To allow using -blockdev with RBD we need to support the recently added
RBD authentication.
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
I must say that it looks quite fishy that we use also the "none" method
as acceptable but we've done so for a very long time.
src/qemu/qemu_block.c | 26 +++++++++++++++++++++-
.../network-qcow2-backing-chain-cache-unsafe.json | 5 +++++
...etwork-qcow2-backing-chain-encryption_auth.json | 5 +++++
3 files changed, 35 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index 0ebf2d2aff..7ad79c7e7d 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -906,13 +906,33 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr src)
virJSONValuePtr servers = NULL;
virJSONValuePtr ret = NULL;
const char *username = NULL;
+ virJSONValuePtr authmodes = NULL;
+ virJSONValuePtr mode = NULL;
+ const char *keysecret = NULL;
if (src->nhosts > 0 &&
!(servers = qemuBlockStorageSourceBuildHostsJSONInetSocketAddress(src)))
return NULL;
- if (src->auth)
+ if (src->auth) {
username = srcPriv->secinfo->s.aes.username;
+ keysecret = srcPriv->secinfo->s.aes.alias;
+ /* the auth modes are modelled after our old command line generator */
+ if (!(authmodes = virJSONValueNewArray()))
+ goto cleanup;
+
+ if (!(mode = virJSONValueNewString("cephx")) ||
+ virJSONValueArrayAppend(authmodes, mode) < 0)
+ goto cleanup;
+
+ mode = NULL;
+
+ if (!(mode = virJSONValueNewString("none")) ||
+ virJSONValueArrayAppend(authmodes, mode) < 0)
+ goto cleanup;
+
+ mode = NULL;
+ }
if (virJSONValueObjectCreate(&ret,
"s:driver", "rbd",
@@ -922,10 +942,14 @@ qemuBlockStorageSourceGetRBDProps(virStorageSourcePtr src)
"S:conf", src->configFile,
"A:server", &servers,
"S:user", username,
+ "A:auth-client-required", &authmodes,
+ "S:key-secret", keysecret,
NULL) < 0)
goto cleanup;
cleanup:
+ virJSONValueFree(authmodes);
+ virJSONValueFree(mode);
virJSONValueFree(servers);
return ret;
}
diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json
index 80a694eee4..e66f62d24b 100644
--- a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json
+++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-cache-unsafe.json
@@ -24,6 +24,11 @@
}
],
"user": "testuser-rbd",
+ "auth-client-required": [
+ "cephx",
+ "none"
+ ],
+ "key-secret": "node-a-s-secalias",
"node-name": "node-a-s",
"cache": {
"direct": false,
diff --git a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json
index fdb6f2ab1a..921cb3ea69 100644
--- a/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json
+++ b/tests/qemublocktestdata/xml2json/network-qcow2-backing-chain-encryption_auth.json
@@ -24,6 +24,11 @@
}
],
"user": "testuser-rbd",
+ "auth-client-required": [
+ "cephx",
+ "none"
+ ],
+ "key-secret": "node-a-s-secalias",
"node-name": "node-a-s",
"read-only": false,
"discard": "unmap"
--
2.16.2
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
