[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] iscsi: Add chap and "initiator-name" etc as per
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH] iscsi: Add chap and "initiator-name" etc as per drive options |
Date: |
Mon, 14 Sep 2015 09:04:09 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 |
On 09/14/2015 12:50 AM, Peter Lieven wrote:
>>>> It would be nice to also add a matching BlockdevOptionsIscsi to
>>>> qapi/block-core.json, to allow setting these structured options from
>>>> QMP. Separate patch is fine, but we need to do the work for ALL of the
>>>> remaining block devices eventually, and now that you are structuring the
>>>> command line is a good time to think about it.
>>>>
>>>>
>>> Passing via command line is evil. It should still be possible to pass
>>> all this via a config file to qemu :
>>>
>>
>> I agree passing password with clear text command line is bad, but -readconfig
>> doesn't work for qemu-img and qemu-io. Any idea how to make that work?
>
> you can pass the secrets via environment variables (see libiscsi readme).
Environment variables are no more secure than command line parameters -
both are visible via ps to other processes, and hence relatively
insecure. We need a way to pass secrets over a file descriptor, whether
that file descriptor be a config file, or whether it be a pipe.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature