On Mon, Apr 03, 2017 at 02:04:42PM +0100, Daniel P. Berrange wrote: > On Mon, Apr 03, 2017 at 02:42:48PM +0200, Max Reitz wrote: > > On 03.04.2017 13:37, Daniel P. Berrange wrote: > > > On Mon, Mar 27, 2017 at 03:26:33PM +0200, Markus Armbruster wrote: > > >> This reverts a part of commit 8a47e8e. We're having second thoughts > > >> on the QAPI schema (and thus the external interface), and haven't > > >> reached consensus, yet. Issues include: > > >> > > >> * BlockdevOptionsRbd member @password-secret isn't actually a > > >> password, it's a key generated by Ceph. > > >> > > >> * We're not sure where member @password-secret belongs (see the > > >> previous commit). > > >> > > >> * How @password-secret interacts with settings from a configuration > > >> file specified with @conf is undocumented. I suspect it's untested, > > >> too. > > >> > > >> Let's avoid painting ourselves into a corner now, and revert the > > >> feature for 2.9. > > >> > > >> Note that users can still configure an authentication key with a > > >> configuration file. They probably do that anyway if they use Ceph > > >> outside QEMU as well. > > > > > > NB, this makes blockdev-add largely useless for RBD from libvirt's POV, > > > since we rely on the password-secret facility working to support apps > > > like openstack which won't configure the global config file for RBD. > > > > > > Not a regression though, since blockdev-add is new - just means we won't > > > be able to use the new feature yet :-( > > > > How does it make blockdev-add totally useless? The only thing you cannot > > do is set passwords for rbd. Can this not be added as a new feature in > > the future? > > Sure, if you want to run an rbd server without any auth its usable, just > that isn't something you really want todo from a security pov. >
What about using a keyring for rbd?
