On Mon, Mar 27, 2017 at 03:26:33PM +0200, Markus Armbruster wrote:
> This reverts a part of commit 8a47e8e. We're having second thoughts
> on the QAPI schema (and thus the external interface), and haven't
> reached consensus, yet. Issues include:
>
> * BlockdevOptionsRbd member @password-secret isn't actually a
> password, it's a key generated by Ceph.
>
> * We're not sure where member @password-secret belongs (see the
> previous commit).
>
> * How @password-secret interacts with settings from a configuration
> file specified with @conf is undocumented. I suspect it's untested,
> too.
It's tested, at least to some extent -- it works on my setup; it will
override whatever is set in the conf or the keyring. I can alternate
between /etc/ceph/keyring, or password-secret, or override the user present
in /etc/cep/keyring with a different key via password-secret.
So I'd suggest dropping that blurb from the commit message.
I agree with the overall reasoning though behind remove all parameters not
needed for now, so:
Reviewed-by: Jeff Cody <jc...@redhat.com>
>
> Let's avoid painting ourselves into a corner now, and revert the
> feature for 2.9.
>
> Note that users can still configure an authentication key with a
> configuration file. They probably do that anyway if they use Ceph
> outside QEMU as well.
>
> Signed-off-by: Markus Armbruster <arm...@redhat.com>
> ---
> qapi/block-core.json | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/qapi/block-core.json b/qapi/block-core.json
> index 6a7ca0b..2e60ab5 100644
> --- a/qapi/block-core.json
> +++ b/qapi/block-core.json
> @@ -2618,9 +2618,6 @@
> # @server: Monitor host address and port. This maps
> # to the "mon_host" Ceph option.
> #
> -# @password-secret: The ID of a QCryptoSecret object providing
> -# the password for the login.
> -#
> # Since: 2.9
> ##
> { 'struct': 'BlockdevOptionsRbd',
> --
> 2.7.4
>
