static virSecretPtr
vshCommandOptSecret(vshControl *ctl, const vshCmd *cmd, const char **name)
{
virSecretPtr secret = NULL;
const char *n = NULL;
const char *optname = "secret";
if (!vshCmdHasOption(ctl, cmd, optname))
return NULL;
if (vshCommandOptStringReq(ctl, cmd, optname, &n) < 0)
return NULL;
vshDebug(ctl, VSH_ERR_DEBUG,
"%s: found option <%s>: %s\n", cmd->def->name, optname, n);
if (name != NULL)
*name = n;
secret = virSecretLookupByUUIDString(ctl->conn, n);
if (secret == NULL)
vshError(ctl, _("failed to get secret '%s'"), n);
return secret;
}
static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr *ptr,
virConnectPtr conn,
virStoragePoolObjPtr pool)
{
int ret = -1;
unsigned char *secret_value = NULL;
size_t secret_value_size;
char *rados_key = NULL;
virBuffer mon_host = VIR_BUFFER_INITIALIZER;
virSecretPtr secret = NULL;
char secretUuid[VIR_UUID_STRING_BUFLEN];
int i;
char *mon_buff = NULL;
VIR_DEBUG("Found Cephx username: %s",
pool->def->source.auth.cephx.username);
if (pool->def->source.auth.cephx.username != NULL) {
VIR_DEBUG("Using cephx authorization");
if (rados_create(&ptr->cluster,
pool->def->source.auth.cephx.username) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to initialize RADOS"));
goto cleanup;
}
if (pool->def->source.auth.cephx.secret.uuidUsable) {
virUUIDFormat(pool->def->source.auth.cephx.secret.uuid, secretUuid);
VIR_DEBUG("Looking up secret by UUID: %s", secretUuid);
secret = virSecretLookupByUUIDString(conn, secretUuid);
} else if (pool->def->source.auth.cephx.secret.usage != NULL) {
VIR_DEBUG("Looking up secret by usage: %s",
pool->def->source.auth.cephx.secret.usage);
secret = virSecretLookupByUsage(conn, VIR_SECRET_USAGE_TYPE_CEPH,
pool->def->source.auth.cephx.secret.usage);
}
if (secret == NULL) {
virReportError(VIR_ERR_NO_SECRET, "%s",
_("failed to find the secret"));
goto cleanup;
}
secret_value = virSecretGetValue(secret, &secret_value_size, 0);
base64_encode_alloc((char *)secret_value,
secret_value_size, &rados_key);
memset(secret_value, 0, secret_value_size);
if (rados_key == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to decode the RADOS key"));
goto cleanup;
}
VIR_DEBUG("Found cephx key: %s", rados_key);
if (rados_conf_set(ptr->cluster, "key", rados_key) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to set RADOS option: %s"),
"rados_key");
goto cleanup;
}
memset(rados_key, 0, strlen(rados_key));
if (rados_conf_set(ptr->cluster, "auth_supported", "cephx") < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to set RADOS option: %s"),
"auth_supported");
goto cleanup;
}
} else {
VIR_DEBUG("Not using cephx authorization");
if (rados_create(&ptr->cluster, NULL) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to create the RADOS cluster"));
goto cleanup;
}
if (rados_conf_set(ptr->cluster, "auth_supported", "none") < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to set RADOS option: %s"),
"auth_supported");
goto cleanup;
}
}
VIR_DEBUG("Found %zu RADOS cluster monitors in the pool configuration",
pool->def->source.nhost);
for (i = 0; i < pool->def->source.nhost; i++) {
if (pool->def->source.hosts[i].name != NULL &&
!pool->def->source.hosts[i].port) {
virBufferAsprintf(&mon_host, "%s:6789,",
pool->def->source.hosts[i].name);
} else if (pool->def->source.hosts[i].name != NULL &&
pool->def->source.hosts[i].port) {
virBufferAsprintf(&mon_host, "%s:%d,",
pool->def->source.hosts[i].name,
pool->def->source.hosts[i].port);
} else {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("received malformed monitor, check the XML definition"));
}
}
if (virBufferError(&mon_host)) {
virReportOOMError();
goto cleanup;
}
mon_buff = virBufferContentAndReset(&mon_host);
VIR_DEBUG("RADOS mon_host has been set to: %s", mon_buff);
if (rados_conf_set(ptr->cluster, "mon_host", mon_buff) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to set RADOS option: %s"),
"mon_host");
goto cleanup;
}
ptr->starttime = time(0);
if (rados_connect(ptr->cluster) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to connect to the RADOS monitor on: %s"),
mon_buff);
goto cleanup;
}
ret = 0;
cleanup:
VIR_FREE(secret_value);
VIR_FREE(rados_key);
virSecretFree(secret);
virBufferFreeAndReset(&mon_host);
VIR_FREE(mon_buff);
return ret;
}
static virshSecretListPtr
virshSecretListCollect(vshControl *ctl,
unsigned int flags)
{
virshSecretListPtr list = vshMalloc(ctl, sizeof(*list));
size_t i;
int ret;
virSecretPtr secret;
bool success = false;
size_t deleted = 0;
int nsecrets = 0;
char **uuids = NULL;
virshControlPtr priv = ctl->privData;
/* try the list with flags support (0.10.2 and later) */
if ((ret = virConnectListAllSecrets(priv->conn,
&list->secrets,
flags)) >= 0) {
list->nsecrets = ret;
goto finished;
}
/* check if the command is actually supported */
if (last_error && last_error->code == VIR_ERR_NO_SUPPORT)
goto fallback;
/* there was an error during the call */
vshError(ctl, "%s", _("Failed to list node secrets"));
goto cleanup;
fallback:
/* fall back to old method (0.10.1 and older) */
vshResetLibvirtError();
if (flags) {
vshError(ctl, "%s", _("Filtering is not supported by this libvirt"));
goto cleanup;
}
nsecrets = virConnectNumOfSecrets(priv->conn);
if (nsecrets < 0) {
vshError(ctl, "%s", _("Failed to count secrets"));
goto cleanup;
}
if (nsecrets == 0)
return list;
uuids = vshMalloc(ctl, sizeof(char *) * nsecrets);
nsecrets = virConnectListSecrets(priv->conn, uuids, nsecrets);
if (nsecrets < 0) {
vshError(ctl, "%s", _("Failed to list secrets"));
goto cleanup;
}
list->secrets = vshMalloc(ctl, sizeof(virSecretPtr) * (nsecrets));
list->nsecrets = 0;
/* get the secrets */
for (i = 0; i < nsecrets; i++) {
if (!(secret = virSecretLookupByUUIDString(priv->conn, uuids[i])))
continue;
list->secrets[list->nsecrets++] = secret;
}
/* truncate secrets that weren't found */
deleted = nsecrets - list->nsecrets;
finished:
/* sort the list */
if (list->secrets && list->nsecrets)
qsort(list->secrets, list->nsecrets,
sizeof(*list->secrets), virshSecretSorter);
/* truncate the list for not found secret objects */
if (deleted)
VIR_SHRINK_N(list->secrets, list->nsecrets, deleted);
success = true;
cleanup:
if (nsecrets > 0) {
for (i = 0; i < nsecrets; i++)
VIR_FREE(uuids[i]);
VIR_FREE(uuids);
}
if (!success) {
virshSecretListFree(list);
list = NULL;
}
return list;
}
static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr,
virConnectPtr conn,
virStoragePoolObjPtr pool)
{
int ret = -1;
int r = 0;
unsigned char *secret_value = NULL;
size_t secret_value_size;
char *rados_key = NULL;
virBuffer mon_host = VIR_BUFFER_INITIALIZER;
virSecretPtr secret = NULL;
char secretUuid[VIR_UUID_STRING_BUFLEN];
size_t i;
char *mon_buff = NULL;
const char *client_mount_timeout = "30";
const char *mon_op_timeout = "30";
const char *osd_op_timeout = "30";
VIR_DEBUG("Found Cephx username: %s",
pool->def->source.auth.cephx.username);
if (pool->def->source.auth.cephx.username != NULL) {
VIR_DEBUG("Using cephx authorization");
r = rados_create(&ptr->cluster, pool->def->source.auth.cephx.username);
if (r < 0) {
virReportSystemError(-r, "%s", _("failed to initialize RADOS"));
goto cleanup;
}
if (!conn) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("'ceph' authentication not supported "
"for autostarted pools"));
return -1;
}
if (pool->def->source.auth.cephx.secret.uuidUsable) {
virUUIDFormat(pool->def->source.auth.cephx.secret.uuid, secretUuid);
VIR_DEBUG("Looking up secret by UUID: %s", secretUuid);
secret = virSecretLookupByUUIDString(conn, secretUuid);
} else if (pool->def->source.auth.cephx.secret.usage != NULL) {
VIR_DEBUG("Looking up secret by usage: %s",
pool->def->source.auth.cephx.secret.usage);
secret = virSecretLookupByUsage(conn, VIR_SECRET_USAGE_TYPE_CEPH,
pool->def->source.auth.cephx.secret.usage);
}
if (secret == NULL) {
if (pool->def->source.auth.cephx.secret.uuidUsable) {
virReportError(VIR_ERR_NO_SECRET,
_("no secret matches uuid '%s'"),
secretUuid);
} else {
virReportError(VIR_ERR_NO_SECRET,
_("no secret matches usage value '%s'"),
pool->def->source.auth.cephx.secret.usage);
}
goto cleanup;
}
secret_value = conn->secretDriver->secretGetValue(secret, &secret_value_size, 0,
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
if (!secret_value) {
if (pool->def->source.auth.cephx.secret.uuidUsable) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("could not get the value of the secret "
"for username '%s' using uuid '%s'"),
pool->def->source.auth.cephx.username,
secretUuid);
} else {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("could not get the value of the secret "
"for username '%s' using usage value '%s'"),
pool->def->source.auth.cephx.username,
pool->def->source.auth.cephx.secret.usage);
}
goto cleanup;
}
base64_encode_alloc((char *)secret_value,
secret_value_size, &rados_key);
memset(secret_value, 0, secret_value_size);
if (rados_key == NULL) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to decode the RADOS key"));
goto cleanup;
}
VIR_DEBUG("Found cephx key: %s", rados_key);
if (rados_conf_set(ptr->cluster, "key", rados_key) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to set RADOS option: %s"),
"rados_key");
goto cleanup;
}
memset(rados_key, 0, strlen(rados_key));
if (rados_conf_set(ptr->cluster, "auth_supported", "cephx") < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to set RADOS option: %s"),
"auth_supported");
goto cleanup;
}
} else {
VIR_DEBUG("Not using cephx authorization");
if (rados_create(&ptr->cluster, NULL) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("failed to create the RADOS cluster"));
goto cleanup;
}
if (rados_conf_set(ptr->cluster, "auth_supported", "none") < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to set RADOS option: %s"),
"auth_supported");
goto cleanup;
}
}
VIR_DEBUG("Found %zu RADOS cluster monitors in the pool configuration",
pool->def->source.nhost);
for (i = 0; i < pool->def->source.nhost; i++) {
if (pool->def->source.hosts[i].name != NULL &&
!pool->def->source.hosts[i].port) {
virBufferAsprintf(&mon_host, "%s:6789,",
pool->def->source.hosts[i].name);
} else if (pool->def->source.hosts[i].name != NULL &&
pool->def->source.hosts[i].port) {
virBufferAsprintf(&mon_host, "%s:%d,",
pool->def->source.hosts[i].name,
pool->def->source.hosts[i].port);
} else {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("received malformed monitor, check the XML definition"));
}
}
if (virBufferError(&mon_host)) {
virReportOOMError();
goto cleanup;
}
mon_buff = virBufferContentAndReset(&mon_host);
VIR_DEBUG("RADOS mon_host has been set to: %s", mon_buff);
if (rados_conf_set(ptr->cluster, "mon_host", mon_buff) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to set RADOS option: %s"),
"mon_host");
goto cleanup;
}
/*
* Set timeout options for librados.
* In case the Ceph cluster is down libvirt won't block forever.
* Operations in librados will return -ETIMEDOUT when the timeout is reached.
*/
VIR_DEBUG("Setting RADOS option client_mount_timeout to %s", client_mount_timeout);
rados_conf_set(ptr->cluster, "client_mount_timeout", client_mount_timeout);
VIR_DEBUG("Setting RADOS option rados_mon_op_timeout to %s", mon_op_timeout);
rados_conf_set(ptr->cluster, "rados_mon_op_timeout", mon_op_timeout);
VIR_DEBUG("Setting RADOS option rados_osd_op_timeout to %s", osd_op_timeout);
rados_conf_set(ptr->cluster, "rados_osd_op_timeout", osd_op_timeout);
ptr->starttime = time(0);
r = rados_connect(ptr->cluster);
if (r < 0) {
virReportSystemError(-r, _("failed to connect to the RADOS monitor on: %s"),
mon_buff);
goto cleanup;
}
ret = 0;
cleanup:
VIR_FREE(secret_value);
VIR_FREE(rados_key);
if (secret != NULL)
virSecretFree(secret);
virBufferFreeAndReset(&mon_host);
VIR_FREE(mon_buff);
return ret;
}
