Re: [libvirt] [PATCH v2 02/12] qemu: Introduce qemuDomainSecretPrepare and Destroy
On Sat, Apr 16, 2016 at 10:17:35AM -0400, John Ferlan wrote:
Rather than needing to pass the conn parameter to various command
line building API's, add qemuDomainSecretPrepare just prior to the
qemuProcessLaunch which calls qemuBuilCommandLine. The function
must be called after qemuProcessPrepareHost since it's expected
to eventually need the domain masterKey generated during the prepare
host call. Additionally, future patches may require device aliases
(assigned during the prepare domain call) in order to associate
the secret objects.
The qemuDomainSecretDestroy is called after the qemuProcessLaunch
finishes in order to clear and free memory used by the secrets
that were recently prepared, so they are not kept around in memory
too long.
Placing the setup here is beneficial for future patches which will
need the domain masterKey in order to generate an encrypted secret
along with an initialization vector to be saved and passed (since
the masterKey shouldn't be passed around).
Finally, since the secret is not added during command line build,
the hotplug code will need to get the secret into the private disk data.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/qemu/qemu_command.c | 45 ++++-----------
src/qemu/qemu_command.h | 5 +-
src/qemu/qemu_domain.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++--
src/qemu/qemu_domain.h | 15 ++++-
src/qemu/qemu_driver.c | 10 ++--
src/qemu/qemu_hotplug.c | 26 +++++----
src/qemu/qemu_hotplug.h | 1 -
src/qemu/qemu_process.c | 8 +++
8 files changed, 202 insertions(+), 58 deletions(-)
@@ -1033,8 +1012,7 @@ qemuCheckFips(void)
char *
-qemuBuildDriveStr(virConnectPtr conn,
- virDomainDiskDefPtr disk,
It's really nice to see the 'conn' go.
+qemuBuildDriveStr(virDomainDiskDefPtr disk,
bool bootable,
virQEMUCapsPtr qemuCaps)
{
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 81d86c2..c9f43fa 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -5640,6 +5640,9 @@ qemuProcessStart(virConnectPtr conn,
if (qemuProcessPrepareHost(driver, vm, !!incoming) < 0)
goto stop;
+ if (qemuDomainSecretPrepare(conn, vm) < 0)
+ goto cleanup;
+
The call fits better in qemuProcessPrepareDomain,
that way it will be called even for incoming migration.
Jan