[libvirt] [PATCH 4/4] qemu: block: Add support for RBD authentication for blockdev
Han Han
hhan at redhat.com
Mon Jul 9 15:59:30 UTC 2018
It seems resolved https://bugzilla.redhat.com/show_bug.cgi?id=1596511 . If
so, please add this link in commit msg.
On Mon, Jul 9, 2018 at 10:12 PM, Peter Krempa <pkrempa at redhat.com> wrote:
> To allow using -blockdev with RBD we need to support the recently added
> RBD authentication.
>
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
> I must say that it looks quite fishy that we use also the "none" method
> as acceptable but we've done so for a very long time.
>
> src/qemu/qemu_block.c | 26
> +++++++++++++++++++++-
> .../network-qcow2-backing-chain-cache-unsafe.json | 5 +++++
> ...etwork-qcow2-backing-chain-encryption_auth.json | 5 +++++
> 3 files changed, 35 insertions(+), 1 deletion(-)
>
> diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
> index 0ebf2d2aff..7ad79c7e7d 100644
> --- a/src/qemu/qemu_block.c
> +++ b/src/qemu/qemu_block.c
> @@ -906,13 +906,33 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr
> src)
> virJSONValuePtr servers = NULL;
> virJSONValuePtr ret = NULL;
> const char *username = NULL;
> + virJSONValuePtr authmodes = NULL;
> + virJSONValuePtr mode = NULL;
> + const char *keysecret = NULL;
>
> if (src->nhosts > 0 &&
> !(servers = qemuBlockStorageSourceBuildHos
> tsJSONInetSocketAddress(src)))
> return NULL;
>
> - if (src->auth)
> + if (src->auth) {
> username = srcPriv->secinfo->s.aes.username;
> + keysecret = srcPriv->secinfo->s.aes.alias;
> + /* the auth modes are modelled after our old command line
> generator */
> + if (!(authmodes = virJSONValueNewArray()))
> + goto cleanup;
> +
> + if (!(mode = virJSONValueNewString("cephx")) ||
> + virJSONValueArrayAppend(authmodes, mode) < 0)
> + goto cleanup;
> +
> + mode = NULL;
> +
> + if (!(mode = virJSONValueNewString("none")) ||
> + virJSONValueArrayAppend(authmodes, mode) < 0)
> + goto cleanup;
> +
> + mode = NULL;
> + }
>
> if (virJSONValueObjectCreate(&ret,
> "s:driver", "rbd",
> @@ -922,10 +942,14 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr
> src)
> "S:conf", src->configFile,
> "A:server", &servers,
> "S:user", username,
> + "A:auth-client-required", &authmodes,
> + "S:key-secret", keysecret,
> NULL) < 0)
> goto cleanup;
>
> cleanup:
> + virJSONValueFree(authmodes);
> + virJSONValueFree(mode);
> virJSONValueFree(servers);
> return ret;
> }
> diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-cache-unsafe.json b/tests/qemublocktestdata/
> xml2json/network-qcow2-backing-chain-cache-unsafe.json
> index 80a694eee4..e66f62d24b 100644
> --- a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-cache-unsafe.json
> +++ b/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-cache-unsafe.json
> @@ -24,6 +24,11 @@
> }
> ],
> "user": "testuser-rbd",
> + "auth-client-required": [
> + "cephx",
> + "none"
> + ],
> + "key-secret": "node-a-s-secalias",
> "node-name": "node-a-s",
> "cache": {
> "direct": false,
> diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-encryption_auth.json b/tests/qemublocktestdata/
> xml2json/network-qcow2-backing-chain-encryption_auth.json
> index fdb6f2ab1a..921cb3ea69 100644
> --- a/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-encryption_auth.json
> +++ b/tests/qemublocktestdata/xml2json/network-qcow2-
> backing-chain-encryption_auth.json
> @@ -24,6 +24,11 @@
> }
> ],
> "user": "testuser-rbd",
> + "auth-client-required": [
> + "cephx",
> + "none"
> + ],
> + "key-secret": "node-a-s-secalias",
> "node-name": "node-a-s",
> "read-only": false,
> "discard": "unmap"
> --
> 2.16.2
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>
--
Best regards,
-----------------------------------
Han Han
Quality Engineer
Redhat.
Email: hhan at redhat.com
Phone: +861065339333
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180709/dec2fd2d/attachment-0001.htm>
More information about the libvir-list
mailing list