librbd: helper utility to retrieve config from the MON config store

A special "config://" URI prefix can be used to denote configuration
settings that should be (securely) pulled from the MON config store.
This will be first used in a follow-up commit to support storing
the S3 access and secret keys in the MON config store.

This "config://" syntax is already in-use by RGW and ceph-iscsi for
pulling secrets when deployed via cephadm.

Signed-off-by: Jason Dillaman <dillaman@redhat.com>

diff --git a/src/librbd/Utils.cc b/src/librbd/Utils.cc
index af2b16557970070c4446dbc37aa7eda3a2a26fff..dadf6ab8126ae35c7b8afb86e9955226dcab87aa 100644 (file)
--- a/src/librbd/Utils.cc
+++ b/src/librbd/Utils.cc
@@ -11,9 +11,11 @@
 #include "include/neorados/RADOS.hpp"
 #include "include/rbd/features.h"
 #include "common/dout.h"
+#include "common/errno.h"
 #include "librbd/ImageCtx.h"
 #include "librbd/Features.h"
 
+#include <boost/algorithm/string/predicate.hpp>
 #include <bitset>
 #include <random>
 
@@ -23,6 +25,11 @@
 
 namespace librbd {
 namespace util {
+namespace {
+
+const std::string CONFIG_KEY_URI_PREFIX{"config://"};
+
+} // anonymous namespace
 
 const std::string group_header_name(const std::string &group_id)
 {
@@ -200,5 +207,37 @@ uint64_t reserve_async_request_id() {
   return ++async_request_seq;
 }
 
+bool is_config_key_uri(const std::string& uri) {
+  return boost::starts_with(uri, CONFIG_KEY_URI_PREFIX);
+}
+
+int get_config_key(librados::Rados& rados, const std::string& uri,
+                   std::string* value) {
+  auto cct = reinterpret_cast<CephContext*>(rados.cct());
+
+  if (!is_config_key_uri(uri)) {
+    return -EINVAL;
+  }
+
+  std::string key = uri.substr(CONFIG_KEY_URI_PREFIX.size());
+  std::string cmd =
+    "{"
+      "\"prefix\": \"config-key get\", "
+      "\"key\": \"" + key + "\""
+    "}";
+
+  bufferlist in_bl;
+  bufferlist out_bl;
+  int r = rados.mon_command(cmd, in_bl, &out_bl, nullptr);
+  if (r < 0) {
+    lderr(cct) << "failed to retrieve MON config key " << key << ": "
+               << cpp_strerror(r) << dendl;
+    return r;
+  }
+
+  *value = std::string(out_bl.c_str(), out_bl.length());
+  return 0;
+}
+
 } // namespace util
 } // namespace librbd

diff --git a/src/librbd/Utils.h b/src/librbd/Utils.h
index 736a5063ac857612804dd78bc60c0cd26041e575..dee91feee5e6102aa1e9be2365baa347d009ba24 100644 (file)
--- a/src/librbd/Utils.h
+++ b/src/librbd/Utils.h
@@ -276,6 +276,10 @@ SnapContext get_snap_context(
 
 uint64_t reserve_async_request_id();
 
+bool is_config_key_uri(const std::string& uri);
+int get_config_key(librados::Rados& rados, const std::string& uri,
+                   std::string* value);
+
 } // namespace util
 } // namespace librbd