Re: [libvirt] [PATCH 00/10] Convert secret driver to use hashed object

On 03/02/2016 01:54 PM, John Ferlan wrote: > This series replaces the usage of linked list in secret driver with a > hashed object list as was suggested in the review in the last patch of > the previous secret driver changes series: > >

[libvirt] [PATCH v2 03/12] qemu: Introduce qemuDomainHostdevPrivatePtr

Modeled after the qemuDomainDiskPrivatePtr logic, create a privateData pointer in the _virDomainHostdevDef to allow storage of private data for a hypervisor in order to at least temporarily store auth/secrets data for usage during qemuBuildCommandLine. NB: Since the qemu_parse_command

[libvirt] [PATCH v2 11/12] qemu: Introduce qemuDomainSecretIV

Add the data structure and infrastructure to support an initialization vector (IV) secret. The IV secret generation will need to have access to the domain private master key, so let's make sure the prepare disk and hostdev functions can accept that now. Anywhere that needs to make a decision

[libvirt] [PATCH v2 06/12] qemu: hotplug: Assume support for -device for attach virtio disk

Since support for QEMU_CAPS_DEVICE is not assumed, let's drop the legacy code to make life easier going forward. Signed-off-by: John Ferlan --- src/qemu/qemu_hotplug.c | 79 + 1 file changed, 33 insertions(+), 46 deletions(-)

[libvirt] [PATCH v2 08/12] qemu: hotplug: Adjust error path for attach virtio disk

Adjust error path logic to make it clearer how to undo the failed add. Signed-off-by: John Ferlan --- src/qemu/qemu_hotplug.c | 55 - 1 file changed, 32 insertions(+), 23 deletions(-) diff --git a/src/qemu/qemu_hotplug.c

[libvirt] [PATCH v2 12/12] qemu: Utilize qemu secret objects for SCSI/RBD auth/secret

https://bugzilla.redhat.com/show_bug.cgi?id=1182074 If they're available and we need to pass secrets to qemu, then use the qemu domain secret object in order to pass the secrets for iSCSI and RBD volumes instead of passing plaintext or base64 encoded secrets on the command line. New APIs:

[libvirt] [PATCH v2 02/12] qemu: Introduce qemuDomainSecretPrepare and Destroy

Rather than needing to pass the conn parameter to various command line building API's, add qemuDomainSecretPrepare just prior to the qemuProcessLaunch which calls qemuBuilCommandLine. The function must be called after qemuProcessPrepareHost since it's expected to eventually need the domain

[libvirt] [PATCH v2 10/12] qemu: hotplug: Fix possible memory leak of props

If we failed to build the aliases or attach the chardev, then the props would be leaked - fix that. Signed-off-by: John Ferlan --- src/qemu/qemu_hotplug.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index

[libvirt] [PATCH v2 04/12] qemu: Introduce qemuDomainSecretHostdevPrepare and Destroy

Similar to the qemuDomainSecretDiskPrepare, generate the secret for the Hostdev's prior to call qemuProcessLaunch which calls qemuBuildCommandLine. Additionally, since the secret is not longer added as part of building the command, the hotplug code will need to make the call to add the secret in

[libvirt] [PATCH v2 05/12] qemu: Use qemuDomainSecretInfoPtr in qemuBuildNetworkDriveURI

Rather than take username and password as parameters, now take a qemuDomainSecretInfoPtr and decode within the function. NB: Having secinfo implies having the username for a plain type from a successful virSecretGetSecretString Signed-off-by: John Ferlan ---

[libvirt] [PATCH v2 09/12] qemu: hotplug: Adjust error path for attach hostdev scsi disk

Adjust error path logic to make it clearer how to undo the failed add. Signed-off-by: John Ferlan --- src/qemu/qemu_hotplug.c | 52 ++--- 1 file changed, 32 insertions(+), 20 deletions(-) diff --git a/src/qemu/qemu_hotplug.c

[libvirt] [PATCH v2 07/12] qemu: hotplug: Adjust error path for attach scsi disk

Adjust error path logic to make it clearer how to undo the failed add. Signed-off-by: John Ferlan --- src/qemu/qemu_hotplug.c | 35 +++ 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/src/qemu/qemu_hotplug.c

[libvirt] [PATCH v2 01/12] qemu: Introduce qemuDomainSecretInfo

Introduce a new private structure to hold qemu domain auth/secret data. This will be stored in the qemuDomainDiskPrivate as a means to store the auth and fetched secret data rather than generating during building of the command line. The initial changes will handle the current username and secret

[libvirt] [PATCH v2 00/12] Add IV Secret Object support

v1: http://www.redhat.com/archives/libvir-list/2016-April/msg00596.html Differences since v1: - Add qemuBuildiSCSICommandLine (and BuildDiskiSCSI && BuildHostdeviSCSI) These will do the magic necessary in order to support IV secret objects for the impending iSCSI -drive argument. This API

Re: [libvirt] [PATCH] qemu: reject min_guarantee at parse time

On Fri, Apr 15, 2016 at 05:37:17PM -0400, Cole Robinson wrote: min_guarantee isn't implemented for qemu, and an explicit check was added in june 2014 to reject the VM at qemu startup time. It's a weird place to do XML validation, so move it to the post parse area where we have similar checks.

[libvirt] [PATCH] tests: Fix syntax in iSCSI auth/secret tests

While working on the tests for the secret initialization vector, I found that the existing iSCSI tests were lacking in how they defined the IQN. Many had IQN's of just 'iqn.1992-01.com.example' for one disk while using 'iqn.1992-01.com.example/1' for the second disk (same for hostdevs - guess how

Re: [libvirt] RFC: virtio-rng and /dev/urandom

> Also, I do not believe /dev/urandom is FIPS compliant. Finally, the refill > policy is different, so it is not really true the algorithm is the same. > > All in all, other than a seed value it really doesn't make any sense. Of > course, none of this matters on newer Intel hardware ;) Right,