[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] iscsi: Add chap and "initiator-name" etc as per
|
From: |
Peter Lieven |
|
Subject: |
Re: [Qemu-devel] [PATCH] iscsi: Add chap and "initiator-name" etc as per drive options |
|
Date: |
Mon, 14 Sep 2015 08:50:50 +0200 |
> Am 14.09.2015 um 08:38 schrieb Fam Zheng <address@hidden>:
>
>> On Fri, 09/11 08:27, ronnie sahlberg wrote:
>>> On Fri, Sep 11, 2015 at 8:20 AM, Eric Blake <address@hidden> wrote:
>>>> On 09/11/2015 12:00 AM, Fam Zheng wrote:
>>>> Previously we use "-iscsi id=target-iqn,user=foo,password=bar,..." to
>>>> specify iscsi connection parameters, unfortunately it doesn't work with
>>>> qemu-img.
>>>>
>>>> This patch adds per drive options to iscsi driver so that at least
>>>> qemu-img can use the "json:{...}" filename magic.
>>>>
>>>> Signed-off-by: Fam Zheng <address@hidden>
>>>> ---
>>>> block/iscsi.c | 83
>>>> +++++++++++++++++++++++++++++++++++++++++++++--------------
>>>> 1 file changed, 64 insertions(+), 19 deletions(-)
>>>
>>> It would be nice to also add a matching BlockdevOptionsIscsi to
>>> qapi/block-core.json, to allow setting these structured options from
>>> QMP. Separate patch is fine, but we need to do the work for ALL of the
>>> remaining block devices eventually, and now that you are structuring the
>>> command line is a good time to think about it.
>>>
>>>
>>>> static void iscsi_nop_timed_event(void *opaque)
>>>> @@ -1229,6 +1253,27 @@ static QemuOptsList runtime_opts = {
>>>> .name = "filename",
>>>> .type = QEMU_OPT_STRING,
>>>> .help = "URL to the iscsi image",
>>>> + },{
>>>> + .name = "user",
>>>> + .type = QEMU_OPT_STRING,
>>>> + .help = "username for CHAP authentication to target",
>>>> + },{
>>>> + .name = "password",
>>>> + .type = QEMU_OPT_STRING,
>>>> + .help = "password for CHAP authentication to target",
>>>> + },{
>>>
>>> Also, this requires passing the password in the command line. We
>>> _really_ need to solve the problem of allowing the password to be passed
>>> via a fd or other QMP command, rather than on the command line.
>>
>>
>> Passing via command line is evil. It should still be possible to pass
>> all this via a config file to qemu :
>>
>> """
>> ...
>> Howto use a configuration file to set iSCSI configuration options:
>> @example
>> cat >iscsi.conf <<EOF
>> [iscsi "iqn.target.name"]
>> user = "me"
>> password = "my password"
>> initiator-name = "iqn.qemu.test:my-initiator"
>> header-digest = "CRC32C"
>> EOF
>>
>> qemu-system-i386 -drive file=iscsi://127.0.0.1/iqn.qemu.test/1 \
>> -readconfig iscsi.conf
>> @end example
>> ...
>> """
>
> I agree passing password with clear text command line is bad, but -readconfig
> doesn't work for qemu-img and qemu-io. Any idea how to make that work?
you can pass the secrets via environment variables (see libiscsi readme).
Peter