a single <code>name</code> element that specifies a usage name
for the secret. The Ceph secret can then be used by UUID or by
this usage name via the <code><auth></code> element of
- a <a href="formatdomain.html#elementsDisks">disk
- device</a>. <span class="since">Since 0.9.7</span>.
+ a <a href="formatdomain.html#elementsDisks">disk device</a> or
+ a <a href="formatstorage.html">storage pool (rbd)</a>.
+ <span class="since">Since 0.9.7</span>.
</p>
<h3>Usage type "iscsi"</h3>
a single <code>target</code> element that specifies a usage name
for the secret. The iSCSI secret can then be used by UUID or by
this usage name via the <code><auth></code> element of
- a <a href="formatdomain.html#elementsDisks">disk
- device</a>. <span class="since">Since 1.0.4</span>.
+ a <a href="formatdomain.html#elementsDisks">disk device</a> or
+ a <a href="formatstorage.html">storage pool (iscsi)</a>.
+ <span class="since">Since 1.0.4</span>.
</p>
<h2><a name="example">Example</a></h2>
<source>
<host name="iscsi.example.com"/>
<device path="demo-target"/>
+ <auth type='chap' username='myname'>
+ <secret type='iscsi' usage='mycluster_myname'/>
+ </auth>
<vendor name="Acme"/>
<product name="model"/>
</source>
<pre>
...
- <source>
<source>
<adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/>
</source>
which is the hostname or IP address of the server. May optionally
contain a <code>port</code> attribute for the protocol specific
port number. <span class="since">Since 0.4.1</span></dd>
+ <dt><code>auth</code></dt>
+ <dd>If present, the <code>auth</code> element provides the
+ authentication credentials needed to access the source by the
+ setting of the <code>type</code> attribute. The <code>type</code>
+ must be either "chap" or "ceph". Additionally a mandatory attribute
+ <code>username</code> identifies the username to use during
+ authentication as well as a sub-element <code>secret</code> with
+ a mandatory attribute <code>type</code>, to tie back to a
+ <a href="formatsecret.html">libvirt secret object</a> that
+ holds the actual password or other credentials. The domain XML
+ intentionally does not expose the password, only the reference
+ to the object that manages the password. The secret element
+ <code>type</code> must be either "ceph" or "iscsi". Use "ceph" for
+ Ceph RBD (Rados Block Device) network sources and use "iscsi" for CHAP
+ (Challenge-Handshake Authentication Protocol) iSCSI targets.
+ The <code>secret</code> element requires either a <code>uuid</code>
+ attribute with the UUID of the secret object or a <code>usage</code>
+ attribute matching the key that was specified in the
+ secret object. <span class="since">Since 0.9.7 for "ceph" and
+ 1.1.1 for "chap"</span>
+ </dd>
<dt><code>name</code></dt>
<dd>Provides the source for pools backed by storage from a
named element (e.g., a logical volume group name).
<value>ceph</value>
</choice>
</attribute>
- <choice>
- <attribute name='login'>
- <text/>
- </attribute>
- <attribute name='username'>
- <text/>
- </attribute>
- </choice>
- <optional>
- <attribute name='passwd'>
- <text/>
- </attribute>
- </optional>
- <optional>
- <ref name='sourceinfoauthsecret'/>
- </optional>
+ <attribute name='username'>
+ <text/>
+ </attribute>
+ <ref name='sourceinfoauthsecret'/>
</element>
</define>
VIR_FREE(source->product);
if (source->authType == VIR_STORAGE_POOL_AUTH_CHAP) {
- VIR_FREE(source->auth.chap.login);
- VIR_FREE(source->auth.chap.passwd);
+ VIR_FREE(source->auth.chap.username);
+ VIR_FREE(source->auth.chap.secret.usage);
}
if (source->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
virStoragePoolDefParseAuthChap(xmlXPathContextPtr ctxt,
virStoragePoolAuthChapPtr auth)
{
- auth->login = virXPathString("string(./auth/@login)", ctxt);
- if (auth->login == NULL) {
+ char *uuid = NULL;
+ int ret = -1;
+
+ auth->username = virXPathString("string(./auth/@username)", ctxt);
+ if (auth->username == NULL) {
virReportError(VIR_ERR_XML_ERROR, "%s",
- _("missing auth login attribute"));
+ _("missing auth username attribute"));
return -1;
}
- auth->passwd = virXPathString("string(./auth/@passwd)", ctxt);
- if (auth->passwd == NULL) {
+ uuid = virXPathString("string(./auth/secret/@uuid)", ctxt);
+ auth->secret.usage = virXPathString("string(./auth/secret/@usage)", ctxt);
+ if (uuid == NULL && auth->secret.usage == NULL) {
virReportError(VIR_ERR_XML_ERROR, "%s",
- _("missing auth passwd attribute"));
+ _("missing auth secret uuid or usage attribute"));
return -1;
}
- return 0;
+ if (uuid != NULL) {
+ if (auth->secret.usage != NULL) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("either auth secret uuid or usage expected"));
+ goto cleanup;
+ }
+ if (virUUIDParse(uuid, auth->secret.uuid) < 0) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("invalid auth secret uuid"));
+ goto cleanup;
+ }
+ auth->secret.uuidUsable = true;
+ } else {
+ auth->secret.uuidUsable = false;
+ }
+
+ ret = 0;
+cleanup:
+ VIR_FREE(uuid);
+ return ret;
}
static int
virBufferAsprintf(buf," <format type='%s'/>\n", format);
}
- if (src->authType == VIR_STORAGE_POOL_AUTH_CHAP)
- virBufferAsprintf(buf," <auth type='%s' login='%s' passwd='%s'/>\n",
+ if (src->authType == VIR_STORAGE_POOL_AUTH_CHAP ||
+ src->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
+ virBufferAsprintf(buf," <auth type='%s' username='%s'>\n",
virStoragePoolAuthTypeTypeToString(src->authType),
- src->auth.chap.login,
- src->auth.chap.passwd);
-
- if (src->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
- virBufferAsprintf(buf," <auth username='%s' type='%s'>\n",
- src->auth.cephx.username,
- virStoragePoolAuthTypeTypeToString(src->authType));
+ (src->authType == VIR_STORAGE_POOL_AUTH_CHAP ?
+ src->auth.chap.username :
+ src->auth.cephx.username));
virBufferAddLit(buf," <secret");
if (src->auth.cephx.secret.uuidUsable) {
typedef struct _virStoragePoolAuthChap virStoragePoolAuthChap;
typedef virStoragePoolAuthChap *virStoragePoolAuthChapPtr;
struct _virStoragePoolAuthChap {
- char *login;
- char *passwd;
+ char *username;
+ virStoragePoolAuthSecret secret;
};
typedef struct _virStoragePoolAuthCephx virStoragePoolAuthCephx;
<source>
<host name="iscsi.example.com"/>
<device path="demo-target"/>
- <auth type='chap' login='foobar' passwd='frobbar'/>
+ <auth type='chap' username='admin'>
+ <secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
+ </auth>
</source>
<target>
<path>/dev/disk/by-path</path>
<source>
<host name="iscsi.example.com"/>
<device path="demo-target"/>
- <auth type='chap' login='foobar' passwd='frobbar'/>
+ <auth type='chap' username='admin'>
+ <secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
+ </auth>
<vendor name='test-vendor'/>
<product name='test-product'/>
</source>
<source>
<host name='iscsi.example.com'/>
<device path='demo-target'/>
- <auth type='chap' login='foobar' passwd='frobbar'/>
+ <auth type='chap' username='admin'>
+ <secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
+ </auth>
</source>
<target>
<path>/dev/disk/by-path</path>
<source>
<host name='iscsi.example.com'/>
<device path='demo-target'/>
- <auth type='chap' login='foobar' passwd='frobbar'/>
+ <auth type='chap' username='admin'>
+ <secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
+ </auth>
<vendor name='test-vendor'/>
<product name='test-product'/>
</source>
<name>rbd</name>
<host name='localhost' port='6789'/>
<host name='localhost' port='6790'/>
- <auth username='admin' type='ceph'>
+ <auth type='ceph' username='admin'>
<secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
</auth>
</source>
projects / libvirt.git / commitdiff