From: Leonid Chernin Date: Fri, 20 Feb 2026 08:04:00 +0000 (+0200) Subject: fixing set key to the context-conf X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2a1b141f4602b98c760c316af825e0c519aa71d0;p=ceph-ci.git fixing set key to the context-conf none Signed-off-by: Leonid Chernin --- diff --git a/src/auth/RotatingKeyRing.cc b/src/auth/RotatingKeyRing.cc index 4bc6af6adca..dcd5c970a1e 100644 --- a/src/auth/RotatingKeyRing.cc +++ b/src/auth/RotatingKeyRing.cc @@ -39,8 +39,22 @@ void RotatingKeyRing::dump_rotating() const bool RotatingKeyRing::get_secret(const EntityName& name, CryptoKey& secret) const { + // 1. Migration override + std::string mig_key; + int r = cct->_conf.get_val("migration_inline_key", &mig_key); + if (r == 0 && !mig_key.empty()) { + ldout(cct, 5) << "RotatingKeyRing::get_secret: using migration_inline_key override" + << dendl; + // Convert string to buffer::ptr + ceph::buffer::ptr bp = ceph::buffer::copy(mig_key.data(), mig_key.size()); + // Build a key from the inline string + secret = CryptoKey(CEPH_CRYPTO_AES, utime_t(), bp); + return true; + } + + // 2. Normal behavior std::lock_guard l{lock}; - return keyring->get_secret(name, secret); + return keyring && keyring->get_secret(name, secret); } bool RotatingKeyRing::get_service_secret(uint32_t service_id_, uint64_t secret_id, diff --git a/src/common/options/global.yaml.in b/src/common/options/global.yaml.in index f3ebf1b1a8e..0ff1bc0e4ec 100644 --- a/src/common/options/global.yaml.in +++ b/src/common/options/global.yaml.in @@ -169,6 +169,18 @@ options: flags: - no_mon_update - startup +- name: migration_inline_key + type: str + level: advanced + default: 10.10.10.10 + desc: Inline cephx key for migration source cluster + long_desc: > + Allows librbd migration to authenticate to a source cluster using a cephx + key provided in the migration spec. Disabled unless explicitly set. + flags: + - runtime + services: + - common - name: mon_host_override type: str level: advanced diff --git a/src/librbd/migration/OpenSourceImageRequest.cc b/src/librbd/migration/OpenSourceImageRequest.cc index e9f8c08a5ba..c7042e74787 100644 --- a/src/librbd/migration/OpenSourceImageRequest.cc +++ b/src/librbd/migration/OpenSourceImageRequest.cc @@ -119,26 +119,16 @@ void OpenSourceImageRequest::open_native( } else { ldout(m_cct, 5) << " get value by key " << fsid <<" got "<< value << dendl; CephContext* cct = (CephContext*)m_dst_io_ctx.cct(); - //CephContext* cct = m_dst_io_ctx.cct(); - ldout(m_cct, 5) << " here " << dendl; - r = cct->_conf.set_val("mon_host", mon_host); - ldout(m_cct, 5) << " here1 " << r << dendl; - lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - - r = cct->_conf.set_val("key", value); - ldout(m_cct, 5) << " here2 "<< r << dendl; - lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - r = cct->_conf.set_val("fsid", fsid); - ldout(m_cct, 5) << " here3 "<< r << dendl; + r = cct->_conf.set_val("migration_inline_key", value); lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; + cct->_conf.apply_changes(nullptr); //r = cct->_conf.set_val("fsid", fsid); -return; - ldout(m_cct, 5) << "Verifying overridden config:" + /* ldout(m_cct, 5) << "Verifying overridden config:" << " mon_host=" << cct->_conf.get_val("mon_host") << " key=" << cct->_conf.get_val("key") << " fsid=" << cct->_conf.get_val("fsid") - << dendl; + << dendl;*/ } } ldout(m_cct, 5) << " here4 " << dendl;