From 0c10f905224915026bd679e3240ef1726816fd6f Mon Sep 17 00:00:00 2001 From: Leonid Chernin Date: Fri, 20 Feb 2026 10:04:00 +0200 Subject: [PATCH] fixing set key to the context-conf none - 1 Signed-off-by: Leonid Chernin --- src/auth/RotatingKeyRing.cc | 16 +++++++++++++++- src/common/options/global.yaml.in | 12 ++++++++++++ src/librbd/migration/OpenSourceImageRequest.cc | 18 ++++-------------- 3 files changed, 31 insertions(+), 15 deletions(-) diff --git a/src/auth/RotatingKeyRing.cc b/src/auth/RotatingKeyRing.cc index 4bc6af6adca..dcd5c970a1e 100644 --- a/src/auth/RotatingKeyRing.cc +++ b/src/auth/RotatingKeyRing.cc @@ -39,8 +39,22 @@ void RotatingKeyRing::dump_rotating() const bool RotatingKeyRing::get_secret(const EntityName& name, CryptoKey& secret) const { + // 1. Migration override + std::string mig_key; + int r = cct->_conf.get_val("migration_inline_key", &mig_key); + if (r == 0 && !mig_key.empty()) { + ldout(cct, 5) << "RotatingKeyRing::get_secret: using migration_inline_key override" + << dendl; + // Convert string to buffer::ptr + ceph::buffer::ptr bp = ceph::buffer::copy(mig_key.data(), mig_key.size()); + // Build a key from the inline string + secret = CryptoKey(CEPH_CRYPTO_AES, utime_t(), bp); + return true; + } + + // 2. Normal behavior std::lock_guard l{lock}; - return keyring->get_secret(name, secret); + return keyring && keyring->get_secret(name, secret); } bool RotatingKeyRing::get_service_secret(uint32_t service_id_, uint64_t secret_id, diff --git a/src/common/options/global.yaml.in b/src/common/options/global.yaml.in index f3ebf1b1a8e..0ff1bc0e4ec 100644 --- a/src/common/options/global.yaml.in +++ b/src/common/options/global.yaml.in @@ -169,6 +169,18 @@ options: flags: - no_mon_update - startup +- name: migration_inline_key + type: str + level: advanced + default: 10.10.10.10 + desc: Inline cephx key for migration source cluster + long_desc: > + Allows librbd migration to authenticate to a source cluster using a cephx + key provided in the migration spec. Disabled unless explicitly set. + flags: + - runtime + services: + - common - name: mon_host_override type: str level: advanced diff --git a/src/librbd/migration/OpenSourceImageRequest.cc b/src/librbd/migration/OpenSourceImageRequest.cc index e9f8c08a5ba..c7042e74787 100644 --- a/src/librbd/migration/OpenSourceImageRequest.cc +++ b/src/librbd/migration/OpenSourceImageRequest.cc @@ -119,26 +119,16 @@ void OpenSourceImageRequest::open_native( } else { ldout(m_cct, 5) << " get value by key " << fsid <<" got "<< value << dendl; CephContext* cct = (CephContext*)m_dst_io_ctx.cct(); - //CephContext* cct = m_dst_io_ctx.cct(); - ldout(m_cct, 5) << " here " << dendl; - r = cct->_conf.set_val("mon_host", mon_host); - ldout(m_cct, 5) << " here1 " << r << dendl; - lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - - r = cct->_conf.set_val("key", value); - ldout(m_cct, 5) << " here2 "<< r << dendl; - lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; - r = cct->_conf.set_val("fsid", fsid); - ldout(m_cct, 5) << " here3 "<< r << dendl; + r = cct->_conf.set_val("migration_inline_key", value); lderr(m_cct) << "set_val returned: " << r << " (" << cpp_strerror(r) << ")" << dendl; + cct->_conf.apply_changes(nullptr); //r = cct->_conf.set_val("fsid", fsid); -return; - ldout(m_cct, 5) << "Verifying overridden config:" + /* ldout(m_cct, 5) << "Verifying overridden config:" << " mon_host=" << cct->_conf.get_val("mon_host") << " key=" << cct->_conf.get_val("key") << " fsid=" << cct->_conf.get_val("fsid") - << dendl; + << dendl;*/ } } ldout(m_cct, 5) << " here4 " << dendl; -- 2.47.3