Re: [libvirt] [PATCH 4/4] qemu: block: Add support for RBD authentication for blockdev

To allow using -blockdev with RBD we need to support the recently added RBD authentication. Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; --- I must say that it looks quite fishy that we use also the "none" method as acceptable but we've done so for a very long time. src/qemu/qemu_block.c | 26 +++++++++++++++++++++- .../network-qcow2-backing-chain-cache-unsafe.json | 5 +++++ ...etwork-qcow2-backing-chain-encryption_auth.json | 5 +++++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 0ebf2d2aff..7ad79c7e7d 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -906,13 +906,33 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr src) virJSONValuePtr servers = NULL; virJSONValuePtr ret = NULL; const char *username = NULL; + virJSONValuePtr authmodes = NULL; + virJSONValuePtr mode = NULL; + const char *keysecret = NULL; if (src->nhosts > 0 && !(servers = qemuBlockStorageSourceBuildHos tsJSONInetSocketAddress(src))) return NULL; - if (src->auth) + if (src->auth) { username = srcPriv->secinfo->s.aes.username; + keysecret = srcPriv->secinfo->s.aes.alias; + /* the auth modes are modelled after our old command line generator */ + if (!(authmodes = virJSONValueNewArray())) + goto cleanup; + + if (!(mode = virJSONValueNewString("cephx")) || + virJSONValueArrayAppend(authmodes, mode) < 0) + goto cleanup; + + mode = NULL; + + if (!(mode = virJSONValueNewString("none")) || + virJSONValueArrayAppend(authmodes, mode) < 0) + goto cleanup; + + mode = NULL; + } if (virJSONValueObjectCreate(&ret, "s:driver", "rbd", @@ -922,10 +942,14 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr src) "S:conf", src->configFile, "A:server", &servers, "S:user", username, + "A:auth-client-required", &authmodes, + "S:key-secret", keysecret, NULL) < 0) goto cleanup; cleanup: + virJSONValueFree(authmodes); + virJSONValueFree(mode); virJSONValueFree(servers); return ret; } diff --git a/tests/qemublocktestdata/xml2json/network-qcow2- backing-chain-cache-unsafe.json b/tests/qemublocktestdata/ xml2json/network-qcow2-backing-chain-cache-unsafe.json index 80a694eee4..e66f62d24b 100644 --- a/tests/qemublocktestdata/xml2json/network-qcow2- backing-chain-cache-unsafe.json +++ b/tests/qemublocktestdata/xml2json/network-qcow2- backing-chain-cache-unsafe.json @@ -24,6 +24,11 @@ } ], "user": "testuser-rbd", + "auth-client-required": [ + "cephx", + "none" + ], + "key-secret": "node-a-s-secalias", "node-name": "node-a-s", "cache": { "direct": false, diff --git a/tests/qemublocktestdata/xml2json/network-qcow2- backing-chain-encryption_auth.json b/tests/qemublocktestdata/ xml2json/network-qcow2-backing-chain-encryption_auth.json index fdb6f2ab1a..921cb3ea69 100644 --- a/tests/qemublocktestdata/xml2json/network-qcow2- backing-chain-encryption_auth.json +++ b/tests/qemublocktestdata/xml2json/network-qcow2- backing-chain-encryption_auth.json @@ -24,6 +24,11 @@ } ], "user": "testuser-rbd", + "auth-client-required": [ + "cephx", + "none" + ], + "key-secret": "node-a-s-secalias", "node-name": "node-a-s", "read-only": false, "discard": "unmap" -- 2.16.2 -- libvir-list mailing list libvir-list(a)redhat.com https://www.redhat.com/mailman/listinfo/libvir-list