On 03/27/2017 08:26 AM, Markus Armbruster wrote: > This reverts commit 60390a2192e7b38aee18db6ce7fb740498709737. > > The commit's rationale > > Currently RBD passwords must be provided on the command line > via > > $QEMU -drive file=rbd:pool/image:id=myname:\ > key=QVFDVm41aE82SHpGQWhBQXEwTkN2OGp0SmNJY0UrSE9CbE1RMUE=:\ > auth_supported=cephx > > This is insecure because the key is visible in the OS process > listing. > > is invalid. You can easily avoid passing keys on the command line by > using "keyfile" instead of "key". In fact, the Ceph documentation > calls use of key "not recommended". But the most common way to > provide keys is a keyring. The default keyrings should be just fine > for most users. When they aren't, you can configure your own keyrings > with "keyring" or override the key with "keyfile". > > The commit adds parameter password-secret to -drive. Support for it > was included in -blockdev, but reverted in the previous commit due to > concerns about the QMP interface. Revert it from -drive, too. > > Cc: Daniel P. Berrange <berra...@redhat.com> > Signed-off-by: Markus Armbruster <arm...@redhat.com> > --- > block/rbd.c | 47 ----------------------------------------------- > 1 file changed, 47 deletions(-)
Are we sure this won't be breaking existing libvirt clients? -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
