librbd: helper utility to retrieve config from the MON config store

A special "config://" URI prefix can be used to denote configuration settings that should be (securely) pulled from the MON config store. This will be first used in a follow-up commit to support storing the S3 access and secret keys in the MON config store. This "config://" syntax is already in-use by RGW and ceph-iscsi for pulling secrets when deployed via cephadm. Signed-off-by: Jason Dillaman <dillaman@redhat.com>
2025-02-24 11:37:37 +00:00 · 2020-12-22 13:34:51 -05:00 · 2020-12-22 13:34:51 -05:00 · 9eb47021b8
commit 9eb47021b8
parent d22ca3d978
2 changed files with 43 additions and 0 deletions
--- a/src/librbd/Utils.cc
+++ b/src/librbd/Utils.cc
@ -11,9 +11,11 @@
 #include "include/neorados/RADOS.hpp"
 #include "include/rbd/features.h"
 #include "common/dout.h"
+#include "common/errno.h"
 #include "librbd/ImageCtx.h"
 #include "librbd/Features.h"

+#include <boost/algorithm/string/predicate.hpp>
 #include <bitset>
 #include <random>

@ -23,6 +25,11 @@

 namespace librbd {
 namespace util {
+namespace {
+
+const std::string CONFIG_KEY_URI_PREFIX{"config://"};
+
+} // anonymous namespace

 const std::string group_header_name(const std::string &group_id)
 {
@ -200,5 +207,37 @@ uint64_t reserve_async_request_id() {
  return ++async_request_seq;
 }

+bool is_config_key_uri(const std::string& uri) {
+  return boost::starts_with(uri, CONFIG_KEY_URI_PREFIX);
+}
+
+int get_config_key(librados::Rados& rados, const std::string& uri,
+                   std::string* value) {
+  auto cct = reinterpret_cast<CephContext*>(rados.cct());
+
+  if (!is_config_key_uri(uri)) {
+    return -EINVAL;
+  }
+
+  std::string key = uri.substr(CONFIG_KEY_URI_PREFIX.size());
+  std::string cmd =
+    "{"
+      "\"prefix\": \"config-key get\", "
+      "\"key\": \"" + key + "\""
+    "}";
+
+  bufferlist in_bl;
+  bufferlist out_bl;
+  int r = rados.mon_command(cmd, in_bl, &out_bl, nullptr);
+  if (r < 0) {
+    lderr(cct) << "failed to retrieve MON config key " << key << ": "
+               << cpp_strerror(r) << dendl;
+    return r;
+  }
+
+  *value = std::string(out_bl.c_str(), out_bl.length());
+  return 0;
+}
+
 } // namespace util
 } // namespace librbd
--- a/src/librbd/Utils.h
+++ b/src/librbd/Utils.h
@ -276,6 +276,10 @@ SnapContext get_snap_context(

 uint64_t reserve_async_request_id();

+bool is_config_key_uri(const std::string& uri);
+int get_config_key(librados::Rados& rados, const std::string& uri,
+                   std::string* value);
+
 } // namespace util
 } // namespace librbd