rbd: improve rbd device specification

Tommi Virtanen Fri, 16 Sep 2011 10:53:57 -0700

On Thu, Sep 15, 2011 at 13:52, Sage Weil <s...@newdream.net> wrote:
> +static int buildRBDString(virConnectPtr conn,
...
> +        /* look up secret */
> +        snprintf(idDomain, sizeof(idDomain), "%s/%s", disk->authId,
> +                 disk->authDomain);
> +        sec = virSecretLookupByUsage(conn,
> +                                     VIR_SECRET_USAGE_TYPE_CEPH,
> +                                     idDomain);
...
> +            secret = (char *)conn->secretDriver->getValue(sec, &secret_size, 
> 0,
> +                                   VIR_SECRET_GET_VALUE_INTERNAL_CALL);
> +            /* qemu/librbd wants it base64 encoded */
> +            base64_encode_alloc(secret, secret_size, &base64);
> +            virBufferEscape(opt, ":", ":key=%s:auth_supported=cephx\\;none",
> +                            base64);


If I'm reading this right, that puts the ceph secret on the kvm
command line. That's not good, that makes it visible to anyone on the
host.

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 5/5] qemu/rbd: improve rbd device specification

Reply via email to