Commit Graph

20 Commits

Author SHA1 Message Date
Daniel P. Berrange
145614a112 nbd: enable use of TLS with qemu-nbd server
This modifies the qemu-nbd program so that it is possible to
request the use of TLS with the server. It simply adds a new
command line option --tls-creds which is used to provide the
ID of a QCryptoTLSCreds object previously created via the
--object command line option.

For example

  qemu-nbd --object tls-creds-x509,id=tls0,endpoint=server,\
                    dir=/home/berrange/security/qemutls \
           --tls-creds tls0 \
           --exportname default

TLS requires the new style NBD protocol, so if no export name
is set (via --export-name), then we use the default NBD protocol
export name ""

TLS is only supported when using an IPv4/IPv6 socket listener.
It is not possible to use with UNIX sockets, which includes
when connecting the NBD server to a host device.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1455129674-17255-16-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-16 17:17:42 +01:00
Daniel P. Berrange
3d4b2f9c94 nbd: allow setting of an export name for qemu-nbd server
The qemu-nbd server currently always uses the old style protocol
since it never sets any export name. This is a problem because
future TLS support will require use of the new style protocol
negotiation.

This adds "--exportname NAME" / "-x NAME" arguments to qemu-nbd
which allow the user to set an explicit export name. When an
export name is set the server will always use the new style
NBD protocol.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1455129674-17255-11-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-16 17:16:00 +01:00
Daniel P. Berrange
0ab3b3375b qemu-nbd: add support for --object command line arg
Allow creation of user creatable object types with qemu-nbd
via a new --object command line arg. This will be used to supply
passwords and/or encryption keys to the various block driver
backends via the recently added 'secret' object type.

 # printf letmein > mypasswd.txt
 # qemu-nbd --object secret,id=sec0,file=mypasswd.txt \
      ...other nbd args...

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Message-Id: <1455129674-17255-3-git-send-email-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-16 17:13:06 +01:00
Sitsofe Wheeler
5090121845 qemu-nbd: Fix texi sentence capitalisation
Capitalise the first letter of sentences (and reword for grammar) the
options section of qemu-nbd.texi.

Signed-off-by: Sitsofe Wheeler <sitsofe@yahoo.com>
Message-Id: <1451979212-25479-4-git-send-email-sitsofe@yahoo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-09 15:45:26 +01:00
Sitsofe Wheeler
7e8911bb40 qemu-nbd: Minor texi updates
- Change some spacing.
- Add disconnect usage to synopsis.
- Highlight the command and its options in the synopsis.
- Fix up the grammar in the description.
- Move filename variable description out of the option table.
- Add a description of the dev variable.
- Remove duplicate entry for --format.
- Reword --discard documentation.
- Add --detect-zeroes documentation.
- Add reference to qemu man page to see also section.

Signed-off-by: Sitsofe Wheeler <sitsofe@yahoo.com>
Message-Id: <1451979212-25479-3-git-send-email-sitsofe@yahoo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-09 15:45:26 +01:00
Sitsofe Wheeler
b9dbb61757 qemu-nbd: Fix unintended texi verbatim formatting
Indented lines in the texi meant the perlpod produced interpreted the
paragraph as being verbatim (thus formatting codes were not
interpreted). Fix this by un-indenting problem lines.

Signed-off-by: Sitsofe Wheeler <sitsofe@yahoo.com>
Message-Id: <1451979212-25479-2-git-send-email-sitsofe@yahoo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-09 15:45:26 +01:00
Hani Benhabiles
5672ee54d5 nbd: Miscellaneous typo fixes.
Signed-off-by: Hani Benhabiles <hani@linux.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2014-05-24 00:07:29 +04:00
Wenchao Xia
4323fdcf94 qemu-nbd: add doc for option -f
Signed-off-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-12-04 15:19:00 +01:00
Wenchao Xia
8c116b0e41 qemu-nbd: support internal snapshot export
Now it is possible to directly export an internal snapshot, which
can be used to probe the snapshot's contents without qemu-img
convert.

Signed-off-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2013-12-04 15:19:00 +01:00
Daniel P. Berrange
e6b636779b Add -f FMT / --format FMT arg to qemu-nbd
Currently the qemu-nbd program will auto-detect the format of
any disk it is given. This behaviour is known to be insecure.
For example, if qemu-nbd initially exposes a 'raw' file to an
unprivileged app, and that app runs

   'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0'

then the next time the app is started, the qemu-nbd will now
detect it as a 'qcow2' file and expose /etc/shadow to the
unprivileged app.

The only way to avoid this is to explicitly tell qemu-nbd what
disk format to use on the command line, completely disabling
auto-detection. This patch adds a '-f' / '--format' arg for
this purpose, mirroring what is already available via qemu-img
and qemu commands.

  qemu-nbd --format raw -p 9000 evil.img

will now always use raw, regardless of what format 'evil.img'
looks like it contains

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
[Use errx, not err. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-04-15 14:29:20 -05:00
Paolo Bonzini
ded9d2d5e2 qemu-nbd: add --discard option
Similar to --cache and --aio, this option mimics the discard suboption
of "-drive".

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2013-02-22 21:29:43 +01:00
Paolo Bonzini
0eb256a217 qemu-nbd: document --cache and --aio options
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2013-02-08 11:14:19 -06:00
Stefan Weil
071c939458 Replace Qemu by QEMU in user visible documentation
The official spelling is QEMU.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
2012-04-07 13:58:06 +00:00
Ryota Ozaki
bba7be962e qemu-nbd: Fix wrong description in qemu-nbd.texi
-c option needs argument <dev> but it's missing now.
This patch fixes it.

Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2010-03-06 23:03:50 +01:00
aliguori
4a6b819c09 Fix formatting of documentation (Stefan Weil)
Fix formatting for documentation of nbd command line options.

Signed-off-by: Stefan Weil <weil@mail.berlios.de> 
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>



git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5301 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-22 20:41:57 +00:00
ths
75818250ba Allow QEMU to connect directly to an NBD server, by Laurent Vivier.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4838 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-03 13:41:03 +00:00
ths
3b05a8e91b Allow to share a disk image via nbd, by Laurent Vivier.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4837 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-03 12:45:02 +00:00
ths
2f7264888a Add a parameter to disable host cache, by Laurent Vivier.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4836 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-03 11:47:46 +00:00
ths
cd831bd787 Merge NBD client/server, by Laurent Vivier.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4834 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-03 10:23:51 +00:00
bellard
7a5ca8648b qemu-nbd tool (Anthony Liguori)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4596 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-27 21:13:40 +00:00