[libvirt] [PATCH 4/4] qemu: block: Add support for RBD authentication for blockdev

Han Han hhan at redhat.com
Mon Jul 9 15:59:30 UTC 2018 

It seems resolved https://bugzilla.redhat.com/show_bug.cgi?id=1596511 . If
so, please add this link in commit msg.

On Mon, Jul 9, 2018 at 10:12 PM, Peter Krempa <pkrempa at redhat.com> wrote:

> To allow using -blockdev with RBD we need to support the recently added
> RBD authentication.
>
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
> I must say that it looks quite fishy that we use also the "none" method
> as acceptable but we've done so for a very long time.
>
>  src/qemu/qemu_block.c                              | 26
> +++++++++++++++++++++-
>  .../network-qcow2-backing-chain-cache-unsafe.json  |  5 +++++
>  ...etwork-qcow2-backing-chain-encryption_auth.json |  5 +++++
>  3 files changed, 35 insertions(+), 1 deletion(-)
>
> diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
> index 0ebf2d2aff..7ad79c7e7d 100644
> --- a/src/qemu/qemu_block.c
> +++ b/src/qemu/qemu_block.c
> @@ -906,13 +906,33 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr
> src)
>      virJSONValuePtr servers = NULL;
>      virJSONValuePtr ret = NULL;
>      const char *username = NULL;
> +    virJSONValuePtr authmodes = NULL;
> +    virJSONValuePtr mode = NULL;
> +    const char *keysecret = NULL;
>
>      if (src->nhosts > 0 &&
>          !(servers = qemuBlockStorageSourceBuildHos
> tsJSONInetSocketAddress(src)))
>          return NULL;
>
> -    if (src->auth)
> +    if (src->auth) {
>          username = srcPriv->secinfo->s.aes.username;
> +        keysecret = srcPriv->secinfo->s.aes.alias;
> +        /* the auth modes are modelled after our old command line
> generator */
> +        if (!(authmodes = virJSONValueNewArray()))
> +            goto cleanup;
> +
> +        if (!(mode = virJSONValueNewString("cephx")) ||
> +            virJSONValueArrayAppend(authmodes, mode) < 0)
> +            goto cleanup;
> +
> +        mode = NULL;
> +
> +        if (!(mode = virJSONValueNewString("none")) ||
> +            virJSONValueArrayAppend(authmodes, mode) < 0)
> +            goto cleanup;
> +
> +        mode = NULL;
> +    }
>
>      if (virJSONValueObjectCreate(&ret,
>                                   "s:driver", "rbd",
> @@ -922,10 +942,14 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr
> src)
>                                   "S:conf", src->configFile,
>                                   "A:server", &servers,
>                                   "S:user", username,
> +                                 "A:auth-client-required", &authmodes,
> +                                 "S:key-secret", keysecret,
>                                   NULL) < 0)
>          goto cleanup;
>
>   cleanup:
> +    virJSONValueFree(authmodes);
> +    virJSONValueFree(mode);
>      virJSONValueFree(servers);
>      return ret;
>  }
> diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-cache-unsafe.json b/tests/qemublocktestdata/
> xml2json/network-qcow2-backing-chain-cache-unsafe.json
> index 80a694eee4..e66f62d24b 100644
> --- a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-cache-unsafe.json
> +++ b/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-cache-unsafe.json
> @@ -24,6 +24,11 @@
>      }
>    ],
>    "user": "testuser-rbd",
> +  "auth-client-required": [
> +    "cephx",
> +    "none"
> +  ],
> +  "key-secret": "node-a-s-secalias",
>    "node-name": "node-a-s",
>    "cache": {
>      "direct": false,
> diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-encryption_auth.json b/tests/qemublocktestdata/
> xml2json/network-qcow2-backing-chain-encryption_auth.json
> index fdb6f2ab1a..921cb3ea69 100644
> --- a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-encryption_auth.json
> +++ b/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-encryption_auth.json
> @@ -24,6 +24,11 @@
>      }
>    ],
>    "user": "testuser-rbd",
> +  "auth-client-required": [
> +    "cephx",
> +    "none"
> +  ],
> +  "key-secret": "node-a-s-secalias",
>    "node-name": "node-a-s",
>    "read-only": false,
>    "discard": "unmap"
> --
> 2.16.2
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>



-- 
Best regards,
-----------------------------------
Han Han
Quality Engineer
Redhat.

Email: hhan at redhat.com
Phone: +861065339333
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180709/dec2fd2d/attachment-0001.htm>

More information about the libvir-list mailing list