[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC][BROKEN] rbd: Allow configuration of authenticatio
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [RFC][BROKEN] rbd: Allow configuration of authentication scheme |
Date: |
Wed, 18 Apr 2018 08:21:18 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 |
On 04/06/2018 03:04 AM, Kevin Wolf wrote:
> Am 05.04.2018 um 19:06 hat Kevin Wolf geschrieben:
>> The legacy command line syntax supports a "password-secret" option that
>> allows to pass an authentication key to Ceph. This was not supported in
>> QMP so far.
>>
>> This patch introduces authentication options in the QAPI schema, makes
>> them do the corresponding rados_conf_set() calls and adds compatibility
>> code that translates the old "password-secret" option both for opening
>> and creating images to the new set of options.
>>
>> Note that the old option didn't allow to explicitly specify the set of
>> allowed authentication schemes. The compatibility code assumes that if
>> "password-secret" is given, only the cephx scheme is allowed. If it's
>> missing, both none and cephx are allowed because the configuration file
>> could still provide a key.
>
> There is another problem here that suggests that maybe this is not the
> right QAPI schema after all: The defaults needed for command line
> compatibility and those promised in the QAPI schema are conflicting.
>
> The required command line behaviour is as described above:
>
> * password-secret given: only cephx
> * no options given: cephx, none
>
> The desired QMP default behaviour is:
>
> * auth-cephx given: allow cephx
> * auth-none given: allow none
> * both given: allow both
> * no options given: error
>
> In .bdrv_open() there is no way to distinguish the "no options given" of
> the command line from that of QMP. The current implementation allows
> everything if no options are given, i.e. it keeps existing command lines
> working, but it doesn't correctly implement the behaviour described in
> the QAPI schema.
Can we use a QAPI alternate with an explicit JSON null for the command
line 'no options given' case?
>
> I don't think changing the description of the QAPI schema would be a
> good idea, it would be a rather surprising interface.
>
>> Signed-off-by: Kevin Wolf <address@hidden>
>> ---
>>
>> This doesn't actually work correctly yet because the way that options
>> are passed through the block layer (QAPI -> QemuOpts -> QDict). Before
>> we fix or hack around this, let's make sure this is the schema that we
>> want.
Can we skip the intermediate QemuOpts? If we can go straight from
command line to QDict using just QAPI, won't that give us what we really
need?
>>
>> The two known problems are:
>>
>> 1. QDict *options in qemu_rbd_open() may contain options either in their
>> proper QObject types (if passed from blockdev-add) or as strings
>> (-drive). Both forms can be mixed in the same options QDict.
>>
>> rbd uses the keyval visitor to convert the options into a QAPI
>> object. This means that it requires all options to be strings. This
>> patch, however, introduces a bool property, so the visitor breaks
>> when it gets its input from blockdev-add.
>>
>> Options to hack around the problem:
>>
>> a. Do an extra conversion step or two and go through QemuOpts like
>> some other block drivers. When I offered something like this to
>> Markus a while ago in a similar case, he rejected the idea.
>>
>> b. Introduce a qdict_stringify_entries() that just does what its name
>> says. It would be called before the running keyval visitor so that
>> only strings will be present in the QDict.
>>
>> c. Do a local one-off hack that checks if the entry with the key
>> "auth-none" is a QBool, and if so, overwrite it with a string. The
>> problem will reappear with the next non-string option.
>>
>> (d. Get rid of the QDict detour and work only with QAPI objects
>> everywhere. Support rbd authentication only in QEMU 4.0.)
Oh, even one step further than just avoiding QemuOpts, but using REAL
types everywhere in the block layer! It might be a nice cleanup, but it
would probably take a lot of effort in the meantime to get to that point?
>>
>> 2. The proposed schema allows 'auth-cephx': {} as a valid option with
>> the meaning that the cephx authentication scheme is enabled, but no
>> key is given (e.g. it is taken from the config file).
>>
>> However, an empty dict cannot currently be represented by flattened
>> QDicts. We need to find a way to enable this. I think this will be
>> externally visible because it directly translates into the dotted
>> syntax of -blockdev, so we may want to be careful.
Can we just require users to give -blockdev with the JSON format (rather
than dotted format) when they need to use that particular feature on the
command line?
>>
>> Any thoughts on the proposed QAPI schema or the two implementation
>> problems are welcome.
>
> Kevin
>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature