From: Leonid Chernin Date: Fri, 20 Feb 2026 08:04:00 +0000 (+0200) Subject: fixing set key to the context-conf X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6764db7edfaa1d83e92181cd82029dce9d1e748b;p=ceph-ci.git fixing set key to the context-conf none - 2 Signed-off-by: Leonid Chernin --- diff --git a/src/auth/RotatingKeyRing.cc b/src/auth/RotatingKeyRing.cc index 4bc6af6adca..8d693c1013a 100644 --- a/src/auth/RotatingKeyRing.cc +++ b/src/auth/RotatingKeyRing.cc @@ -39,8 +39,29 @@ void RotatingKeyRing::dump_rotating() const bool RotatingKeyRing::get_secret(const EntityName& name, CryptoKey& secret) const { + // 1. Migration override + std::string mig_key; + + #ifdef CEPH_HAVE_SEASTAR + // Crimson CephContext + int r = cct->conf().get_val("migration_inline_key", &mig_key); + #else + // Classic CephContext + int r = cct->_conf.get_val("migration_inline_key", &mig_key); + #endif + + if (r == 0 && !mig_key.empty()) { + ldout(cct, 0) << "RotatingKeyRing::get_secret: using migration_inline_key override" + << dendl; + + ceph::buffer::ptr bp = ceph::buffer::copy(mig_key.data(), mig_key.size()); + secret = CryptoKey(CEPH_CRYPTO_AES, utime_t(), bp); + return true; + } + + // 2. Normal behavior std::lock_guard l{lock}; - return keyring->get_secret(name, secret); + return keyring && keyring->get_secret(name, secret); } bool RotatingKeyRing::get_service_secret(uint32_t service_id_, uint64_t secret_id, diff --git a/src/common/options/global.yaml.in b/src/common/options/global.yaml.in index 035d8134685..245342f79ee 100644 --- a/src/common/options/global.yaml.in +++ b/src/common/options/global.yaml.in @@ -169,6 +169,18 @@ options: flags: - no_mon_update - startup +- name: migration_inline_key + type: str + level: advanced + default: 10.10.10.10 + desc: Inline cephx key for migration source cluster + long_desc: > + Allows librbd migration to authenticate to a source cluster using a cephx + key provided in the migration spec. Disabled unless explicitly set. + flags: + - runtime + services: + - common - name: mon_host_override type: str level: advanced diff --git a/src/librbd/migration/OpenSourceImageRequest.cc b/src/librbd/migration/OpenSourceImageRequest.cc index e9f8c08a5ba..b71b3450374 100644 --- a/src/librbd/migration/OpenSourceImageRequest.cc +++ b/src/librbd/migration/OpenSourceImageRequest.cc @@ -119,29 +119,18 @@ void OpenSourceImageRequest::open_native( } else { ldout(m_cct, 5) << " get value by key " << fsid <<" got "<< value << dendl; CephContext* cct = (CephContext*)m_dst_io_ctx.cct(); - //CephContext* cct = m_dst_io_ctx.cct(); - ldout(m_cct, 5) << " here " << dendl; - r = cct->_conf.set_val("mon_host", mon_host); - ldout(m_cct, 5) << " here1 " << r << dendl; - lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - - r = cct->_conf.set_val("key", value); - ldout(m_cct, 5) << " here2 "<< r << dendl; - lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - - r = cct->_conf.set_val("fsid", fsid); - ldout(m_cct, 5) << " here3 "<< r << dendl; - lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - -return; - ldout(m_cct, 5) << "Verifying overridden config:" + // value = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; + r = cct->_conf.set_val("migration_inline_key", value); + lderr(m_cct) << "migration_inline_key set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; + cct->_conf.apply_changes(nullptr); //r = cct->_conf.set_val("fsid", fsid); + + /* ldout(m_cct, 5) << "Verifying overridden config:" << " mon_host=" << cct->_conf.get_val("mon_host") << " key=" << cct->_conf.get_val("key") << " fsid=" << cct->_conf.get_val("fsid") - << dendl; + << dendl;*/ } } - ldout(m_cct, 5) << " here4 " << dendl; r = NativeFormat::create_image_ctx(m_dst_io_ctx, source_spec_object, import_only, m_src_snap_id, m_src_image_ctx, m_src_rados);