 +392,11 @@
|
|||||||
<auth username='testuser-rbd'>
|
<auth username='testuser-rbd'>
|
||||||
<secret type='ceph' usage='testuser-rbd-secret'/>
|
<secret type='ceph' usage='testuser-rbd-secret'/>
|
||||||
</auth>
|
</auth>
|
||||||
|
<privateData>
|
||||||
|
<objects>
|
||||||
|
<secret type='auth' alias='virtio-disk5-secret0'/>
|
||||||
|
</objects>
|
||||||
|
</privateData>
|
||||||
</source>
|
</source>
|
||||||
<backingStore/>
|
<backingStore/>
|
||||||
<target dev='vdf' bus='virtio'/>
|
<target dev='vdf' bus='virtio'/>
|
||||||
|
Loading…
Reference in New Issue
Block a user