On Thu, Apr 14, 2022 at 05:02:46PM -0500, Jonathon Jongsma wrote: > 1. secrets [...] > Fortunately, nbdkit provides a method for reading cookies and > passwords from a file, which should be secure if the file has > permissions set properly. So I'm currently planning to write a file > containing the cookies and pass them to nbdkit by specifying the > filename. But I'm still confused about the username/password > possibility. You can also send the password or cookie over an inherited file descriptor, which has the possible advantage that the secret will never hit the disk at all. For completeness I should say that we found HTTP authentication against some servers to be quite slow (presumably because validating a password involves a lot of machinery so doing it on every request is slow). For those servers we implemented a complicated scheme where you could make an authenticated request, fetch the cookie that the server sends back, send back the cookie, _and_ autorenew the cookie if it times out. (Did I say this was complicated?) This is required for at least VMware servers and Docker registries. https://libguestfs.org/nbdkit-curl-plugin.1.html#HEADER-AND-COOKIE-SCRIPTS I wouldn't try implementing this through libvirt ... > 2. readahead > > 3. blockdev-create See also: https://listman.redhat.com/archives/libguestfs/2022-April/028674.html I agree we should implement creation for ssh disks (not sure if it's possible or even makes sense for curl). Shouldn't be too difficult. You might also want to think about VDDK disk support, ie. is it possible to make the nbdkit stuff generic enough that nbdkit-vddk-plugin can be slotted in later? It would allow a libvirt domain to be backed with remote disks stored on VMFS, or to use VMware's own proprietary drivers to open local VMDK files, both significant enhancements. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com nbdkit - Flexible, fast NBD server with plugins https://gitlab.com/nbdkit/nbdkit
