[libvirt] [PATCH v3 4/7] storage_pool: Rework chap XML to mimic ceph
John Ferlan
jferlan at redhat.com
Mon Jul 15 13:04:32 UTC 2013
The existing 'chap' XML logic was never used - just defined. Rather than
try to insert a square peg into a round hole, blow it up and rewrite the
logic to follow the 'ceph' format.
Remove the former "chap.login" and "chap.passwd" fields and replace
with "chap.username" and "chap.secret" in _virStoragePoolAuthChap.
Adjust the virStoragePoolDefParseAuthChap() to process.
Change the rng file to describe the new layout
Update the formatstorage.html to describe the usage of the secret element
to mention that the secret type "iscsi" and "ceph" can be used
to storage pool too.
Update the formatsecret.html to include a reference to the storage pool
Update tests to handle the changes from 'login' and 'passwd' to 'username'
and '<secret>' format
---
docs/formatsecret.html.in | 10 ++--
docs/formatstorage.html.in | 25 +++++++++-
docs/schemas/storagepool.rng | 20 ++------
src/conf/storage_conf.c | 56 +++++++++++++++-------
src/conf/storage_conf.h | 4 +-
tests/storagepoolxml2xmlin/pool-iscsi-auth.xml | 4 +-
.../pool-iscsi-vendor-product.xml | 4 +-
tests/storagepoolxml2xmlout/pool-iscsi-auth.xml | 4 +-
.../pool-iscsi-vendor-product.xml | 4 +-
tests/storagepoolxml2xmlout/pool-rbd.xml | 2 +-
10 files changed, 87 insertions(+), 46 deletions(-)
diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in
index 50c9533..3e306b5 100644
--- a/docs/formatsecret.html.in
+++ b/docs/formatsecret.html.in
@@ -64,8 +64,9 @@
a single <code>name</code> element that specifies a usage name
for the secret. The Ceph secret can then be used by UUID or by
this usage name via the <code><auth></code> element of
- a <a href="formatdomain.html#elementsDisks">disk
- device</a>. <span class="since">Since 0.9.7</span>.
+ a <a href="formatdomain.html#elementsDisks">disk device</a> or
+ a <a href="formatstorage.html">storage pool (rbd)</a>.
+ <span class="since">Since 0.9.7</span>.
</p>
<h3>Usage type "iscsi"</h3>
@@ -76,8 +77,9 @@
a single <code>target</code> element that specifies a usage name
for the secret. The iSCSI secret can then be used by UUID or by
this usage name via the <code><auth></code> element of
- a <a href="formatdomain.html#elementsDisks">disk
- device</a>. <span class="since">Since 1.0.4</span>.
+ a <a href="formatdomain.html#elementsDisks">disk device</a> or
+ a <a href="formatstorage.html">storage pool (iscsi)</a>.
+ <span class="since">Since 1.0.4</span>.
</p>
<h2><a name="example">Example</a></h2>
diff --git a/docs/formatstorage.html.in b/docs/formatstorage.html.in
index d702eb1..f4d561f 100644
--- a/docs/formatstorage.html.in
+++ b/docs/formatstorage.html.in
@@ -72,6 +72,9 @@
<source>
<host name="iscsi.example.com"/>
<device path="demo-target"/>
+ <auth type='chap' username='myname'>
+ <secret type='iscsi' usage='mycluster_myname'/>
+ </auth>
<vendor name="Acme"/>
<product name="model"/>
</source>
@@ -80,7 +83,6 @@
<pre>
...
<source>
- <source>
<adapter type='fc_host' parent='scsi_host5' wwnn='20000000c9831b4b' wwpn='10000000c9831b4b'/>
</source>
...</pre>
@@ -123,6 +125,27 @@
which is the hostname or IP address of the server. May optionally
contain a <code>port</code> attribute for the protocol specific
port number. <span class="since">Since 0.4.1</span></dd>
+ <dt><code>auth</code></dt>
+ <dd>If present, the <code>auth</code> element provides the
+ authentication credentials needed to access the source by the
+ setting of the <code>type</code> attribute. The <code>type</code>
+ must be either "chap" or "ceph". Additionally a mandatory attribute
+ <code>username</code> identifies the username to use during
+ authentication as well as a sub-element <code>secret</code> with
+ a mandatory attribute <code>type</code>, to tie back to a
+ <a href="formatsecret.html">libvirt secret object</a> that
+ holds the actual password or other credentials. The domain XML
+ intentionally does not expose the password, only the reference
+ to the object that manages the password. The secret element
+ <code>type</code> must be either "ceph" or "iscsi". Use "ceph" for
+ Ceph RBD (Rados Block Device) network sources and use "iscsi" for CHAP
+ (Challenge-Handshake Authentication Protocol) iSCSI targets.
+ The <code>secret</code> element requires either a <code>uuid</code>
+ attribute with the UUID of the secret object or a <code>usage</code>
+ attribute matching the key that was specified in the
+ secret object. <span class="since">Since 0.9.7 for "ceph" and
+ 1.1.1 for "chap"</span>
+ </dd>
<dt><code>name</code></dt>
<dd>Provides the source for pools backed by storage from a
named element (e.g., a logical volume group name).
diff --git a/docs/schemas/storagepool.rng b/docs/schemas/storagepool.rng
index 3c2158a..6da3c11 100644
--- a/docs/schemas/storagepool.rng
+++ b/docs/schemas/storagepool.rng
@@ -286,22 +286,10 @@
<value>ceph</value>
</choice>
</attribute>
- <choice>
- <attribute name='login'>
- <text/>
- </attribute>
- <attribute name='username'>
- <text/>
- </attribute>
- </choice>
- <optional>
- <attribute name='passwd'>
- <text/>
- </attribute>
- </optional>
- <optional>
- <ref name='sourceinfoauthsecret'/>
- </optional>
+ <attribute name='username'>
+ <text/>
+ </attribute>
+ <ref name='sourceinfoauthsecret'/>
</element>
</define>
diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c
index 1097de8..404545a 100644
--- a/src/conf/storage_conf.c
+++ b/src/conf/storage_conf.c
@@ -365,8 +365,8 @@ virStoragePoolSourceClear(virStoragePoolSourcePtr source)
VIR_FREE(source->product);
if (source->authType == VIR_STORAGE_POOL_AUTH_CHAP) {
- VIR_FREE(source->auth.chap.login);
- VIR_FREE(source->auth.chap.passwd);
+ VIR_FREE(source->auth.chap.username);
+ VIR_FREE(source->auth.chap.secret.usage);
}
if (source->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
@@ -461,21 +461,44 @@ static int
virStoragePoolDefParseAuthChap(xmlXPathContextPtr ctxt,
virStoragePoolAuthChapPtr auth)
{
- auth->login = virXPathString("string(./auth/@login)", ctxt);
- if (auth->login == NULL) {
+ char *uuid = NULL;
+ int ret = -1;
+
+ auth->username = virXPathString("string(./auth/@username)", ctxt);
+ if (auth->username == NULL) {
virReportError(VIR_ERR_XML_ERROR, "%s",
- _("missing auth login attribute"));
+ _("missing auth username attribute"));
return -1;
}
- auth->passwd = virXPathString("string(./auth/@passwd)", ctxt);
- if (auth->passwd == NULL) {
+ uuid = virXPathString("string(./auth/secret/@uuid)", ctxt);
+ auth->secret.usage = virXPathString("string(./auth/secret/@usage)", ctxt);
+ if (uuid == NULL && auth->secret.usage == NULL) {
virReportError(VIR_ERR_XML_ERROR, "%s",
- _("missing auth passwd attribute"));
+ _("missing auth secret uuid or usage attribute"));
return -1;
}
- return 0;
+ if (uuid != NULL) {
+ if (auth->secret.usage != NULL) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("either auth secret uuid or usage expected"));
+ goto cleanup;
+ }
+ if (virUUIDParse(uuid, auth->secret.uuid) < 0) {
+ virReportError(VIR_ERR_XML_ERROR, "%s",
+ _("invalid auth secret uuid"));
+ goto cleanup;
+ }
+ auth->secret.uuidUsable = true;
+ } else {
+ auth->secret.uuidUsable = false;
+ }
+
+ ret = 0;
+cleanup:
+ VIR_FREE(uuid);
+ return ret;
}
static int
@@ -1134,16 +1157,13 @@ virStoragePoolSourceFormat(virBufferPtr buf,
virBufferAsprintf(buf," <format type='%s'/>\n", format);
}
- if (src->authType == VIR_STORAGE_POOL_AUTH_CHAP)
- virBufferAsprintf(buf," <auth type='%s' login='%s' passwd='%s'/>\n",
+ if (src->authType == VIR_STORAGE_POOL_AUTH_CHAP ||
+ src->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
+ virBufferAsprintf(buf," <auth type='%s' username='%s'>\n",
virStoragePoolAuthTypeTypeToString(src->authType),
- src->auth.chap.login,
- src->auth.chap.passwd);
-
- if (src->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
- virBufferAsprintf(buf," <auth username='%s' type='%s'>\n",
- src->auth.cephx.username,
- virStoragePoolAuthTypeTypeToString(src->authType));
+ (src->authType == VIR_STORAGE_POOL_AUTH_CHAP ?
+ src->auth.chap.username :
+ src->auth.cephx.username));
virBufferAddLit(buf," <secret");
if (src->auth.cephx.secret.uuidUsable) {
diff --git a/src/conf/storage_conf.h b/src/conf/storage_conf.h
index 5fbecf4..fd9b2e7 100644
--- a/src/conf/storage_conf.h
+++ b/src/conf/storage_conf.h
@@ -162,8 +162,8 @@ struct _virStoragePoolAuthSecret {
typedef struct _virStoragePoolAuthChap virStoragePoolAuthChap;
typedef virStoragePoolAuthChap *virStoragePoolAuthChapPtr;
struct _virStoragePoolAuthChap {
- char *login;
- char *passwd;
+ char *username;
+ virStoragePoolAuthSecret secret;
};
typedef struct _virStoragePoolAuthCephx virStoragePoolAuthCephx;
diff --git a/tests/storagepoolxml2xmlin/pool-iscsi-auth.xml b/tests/storagepoolxml2xmlin/pool-iscsi-auth.xml
index f7d4d52..c81eb60 100644
--- a/tests/storagepoolxml2xmlin/pool-iscsi-auth.xml
+++ b/tests/storagepoolxml2xmlin/pool-iscsi-auth.xml
@@ -4,7 +4,9 @@
<source>
<host name="iscsi.example.com"/>
<device path="demo-target"/>
- <auth type='chap' login='foobar' passwd='frobbar'/>
+ <auth type='chap' username='admin'>
+ <secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
+ </auth>
</source>
<target>
<path>/dev/disk/by-path</path>
diff --git a/tests/storagepoolxml2xmlin/pool-iscsi-vendor-product.xml b/tests/storagepoolxml2xmlin/pool-iscsi-vendor-product.xml
index 01fbd9b..821feb1 100644
--- a/tests/storagepoolxml2xmlin/pool-iscsi-vendor-product.xml
+++ b/tests/storagepoolxml2xmlin/pool-iscsi-vendor-product.xml
@@ -4,7 +4,9 @@
<source>
<host name="iscsi.example.com"/>
<device path="demo-target"/>
- <auth type='chap' login='foobar' passwd='frobbar'/>
+ <auth type='chap' username='admin'>
+ <secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
+ </auth>
<vendor name='test-vendor'/>
<product name='test-product'/>
</source>
diff --git a/tests/storagepoolxml2xmlout/pool-iscsi-auth.xml b/tests/storagepoolxml2xmlout/pool-iscsi-auth.xml
index 4fa8f64..3d84c1c 100644
--- a/tests/storagepoolxml2xmlout/pool-iscsi-auth.xml
+++ b/tests/storagepoolxml2xmlout/pool-iscsi-auth.xml
@@ -7,7 +7,9 @@
<source>
<host name='iscsi.example.com'/>
<device path='demo-target'/>
- <auth type='chap' login='foobar' passwd='frobbar'/>
+ <auth type='chap' username='admin'>
+ <secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
+ </auth>
</source>
<target>
<path>/dev/disk/by-path</path>
diff --git a/tests/storagepoolxml2xmlout/pool-iscsi-vendor-product.xml b/tests/storagepoolxml2xmlout/pool-iscsi-vendor-product.xml
index 6ae1c39..4fb19bb 100644
--- a/tests/storagepoolxml2xmlout/pool-iscsi-vendor-product.xml
+++ b/tests/storagepoolxml2xmlout/pool-iscsi-vendor-product.xml
@@ -7,7 +7,9 @@
<source>
<host name='iscsi.example.com'/>
<device path='demo-target'/>
- <auth type='chap' login='foobar' passwd='frobbar'/>
+ <auth type='chap' username='admin'>
+ <secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
+ </auth>
<vendor name='test-vendor'/>
<product name='test-product'/>
</source>
diff --git a/tests/storagepoolxml2xmlout/pool-rbd.xml b/tests/storagepoolxml2xmlout/pool-rbd.xml
index 309a6d9..4fe2fce 100644
--- a/tests/storagepoolxml2xmlout/pool-rbd.xml
+++ b/tests/storagepoolxml2xmlout/pool-rbd.xml
@@ -8,7 +8,7 @@
<name>rbd</name>
<host name='localhost' port='6789'/>
<host name='localhost' port='6790'/>
- <auth username='admin' type='ceph'>
+ <auth type='ceph' username='admin'>
<secret uuid='2ec115d7-3a88-3ceb-bc12-0ac909a6fd87'/>
</auth>
</source>
--
1.8.1.4
More information about the libvir-list
mailing list