[pve-devel] [RFC v2 qemu 02/10] block/rbd: support keyring option via QAPI

[Fiona Ebner <f.ebner@proxmox.com>]

In Proxmox VE, it is not always required to have a dedicated Ceph
configuration file, and using the 'key-secret' QAPI option would
require obtaining a key from the keyring first. The keyring location
is readily available however, so having support for the 'keyring'
configuration option is most convenient.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---

New in v2.

 block/rbd.c          | 8 ++++++++
 qapi/block-core.json | 5 ++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/block/rbd.c b/block/rbd.c
index 3928d8fee4..0eac4c1d3e 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -301,6 +301,14 @@ static int qemu_rbd_set_key_value_pairs(rados_t cluster,
         return 0;
     }
 
+    if (key_value_pairs->keyring) {
+        int r = rados_conf_set(cluster, "keyring", key_value_pairs->keyring);
+        if (r < 0) {
+            error_setg_errno(errp, -r, "could not set 'keyring'");
+            return -EINVAL;
+        }
+    }
+
     if (key_value_pairs->has_rbd_cache_policy) {
         RbdCachePolicy value = key_value_pairs->rbd_cache_policy;
         int r = rados_conf_set(cluster, "rbd_cache_policy",
diff --git a/qapi/block-core.json b/qapi/block-core.json
index 360f467f6e..781a762768 100644
--- a/qapi/block-core.json
+++ b/qapi/block-core.json
@@ -4671,12 +4671,15 @@
 #
 # Key-value pairs for Ceph configuration.
 #
+# @keyring: Ceph configuration option 'keyring'.
+#
 # @rbd-cache-policy: Ceph configuration option 'rbd_cache_policy'.
 #
 # Since 10.1
 ##
 { 'struct': 'RbdKeyValuePairs',
-  'data': { '*rbd-cache-policy': 'RbdCachePolicy' } }
+  'data': { '*keyring': 'str',
+            '*rbd-cache-policy': 'RbdCachePolicy' } }
 
 ##
 # @BlockdevOptionsRbd:
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel