{
const auto& conf = cct->_conf;
string filename;
-
+ lderr(cct) << "keyring from ceph context " << dendl;
int ret = ceph_resolve_file_search(conf->keyring, filename);
if (!ret) {
ret = load(cct, filename);
}
bool RotatingKeyRing::get_secret(const EntityName& name, CryptoKey& secret) const
-{
- // 1. Migration override
- std::string mig_key;
-
- #ifdef CEPH_HAVE_SEASTAR
- // Crimson CephContext
- int r = cct->conf().get_val("migration_inline_key", &mig_key);
- #else
- // Classic CephContext
- int r = cct->_conf.get_val("migration_inline_key", &mig_key);
- #endif
-
- if (r == 0 && !mig_key.empty()) {
- ldout(cct, 0) << "RotatingKeyRing::get_secret: using migration_inline_key override"
- << dendl;
-
- ceph::buffer::ptr bp = ceph::buffer::copy(mig_key.data(), mig_key.size());
- secret = CryptoKey(CEPH_CRYPTO_AES, utime_t(), bp);
- return true;
- }
-
- // 2. Normal behavior
+{
std::lock_guard l{lock};
return keyring && keyring->get_secret(name, secret);
}
int CephxClientHandler::build_request(bufferlist& bl) const
{
- ldout(cct, 10) << "build_request" << dendl;
+ldout(cct, 1) << "AUTH: CephxClientHandler::build_request "
+ << "entity=" << name << " cct=" << cct << dendl;
if (need & CEPH_ENTITY_TYPE_AUTH) {
/* authenticate */
#include "librbd/ImageCtx.h"
#include "json_spirit/json_spirit.h"
#include "boost/lexical_cast.hpp"
+//#include "auth/RotatingKeyRing.h"
+//#include "common/ceph_context.h"
+//#include "auth/CryptoKey.h"
#define dout_subsys ceph_subsys_rbd
#undef dout_prefix
it->second.type() == json_spirit::str_type &&
it->second.get_str() == "native";
}
+static int get_config_key(librados::Rados& rados, const std::string& key,
+ std::string* value) {
+ std::string cmd =
+ "{"
+ "\"prefix\": \"config-key get\", "
+ "\"key\": \"" + key + "\""
+ "}";
+
+ bufferlist out_bl;
+
+ int r = rados.mon_command(std::move(cmd), {}, &out_bl, nullptr);
+ if (r == -EINVAL) {
+ return -EOPNOTSUPP;
+ } else if (r < 0 && r != -ENOENT) {
+ return r;
+ }
+
+ *value = out_bl.to_str();
+ return 0;
+}
template <typename I>
int NativeFormat<I>::create_image_ctx(
lderr(cct) << "failed to set remote client name" << dendl;
return -EINVAL;
}
-
+ std::string fsid;
+ std::string mon_host;
+ bool key_found = false;
+ std::string mig_key;
+ //auto keyring = std::make_shared<RotatingKeyRing>();
+ auto it_fsid = source_spec_object.find("source_cluster_fsid");
+ if (it_fsid != source_spec_object.end()) {
+ fsid = it_fsid->second.get_str();
+ mon_host = source_spec_object.at("mon_host").get_str();
+ ldout(cct, 5) << "open image ctx: found fsid in source spec " << fsid << dendl;
+ librados::Rados dest_rados(dst_io_ctx);
+ r = get_config_key(dest_rados, "migration/fsid/" + fsid, &mig_key);
+ if (r < 0) {
+ lderr(cct) << "failed to fetch secret key from the monitor: " << dendl;
+ } else {
+ key_found = true;
+ ldout(cct, 5) << " get value by key " << fsid <<" got "<< mig_key << dendl;
+ }
+ }
+ //setenv("CEPH_ARGS", "--auth_supported=cephx", 1);
auto remote_cct = common_preinit(iparams, CODE_ENVIRONMENT_LIBRARY, 0);
auto put_remote_cct = make_scope_guard([remote_cct] { remote_cct->put(); });
<< cpp_strerror(r) << dendl;
return r;
}
-
+ // 4. Replace the CephContext’s keyfile and key
+ if (key_found) {
+ r = remote_cct->_conf.set_val("key", mig_key);
+ ldout(cct, 5) << " set val key " << mig_key << " res " << r << dendl;
+ //remote_cct->_conf.get_val("key");
+ r = remote_cct->_conf.set_val("keyfile", "");
+ ldout(cct, 5) << " set val keyfile res " << r << dendl;
+ }
+ //remote_cct->_conf.set_val("auth_supported", "cephx");
remote_cct->_conf.apply_changes(nullptr);
-
rados_ptr.reset(new librados::Rados());
r = rados_ptr->init_with_context(remote_cct);
ceph_assert(r == 0);
-
+ ldout(cct, 5) << "going to connect to remote cluster" <<dendl;
r = rados_ptr->connect();
if (r < 0) {
lderr(cct) << "failed to connect to remote cluster: " << cpp_strerror(r)
namespace librbd {
namespace migration {
- static int get_config_key(librados::Rados& rados, const std::string& key,
- std::string* value) {
- std::string cmd =
- "{"
- "\"prefix\": \"config-key get\", "
- "\"key\": \"" + key + "\""
- "}";
-
- bufferlist out_bl;
-
- int r = rados.mon_command(std::move(cmd), {}, &out_bl, nullptr);
- if (r == -EINVAL) {
- return -EOPNOTSUPP;
- } else if (r < 0 && r != -ENOENT) {
- return r;
- }
-
- *value = out_bl.to_str();
- return 0;
-}
-
template <typename I>
OpenSourceImageRequest<I>::OpenSourceImageRequest(
librados::IoCtx& dst_io_ctx, I* dst_image_ctx, uint64_t src_snap_id,
void OpenSourceImageRequest<I>::open_native(
const json_spirit::mObject& source_spec_object, bool import_only) {
ldout(m_cct, 10) << dendl;
- std::string fsid;
- std::string mon_host;
int r;
- auto it_fsid = source_spec_object.find("source_cluster_fsid");
- if (it_fsid != source_spec_object.end()) {
- fsid = it_fsid->second.get_str();
- mon_host = source_spec_object.at("mon_host").get_str();
- ldout(m_cct, 5) << "open_native: found fsid in source spec " << fsid << dendl;
- librados::Rados dest_rados(m_dst_io_ctx);
- std::string value;
-
- r = get_config_key(dest_rados, "migration/fsid/" + fsid, &value);
- if (r < 0) {
- lderr(m_cct) << "failed to fetch secret key from the monitor: " << dendl;
- } else {
- ldout(m_cct, 5) << " get value by key " << fsid <<" got "<< value << dendl;
- CephContext* cct = (CephContext*)m_dst_io_ctx.cct();
- // value = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
- r = cct->_conf.set_val("migration_inline_key", value);
- lderr(m_cct) << "migration_inline_key set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl;
- cct->_conf.apply_changes(nullptr); //r = cct->_conf.set_val("fsid", fsid);
-
- /* ldout(m_cct, 5) << "Verifying overridden config:"
- << " mon_host=" << cct->_conf.get_val<std::string>("mon_host")
- << " key=" << cct->_conf.get_val<std::string>("key")
- << " fsid=" << cct->_conf.get_val<std::string>("fsid")
- << dendl;*/
- }
- }
r = NativeFormat<I>::create_image_ctx(m_dst_io_ctx, source_spec_object,
import_only, m_src_snap_id,
m_src_image_ctx, m_src_rados);
projects / ceph-ci.git / commitdiff