Re: [Qemu-devel] [CFR 2/10] qmp: block

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [CFR 2/10] qmp: block_passwd command

From:	Daniel P. Berrange
Subject:	Re: [Qemu-devel] [CFR 2/10] qmp: block_passwd command
Date:	Wed, 16 Jun 2010 14:57:09 +0100
User-agent:	Mutt/1.4.1i

On Wed, Jun 16, 2010 at 03:33:14PM +0200, Kevin Wolf wrote:
> Am 15.06.2010 18:44, schrieb Anthony Liguori:
> > On 06/15/2010 11:30 AM, Anthony Liguori wrote:
> >> block_passwd
> >> ------------
> >>    
> > 
> > I dislike abbreviations.  I also think that we should make commands 
> > verbs.  So I'd like to change the name to set_block_password and then we 
> > can alias block_passwd to that command if we need to.
> 
> Actually, I think this command should be removed and passwords should
> always be set as a blkdevice_add parameter when attaching an image.

That doesn't work for people adding devices on the command line though,
because you don't want the password exposed in ARGV. It could be useful
to separate the passwords from the device config, both here and wrt to 
VNC (and SPICE in future) instead set them by reference.

eg, register two named secrets  with associated keys

    add_secret secret1 123456
    add_secret secret2 123456

Then you can reference that secret in all the devices added

    blockdev_add  file=foo.qcow1,password=secret1
    blockdev_add  file=foo.qcow2,password=secret2
    blockdev_add  file=foo.qcow3,password=secret1
    graphics_add  type=vnc,password=secret1

On the command line the user could easily specify a config file with
the named secrets

   #cat > secrets.cfg <<EOF
   secret1 = 123465
   secret2 = abcd
   EOF
   qemu -secrets secrets.cfg  -blockdev file=foo.qcow1,password=secret1


It also means that if management apps are logging all monitor commands
for purposes of debugging, or bug reporting, they don't have to worry
so much about exposing their password. just blacklist the 'add_secret'
command from logging and still get the full device configs logged with
the important details.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] Re: [CFR 6/10] cont command, (continued)
- [Qemu-devel] [CFR 2/10] qmp: block_passwd command, Anthony Liguori, 2010/06/15
  - Re: [Qemu-devel] [CFR 2/10] qmp: block_passwd command, Anthony Liguori, 2010/06/15
    - Re: [Qemu-devel] [CFR 2/10] qmp: block_passwd command, Kevin Wolf, 2010/06/16
    - Re: [Qemu-devel] [CFR 2/10] qmp: block_passwd command, Daniel P. Berrange <=
- [Qemu-devel] [CFR 9/10] device_del command, Anthony Liguori, 2010/06/15
  - Re: [Qemu-devel] [CFR 9/10] device_del command, Anthony Liguori, 2010/06/15
  - [Qemu-devel] Re: [CFR 9/10] device_del command, Jan Kiszka, 2010/06/15
    - Re: [Qemu-devel] Re: [CFR 9/10] device_del command, Miguel Di Ciurcio Filho, 2010/06/15
    - Re: [Qemu-devel] Re: [CFR 9/10] device_del command, Anthony Liguori, 2010/06/15
- [Qemu-devel] [CFR 8/10] device_add command, Anthony Liguori, 2010/06/15
  - Re: [Qemu-devel] [CFR 8/10] device_add command, Anthony Liguori, 2010/06/15
- [Qemu-devel] [CFR 7/10] cpu command, Anthony Liguori, 2010/06/15
  - [Qemu-devel] Re: [CFR 7/10] cpu command, Jan Kiszka, 2010/06/15
  - Re: [Qemu-devel] [CFR 7/10] cpu command, Anthony Liguori, 2010/06/15

Prev by Date: [Qemu-devel] Re: [PATCH 01/16] vnc: tight: add JPEG and gradient subencoding with smooth image detection
Next by Date: Re: [Qemu-devel] Re: RFC v2: blockdev_add & friends, brief rationale, QMP docs
Previous by thread: Re: [Qemu-devel] [CFR 2/10] qmp: block_passwd command
Next by thread: [Qemu-devel] [CFR 9/10] device_del command
Index(es):
- Date
- Thread