From d003f242c8dd06903146604442e633fc286f88ba Mon Sep 17 00:00:00 2001 Message-Id: From: Gema Gomez Date: Wed, 21 Dec 2016 15:55:41 -0500 Subject: [PATCH] qemu: Add support for using AES secret for SCSI hotplug https://bugzilla.redhat.com/show_bug.cgi?id=1406442 Support for virtio disks was added in commit id 'fceeeda', but not for SCSI drives. Add the secret for the server when hotplugging a SCSI drive. No need to make any adjustments for unplug since that's handled during the qemuDomainDetachDiskDevice call to qemuDomainRemoveDiskDevice in the qemuDomainDetachDeviceDiskLive switch. Added a test to/for the command line processing to show the command line options when adding a SCSI drive for the guest. (cherry picked from commit 0701abcb3ba78ba27cf1f47e01b3d9607ad37b72) Resolved conflict since upstream commit id '97ca6eed9a' is not present (just remove the drivealias changes) https://bugzilla.redhat.com/show_bug.cgi?id=1411398 Signed-off-by: John Ferlan --- src/qemu/qemu_hotplug.c | 21 +++++++++++++++++++++ ...emuxml2argv-disk-drive-network-rbd-auth-AES.args | 14 ++++++++++++-- ...qemuxml2argv-disk-drive-network-rbd-auth-AES.xml | 13 +++++++++++++ tests/qemuxml2argvtest.c | 2 +- 4 files changed, 47 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 58d25ca0e..967c7c0b7 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -594,12 +594,15 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, char *devstr = NULL; bool driveAdded = false; bool encobjAdded = false; + bool secobjAdded = false; int ret = -1; int rv; virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); virJSONValuePtr encobjProps = NULL; + virJSONValuePtr secobjProps = NULL; qemuDomainDiskPrivatePtr diskPriv; qemuDomainSecretInfoPtr encinfo; + qemuDomainSecretInfoPtr secinfo; if (qemuDomainPrepareDisk(driver, vm, disk, NULL, false) < 0) goto cleanup; @@ -631,6 +634,12 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, goto error; diskPriv = QEMU_DOMAIN_DISK_PRIVATE(disk); + secinfo = diskPriv->secinfo; + if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES) { + if (qemuBuildSecretInfoProps(secinfo, &secobjProps) < 0) + goto error; + } + encinfo = diskPriv->encinfo; if (encinfo && qemuBuildSecretInfoProps(encinfo, &encobjProps) < 0) goto error; @@ -646,6 +655,15 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, qemuDomainObjEnterMonitor(driver, vm); + if (secobjProps) { + rv = qemuMonitorAddObject(priv->mon, "secret", secinfo->s.aes.alias, + secobjProps); + secobjProps = NULL; /* qemuMonitorAddObject consumes */ + if (rv < 0) + goto exit_monitor; + secobjAdded = true; + } + if (encobjProps) { rv = qemuMonitorAddObject(priv->mon, "secret", encinfo->s.aes.alias, encobjProps); @@ -671,6 +689,7 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, ret = 0; cleanup: + virJSONValueFree(secobjProps); virJSONValueFree(encobjProps); qemuDomainSecretDiskDestroy(disk); VIR_FREE(devstr); @@ -684,6 +703,8 @@ qemuDomainAttachSCSIDisk(virConnectPtr conn, VIR_WARN("qemuMonitorAddDevice failed on %s (%s)", drivestr, devstr); orig_err = virSaveLastError(); + if (secobjAdded) + ignore_value(qemuMonitorDelObject(priv->mon, secinfo->s.aes.alias)); if (encobjAdded) ignore_value(qemuMonitorDelObject(priv->mon, encinfo->s.aes.alias)); if (orig_err) { diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args index dd66388f8..57b3d88a7 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args @@ -18,6 +18,7 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \ -monitor unix:/tmp/lib/domain--1-QEMUGuest1/monitor.sock,server,nowait \ -no-acpi \ -boot c \ +-device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x3 \ -usb \ -drive file=/dev/HostVG/QEMUGuest1,format=raw,if=none,id=drive-ide0-0-0 \ -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \ @@ -28,5 +29,14 @@ keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:6322,\ file.password-secret=virtio-disk0-secret0,format=raw,if=none,\ id=drive-virtio-disk0' \ --device virtio-blk-pci,bus=pci.0,addr=0x3,drive=drive-virtio-disk0,\ -id=virtio-disk0 +-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\ +id=virtio-disk0 \ +-object secret,id=scsi0-0-0-0-secret0,\ +data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\ +keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \ +-drive 'file=rbd:pool/image:id=myname:auth_supported=cephx\;none:\ +mon_host=mon1.example.org\:6321\;mon2.example.org\:6322\;mon3.example.org\:\ +6322,file.password-secret=scsi0-0-0-0-secret0,format=raw,if=none,\ +id=drive-scsi0-0-0-0,cache=none' \ +-device scsi-disk,bus=scsi0.0,channel=0,scsi-id=0,lun=0,\ +drive=drive-scsi0-0-0-0,id=scsi0-0-0-0 diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml index ac2e94209..885fb1127 100644 --- a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml @@ -32,7 +32,20 @@ + + + + + + + + + + + + + diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index f48632b70..dc5580e02 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -827,7 +827,7 @@ mymain(void) DO_TEST("disk-drive-network-rbd-auth", NONE); # ifdef HAVE_GNUTLS_CIPHER_ENCRYPT DO_TEST("disk-drive-network-rbd-auth-AES", - QEMU_CAPS_OBJECT_SECRET); + QEMU_CAPS_OBJECT_SECRET, QEMU_CAPS_VIRTIO_SCSI); # endif DO_TEST("disk-drive-network-rbd-ipv6", NONE); DO_TEST_FAILURE("disk-drive-network-rbd-no-colon", NONE); -- 2.11.1