Re: [libvirt] [PATCH 08/12] qemu: domain: Extract setup for disk source secrets

On 10/20/2017 09:47 AM, Peter Krempa wrote: > Separate it so that it deals only with single virStorageSource, so that > it can later be reused for full backing chain support. > > Two aliases are passed since authentication is more relevant to the > 'storage backend' whereas encryption is more relevant to the protocol > layer. When using node names, the aliases will be different. > --- > src/qemu/qemu_domain.c | 49 +++++++++++++++++++++++++++++++------------------ > 1 file changed, 31 insertions(+), 18 deletions(-) > FWIW: The @authalias would be the secret for the source to access the server (RBD only right now, but the iSCSI patches are on list) while the @encalias would be the LUKS secret. Does the backing chain allow different "auth" sources for different chain members? Mind boggling, but I guess possible. I suppose it would also be possible that some member of the chain doesn't use the auth, but rather it's a local LUKS encrypted file - is that the essential goal? I think perhaps it'd help to add some comments for qemuDomainSecretStorageSourcePrepare in order to describe the parameters and the "expectations" for varying levels of the chain. There's also some "assumptions" built into the hotplug code for at least the top level.