osd: accept 'keyfile' as well as 'key' during mkfs

Also, don't print the raw key to the log.

Signed-off-by: Sage Weil <sage@redhat.com>
Signed-off-by: Kefu Chai <kefu@redhat.com>

diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc
index 4586d3da13261d302882d082e5cead993dde2461..d026ddeeebd3ee5a8967e290fe949e1667fad1d4 100644 (file)
--- a/src/osd/OSD.cc
+++ b/src/osd/OSD.cc
@@ -1859,11 +1859,33 @@ int OSD::write_meta(CephContext *cct, ObjectStore *store, uuid_d& cluster_fsid,
     return r;
 
   string key = cct->_conf->get_val<string>("key");
-  lderr(cct) << "key " << key << dendl;
   if (key.size()) {
     r = store->write_meta("osd_key", key);
     if (r < 0)
       return r;
+  } else {
+    string keyfile = cct->_conf->get_val<string>("keyfile");
+    if (!keyfile.empty()) {
+      bufferlist keybl;
+      string err;
+      if (keyfile == "-") {
+       static_assert(1024 * 1024 >
+                     (sizeof(CryptoKey) - sizeof(bufferptr) +
+                      sizeof(__u16) + 16 /* AES_KEY_LEN */ + 3 - 1) / 3. * 4.,
+                     "1MB should be enough for a base64 encoded CryptoKey");
+       r = keybl.read_fd(STDIN_FILENO, 1024 * 1024);
+      } else {
+       r = keybl.read_file(keyfile.c_str(), &err);
+      }
+      if (r < 0) {
+       derr << __func__ << " failed to read keyfile " << keyfile << ": "
+            << err << ": " << cpp_strerror(r) << dendl;
+       return r;
+      }
+      r = store->write_meta("osd_key", keybl.to_str());
+      if (r < 0)
+       return r;
+    }
   }
 
   r = store->write_meta("ready", "ready");