[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH RFC v3 for-2.9 09/11] rbd: Revert -blockdev para
From: |
Jeff Cody |
Subject: |
Re: [Qemu-devel] [PATCH RFC v3 for-2.9 09/11] rbd: Revert -blockdev parameter password-secret |
Date: |
Mon, 3 Apr 2017 09:06:12 -0400 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Mon, Apr 03, 2017 at 02:04:42PM +0100, Daniel P. Berrange wrote:
> On Mon, Apr 03, 2017 at 02:42:48PM +0200, Max Reitz wrote:
> > On 03.04.2017 13:37, Daniel P. Berrange wrote:
> > > On Mon, Mar 27, 2017 at 03:26:33PM +0200, Markus Armbruster wrote:
> > >> This reverts a part of commit 8a47e8e. We're having second thoughts
> > >> on the QAPI schema (and thus the external interface), and haven't
> > >> reached consensus, yet. Issues include:
> > >>
> > >> * BlockdevOptionsRbd member @password-secret isn't actually a
> > >> password, it's a key generated by Ceph.
> > >>
> > >> * We're not sure where member @password-secret belongs (see the
> > >> previous commit).
> > >>
> > >> * How @password-secret interacts with settings from a configuration
> > >> file specified with @conf is undocumented. I suspect it's untested,
> > >> too.
> > >>
> > >> Let's avoid painting ourselves into a corner now, and revert the
> > >> feature for 2.9.
> > >>
> > >> Note that users can still configure an authentication key with a
> > >> configuration file. They probably do that anyway if they use Ceph
> > >> outside QEMU as well.
> > >
> > > NB, this makes blockdev-add largely useless for RBD from libvirt's POV,
> > > since we rely on the password-secret facility working to support apps
> > > like openstack which won't configure the global config file for RBD.
> > >
> > > Not a regression though, since blockdev-add is new - just means we won't
> > > be able to use the new feature yet :-(
> >
> > How does it make blockdev-add totally useless? The only thing you cannot
> > do is set passwords for rbd. Can this not be added as a new feature in
> > the future?
>
> Sure, if you want to run an rbd server without any auth its usable, just
> that isn't something you really want todo from a security pov.
>
What about using a keyring for rbd?