From: Leonid Chernin Date: Mon, 23 Feb 2026 09:17:05 +0000 (+0200) Subject: second X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ee7cfd5b8ba6f379809349121dfd9042cfa87650;p=ceph-ci.git second Signed-off-by: Leonid Chernin --- diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc index 008c9c19c34..3eefe6ad3dc 100644 --- a/src/auth/KeyRing.cc +++ b/src/auth/KeyRing.cc @@ -44,7 +44,7 @@ int KeyRing::from_ceph_context(CephContext *cct) { const auto& conf = cct->_conf; string filename; - + lderr(cct) << "keyring from ceph context " << dendl; int ret = ceph_resolve_file_search(conf->keyring, filename); if (!ret) { ret = load(cct, filename); diff --git a/src/auth/RotatingKeyRing.cc b/src/auth/RotatingKeyRing.cc index 8d693c1013a..3d587e0972f 100644 --- a/src/auth/RotatingKeyRing.cc +++ b/src/auth/RotatingKeyRing.cc @@ -38,28 +38,7 @@ void RotatingKeyRing::dump_rotating() const } bool RotatingKeyRing::get_secret(const EntityName& name, CryptoKey& secret) const -{ - // 1. Migration override - std::string mig_key; - - #ifdef CEPH_HAVE_SEASTAR - // Crimson CephContext - int r = cct->conf().get_val("migration_inline_key", &mig_key); - #else - // Classic CephContext - int r = cct->_conf.get_val("migration_inline_key", &mig_key); - #endif - - if (r == 0 && !mig_key.empty()) { - ldout(cct, 0) << "RotatingKeyRing::get_secret: using migration_inline_key override" - << dendl; - - ceph::buffer::ptr bp = ceph::buffer::copy(mig_key.data(), mig_key.size()); - secret = CryptoKey(CEPH_CRYPTO_AES, utime_t(), bp); - return true; - } - - // 2. Normal behavior +{ std::lock_guard l{lock}; return keyring && keyring->get_secret(name, secret); } diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc index 968258502ab..781e4e62a61 100644 --- a/src/auth/cephx/CephxClientHandler.cc +++ b/src/auth/cephx/CephxClientHandler.cc @@ -42,7 +42,8 @@ void CephxClientHandler::reset() int CephxClientHandler::build_request(bufferlist& bl) const { - ldout(cct, 10) << "build_request" << dendl; +ldout(cct, 1) << "AUTH: CephxClientHandler::build_request " + << "entity=" << name << " cct=" << cct << dendl; if (need & CEPH_ENTITY_TYPE_AUTH) { /* authenticate */ diff --git a/src/librbd/migration/NativeFormat.cc b/src/librbd/migration/NativeFormat.cc index a681c7c252e..74146b500d0 100644 --- a/src/librbd/migration/NativeFormat.cc +++ b/src/librbd/migration/NativeFormat.cc @@ -10,6 +10,9 @@ #include "librbd/ImageCtx.h" #include "json_spirit/json_spirit.h" #include "boost/lexical_cast.hpp" +//#include "auth/RotatingKeyRing.h" +//#include "common/ceph_context.h" +//#include "auth/CryptoKey.h" #define dout_subsys ceph_subsys_rbd #undef dout_prefix @@ -57,6 +60,26 @@ bool NativeFormat::is_source_spec( it->second.type() == json_spirit::str_type && it->second.get_str() == "native"; } +static int get_config_key(librados::Rados& rados, const std::string& key, + std::string* value) { + std::string cmd = + "{" + "\"prefix\": \"config-key get\", " + "\"key\": \"" + key + "\"" + "}"; + + bufferlist out_bl; + + int r = rados.mon_command(std::move(cmd), {}, &out_bl, nullptr); + if (r == -EINVAL) { + return -EOPNOTSUPP; + } else if (r < 0 && r != -ENOENT) { + return r; + } + + *value = out_bl.to_str(); + return 0; +} template int NativeFormat::create_image_ctx( @@ -225,7 +248,26 @@ int NativeFormat::create_image_ctx( lderr(cct) << "failed to set remote client name" << dendl; return -EINVAL; } - + std::string fsid; + std::string mon_host; + bool key_found = false; + std::string mig_key; + //auto keyring = std::make_shared(); + auto it_fsid = source_spec_object.find("source_cluster_fsid"); + if (it_fsid != source_spec_object.end()) { + fsid = it_fsid->second.get_str(); + mon_host = source_spec_object.at("mon_host").get_str(); + ldout(cct, 5) << "open image ctx: found fsid in source spec " << fsid << dendl; + librados::Rados dest_rados(dst_io_ctx); + r = get_config_key(dest_rados, "migration/fsid/" + fsid, &mig_key); + if (r < 0) { + lderr(cct) << "failed to fetch secret key from the monitor: " << dendl; + } else { + key_found = true; + ldout(cct, 5) << " get value by key " << fsid <<" got "<< mig_key << dendl; + } + } + //setenv("CEPH_ARGS", "--auth_supported=cephx", 1); auto remote_cct = common_preinit(iparams, CODE_ENVIRONMENT_LIBRARY, 0); auto put_remote_cct = make_scope_guard([remote_cct] { remote_cct->put(); }); @@ -241,13 +283,20 @@ int NativeFormat::create_image_ctx( << cpp_strerror(r) << dendl; return r; } - + // 4. Replace the CephContext’s keyfile and key + if (key_found) { + r = remote_cct->_conf.set_val("key", mig_key); + ldout(cct, 5) << " set val key " << mig_key << " res " << r << dendl; + //remote_cct->_conf.get_val("key"); + r = remote_cct->_conf.set_val("keyfile", ""); + ldout(cct, 5) << " set val keyfile res " << r << dendl; + } + //remote_cct->_conf.set_val("auth_supported", "cephx"); remote_cct->_conf.apply_changes(nullptr); - rados_ptr.reset(new librados::Rados()); r = rados_ptr->init_with_context(remote_cct); ceph_assert(r == 0); - + ldout(cct, 5) << "going to connect to remote cluster" <connect(); if (r < 0) { lderr(cct) << "failed to connect to remote cluster: " << cpp_strerror(r) diff --git a/src/librbd/migration/OpenSourceImageRequest.cc b/src/librbd/migration/OpenSourceImageRequest.cc index b71b3450374..6d1d69c6dc4 100644 --- a/src/librbd/migration/OpenSourceImageRequest.cc +++ b/src/librbd/migration/OpenSourceImageRequest.cc @@ -22,27 +22,6 @@ namespace librbd { namespace migration { - static int get_config_key(librados::Rados& rados, const std::string& key, - std::string* value) { - std::string cmd = - "{" - "\"prefix\": \"config-key get\", " - "\"key\": \"" + key + "\"" - "}"; - - bufferlist out_bl; - - int r = rados.mon_command(std::move(cmd), {}, &out_bl, nullptr); - if (r == -EINVAL) { - return -EOPNOTSUPP; - } else if (r < 0 && r != -ENOENT) { - return r; - } - - *value = out_bl.to_str(); - return 0; -} - template OpenSourceImageRequest::OpenSourceImageRequest( librados::IoCtx& dst_io_ctx, I* dst_image_ctx, uint64_t src_snap_id, @@ -102,35 +81,7 @@ template void OpenSourceImageRequest::open_native( const json_spirit::mObject& source_spec_object, bool import_only) { ldout(m_cct, 10) << dendl; - std::string fsid; - std::string mon_host; int r; - auto it_fsid = source_spec_object.find("source_cluster_fsid"); - if (it_fsid != source_spec_object.end()) { - fsid = it_fsid->second.get_str(); - mon_host = source_spec_object.at("mon_host").get_str(); - ldout(m_cct, 5) << "open_native: found fsid in source spec " << fsid << dendl; - librados::Rados dest_rados(m_dst_io_ctx); - std::string value; - - r = get_config_key(dest_rados, "migration/fsid/" + fsid, &value); - if (r < 0) { - lderr(m_cct) << "failed to fetch secret key from the monitor: " << dendl; - } else { - ldout(m_cct, 5) << " get value by key " << fsid <<" got "<< value << dendl; - CephContext* cct = (CephContext*)m_dst_io_ctx.cct(); - // value = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; - r = cct->_conf.set_val("migration_inline_key", value); - lderr(m_cct) << "migration_inline_key set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - cct->_conf.apply_changes(nullptr); //r = cct->_conf.set_val("fsid", fsid); - - /* ldout(m_cct, 5) << "Verifying overridden config:" - << " mon_host=" << cct->_conf.get_val("mon_host") - << " key=" << cct->_conf.get_val("key") - << " fsid=" << cct->_conf.get_val("fsid") - << dendl;*/ - } - } r = NativeFormat::create_image_ctx(m_dst_io_ctx, source_spec_object, import_only, m_src_snap_id, m_src_image_ctx, m_src_rados);