qemu: Get capabilities to use iscsi password-secret argument

Detect the capability via the query-qmp-schema for blockdev-add
to find the 'password-secret' parameter that will allow the iSCSI
code to use the master secret object to encrypt the secret for an
and only need to provide the object id of the secret on the command
line thus obsfuscating the passphrase.
This commit is contained in:
John Ferlan 2017-09-01 15:09:29 -04:00
parent 8001c2f3e4
commit 4f44b8b5ae
10 changed files with 11 additions and 0 deletions

View File

@ -451,6 +451,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
"sclplmconsole",
"numa.dist",
"disk-share-rw",
"iscsi.password-secret",
);
@ -1809,6 +1810,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] = {
{ "blockdev-add/arg-type/options/+gluster/debug-level", QEMU_CAPS_GLUSTER_DEBUG_LEVEL},
{ "blockdev-add/arg-type/+gluster/debug", QEMU_CAPS_GLUSTER_DEBUG_LEVEL},
{ "blockdev-add/arg-type/+vxhs", QEMU_CAPS_VXHS},
{ "blockdev-add/arg-type/+iscsi/password-secret", QEMU_CAPS_ISCSI_PASSWORD_SECRET },
};
struct virQEMUCapsObjectTypeProps {

View File

@ -437,6 +437,7 @@ typedef enum {
QEMU_CAPS_DEVICE_SCLPLMCONSOLE, /* -device sclplmconsole */
QEMU_CAPS_NUMA_DIST, /* -numa dist */
QEMU_CAPS_DISK_SHARE_RW, /* share-rw=on for concurrent disk access */
QEMU_CAPS_ISCSI_PASSWORD_SECRET, /* -drive file.driver=iscsi,...,password-secret= */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;

View File

@ -182,6 +182,7 @@
<flag name='virtio-blk.num-queues'/>
<flag name='numa.dist'/>
<flag name='disk-share-rw'/>
<flag name='iscsi.password-secret'/>
<version>2010000</version>
<kvmVersion>0</kvmVersion>
<package> (v2.10.0)</package>

View File

@ -182,6 +182,7 @@
<flag name='virtio-blk.num-queues'/>
<flag name='numa.dist'/>
<flag name='disk-share-rw'/>
<flag name='iscsi.password-secret'/>
<version>2010000</version>
<kvmVersion>0</kvmVersion>
<package> (v2.10.0)</package>

View File

@ -181,6 +181,7 @@
<flag name='spapr-vty'/>
<flag name='numa.dist'/>
<flag name='disk-share-rw'/>
<flag name='iscsi.password-secret'/>
<version>2010000</version>
<kvmVersion>0</kvmVersion>
<package> (v2.10.0)</package>

View File

@ -144,6 +144,7 @@
<flag name='sclplmconsole'/>
<flag name='numa.dist'/>
<flag name='disk-share-rw'/>
<flag name='iscsi.password-secret'/>
<version>2010000</version>
<kvmVersion>0</kvmVersion>
<package></package>

View File

@ -226,6 +226,7 @@
<flag name='virtio-blk.num-queues'/>
<flag name='numa.dist'/>
<flag name='disk-share-rw'/>
<flag name='iscsi.password-secret'/>
<version>2010000</version>
<kvmVersion>0</kvmVersion>
<package> (v2.10.0)</package>

View File

@ -175,6 +175,7 @@
<flag name='virtio-blk.num-queues'/>
<flag name='spapr-vty'/>
<flag name='disk-share-rw'/>
<flag name='iscsi.password-secret'/>
<version>2009000</version>
<kvmVersion>0</kvmVersion>
<package> (v2.9.0)</package>

View File

@ -140,6 +140,7 @@
<flag name='virtio-blk.num-queues'/>
<flag name='sclplmconsole'/>
<flag name='disk-share-rw'/>
<flag name='iscsi.password-secret'/>
<version>2009000</version>
<kvmVersion>0</kvmVersion>
<package></package>

View File

@ -222,6 +222,7 @@
<flag name='virtio-gpu.max_outputs'/>
<flag name='virtio-blk.num-queues'/>
<flag name='disk-share-rw'/>
<flag name='iscsi.password-secret'/>
<version>2009000</version>
<kvmVersion>0</kvmVersion>
<package> (v2.9.0)</package>