Re: [Qemu-devel] [RFC][BROKEN] rbd: Allow configuration of authentication scheme

[Daniel P . Berrangé]

On Wed, Apr 18, 2018 at 06:28:23PM +0200, Kevin Wolf wrote:
> Am 18.04.2018 um 17:06 hat Markus Armbruster geschrieben:

> >     Note that users can still configure authentication methods with a
> >     configuration file.  They probably do that anyway if they use Ceph
> >     outside QEMU as well.
> 
> This solution that we originally intended to offer was dismissed by
> libvirt as unpractical: libvirt allows the user to specify both a config
> file and a key, and if it wanted to use a config file to pass the key,
> it would have to create a merged config file and keep it sync with the
> user config file at all times. Understandable that they want to avoid
> this.

Even if the config file does have auth info setup, we can't assume that
the QEMU VMs are supposed to use the same auth info. In fact to properly
protect against compromised QEMU, ideally every QEMU would use a completely
separate RBD user+password, so that compromised QEMU can't then access
RBD disks belonging to a different user.

So from libvirt POV we want to pretend the config file does not exist at
all and explicitly pass everything that is needed via normal per-disk
setup for blockdev.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|