External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

Utilize virDomainDiskAuth for storage pools

Browse Source 
Replace the authType, chap, and cephx unions in virStoragePoolSource
with a single pointer to a virStorageAuthDefPtr.  Adjust all users of
the previous chap/cephx and secret unions with the source->auth data.
This commit is contained in:
John Ferlan 2014-06-26 08:18:09 -04:00
parent f1aa00b4e7
commit 97e3397cde
5 changed files with 80 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
src/conf/storage_conf.c
View File

@ -44,9 +44,12 @@
#include "viralloc.h"
#include "virfile.h"
#include "virstring.h"
#include "virlog.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
VIR_LOG_INIT("conf.storage_conf");
#define DEFAULT_POOL_PERM_MODE 0755
#define DEFAULT_VOL_PERM_MODE 0600
@ -98,10 +101,6 @@ VIR_ENUM_IMPL(virStoragePoolSourceAdapter,
VIR_STORAGE_POOL_SOURCE_ADAPTER_TYPE_LAST,
"default", "scsi_host", "fc_host")
VIR_ENUM_IMPL(virStoragePoolAuth,
VIR_STORAGE_POOL_AUTH_LAST,
"none", "chap", "ceph")
typedef const char *(*virStorageVolFormatToString)(int format);
typedef int (*virStorageVolFormatFromString)(const char *format);
typedef const char *(*virStorageVolFeatureToString)(int feature);
@ -376,18 +375,9 @@ virStoragePoolSourceClear(virStoragePoolSourcePtr source)
VIR_FREE(source->name);
virStoragePoolSourceAdapterClear(source->adapter);
VIR_FREE(source->initiator.iqn);
virStorageAuthDefFree(source->auth);
VIR_FREE(source->vendor);
VIR_FREE(source->product);
if (source->authType == VIR_STORAGE_POOL_AUTH_CHAP) {
VIR_FREE(source->auth.chap.username);
VIR_FREE(source->auth.chap.secret.usage);
}
if (source->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
VIR_FREE(source->auth.cephx.username);
VIR_FREE(source->auth.cephx.secret.usage);
}
}
void
@ -463,96 +453,6 @@ virStoragePoolObjRemove(virStoragePoolObjListPtr pools,
}
}
static int
virStoragePoolDefParseAuthSecret(xmlXPathContextPtr ctxt,
virStoragePoolAuthSecretPtr secret)
{
char *uuid = NULL;
int ret = -1;
uuid = virXPathString("string(./auth/secret/@uuid)", ctxt);
secret->usage = virXPathString("string(./auth/secret/@usage)", ctxt);
if (uuid == NULL && secret->usage == NULL) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("missing auth secret uuid or usage attribute"));
return -1;
}
if (uuid != NULL) {
if (secret->usage != NULL) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("either auth secret uuid or usage expected"));
goto cleanup;
}
if (virUUIDParse(uuid, secret->uuid) < 0) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("invalid auth secret uuid"));
goto cleanup;
}
secret->uuidUsable = true;
} else {
secret->uuidUsable = false;
}
ret = 0;
cleanup:
VIR_FREE(uuid);
return ret;
}
static int
virStoragePoolDefParseAuth(xmlXPathContextPtr ctxt,
virStoragePoolSourcePtr source)
{
int ret = -1;
char *authType = NULL;
char *username = NULL;
authType = virXPathString("string(./auth/@type)", ctxt);
if (authType == NULL) {
source->authType = VIR_STORAGE_POOL_AUTH_NONE;
ret = 0;
goto cleanup;
}
if ((source->authType =
virStoragePoolAuthTypeFromString(authType)) < 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("unknown auth type '%s'"),
authType);
goto cleanup;
}
username = virXPathString("string(./auth/@username)", ctxt);
if (username == NULL) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("missing auth username attribute"));
goto cleanup;
}
if (source->authType == VIR_STORAGE_POOL_AUTH_CHAP) {
source->auth.chap.username = username;
username = NULL;
if (virStoragePoolDefParseAuthSecret(ctxt,
&source->auth.chap.secret) < 0)
goto cleanup;
}
else if (source->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
source->auth.cephx.username = username;
username = NULL;
if (virStoragePoolDefParseAuthSecret(ctxt,
&source->auth.cephx.secret) < 0)
goto cleanup;
}
ret = 0;
cleanup:
VIR_FREE(authType);
VIR_FREE(username);
return ret;
}
static int
virStoragePoolDefParseSource(xmlXPathContextPtr ctxt,
virStoragePoolSourcePtr source,
@ -560,10 +460,11 @@ virStoragePoolDefParseSource(xmlXPathContextPtr ctxt,
xmlNodePtr node)
{
int ret = -1;
xmlNodePtr relnode, *nodeset = NULL;
xmlNodePtr relnode, authnode, *nodeset = NULL;
int nsource;
size_t i;
virStoragePoolOptionsPtr options;
virStorageAuthDefPtr authdef = NULL;
char *name = NULL;
char *port = NULL;
char *adapter_type = NULL;
@ -707,8 +608,18 @@ virStoragePoolDefParseSource(xmlXPathContextPtr ctxt,
VIR_STORAGE_POOL_SOURCE_ADAPTER_TYPE_SCSI_HOST;
}
if (virStoragePoolDefParseAuth(ctxt, source) < 0)
goto cleanup;
if ((authnode = virXPathNode("./auth", ctxt))) {
if (!(authdef = virStorageAuthDefParse(node->doc, authnode)))
goto cleanup;
if (authdef->authType == VIR_STORAGE_AUTH_TYPE_NONE) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("storage pool missing auth type"));
goto cleanup;
}
source->auth = authdef;
}
source->vendor = virXPathString("string(./vendor/@name)", ctxt);
source->product = virXPathString("string(./product/@name)", ctxt);
@ -1059,7 +970,6 @@ virStoragePoolSourceFormat(virBufferPtr buf,
virStoragePoolSourcePtr src)
{
size_t i, j;
char uuid[VIR_UUID_STRING_BUFLEN];
virBufferAddLit(buf, "<source>\n");
virBufferAdjustIndent(buf, 2);
@ -1140,29 +1050,9 @@ virStoragePoolSourceFormat(virBufferPtr buf,
virBufferAsprintf(buf, "<format type='%s'/>\n", format);
}
if (src->authType == VIR_STORAGE_POOL_AUTH_CHAP ||
src->authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
virBufferAsprintf(buf, "<auth type='%s' ",
virStoragePoolAuthTypeToString(src->authType));
virBufferEscapeString(buf, "username='%s'>\n",
(src->authType == VIR_STORAGE_POOL_AUTH_CHAP ?
src->auth.chap.username :
src->auth.cephx.username));
virBufferAdjustIndent(buf, 2);
virBufferAddLit(buf, "<secret");
if (src->auth.cephx.secret.uuidUsable) {
virUUIDFormat(src->auth.cephx.secret.uuid, uuid);
virBufferAsprintf(buf, " uuid='%s'", uuid);
}
if (src->auth.cephx.secret.usage != NULL) {
virBufferAsprintf(buf, " usage='%s'", src->auth.cephx.secret.usage);
}
virBufferAddLit(buf, "/>\n");
virBufferAdjustIndent(buf, -2);
virBufferAddLit(buf, "</auth>\n");
if (src->auth) {
if (virStorageAuthDefFormat(buf, src->auth) < 0)
return -1;
}
virBufferEscapeString(buf, "<vendor name='%s'/>\n", src->vendor);

38
src/conf/storage_conf.h
View File

@ -106,37 +106,6 @@ typedef enum {
} virStoragePoolDeviceType;
typedef enum {
VIR_STORAGE_POOL_AUTH_NONE,
VIR_STORAGE_POOL_AUTH_CHAP,
VIR_STORAGE_POOL_AUTH_CEPHX,
VIR_STORAGE_POOL_AUTH_LAST,
} virStoragePoolAuthType;
VIR_ENUM_DECL(virStoragePoolAuth)
typedef struct _virStoragePoolAuthSecret virStoragePoolAuthSecret;
typedef virStoragePoolAuthSecret *virStoragePoolAuthSecretPtr;
struct _virStoragePoolAuthSecret {
unsigned char uuid[VIR_UUID_BUFLEN];
char *usage;
bool uuidUsable;
};
typedef struct _virStoragePoolAuthChap virStoragePoolAuthChap;
typedef virStoragePoolAuthChap *virStoragePoolAuthChapPtr;
struct _virStoragePoolAuthChap {
char *username;
virStoragePoolAuthSecret secret;
};
typedef struct _virStoragePoolAuthCephx virStoragePoolAuthCephx;
typedef virStoragePoolAuthCephx *virStoragePoolAuthCephxPtr;
struct _virStoragePoolAuthCephx {
char *username;
virStoragePoolAuthSecret secret;
};
/*
* For remote pools, info on how to reach the host
*/
@ -243,11 +212,8 @@ struct _virStoragePoolSource {
/* Initiator IQN */
virStoragePoolSourceInitiatorAttr initiator;
int authType; /* virStoragePoolAuthType */
union {
virStoragePoolAuthChap chap;
virStoragePoolAuthCephx cephx;
} auth;
/* Authentication information */
virStorageAuthDefPtr auth;
/* Vendor of the source */
char *vendor;

46
src/qemu/qemu_conf.c
View File

@ -1211,54 +1211,18 @@ qemuAddISCSIPoolSourceHost(virDomainDiskDefPtr def,
static int
qemuTranslateDiskSourcePoolAuth(virDomainDiskDefPtr def,
virStoragePoolDefPtr pooldef)
virStoragePoolSourcePtr source)
{
int ret = -1;
virStorageAuthDefPtr authdef;
/* Only necessary when authentication set */
if (pooldef->source.authType == VIR_STORAGE_POOL_AUTH_NONE) {
if (!source->auth) {
ret = 0;
goto cleanup;
}
if (VIR_ALLOC(def->src->auth) < 0)
def->src->auth = virStorageAuthDefCopy(source->auth);
if (!def->src->auth)
goto cleanup;
authdef = def->src->auth;
/* Copy the authentication information from the storage pool
* into the virDomainDiskDef
*/
if (pooldef->source.authType == VIR_STORAGE_POOL_AUTH_CHAP) {
if (VIR_STRDUP(authdef->username,
pooldef->source.auth.chap.username) < 0)
goto cleanup;
if (pooldef->source.auth.chap.secret.uuidUsable) {
authdef->secretType = VIR_STORAGE_SECRET_TYPE_UUID;
memcpy(authdef->secret.uuid,
pooldef->source.auth.chap.secret.uuid,
VIR_UUID_BUFLEN);
} else {
if (VIR_STRDUP(authdef->secret.usage,
pooldef->source.auth.chap.secret.usage) < 0)
goto cleanup;
authdef->secretType = VIR_STORAGE_SECRET_TYPE_USAGE;
}
} else if (pooldef->source.authType == VIR_STORAGE_POOL_AUTH_CEPHX) {
if (VIR_STRDUP(authdef->username,
pooldef->source.auth.cephx.username) < 0)
goto cleanup;
if (pooldef->source.auth.cephx.secret.uuidUsable) {
authdef->secretType = VIR_STORAGE_SECRET_TYPE_UUID;
memcpy(authdef->secret.uuid,
pooldef->source.auth.cephx.secret.uuid,
VIR_UUID_BUFLEN);
} else {
if (VIR_STRDUP(authdef->secret.usage,
pooldef->source.auth.cephx.secret.usage) < 0)
goto cleanup;
authdef->secretType = VIR_STORAGE_SECRET_TYPE_USAGE;
}
}
ret = 0;
cleanup:
@ -1387,7 +1351,7 @@ qemuTranslateDiskSourcePool(virConnectPtr conn,
def->src->srcpool->actualtype = VIR_STORAGE_TYPE_NETWORK;
def->src->protocol = VIR_STORAGE_NET_PROTOCOL_ISCSI;
if (qemuTranslateDiskSourcePoolAuth(def, pooldef) < 0)
if (qemuTranslateDiskSourcePoolAuth(def, &pooldef->source) < 0)
goto cleanup;
if (qemuAddISCSIPoolSourceHost(def, pooldef) < 0)

41
src/storage/storage_backend_iscsi.c
View File

@ -278,18 +278,20 @@ virStorageBackendISCSICheckPool(virConnectPtr conn ATTRIBUTE_UNUSED,
static int
virStorageBackendISCSISetAuth(const char *portal,
virConnectPtr conn,
virStoragePoolDefPtr def)
virStoragePoolSourcePtr source)
{
virSecretPtr secret = NULL;
unsigned char *secret_value = NULL;
virStoragePoolAuthChap chap;
virStorageAuthDefPtr authdef = source->auth;
int ret = -1;
char uuidStr[VIR_UUID_STRING_BUFLEN];
if (def->source.authType == VIR_STORAGE_POOL_AUTH_NONE)
if (!authdef || authdef->authType == VIR_STORAGE_AUTH_TYPE_NONE)
return 0;
if (def->source.authType != VIR_STORAGE_POOL_AUTH_CHAP) {
VIR_DEBUG("username='%s' authType=%d secretType=%d",
authdef->username, authdef->authType, authdef->secretType);
if (authdef->authType != VIR_STORAGE_AUTH_TYPE_CHAP) {
virReportError(VIR_ERR_XML_ERROR, "%s",
_("iscsi pool only supports 'chap' auth type"));
return -1;
@ -302,12 +304,11 @@ virStorageBackendISCSISetAuth(const char *portal,
return -1;
}
chap = def->source.auth.chap;
if (chap.secret.uuidUsable)
secret = virSecretLookupByUUID(conn, chap.secret.uuid);
if (authdef->secretType == VIR_STORAGE_SECRET_TYPE_UUID)
secret = virSecretLookupByUUID(conn, authdef->secret.uuid);
else
secret = virSecretLookupByUsage(conn, VIR_SECRET_USAGE_TYPE_ISCSI,
chap.secret.usage);
authdef->secret.usage);
if (secret) {
size_t secret_size;
@ -315,44 +316,44 @@ virStorageBackendISCSISetAuth(const char *portal,
conn->secretDriver->secretGetValue(secret, &secret_size, 0,
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
if (!secret_value) {
if (chap.secret.uuidUsable) {
virUUIDFormat(chap.secret.uuid, uuidStr);
if (authdef->secretType == VIR_STORAGE_SECRET_TYPE_UUID) {
virUUIDFormat(authdef->secret.uuid, uuidStr);
virReportError(VIR_ERR_INTERNAL_ERROR,
_("could not get the value of the secret "
"for username %s using uuid '%s'"),
chap.username, uuidStr);
authdef->username, uuidStr);
} else {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("could not get the value of the secret "
"for username %s using usage value '%s'"),
chap.username, chap.secret.usage);
authdef->username, authdef->secret.usage);
}
goto cleanup;
}
} else {
if (chap.secret.uuidUsable) {
virUUIDFormat(chap.secret.uuid, uuidStr);
if (authdef->secretType == VIR_STORAGE_SECRET_TYPE_UUID) {
virUUIDFormat(authdef->secret.uuid, uuidStr);
virReportError(VIR_ERR_NO_SECRET,
_("no secret matches uuid '%s'"),
uuidStr);
} else {
virReportError(VIR_ERR_NO_SECRET,
_("no secret matches usage value '%s'"),
chap.secret.usage);
authdef->secret.usage);
}
goto cleanup;
}
if (virISCSINodeUpdate(portal,
def->source.devices[0].path,
source->devices[0].path,
"node.session.auth.authmethod",
"CHAP") < 0 ||
virISCSINodeUpdate(portal,
def->source.devices[0].path,
source->devices[0].path,
"node.session.auth.username",
chap.username) < 0 ||
authdef->username) < 0 ||
virISCSINodeUpdate(portal,
def->source.devices[0].path,
source->devices[0].path,
"node.session.auth.password",
(const char *)secret_value) < 0)
goto cleanup;
@ -404,7 +405,7 @@ virStorageBackendISCSIStartPool(virConnectPtr conn,
NULL, NULL) < 0)
goto cleanup;
if (virStorageBackendISCSISetAuth(portal, conn, pool->def) < 0)
if (virStorageBackendISCSISetAuth(portal, conn, &pool->def->source) < 0)
goto cleanup;
if (virISCSIConnectionLogin(portal,

65
src/storage/storage_backend_rbd.c
View File

@ -50,10 +50,11 @@ typedef virStorageBackendRBDState *virStorageBackendRBDStatePtr;
static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr,
virConnectPtr conn,
virStoragePoolObjPtr pool)
virStoragePoolSourcePtr source)
{
int ret = -1;
int r = 0;
virStorageAuthDefPtr authdef = source->auth;
unsigned char *secret_value = NULL;
size_t secret_value_size;
char *rados_key = NULL;
@ -66,12 +67,9 @@ static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr,
const char *mon_op_timeout = "30";
const char *osd_op_timeout = "30";
VIR_DEBUG("Found Cephx username: %s",
pool->def->source.auth.cephx.username);
if (pool->def->source.auth.cephx.username != NULL) {
VIR_DEBUG("Using cephx authorization");
r = rados_create(&ptr->cluster, pool->def->source.auth.cephx.username);
if (authdef) {
VIR_DEBUG("Using cephx authorization, username: %s", authdef->username);
r = rados_create(&ptr->cluster, authdef->username);
if (r < 0) {
virReportSystemError(-r, "%s", _("failed to initialize RADOS"));
goto cleanup;
@ -84,46 +82,45 @@ static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr,
return -1;
}
if (pool->def->source.auth.cephx.secret.uuidUsable) {
virUUIDFormat(pool->def->source.auth.cephx.secret.uuid, secretUuid);
if (authdef->secretType == VIR_STORAGE_SECRET_TYPE_UUID) {
virUUIDFormat(authdef->secret.uuid, secretUuid);
VIR_DEBUG("Looking up secret by UUID: %s", secretUuid);
secret = virSecretLookupByUUIDString(conn, secretUuid);
} else if (pool->def->source.auth.cephx.secret.usage != NULL) {
} else if (authdef->secret.usage != NULL) {
VIR_DEBUG("Looking up secret by usage: %s",
pool->def->source.auth.cephx.secret.usage);
authdef->secret.usage);
secret = virSecretLookupByUsage(conn, VIR_SECRET_USAGE_TYPE_CEPH,
pool->def->source.auth.cephx.secret.usage);
authdef->secret.usage);
}
if (secret == NULL) {
if (pool->def->source.auth.cephx.secret.uuidUsable) {
if (authdef->secretType == VIR_STORAGE_SECRET_TYPE_UUID) {
virReportError(VIR_ERR_NO_SECRET,
_("no secret matches uuid '%s'"),
secretUuid);
} else {
virReportError(VIR_ERR_NO_SECRET,
_("no secret matches usage value '%s'"),
pool->def->source.auth.cephx.secret.usage);
authdef->secret.usage);
}
goto cleanup;
}
secret_value = conn->secretDriver->secretGetValue(secret, &secret_value_size, 0,
secret_value = conn->secretDriver->secretGetValue(secret,
&secret_value_size, 0,
VIR_SECRET_GET_VALUE_INTERNAL_CALL);
if (!secret_value) {
if (pool->def->source.auth.cephx.secret.uuidUsable) {
if (authdef->secretType == VIR_STORAGE_SECRET_TYPE_UUID) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("could not get the value of the secret "
"for username '%s' using uuid '%s'"),
pool->def->source.auth.cephx.username,
secretUuid);
authdef->username, secretUuid);
} else {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("could not get the value of the secret "
"for username '%s' using usage value '%s'"),
pool->def->source.auth.cephx.username,
pool->def->source.auth.cephx.secret.usage);
authdef->username, authdef->secret.usage);
}
goto cleanup;
}
@ -170,18 +167,18 @@ static int virStorageBackendRBDOpenRADOSConn(virStorageBackendRBDStatePtr ptr,
}
VIR_DEBUG("Found %zu RADOS cluster monitors in the pool configuration",
pool->def->source.nhost);
source->nhost);
for (i = 0; i < pool->def->source.nhost; i++) {
if (pool->def->source.hosts[i].name != NULL &&
!pool->def->source.hosts[i].port) {
for (i = 0; i < source->nhost; i++) {
if (source->hosts[i].name != NULL &&
!source->hosts[i].port) {
virBufferAsprintf(&mon_host, "%s:6789,",
pool->def->source.hosts[i].name);
} else if (pool->def->source.hosts[i].name != NULL &&
pool->def->source.hosts[i].port) {
source->hosts[i].name);
} else if (source->hosts[i].name != NULL &&
source->hosts[i].port) {
virBufferAsprintf(&mon_host, "%s:%d,",
pool->def->source.hosts[i].name,
pool->def->source.hosts[i].port);
source->hosts[i].name,
source->hosts[i].port);
} else {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("received malformed monitor, check the XML definition"));
@ -333,7 +330,7 @@ static int virStorageBackendRBDRefreshPool(virConnectPtr conn,
ptr.cluster = NULL;
ptr.ioctx = NULL;
if (virStorageBackendRBDOpenRADOSConn(&ptr, conn, pool) < 0) {
if (virStorageBackendRBDOpenRADOSConn(&ptr, conn, &pool->def->source) < 0) {
goto cleanup;
}
@ -435,7 +432,7 @@ static int virStorageBackendRBDDeleteVol(virConnectPtr conn,
VIR_WARN("%s", _("This storage backend does not supported zeroed removal of volumes"));
}
if (virStorageBackendRBDOpenRADOSConn(&ptr, conn, pool) < 0) {
if (virStorageBackendRBDOpenRADOSConn(&ptr, conn, &pool->def->source) < 0) {
goto cleanup;
}
@ -518,7 +515,7 @@ virStorageBackendRBDBuildVol(virConnectPtr conn,
virCheckFlags(0, -1);
if (virStorageBackendRBDOpenRADOSConn(&ptr, conn, pool) < 0)
if (virStorageBackendRBDOpenRADOSConn(&ptr, conn, &pool->def->source) < 0)
goto cleanup;
if (virStorageBackendRBDOpenIoCTX(&ptr, pool) < 0)
@ -558,7 +555,7 @@ static int virStorageBackendRBDRefreshVol(virConnectPtr conn,
ptr.ioctx = NULL;
int ret = -1;
if (virStorageBackendRBDOpenRADOSConn(&ptr, conn, pool) < 0) {
if (virStorageBackendRBDOpenRADOSConn(&ptr, conn, &pool->def->source) < 0) {
goto cleanup;
}
@ -592,7 +589,7 @@ static int virStorageBackendRBDResizeVol(virConnectPtr conn ATTRIBUTE_UNUSED,
virCheckFlags(0, -1);
if (virStorageBackendRBDOpenRADOSConn(&ptr, conn, pool) < 0) {
if (virStorageBackendRBDOpenRADOSConn(&ptr, conn, &pool->def->source) < 0) {
goto cleanup;
}