To allow using -blockdev with RBD we need to support the recently added
RBD authentication.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
I must say that it looks quite fishy that we use also the "none" method
as acceptable but we've done so for a very long time.
src/qemu/qemu_block.c | 26 +++++++++++++++++++++-
.../network-qcow2-backing-chain-cache-unsafe.json | 5 +++++
...etwork-qcow2-backing-chain-encryption_auth.json | 5 +++++
3 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 0ebf2d2aff..7ad79c7e7d 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -906,13 +906,33 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr src)
virJSONValuePtr servers = NULL;
virJSONValuePtr ret = NULL;
const char *username = NULL;
+ virJSONValuePtr authmodes = NULL;
+ virJSONValuePtr mode = NULL;
+ const char *keysecret = NULL;
if (src->nhosts > 0 &&
!(servers = qemuBlockStorageSourceBuildHostsJSONInetSocketAddress(src)))
return NULL;
- if (src->auth)
+ if (src->auth) {
username = srcPriv->secinfo->s.aes.username;
+ keysecret = srcPriv->secinfo->s.aes.alias;
+ /* the auth modes are modelled after our old command line generator */
+ if (!(authmodes = virJSONValueNewArray()))
+ goto cleanup;
+
+ if (!(mode = virJSONValueNewString("cephx")) ||
+ virJSONValueArrayAppend(authmodes, mode) < 0)
+ goto cleanup;
+
+ mode = NULL;
+
+ if (!(mode = virJSONValueNewString("none")) ||
+ virJSONValueArrayAppend(authmodes, mode) < 0)
+ goto cleanup;
+
+ mode = NULL;
+ }
if (virJSONValueObjectCreate(&ret,
"s:driver", "rbd",
@@ -922,10 +942,14 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr src)
"S:conf", src->configFile,
"A:server", &servers,
"S:user", username,
+ "A:auth-client-required", &authmodes,
+ "S:key-secret", keysecret,
NULL) < 0)
goto cleanup;
cleanup:
+ virJSONValueFree(authmodes);
+ virJSONValueFree(mode);
virJSONValueFree(servers);
return ret;
}
diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json
index 80a694eee4..e66f62d24b 100644
--- a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json
+++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json
@@ -24,6 +24,11 @@
}
],
"user": "testuser-rbd",
+ "auth-client-required": [
+ "cephx",
+ "none"
+ ],
+ "key-secret": "node-a-s-secalias",
"node-name": "node-a-s",
"cache": {
"direct": false,
diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json
index fdb6f2ab1a..921cb3ea69 100644
--- a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json
+++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json
@@ -24,6 +24,11 @@
}
],
"user": "testuser-rbd",
+ "auth-client-required": [
+ "cephx",
+ "none"
+ ],
+ "key-secret": "node-a-s-secalias",
"node-name": "node-a-s",
"read-only": false,
"discard": "unmap"
--
2.16.2
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
It seems resolved https://bugzilla.redhat.com/show_bug.cgi?id=1596511 . If
so, please add this link in commit msg.
On Mon, Jul 9, 2018 at 10:12 PM, Peter Krempa <pkrempa@redhat.com> wrote:
> To allow using -blockdev with RBD we need to support the recently added
> RBD authentication.
>
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
> I must say that it looks quite fishy that we use also the "none" method
> as acceptable but we've done so for a very long time.
>
> src/qemu/qemu_block.c | 26
> +++++++++++++++++++++-
> .../network-qcow2-backing-chain-cache-unsafe.json | 5 +++++
> ...etwork-qcow2-backing-chain-encryption_auth.json | 5 +++++
> 3 files changed, 35 insertions(+), 1 deletion(-)
>
> diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
> index 0ebf2d2aff..7ad79c7e7d 100644
> --- a/src/qemu/qemu_block.c
> +++ b/src/qemu/qemu_block.c
> @@ -906,13 +906,33 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr
> src)
> virJSONValuePtr servers = NULL;
> virJSONValuePtr ret = NULL;
> const char *username = NULL;
> + virJSONValuePtr authmodes = NULL;
> + virJSONValuePtr mode = NULL;
> + const char *keysecret = NULL;
>
> if (src->nhosts > 0 &&
> !(servers = qemuBlockStorageSourceBuildHos
> tsJSONInetSocketAddress(src)))
> return NULL;
>
> - if (src->auth)
> + if (src->auth) {
> username = srcPriv->secinfo->s.aes.username;
> + keysecret = srcPriv->secinfo->s.aes.alias;
> + /* the auth modes are modelled after our old command line
> generator */
> + if (!(authmodes = virJSONValueNewArray()))
> + goto cleanup;
> +
> + if (!(mode = virJSONValueNewString("cephx")) ||
> + virJSONValueArrayAppend(authmodes, mode) < 0)
> + goto cleanup;
> +
> + mode = NULL;
> +
> + if (!(mode = virJSONValueNewString("none")) ||
> + virJSONValueArrayAppend(authmodes, mode) < 0)
> + goto cleanup;
> +
> + mode = NULL;
> + }
>
> if (virJSONValueObjectCreate(&ret,
> "s:driver", "rbd",
> @@ -922,10 +942,14 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr
> src)
> "S:conf", src->configFile,
> "A:server", &servers,
> "S:user", username,
> + "A:auth-client-required", &authmodes,
> + "S:key-secret", keysecret,
> NULL) < 0)
> goto cleanup;
>
> cleanup:
> + virJSONValueFree(authmodes);
> + virJSONValueFree(mode);
> virJSONValueFree(servers);
> return ret;
> }
> diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-cache-unsafe.json b/tests/qemublocktestdata/
> xml2json/network-qcow2-backing-chain-cache-unsafe.json
> index 80a694eee4..e66f62d24b 100644
> --- a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-cache-unsafe.json
> +++ b/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-cache-unsafe.json
> @@ -24,6 +24,11 @@
> }
> ],
> "user": "testuser-rbd",
> + "auth-client-required": [
> + "cephx",
> + "none"
> + ],
> + "key-secret": "node-a-s-secalias",
> "node-name": "node-a-s",
> "cache": {
> "direct": false,
> diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-encryption_auth.json b/tests/qemublocktestdata/
> xml2json/network-qcow2-backing-chain-encryption_auth.json
> index fdb6f2ab1a..921cb3ea69 100644
> --- a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-encryption_auth.json
> +++ b/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-encryption_auth.json
> @@ -24,6 +24,11 @@
> }
> ],
> "user": "testuser-rbd",
> + "auth-client-required": [
> + "cephx",
> + "none"
> + ],
> + "key-secret": "node-a-s-secalias",
> "node-name": "node-a-s",
> "read-only": false,
> "discard": "unmap"
> --
> 2.16.2
>
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>
--
Best regards,
-----------------------------------
Han Han
Quality Engineer
Redhat.
Email: hhan@redhat.com
Phone: +861065339333
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Mon, Jul 09, 2018 at 23:59:30 +0800, Han Han wrote: Please don't top-post on technical lists. > It seems resolved https://bugzilla.redhat.com/show_bug.cgi?id=1596511 . If > so, please add this link in commit msg. 1) There is no public data for that bugzilla everything is private so there's not much use in adding that link for upstream reference. 2) That bugzilla is in my opinion invalid. The RBD formatting code is not used currently and the only reason why this code was already committed is so that I don't have to post everything at once when I finish all the relevant parts for -blockdev. This means that there currently is no bug or lack of feature in upstream which could be tracked and when enabling -blockdev everything will work properly. I could live with adding that despite '2)' but as it's totally pointless due to '1)'. You can improve the public part of that bugzilla since you've filed it though and then I'll reconsider. > > On Mon, Jul 9, 2018 at 10:12 PM, Peter Krempa <pkrempa@redhat.com> wrote: > > > To allow using -blockdev with RBD we need to support the recently added > > RBD authentication. > > > > Signed-off-by: Peter Krempa <pkrempa@redhat.com> -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2026 Red Hat, Inc.