Re: [PATCH v2 5/6] domain: parse XML for iscsi authorization credentials

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2013年03月21日 19:53, Paolo Bonzini wrote:
> Signed-off-by: Paolo Bonzini<pbonzini@xxxxxxxxxx>
> ---
>   docs/formatdomain.html.in                          | 12 ++++----
>   docs/schemas/domaincommon.rng                      |  1 +
>   src/conf/domain_conf.c                             | 33 ++++++++++++++++------
>   .../qemuxml2argv-disk-drive-network-iscsi-auth.xml | 31 ++++++++++++++++++++
>   tests/qemuxml2xmltest.c                            |  1 +
>   5 files changed, 64 insertions(+), 14 deletions(-)
>   create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml
> 
> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> index fd33818..c2cf75f 100644
> --- a/docs/formatdomain.html.in
> +++ b/docs/formatdomain.html.in
> @@ -1768,12 +1768,12 @@
>           holds the actual password or other credentials (the domain XML
>           intentionally does not expose the password, only the reference
>           to the object that does manage the password).  For now, the
> -        only known secret<code>type</code>  is "ceph", for Ceph RBD
> -        network sources, and requires either an
> -        attribute<code>uuid</code>  with the UUID of the Ceph secret
> -        object, or an attribute<code>usage</code>  with the name
> -        associated with the Ceph secret
> -        object.<span class="since">libvirt 0.9.7</span>
> +        known secret<code>type</code>s are "ceph", for Ceph RBD
> +        network sources, and "iscsi", for CHAP authentication of iSCSI
> +        targets.  Both require either a<code>uuid</code>  attribute
> +        with the UUID of the secret object, or a<code>usage</code>
> +        attribute matching the key that was specified in the
> +        secret object.<span class="since">libvirt 0.9.7</span>
>         </dd>
>         <dt><code>geometry</code></dt>
>         <dd>The optional<code>geometry</code>  element provides the
> diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
> index 4da65f8..fae5c0d 100644
> --- a/docs/schemas/domaincommon.rng
> +++ b/docs/schemas/domaincommon.rng
> @@ -3642,6 +3642,7 @@
>         <attribute name='type'>
>           <choice>
>             <value>ceph</value>
> +<value>iscsi</value>
>           </choice>
>         </attribute>
>         <choice>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 8f76e8e..159a23d 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -3992,6 +3992,8 @@ virDomainDiskDefParseXML(virCapsPtr caps,
>       char *wwn = NULL;
>       char *vendor = NULL;
>       char *product = NULL;
> +    int expected_secret_usage = -1;
> +    int auth_secret_usage = -1;
> 
>       if (VIR_ALLOC(def)<  0) {
>           virReportOOMError();
> @@ -4029,7 +4031,6 @@ virDomainDiskDefParseXML(virCapsPtr caps,
>           if (cur->type == XML_ELEMENT_NODE) {
>               if (!source&&  !hosts&&
>                   xmlStrEqual(cur->name, BAD_CAST "source")) {
> -
>                   sourceNode = cur;
> 
>                   switch (def->type) {
> @@ -4057,6 +4058,11 @@ virDomainDiskDefParseXML(virCapsPtr caps,
>                                          protocol);
>                           goto error;
>                       }
> +                    if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_ISCSI) {
> +                        expected_secret_usage = VIR_SECRET_USAGE_TYPE_ISCSI;
> +                    } else if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) {
> +                        expected_secret_usage = VIR_SECRET_USAGE_TYPE_CEPH;
> +                    }
>                       if (!(source = virXMLPropString(cur, "name"))&&
>                           def->protocol != VIR_DOMAIN_DISK_PROTOCOL_NBD) {
>                           virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> @@ -4242,8 +4248,9 @@ virDomainDiskDefParseXML(virCapsPtr caps,
>                                              _("missing type for secret"));
>                               goto error;
>                           }
> -                        if (virSecretUsageTypeTypeFromString(usageType) !=
> -                            VIR_SECRET_USAGE_TYPE_CEPH) {
> +                        auth_secret_usage =
> +                            virSecretUsageTypeTypeFromString(usageType);
> +                        if (auth_secret_usage<  0) {
>                               virReportError(VIR_ERR_XML_ERROR,
>                                              _("invalid secret type %s"),
>                                              usageType);
> @@ -4393,6 +4400,13 @@ virDomainDiskDefParseXML(virCapsPtr caps,
>           cur = cur->next;
>       }
> 
> +    if (auth_secret_usage != -1&&  auth_secret_usage != expected_secret_usage) {
> +        virReportError(VIR_ERR_INTERNAL_ERROR,
> +                       _("invalid secret type '%s'"),
> +                       virSecretUsageTypeTypeToString(auth_secret_usage));
> +        goto error;
> +    }
> +
>       device = virXMLPropString(node, "device");
>       if (device) {
>           if ((def->device = virDomainDiskDeviceTypeFromString(device))<  0) {
> @@ -12787,15 +12801,18 @@ virDomainDiskDefFormat(virBufferPtr buf,
>       if (def->auth.username) {
>           virBufferEscapeString(buf, "<auth username='%s'>\n",
>                                 def->auth.username);
> +        if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_ISCSI) {
> +            virBufferAsprintf(buf, "<secret type='iscsi'");
> +        } else if (def->protocol == VIR_DOMAIN_DISK_PROTOCOL_RBD) {
> +            virBufferAsprintf(buf, "<secret type='ceph'");
> +        }
> +
>           if (def->auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_UUID) {
>               virUUIDFormat(def->auth.secret.uuid, uuidstr);
> -            virBufferAsprintf(buf,
> -                              "<secret type='ceph' uuid='%s'/>\n",
> -                              uuidstr);
> +            virBufferAsprintf(buf, " uuid='%s'/>\n", uuidstr);
>           }
>           if (def->auth.secretType == VIR_DOMAIN_DISK_SECRET_TYPE_USAGE) {
> -            virBufferEscapeString(buf,
> -                                  "<secret type='ceph' usage='%s'/>\n",
> +            virBufferEscapeString(buf, " usage='%s'/>\n",
>                                     def->auth.secret.usage);
>           }
>           virBufferAddLit(buf, "</auth>\n");
> diff --git a/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml
> new file mode 100644
> index 0000000..acaa503
> --- /dev/null
> +++ b/tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-iscsi-auth.xml
> @@ -0,0 +1,31 @@
> +<domain type='qemu'>
> +<name>QEMUGuest1</name>
> +<uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
> +<memory unit='KiB'>219136</memory>
> +<currentMemory unit='KiB'>219136</currentMemory>
> +<vcpu placement='static'>1</vcpu>
> +<os>
> +<type arch='i686' machine='pc'>hvm</type>
> +<boot dev='hd'/>
> +</os>
> +<clock offset='utc'/>
> +<on_poweroff>destroy</on_poweroff>
> +<on_reboot>restart</on_reboot>
> +<on_crash>destroy</on_crash>
> +<devices>
> +<emulator>/usr/bin/qemu</emulator>
> +<disk type='network' device='disk'>
> +<driver name='qemu' type='raw'/>
> +<auth username='myname'>
> +<secret type='iscsi' usage='mycluster_myname'/>
> +</auth>
> +<source protocol='iscsi' name='iqn.1992-01.com.example'>
> +<host name='example.org'/>
> +</source>
> +<target dev='vda' bus='virtio'/>
> +</disk>
> +<controller type='usb' index='0'/>
> +<controller type='ide' index='0'/>
> +<memballoon model='virtio'/>
> +</devices>
> +</domain>
> diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
> index 41613ea..899414d 100644
> --- a/tests/qemuxml2xmltest.c
> +++ b/tests/qemuxml2xmltest.c
> @@ -175,6 +175,7 @@ mymain(void)
>       DO_TEST("disk-drive-network-nbd-ipv6-export");
>       DO_TEST("disk-drive-network-nbd-unix");
>       DO_TEST("disk-drive-network-iscsi");
> +    DO_TEST("disk-drive-network-iscsi-auth");
>       DO_TEST("disk-scsi-device");
>       DO_TEST("disk-scsi-vscsi");
>       DO_TEST("disk-scsi-virtio-scsi");

ACK

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]