qemu/block
Daniel P. Berrange 60390a2192 rbd: add support for getting password from QCryptoSecret object
Currently RBD passwords must be provided on the command line
via

  $QEMU -drive file=rbd:pool/image:id=myname:\
               key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\
               auth_supported=cephx

This is insecure because the key is visible in the OS process
listing.

This adds support for an 'password-secret' parameter in the RBD
parameters that can be used with the QCryptoSecret object to
provide the password via a file:

  echo "QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=" > poolkey.b64
  $QEMU -object secret,id=secret0,file=poolkey.b64,format=base64 \
        -drive driver=rbd,filename=rbd:pool/image:id=myname:\
               auth_supported=cephx,password-secret=secret0

Reviewed-by: Josh Durgin <jdurgin@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-id: 1453385961-10718-2-git-send-email-berrange@redhat.com
Signed-off-by: Jeff Cody <jcody@redhat.com>
2016-02-29 14:54:30 -05:00
..
Makefile.objs block: convert quorum blockdrv to use crypto APIs 2015-07-08 13:11:01 +02:00
accounting.c block: Clean up includes 2016-01-20 13:36:23 +01:00
archipelago.c block: Clean up includes 2016-01-20 13:36:23 +01:00
backup.c block: Clean up includes 2016-01-20 13:36:23 +01:00
blkdebug.c block: Clean up includes 2016-01-20 13:36:23 +01:00
blkverify.c block: Clean up includes 2016-01-20 13:36:23 +01:00
block-backend.c block: Add blk_remove_all_bs() 2016-02-02 17:50:46 +01:00
bochs.c block: Clean up includes 2016-01-20 13:36:23 +01:00
cloop.c block: Clean up includes 2016-01-20 13:36:23 +01:00
commit.c block: Clean up includes 2016-01-20 13:36:23 +01:00
curl.c block: Clean up includes 2016-01-20 13:36:23 +01:00
dmg.c block: Clean up includes 2016-01-20 13:36:23 +01:00
gluster.c block: Clean up includes 2016-01-20 13:36:23 +01:00
io.c block: add missing call to bdrv_drain_recurse 2016-02-09 13:52:26 +00:00
iscsi.c iscsi: Assign bs to file in iscsi_co_get_block_status 2016-02-02 17:50:47 +01:00
linux-aio.c block: Clean up includes 2016-01-20 13:36:23 +01:00
mirror.c block: Add "file" output parameter to block status query functions 2016-02-02 17:50:47 +01:00
nbd-client.c nbd: enable use of TLS with NBD block driver 2016-02-16 17:16:33 +01:00
nbd-client.h nbd: enable use of TLS with NBD block driver 2016-02-16 17:16:33 +01:00
nbd.c nbd: enable use of TLS with NBD block driver 2016-02-16 17:16:33 +01:00
nfs.c block/nfs: add support for setting debug level 2016-02-29 14:54:30 -05:00
null.c block: Clean up includes 2016-01-20 13:36:23 +01:00
parallels.c parallels: Assign bs->file->bs to file in parallels_co_get_block_status 2016-02-02 17:50:47 +01:00
qapi.c qapi: Add burst length fields to BlockDeviceInfo 2016-02-22 14:08:06 +01:00
qcow.c qcow: Assign bs->file->bs to file in qcow_co_get_block_status 2016-02-02 17:50:47 +01:00
qcow2-cache.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qcow2-cluster.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qcow2-refcount.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qcow2-snapshot.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qcow2.c qcow2: Assign bs->file->bs to file in qcow2_co_get_block_status 2016-02-02 17:50:47 +01:00
qcow2.h qcow2: Add function for refcount order amendment 2015-12-18 14:34:43 +01:00
qed-check.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qed-cluster.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qed-gencb.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qed-l2-cache.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qed-table.c block: Clean up includes 2016-01-20 13:36:23 +01:00
qed.c qed: Assign bs->file->bs to file in bdrv_qed_co_get_block_status 2016-02-02 17:50:47 +01:00
qed.h qed: Really remove unused field QEDAIOCB.finished 2015-02-06 17:24:21 +01:00
quorum.c quorum: fix segfault when read fails in fifo mode 2016-02-22 09:49:46 +01:00
raw-aio.h linux-aio: drop return code from laio_io_unplug and ioq_submit 2014-12-12 16:57:55 +00:00
raw-posix.c raw: Assign bs to file in raw_co_get_block_status 2016-02-02 17:50:47 +01:00
raw-win32.c block: Clean up includes 2016-01-20 13:36:23 +01:00
raw_bsd.c raw: Assign bs to file in raw_co_get_block_status 2016-02-02 17:50:47 +01:00
rbd.c rbd: add support for getting password from QCryptoSecret object 2016-02-29 14:54:30 -05:00
sheepdog.c sheepdog: allow to delete snapshot 2016-02-29 14:54:30 -05:00
snapshot.c block: Clean up includes 2016-01-20 13:36:23 +01:00
ssh.c block: Clean up includes 2016-01-20 13:36:23 +01:00
stream.c block: Clean up includes 2016-01-20 13:36:23 +01:00
throttle-groups.c block: Clean up includes 2016-01-20 13:36:23 +01:00
vdi.c vdi: Assign bs->file->bs to file in vdi_co_get_block_status 2016-02-02 17:50:47 +01:00
vhdx-endian.c block: Clean up includes 2016-01-20 13:36:23 +01:00
vhdx-log.c block: Clean up includes 2016-01-20 13:36:23 +01:00
vhdx.c block: Clean up includes 2016-01-20 13:36:23 +01:00
vhdx.h block: vhdx - update PAYLOAD_BLOCK_UNMAPPED value to match 1.00 spec 2014-12-12 15:42:22 +00:00
vmdk.c vmdk: Return extent's file in bdrv_get_block_status 2016-02-02 17:50:47 +01:00
vpc.c vpc: Assign bs->file->bs to file in vpc_co_get_block_status 2016-02-02 17:50:47 +01:00
vvfat.c block: Add "file" output parameter to block status query functions 2016-02-02 17:50:47 +01:00
win32-aio.c block: Clean up includes 2016-01-20 13:36:23 +01:00
write-threshold.c block: Clean up includes 2016-01-20 13:36:23 +01:00