Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> --- docs/formatdomain.html.in | 12 ++++---- docs/schemas/domaincommon.rng | 1 + src/conf/domain_conf.c | 33 ++++++++++++++++------ .../qemuxml2argv-disk-drive-network-iscsi-auth.xml | 31 ++++++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 5 files changed, 64 insertions(+), 14 deletions(-) create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index fd33818..c2cf75f 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -1768,12 +1768,12 @@ holds the actual password or other credentials (the domain XML intentionally does not expose the password, only the reference to the object that does manage the password). For now, the - only known secret <code>type</code> is "ceph", for Ceph RBD - network sources, and requires either an - attribute <code>uuid</code> with the UUID of the Ceph secret - object, or an attribute <code>usage</code> with the name - associated with the Ceph secret - object. <span class="since">libvirt 0.9.7</span> + known secret <code>type</code>s are "ceph", for Ceph RBD + network sources, and "iscsi", for CHAP authentication of iSCSI + targets. Both require either a <code>uuid</code> attribute + with the UUID of the secret object, or a <code>usage</code> + attribute matching the key that was specified in the + secret object. <span class="since">libvirt 0.9.7</span> </dd> <dt><code>geometry</code></dt> <dd>The optional <code>geometry</code> element provides the diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 4da65f8..fae5c0d 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -3642,6 +3642,7 @@ <attribute name='type'> <choice> <value>ceph</value> + <value>iscsi</value> </choice> </attribute> <choice> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 8f76e8e..159a23d 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -3992,6 +3992,8 @@ virDomainDiskDefParseXML(virCapsPtr caps, char *wwn = NULL; char *vendor = NULL; char *product = NULL; + int expected_secret_usage = -1; + int auth_secret_usage = -1; if (VIR_ALLOC(def) < 0) { virReportOOMError(); @@ -4029,7 +4031,6 @@ virDomainDiskDefParseXML(virCapsPtr caps, if (cur->type == XML_ELEMENT_NODE) { if (!source && !hosts && xmlStrEqual(cur->name, BAD_CAST "source")) { - sourceNode = cur; switch (def->type) { @@ -4057,6 +4058,11 @@ virDomainDiskDefParseXML(virCapsPtr caps, protocol); goto error; } + if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_ISCSI) { + expected_secret_usage = VIR_SECRET_USAGE_TYPE_ISCSI; + } else if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) { + expected_secret_usage = VIR_SECRET_USAGE_TYPE_CEPH; + } if (!(source = virXMLPropString(cur, "name")) && def->protocol != VIR_DOMAIN_DISK_PROTOCOL_NBD) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", @@ -4242,8 +4248,9 @@ virDomainDiskDefParseXML(virCapsPtr caps, _("missing type for secret")); goto error; } - if (virSecretUsageTypeTypeFromString(usageType) != - VIR_SECRET_USAGE_TYPE_CEPH) { + auth_secret_usage = + virSecretUsageTypeTypeFromString(usageType); + if (auth_secret_usage < 0) { virReportError(VIR_ERR_XML_ERROR, _("invalid secret type %s"), usageType); @@ -4393,6 +4400,13 @@ virDomainDiskDefParseXML(virCapsPtr caps, cur = cur->next; } + if (auth_secret_usage != -1 && auth_secret_usage != expected_secret_usage) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("invalid secret type '%s'"), + virSecretUsageTypeTypeToString(auth_secret_usage)); + goto error; + } + device = virXMLPropString(node, "device"); if (device) { if ((def->device = virDomainDiskDeviceTypeFromString(device)) < 0) { @@ -12787,15 +12801,18 @@ virDomainDiskDefFormat(virBufferPtr buf, if (def->auth.username) { virBufferEscapeString(buf, " <auth username='%s'>\n", def->auth.username); + if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_ISCSI) { + virBufferAsprintf(buf, " <secret type='iscsi'"); + } else if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) { + virBufferAsprintf(buf, " <secret type='ceph'"); + } + if (def->auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_UUID) { virUUIDFormat(def->auth.secret.uuid, uuidstr); - virBufferAsprintf(buf, - " <secret type='ceph' uuid='%s'/>\n", - uuidstr); + virBufferAsprintf(buf, " uuid='%s'/>\n", uuidstr); } if (def->auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_USAGE) { - virBufferEscapeString(buf, - " <secret type='ceph' usage='%s'/>\n", + virBufferEscapeString(buf, " usage='%s'/>\n", def->auth.secret.usage); } virBufferAddLit(buf, " </auth>\n"); diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml new file mode 100644 index 0000000..acaa503 --- /dev/null +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml @@ -0,0 +1,31 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219136</memory> + <currentMemory unit='KiB'>219136</currentMemory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='i686' machine='pc'>hvm</type> + <boot dev='hd'/> + </os> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/qemu</emulator> + <disk type='network' device='disk'> + <driver name='qemu' type='raw'/> + <auth username='myname'> + <secret type='iscsi' usage='mycluster_myname'/> + </auth> + <source protocol='iscsi' name='iqn.1992-01.com.example'> + <host name='example.org'/> + </source> + <target dev='vda' bus='virtio'/> + </disk> + <controller type='usb' index='0'/> + <controller type='ide' index='0'/> + <memballoon model='virtio'/> + </devices> +</domain> diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c index 41613ea..899414d 100644 --- a/tests/qemuxml2xmltest.c +++ b/tests/qemuxml2xmltest.c @@ -175,6 +175,7 @@ mymain(void) DO_TEST("disk-drive-network-nbd-ipv6-export"); DO_TEST("disk-drive-network-nbd-unix"); DO_TEST("disk-drive-network-iscsi"); + DO_TEST("disk-drive-network-iscsi-auth"); DO_TEST("disk-scsi-device"); DO_TEST("disk-scsi-vscsi"); DO_TEST("disk-scsi-virtio-scsi"); -- 1.8.1.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list