From 1cb98a1fb333c366301bded94a45615c871ca4c0 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Mon, 9 Jul 2018 16:05:16 +0200 Subject: [PATCH] qemu: block: Add support for RBD authentication for blockdev MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To allow using -blockdev with RBD we need to support the recently added RBD authentication. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko --- src/qemu/qemu_block.c | 26 ++++++++++++++++++- ...work-qcow2-backing-chain-cache-unsafe.json | 5 ++++ ...k-qcow2-backing-chain-encryption_auth.json | 5 ++++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index 0ebf2d2aff..7ad79c7e7d 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -906,13 +906,33 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr src) virJSONValuePtr servers = NULL; virJSONValuePtr ret = NULL; const char *username = NULL; + virJSONValuePtr authmodes = NULL; + virJSONValuePtr mode = NULL; + const char *keysecret = NULL; if (src->nhosts > 0 && !(servers = qemuBlockStorageSourceBuildHostsJSONInetSocketAddress(src))) return NULL; - if (src->auth) + if (src->auth) { username = srcPriv->secinfo->s.aes.username; + keysecret = srcPriv->secinfo->s.aes.alias; + /* the auth modes are modelled after our old command line generator */ + if (!(authmodes = virJSONValueNewArray())) + goto cleanup; + + if (!(mode = virJSONValueNewString("cephx")) || + virJSONValueArrayAppend(authmodes, mode) < 0) + goto cleanup; + + mode = NULL; + + if (!(mode = virJSONValueNewString("none")) || + virJSONValueArrayAppend(authmodes, mode) < 0) + goto cleanup; + + mode = NULL; + } if (virJSONValueObjectCreate(&ret, "s:driver", "rbd", @@ -922,10 +942,14 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr src) "S:conf", src->configFile, "A:server", &servers, "S:user", username, + "A:auth-client-required", &authmodes, + "S:key-secret", keysecret, NULL) < 0) goto cleanup; cleanup: + virJSONValueFree(authmodes); + virJSONValueFree(mode); virJSONValueFree(servers); return ret; } diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json index 80a694eee4..e66f62d24b 100644 --- a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json +++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json @@ -24,6 +24,11 @@ } ], "user": "testuser-rbd", + "auth-client-required": [ + "cephx", + "none" + ], + "key-secret": "node-a-s-secalias", "node-name": "node-a-s", "cache": { "direct": false, diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json index fdb6f2ab1a..921cb3ea69 100644 --- a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json +++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json @@ -24,6 +24,11 @@ } ], "user": "testuser-rbd", + "auth-client-required": [ + "cephx", + "none" + ], + "key-secret": "node-a-s-secalias", "node-name": "node-a-s", "read-only": false, "discard": "unmap"