From: Leonid Chernin Date: Fri, 20 Feb 2026 08:04:00 +0000 (+0200) Subject: migration: take key from spec and store in KV X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f434e38ca7c5a121a1b7070624353ff5fda0ccf5;p=ceph-ci.git migration: take key from spec and store in KV take fsid, mon_host from the spec ignore source keyring,source ceph.conf Signed-off-by: Leonid Chernin --- diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc index 008c9c19c34..3eefe6ad3dc 100644 --- a/src/auth/KeyRing.cc +++ b/src/auth/KeyRing.cc @@ -44,7 +44,7 @@ int KeyRing::from_ceph_context(CephContext *cct) { const auto& conf = cct->_conf; string filename; - + lderr(cct) << "keyring from ceph context " << dendl; int ret = ceph_resolve_file_search(conf->keyring, filename); if (!ret) { ret = load(cct, filename); diff --git a/src/common/options/global.yaml.in b/src/common/options/global.yaml.in index 035d8134685..245342f79ee 100644 --- a/src/common/options/global.yaml.in +++ b/src/common/options/global.yaml.in @@ -169,6 +169,18 @@ options: flags: - no_mon_update - startup +- name: migration_inline_key + type: str + level: advanced + default: 10.10.10.10 + desc: Inline cephx key for migration source cluster + long_desc: > + Allows librbd migration to authenticate to a source cluster using a cephx + key provided in the migration spec. Disabled unless explicitly set. + flags: + - runtime + services: + - common - name: mon_host_override type: str level: advanced diff --git a/src/librbd/api/Migration.cc b/src/librbd/api/Migration.cc index 7ceefd2282b..ba8826c7c6a 100644 --- a/src/librbd/api/Migration.cc +++ b/src/librbd/api/Migration.cc @@ -39,7 +39,7 @@ #include "librbd/migration/NativeFormat.h" #include "librbd/mirror/DisableRequest.h" #include "librbd/mirror/EnableRequest.h" -//#include + #include #include // for std::shared_lock diff --git a/src/librbd/migration/NativeFormat.cc b/src/librbd/migration/NativeFormat.cc index a681c7c252e..765557b9581 100644 --- a/src/librbd/migration/NativeFormat.cc +++ b/src/librbd/migration/NativeFormat.cc @@ -57,6 +57,26 @@ bool NativeFormat::is_source_spec( it->second.type() == json_spirit::str_type && it->second.get_str() == "native"; } +static int get_config_key(librados::Rados& rados, const std::string& key, + std::string* value) { + std::string cmd = + "{" + "\"prefix\": \"config-key get\", " + "\"key\": \"" + key + "\"" + "}"; + + bufferlist out_bl; + + int r = rados.mon_command(std::move(cmd), {}, &out_bl, nullptr); + if (r == -EINVAL) { + return -EOPNOTSUPP; + } else if (r < 0 && r != -ENOENT) { + return r; + } + + *value = out_bl.to_str(); + return 0; +} template int NativeFormat::create_image_ctx( @@ -225,6 +245,25 @@ int NativeFormat::create_image_ctx( lderr(cct) << "failed to set remote client name" << dendl; return -EINVAL; } + std::string fsid; + std::string mon_host; + bool key_found = false; + std::string mig_key; + //auto keyring = std::make_shared(); + auto it_fsid = source_spec_object.find("source_cluster_fsid"); + if (it_fsid != source_spec_object.end()) { + fsid = it_fsid->second.get_str(); + mon_host = source_spec_object.at("mon_host").get_str(); + ldout(cct, 5) << "open image ctx: found fsid in source spec " << fsid << dendl; + librados::Rados dest_rados(dst_io_ctx); + r = get_config_key(dest_rados, "migration/fsid/" + fsid, &mig_key); + if (r < 0) { + lderr(cct) << "failed to fetch secret key from the monitor: " << dendl; + } else { + key_found = true; + ldout(cct, 5) << " get value by key " << fsid <<" got "<< mig_key << dendl; + } + } auto remote_cct = common_preinit(iparams, CODE_ENVIRONMENT_LIBRARY, 0); auto put_remote_cct = make_scope_guard([remote_cct] { remote_cct->put(); }); @@ -241,13 +280,21 @@ int NativeFormat::create_image_ctx( << cpp_strerror(r) << dendl; return r; } - + // 4. Replace the CephContext’s keyfile and key + if (key_found) { + r = remote_cct->_conf.set_val("key", mig_key); + ldout(cct, 5) << " set val key " << mig_key << " res " << r << dendl; + //remote_cct->_conf.get_val("key"); + r = remote_cct->_conf.set_val("keyfile", ""); + ldout(cct, 5) << " set val keyfile res " << r << dendl; + r = remote_cct->_conf.set_val("mon_host", mon_host); + ldout(cct, 5) << " set val mon_host " << mon_host << " res " << r << dendl; + } remote_cct->_conf.apply_changes(nullptr); - rados_ptr.reset(new librados::Rados()); r = rados_ptr->init_with_context(remote_cct); ceph_assert(r == 0); - + ldout(cct, 5) << "going to connect to remote cluster" <connect(); if (r < 0) { lderr(cct) << "failed to connect to remote cluster: " << cpp_strerror(r) diff --git a/src/librbd/migration/OpenSourceImageRequest.cc b/src/librbd/migration/OpenSourceImageRequest.cc index e9f8c08a5ba..3288a813e9f 100644 --- a/src/librbd/migration/OpenSourceImageRequest.cc +++ b/src/librbd/migration/OpenSourceImageRequest.cc @@ -22,27 +22,6 @@ namespace librbd { namespace migration { - static int get_config_key(librados::Rados& rados, const std::string& key, - std::string* value) { - std::string cmd = - "{" - "\"prefix\": \"config-key get\", " - "\"key\": \"" + key + "\"" - "}"; - - bufferlist out_bl; - - int r = rados.mon_command(std::move(cmd), {}, &out_bl, nullptr); - if (r == -EINVAL) { - return -EOPNOTSUPP; - } else if (r < 0 && r != -ENOENT) { - return r; - } - - *value = out_bl.to_str(); - return 0; -} - template OpenSourceImageRequest::OpenSourceImageRequest( librados::IoCtx& dst_io_ctx, I* dst_image_ctx, uint64_t src_snap_id, @@ -91,58 +70,12 @@ void OpenSourceImageRequest::send() { } } -template -int OpenSourceImageRequest::inject_remote_cluster_creds( - CephContext* src_cct, const std::string& mon_host, - const std::string& fsid, const std::string& secret_key) { - return 0; -} - template void OpenSourceImageRequest::open_native( const json_spirit::mObject& source_spec_object, bool import_only) { ldout(m_cct, 10) << dendl; - std::string fsid; - std::string mon_host; - int r; - auto it_fsid = source_spec_object.find("source_cluster_fsid"); - if (it_fsid != source_spec_object.end()) { - fsid = it_fsid->second.get_str(); - mon_host = source_spec_object.at("mon_host").get_str(); - ldout(m_cct, 5) << "open_native: found fsid in source spec " << fsid << dendl; - librados::Rados dest_rados(m_dst_io_ctx); - std::string value; - - r = get_config_key(dest_rados, "migration/fsid/" + fsid, &value); - if (r < 0) { - lderr(m_cct) << "failed to fetch secret key from the monitor: " << dendl; - } else { - ldout(m_cct, 5) << " get value by key " << fsid <<" got "<< value << dendl; - CephContext* cct = (CephContext*)m_dst_io_ctx.cct(); - //CephContext* cct = m_dst_io_ctx.cct(); - ldout(m_cct, 5) << " here " << dendl; - r = cct->_conf.set_val("mon_host", mon_host); - ldout(m_cct, 5) << " here1 " << r << dendl; - lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - - r = cct->_conf.set_val("key", value); - ldout(m_cct, 5) << " here2 "<< r << dendl; - lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - - r = cct->_conf.set_val("fsid", fsid); - ldout(m_cct, 5) << " here3 "<< r << dendl; - lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - -return; - ldout(m_cct, 5) << "Verifying overridden config:" - << " mon_host=" << cct->_conf.get_val("mon_host") - << " key=" << cct->_conf.get_val("key") - << " fsid=" << cct->_conf.get_val("fsid") - << dendl; - } - } - ldout(m_cct, 5) << " here4 " << dendl; - r = NativeFormat::create_image_ctx(m_dst_io_ctx, source_spec_object, + + int r = NativeFormat::create_image_ctx(m_dst_io_ctx, source_spec_object, import_only, m_src_snap_id, m_src_image_ctx, m_src_rados); if (r < 0) { @@ -151,6 +84,7 @@ return; finish(r); return; } + auto src_image_ctx = *m_src_image_ctx; src_image_ctx->child = m_dst_image_ctx;