Bug 1301057
Summary: | RFE: add support for securely passing passwords to QEMU block drivers | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Daniel Berrangé <berrange> | |
Component: | qemu-kvm-rhev | Assignee: | Daniel Berrangé <berrange> | |
Status: | CLOSED ERRATA | QA Contact: | FuXiangChun <xfu> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 7.3 | CC: | berrange, chayang, huding, juzhang, knoel, mrezanin, virt-maint, xfu, yanyang | |
Target Milestone: | rc | Keywords: | FutureFeature | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | qemu-kvm-rhev-2.6.0-22.el7 | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1425757 (view as bug list) | Environment: | ||
Last Closed: | 2016-11-07 20:57:23 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1182074, 1425757 |
Description
Daniel Berrangé
2016-01-22 13:13:45 UTC
There are three block drivers to test with this fix, curl (http, https, ftp, protocols), rbd and iscsi. For each of these we need to test operation against a server that requires password authentication. Some examples to test: iSCSI server: $QEMU \ -object secret,id=sec0,filename=/home/berrange/example.pw \ -drive driver=iscsi,url=iscsi://example.com/target-foo/lun1,\ user=dan,password-secret=sec0 RBD server: echo "QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=" > poolkey.b64 $QEMU -object secret,id=secret0,file=poolkey.b64,format=base64 \ -drive driver=rbd,filename=rbd:pool/image:id=myname:\ auth_supported=cephx,password-secret=secret0 HTTP server without proxy: $QEMU \ -object secret,id=sec0,filename=/home/berrange/example.pw \ -drive driver=http,url=http://example.com/some.img,\ username=dan,password-secret=sec0 HTTP server with proxy server requiring auth too $QEMU \ -object secret,id=sec0,filename=/home/berrange/example.pw \ -object secret,id=sec1,filename=/home/berrange/proxy.pw \ -drive driver=http,url=http://example.com/some.img,\ username=dan,password-secret=sec0,\ proxy-username=dan,proxy-password-secret=sec1 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2673.html |