From: Scott Sullivan <ssullivan@liquidweb.com>
To: Dan Mick <dan.mick@inktank.com>,
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Cc: stgt@vger.kernel.org
Subject: Re: Patch for adding virsecretuuid & cephx_key ids to --bsopts
Date: Mon, 21 Jul 2014 15:34:46 -0400 [thread overview]
Message-ID: <53CD6B56.3030605@liquidweb.com> (raw)
In-Reply-To: <53A12851.1060107@inktank.com>
On 06/18/2014 01:49 AM, Dan Mick wrote:
> I've seen this; I'm traveling/busy this week so will try to give it
> some thought, but no promises
ping ?
>
>
> On 06/17/2014 08:30 AM, FUJITA Tomonori wrote:
>> Added Dan to To:
>>
>> On Tue, 17 Jun 2014 08:49:14 -0400
>> Scott Sullivan <ssullivan@liquidweb.com> wrote:
>>
>>> Hello,
>>>
>>> Below is a patch that adds two new params to --bsopts for RBD backing
>>> stores (virsecretuuid & cephx_key). This was very useful for me, since
>>> it is nice to be able to give the required authentication detail in
>>> the same place as the id. I have tested and both options work, as well
>>> as the error condition if both options are given (made them conflict).
>>>
>>> I have verified the patch passes scripts/checkpatch.pl style
>>> guidelines. Is there any interest in applying this patch? Im using
>>> this internally with success; for us at least this is a desirable
>>> thing to have.
>>>
>>>
>>> From 5359b581c5e7bf434979becaefc53a711ef88432 Mon Sep 17 00:00:00 2001
>>> From: Scott Sullivan <ssullivan@liquidweb.com>
>>> Date: Tue, 17 Jun 2014 08:16:09 -0400
>>> Subject: [PATCH] bsopts: Add virsecretuuid && cephx_key
>>>
>>> Allow passing either a libvirt secret UUID, or a cephx_key to
>>> --bsopts. Options are
>>> conflicting, so error if both options given. This allows one to do
>>> this:
>>>
>>> --bsopts="conf=/etc/ceph/ceph.conf;id=cephx_user;virsecretuuid=$MY_LIBVIRT_SECRET_UUID"
>>>
>>> -OR-
>>> --bsopts="conf=/etc/ceph/ceph.conf;id=cephx_user;cephx_key=$MY_KEY"
>>>
>>> Signed-off-by: Scott Sullivan <ssullivan@liquidweb.com>
>>> ---
>>> usr/bs_rbd.c | 64
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>> 1 file changed, 64 insertions(+)
>>>
>>> diff --git a/usr/bs_rbd.c b/usr/bs_rbd.c
>>> index 3a052ed..86857b9 100644
>>> --- a/usr/bs_rbd.c
>>> +++ b/usr/bs_rbd.c
>>> @@ -517,6 +517,9 @@ static tgtadm_err bs_rbd_init(struct scsi_lu *lu,
>>> char *bsopts)
>>> struct active_rbd *rbd = RBDP(lu);
>>> char *confname = NULL;
>>> char *clientid = NULL;
>>> + char *virsecretuuid = NULL;
>>> + char *given_cephx_key = NULL;
>>> + char disc_cephx_key[256];
>>> char *clustername = NULL;
>>> char clientid_full[128];
>>> char *ignore = NULL;
>>> @@ -532,6 +535,10 @@ static tgtadm_err bs_rbd_init(struct scsi_lu *lu,
>>> char *bsopts)
>>> clientid = slurp_value(&bsopts);
>>> else if (is_opt("cluster", bsopts))
>>> clustername = slurp_value(&bsopts);
>>> + else if (is_opt("virsecretuuid", bsopts))
>>> + virsecretuuid = slurp_value(&bsopts);
>>> + else if (is_opt("cephx_key", bsopts))
>>> + given_cephx_key = slurp_value(&bsopts);
>>> else {
>>> ignore = slurp_to_semi(&bsopts);
>>> eprintf("bs_rbd: ignoring unknown option \"%s\"\n",
>>> @@ -547,6 +554,41 @@ static tgtadm_err bs_rbd_init(struct scsi_lu *lu,
>>> char *bsopts)
>>> eprintf("bs_rbd_init: confname %s\n", confname);
>>> if (clustername)
>>> eprintf("bs_rbd_init: clustername %s\n", clustername);
>>> + if (virsecretuuid)
>>> + eprintf("bs_rbd_init: virsecretuuid %s\n", virsecretuuid);
>>> + if (given_cephx_key)
>>> + eprintf("bs_rbd_init: given_cephx_key %s\n", given_cephx_key);
>>> +
>>> + /* virsecretuuid && given_cephx_key are conflicting options. */
>>> + if (virsecretuuid && given_cephx_key) {
>>> + eprintf("Conflicting options virsecretuuid=[%s] cephx_key=[%s]",
>>> + virsecretuuid, given_cephx_key);
>>> + goto fail;
>>> + }
>>> +
>>> + /* Get stored key from secret uuid. */
>>> + if (virsecretuuid) {
>>> + char libvir_uuid_file_path_buf[256] = "/etc/libvirt/secrets/";
>>> + strcat(libvir_uuid_file_path_buf, virsecretuuid);
>>> + strcat(libvir_uuid_file_path_buf, ".base64");
>>> +
>>> + FILE *fp;
>>> + fp = fopen(libvir_uuid_file_path_buf , "r");
>>> + if (fp == NULL) {
>>> + eprintf("bs_rbd_init: Unable to read %s\n",
>>> + libvir_uuid_file_path_buf);
>>> + goto fail;
>>> + }
>>> + if (fgets(disc_cephx_key, 256, fp) == NULL) {
>>> + eprintf("bs_rbd_init: Unable to read %s\n",
>>> + libvir_uuid_file_path_buf);
>>> + goto fail;
>>> + }
>>> + fclose(fp);
>>> + strtok(disc_cephx_key, "\n");
>>> +
>>> + eprintf("bs_rbd_init: disc_cephx_key %s\n", disc_cephx_key);
>>> + }
>>>
>>> eprintf("bs_rbd_init bsopts=%s\n", bsopts);
>>> /*
>>> @@ -570,6 +612,7 @@ static tgtadm_err bs_rbd_init(struct scsi_lu *lu,
>>> char *bsopts)
>>> eprintf("bs_rbd_init: rados_create: %d\n", rados_ret);
>>> return ret;
>>> }
>>> +
>>> /*
>>> * Read config from environment, then conf file(s) which may
>>> * be set by conf=
>>> @@ -584,6 +627,23 @@ static tgtadm_err bs_rbd_init(struct scsi_lu *lu,
>>> char *bsopts)
>>> eprintf("bs_rbd_init: rados_conf_read_file: %d\n",
>>> rados_ret);
>>> goto fail;
>>> }
>>> +
>>> + /* Set given key */
>>> + if (virsecretuuid) {
>>> + if (rados_conf_set(rbd->cluster, "key", disc_cephx_key) < 0) {
>>> + eprintf("bs_rbd_init: failed to set cephx_key: %s\n",
>>> + disc_cephx_key);
>>> + goto fail;
>>> + }
>>> + }
>>> + if (given_cephx_key) {
>>> + if (rados_conf_set(rbd->cluster, "key", given_cephx_key) < 0) {
>>> + eprintf("bs_rbd_init: failed to set cephx_key: %s\n",
>>> + given_cephx_key);
>>> + goto fail;
>>> + }
>>> + }
>>> +
>>> rados_ret = rados_connect(rbd->cluster);
>>> if (rados_ret < 0) {
>>> eprintf("bs_rbd_init: rados_connect: %d\n", rados_ret);
>>> @@ -595,6 +655,10 @@ fail:
>>> free(confname);
>>> if (clientid)
>>> free(clientid);
>>> + if (virsecretuuid)
>>> + free(virsecretuuid);
>>> + if (given_cephx_key)
>>> + free(given_cephx_key);
>>>
>>> return ret;
>>> }
>>> --
>>> 1.7.10.4
>>>
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe stgt" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2014-07-21 19:34 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-17 12:49 Patch for adding virsecretuuid & cephx_key ids to --bsopts Scott Sullivan
2014-06-17 15:30 ` FUJITA Tomonori
2014-06-18 5:49 ` Dan Mick
2014-07-21 19:34 ` Scott Sullivan [this message]
2014-07-25 7:31 ` FUJITA Tomonori
2014-07-25 11:25 ` Scott Sullivan
2014-07-25 14:38 ` FUJITA Tomonori
2014-07-25 14:47 ` FUJITA Tomonori
2014-07-25 14:56 ` Scott Sullivan
2014-07-26 6:07 ` Dan Mick
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53CD6B56.3030605@liquidweb.com \
--to=ssullivan@liquidweb.com \
--cc=dan.mick@inktank.com \
--cc=fujita.tomonori@lab.ntt.co.jp \
--cc=stgt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox