Dan Kenigsberg has submitted this change and it was merged.
Change subject: ceph: Support ephemeral Libvirt secrets
......................................................................
ceph: Support ephemeral Libvirt secrets
To support network disk using Libvirt secrets, we will configure Libvirt
using ephemeral and private secrets. Libvirt keep such secrets only in
memory, and never store them persistently. The secret are not revealed
to any caller of libvirt, nor to any other node.
The actual authentication key will be stored in the engine in a secured
manner. We will pass the key over secured transport to Vdsm when
activating a storage domain supporting network disks, and unregister the
secrets when deactivating the storage domain or the host.
New secret APIs:
registerSecrets(secrets) Define Libvirt secrets specified in the
secrets list and set their authentication
key.
unregisterSecrets(uuids) Undefine the Libvirt secrets identified by
the provided uuids list.
For more info see Libvirt documentation:
https://libvirt.org/html/libvirt-libvirt-secret.html
Change-Id: I2e9ee33a7447ee07b0c82cf5a80d1f9b470663bb
Signed-off-by: Nir Soffer <[email protected]>
Reviewed-on: https://gerrit.ovirt.org/40712
Continuous-Integration: Jenkins CI
Reviewed-by: Allon Mureinik <[email protected]>
Reviewed-by: Francesco Romani <[email protected]>
Reviewed-by: Dan Kenigsberg <[email protected]>
---
M debian/vdsm.install
M lib/vdsm/define.py
M tests/Makefile.am
A tests/vmSecretTests.py
M vdsm.spec.in
M vdsm/API.py
M vdsm/rpc/bindingxmlrpc.py
M vdsm/rpc/vdsmapi-schema.json
M vdsm/virt/Makefile.am
A vdsm/virt/secret.py
10 files changed, 505 insertions(+), 1 deletion(-)
Approvals:
Nir Soffer: Verified
Jenkins CI: Passed CI tests
Dan Kenigsberg: Looks good to me, approved
Allon Mureinik: Looks good to me, but someone else must approve
Francesco Romani: Looks good to me, but someone else must approve
--
To view, visit https://gerrit.ovirt.org/40712
To unsubscribe, visit https://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2e9ee33a7447ee07b0c82cf5a80d1f9b470663bb
Gerrit-PatchSet: 29
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Nir Soffer <[email protected]>
Gerrit-Reviewer: Adam Litke <[email protected]>
Gerrit-Reviewer: Allon Mureinik <[email protected]>
Gerrit-Reviewer: Dan Kenigsberg <[email protected]>
Gerrit-Reviewer: Daniel Erez <[email protected]>
Gerrit-Reviewer: Federico Simoncelli <[email protected]>
Gerrit-Reviewer: Francesco Romani <[email protected]>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Michal Skrivanek <[email protected]>
Gerrit-Reviewer: Nir Soffer <[email protected]>
Gerrit-Reviewer: Piotr Kliczewski <[email protected]>
Gerrit-Reviewer: Vinzenz Feenstra <[email protected]>
Gerrit-Reviewer: Yaniv Bronhaim <[email protected]>
Gerrit-Reviewer: [email protected]
_______________________________________________
vdsm-patches mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
