Re: [Qemu-devel] [PATCH] iscsi: Add chap and "initiator-name" etc as per drive options

Sun, 13 Sep 2015 23:39:08 -0700 

On Fri, 09/11 08:27, ronnie sahlberg wrote:
> On Fri, Sep 11, 2015 at 8:20 AM, Eric Blake <ebl...@redhat.com> wrote:
> > On 09/11/2015 12:00 AM, Fam Zheng wrote:
> >> Previously we use "-iscsi id=target-iqn,user=foo,password=bar,..." to
> >> specify iscsi connection parameters, unfortunately it doesn't work with
> >> qemu-img.
> >>
> >> This patch adds per drive options to iscsi driver so that at least
> >> qemu-img can use the "json:{...}" filename magic.
> >>
> >> Signed-off-by: Fam Zheng <f...@redhat.com>
> >> ---
> >>  block/iscsi.c | 83 
> >> +++++++++++++++++++++++++++++++++++++++++++++--------------
> >>  1 file changed, 64 insertions(+), 19 deletions(-)
> >
> > It would be nice to also add a matching BlockdevOptionsIscsi to
> > qapi/block-core.json, to allow setting these structured options from
> > QMP.  Separate patch is fine, but we need to do the work for ALL of the
> > remaining block devices eventually, and now that you are structuring the
> > command line is a good time to think about it.
> >
> >
> >>  static void iscsi_nop_timed_event(void *opaque)
> >> @@ -1229,6 +1253,27 @@ static QemuOptsList runtime_opts = {
> >>              .name = "filename",
> >>              .type = QEMU_OPT_STRING,
> >>              .help = "URL to the iscsi image",
> >> +        },{
> >> +            .name = "user",
> >> +            .type = QEMU_OPT_STRING,
> >> +            .help = "username for CHAP authentication to target",
> >> +        },{
> >> +            .name = "password",
> >> +            .type = QEMU_OPT_STRING,
> >> +            .help = "password for CHAP authentication to target",
> >> +        },{
> >
> > Also, this requires passing the password in the command line. We
> > _really_ need to solve the problem of allowing the password to be passed
> > via a fd or other QMP command, rather than on the command line.
> 
> 
> Passing via command line is evil. It should still be possible to pass
> all this via a config file to qemu :
> 
> """
> ...
> Howto use a configuration file to set iSCSI configuration options:
> @example
> cat >iscsi.conf <<EOF
> [iscsi "iqn.target.name"]
>   user = "me"
>   password = "my password"
>   initiator-name = "iqn.qemu.test:my-initiator"
>   header-digest = "CRC32C"
> EOF
> 
> qemu-system-i386 -drive file=iscsi://127.0.0.1/iqn.qemu.test/1 \
>     -readconfig iscsi.conf
> @end example
> ...
> """

I agree passing password with clear text command line is bad, but -readconfig
doesn't work for qemu-img and qemu-io.  Any idea how to make that work?

Fam

Reply via email to