From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59617) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cv1h5-0000W8-HN for qemu-devel@nongnu.org; Mon, 03 Apr 2017 09:06:55 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cv1gz-0003JL-KO for qemu-devel@nongnu.org; Mon, 03 Apr 2017 09:06:51 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40866) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cv1gz-0003J3-B7 for qemu-devel@nongnu.org; Mon, 03 Apr 2017 09:06:45 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 60C593B71B for ; Mon, 3 Apr 2017 13:06:44 +0000 (UTC) References: <1490621195-2228-1-git-send-email-armbru@redhat.com> <1490621195-2228-10-git-send-email-armbru@redhat.com> <20170403113703.GS2768@redhat.com> <44b23727-f5d4-0d64-0694-85c6dd601431@redhat.com> <20170403130442.GW2768@redhat.com> From: Max Reitz Message-ID: Date: Mon, 3 Apr 2017 15:06:39 +0200 MIME-Version: 1.0 In-Reply-To: <20170403130442.GW2768@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="j33eaSbfwe671WpL0bb5L7ugT7MNilHEk" Subject: Re: [Qemu-devel] [PATCH RFC v3 for-2.9 09/11] rbd: Revert -blockdev parameter password-secret List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" Cc: Markus Armbruster , qemu-devel@nongnu.org, kwolf@redhat.com, jdurgin@redhat.com, jcody@redhat.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --j33eaSbfwe671WpL0bb5L7ugT7MNilHEk From: Max Reitz To: "Daniel P. Berrange" Cc: Markus Armbruster , qemu-devel@nongnu.org, kwolf@redhat.com, jdurgin@redhat.com, jcody@redhat.com Message-ID: Subject: Re: [Qemu-devel] [PATCH RFC v3 for-2.9 09/11] rbd: Revert -blockdev parameter password-secret References: <1490621195-2228-1-git-send-email-armbru@redhat.com> <1490621195-2228-10-git-send-email-armbru@redhat.com> <20170403113703.GS2768@redhat.com> <44b23727-f5d4-0d64-0694-85c6dd601431@redhat.com> <20170403130442.GW2768@redhat.com> In-Reply-To: <20170403130442.GW2768@redhat.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 03.04.2017 15:04, Daniel P. Berrange wrote: > On Mon, Apr 03, 2017 at 02:42:48PM +0200, Max Reitz wrote: >> On 03.04.2017 13:37, Daniel P. Berrange wrote: >>> On Mon, Mar 27, 2017 at 03:26:33PM +0200, Markus Armbruster wrote: >>>> This reverts a part of commit 8a47e8e. We're having second thoughts= >>>> on the QAPI schema (and thus the external interface), and haven't >>>> reached consensus, yet. Issues include: >>>> >>>> * BlockdevOptionsRbd member @password-secret isn't actually a >>>> password, it's a key generated by Ceph. >>>> >>>> * We're not sure where member @password-secret belongs (see the >>>> previous commit). >>>> >>>> * How @password-secret interacts with settings from a configuration >>>> file specified with @conf is undocumented. I suspect it's unteste= d, >>>> too. >>>> >>>> Let's avoid painting ourselves into a corner now, and revert the >>>> feature for 2.9. >>>> >>>> Note that users can still configure an authentication key with a >>>> configuration file. They probably do that anyway if they use Ceph >>>> outside QEMU as well. >>> >>> NB, this makes blockdev-add largely useless for RBD from libvirt's PO= V, >>> since we rely on the password-secret facility working to support apps= >>> like openstack which won't configure the global config file for RBD. >>> >>> Not a regression though, since blockdev-add is new - just means we wo= n't >>> be able to use the new feature yet :-( >> >> How does it make blockdev-add totally useless? The only thing you cann= ot >> do is set passwords for rbd. Can this not be added as a new feature in= >> the future? >=20 > Sure, if you want to run an rbd server without any auth its usable, jus= t > that isn't something you really want todo from a security pov. Indeed, but that's at least an rbd-specific issues. You can still use blockdev-add for other block drivers just fine. =2E..and I just noticed that I have read your response the wrong way. I didn't notice the "for RBD" and just read "this makes blockdev-add largely useless from libvirt's POV" which sounded wrong. OK, I get it then, sorry. :-) Max --j33eaSbfwe671WpL0bb5L7ugT7MNilHEk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQFGBAEBCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAljiSN8SHG1yZWl0ekBy ZWRoYXQuY29tAAoJEPQH2wBh1c9ACb8IAKrB6jvQvipdeuflca1TaGFin0sGp+fc 4irlO9cBRSXPKzm1keuCZsSapMYaNAX3In+46Mn8svnmDuh4TRUsQDtEaOygRmx7 Wsk2eN00d2gUz1IQyXbMm4as9PUD350tpjg68peKKloecvoBvJ7lJT3QmJ3dql8I tHBIBaot6nvhNFEk3ONcCjTenM5ErXaGSZ9k4bSlYLenpEnwA0I8Qv6aNR4XTVji hEO6/o9HKLTL0ISj8r303z9zRtO2AL6s/mmf0ftkDQAYtSZU20ykcWgXFd2hUV4o Wh86v1F0TOJFYjb8sZqdT+3NsVvlYgSulSW4Fwoav1pgUMdpvz9EiYw= =DZWY -----END PGP SIGNATURE----- --j33eaSbfwe671WpL0bb5L7ugT7MNilHEk--