rbd, rbd-nbd: make --encryption-format optional

If no --encryption-format specified at all, default to "luks" for each
specified --encryption-passphrase-file.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

doc/rbd/rbd-encryption.rst

@@ -136,9 +136,11 @@ A batch of such unaligned writes can lead to IO races which will further
 deteriorate performance. Thus it is advisable to avoid using RBD encryption
 in cases where incoming writes cannot be guaranteed to be sector-aligned.
 
-To mount a LUKS-encrypted image run::
+To map a LUKS-formatted image run:
 
-    $ rbd -p {pool-name} device map -t nbd -o encryption-format=luks,encryption-passphrase-file={passphrase-file}
+.. prompt:: bash #
+
+    rbd device map -t nbd -o encryption-passphrase-file={passphrase-file} {image-spec}
 
 Note that for security reasons, both the encryption format and encryption load
 operations are CPU-intensive, and may take a few seconds to complete. For the

qa/workunits/rbd/luks-encryption.sh

@@ -43,7 +43,7 @@ function test_encryption_format() {
   sudo chmod 666 /dev/mapper/cryptsetupdev
 
   # open encryption with librbd
-  LIBRBD_DEV=$(_sudo rbd -p rbd map testimg -t nbd -o encryption-format=luks,encryption-passphrase-file=/tmp/passphrase)
+  LIBRBD_DEV=$(_sudo rbd -p rbd map testimg -t nbd -o encryption-passphrase-file=/tmp/passphrase)
   sudo chmod 666 $LIBRBD_DEV
 
   # write via librbd && compare
@@ -117,9 +117,10 @@ function test_clone_and_load_with_a_single_passphrase {
 
   if [ "$expectedfail" = "true" ]
   then
-    expect_false rbd flatten testimg1 --encryption-format luks --encryption-passphrase-file /tmp/passphrase2
+    expect_false rbd flatten testimg1 --encryption-passphrase-file /tmp/passphrase2
+    rbd flatten testimg1 --encryption-passphrase-file /tmp/passphrase2 --encryption-passphrase-file /tmp/passphrase
   else
-    rbd flatten testimg1 --encryption-format luks --encryption-passphrase-file /tmp/passphrase2
+    rbd flatten testimg1 --encryption-passphrase-file /tmp/passphrase2
   fi
 
   rbd remove testimg1

src/test/cli/rbd/help.t

@@ -879,6 +879,7 @@
     --image arg                      image name
     --no-progress                    disable progress output
     --encryption-format arg          encryption format (luks, luks1, luks2)
+                                     [default: luks]
     --encryption-passphrase-file arg path to file containing passphrase for
                                      unlocking the image
   
@@ -2254,6 +2255,7 @@
     --allow-shrink                   permit shrinking
     --no-progress                    disable progress output
     --encryption-format arg          encryption format (luks, luks1, luks2)
+                                     [default: luks]
     --encryption-passphrase-file arg path to file containing passphrase for
                                      unlocking the image
   

src/tools/rbd/ArgumentTypes.cc

@@ -333,7 +333,7 @@ void add_encryption_options(boost::program_options::options_description *opt) {
   opt->add_options()
     (ENCRYPTION_FORMAT.c_str(),
      po::value<std::vector<EncryptionFormat>>(),
-     "encryption format (luks, luks1, luks2)");
+     "encryption format (luks, luks1, luks2) [default: luks]");
 
   opt->add_options()
     (ENCRYPTION_PASSPHRASE_FILE.c_str(),

src/tools/rbd/Utils.cc

@@ -731,6 +731,9 @@ int get_encryption_options(const boost::program_options::variables_map &vm,
   std::vector<at::EncryptionFormat> formats;
   if (vm.count(at::ENCRYPTION_FORMAT)) {
     formats = vm[at::ENCRYPTION_FORMAT].as<decltype(formats)>();
+  } else if (vm.count(at::ENCRYPTION_PASSPHRASE_FILE)) {
+    formats.resize(passphrase_files.size(),
+                   at::EncryptionFormat{RBD_ENCRYPTION_FORMAT_LUKS});
   }
 
   if (formats.size() != passphrase_files.size()) {

src/tools/rbd_nbd/rbd-nbd.cc

@@ -153,7 +153,7 @@ static void usage()
             << "Map and attach options:\n"
             << "  --device <device path>        Specify nbd device path (/dev/nbd{num})\n"
             << "  --encryption-format luks|luks1|luks2\n"
-            << "                                Image encryption format\n"
+            << "                                Image encryption format (default: luks)\n"
             << "  --encryption-passphrase-file  Path of file containing passphrase for unlocking image encryption\n"
             << "  --exclusive                   Forbid writes by other clients\n"
             << "  --notrim                      Turn off trim/discard\n"
@@ -2194,6 +2194,12 @@ static int parse_args(vector<const char*>& args, std::ostream *err_msg,
     }
   }
 
+  if (cfg->encryption_formats.empty() &&
+      !cfg->encryption_passphrase_files.empty()) {
+    cfg->encryption_formats.resize(cfg->encryption_passphrase_files.size(),
+                                   RBD_ENCRYPTION_FORMAT_LUKS);
+  }
+
   if (cfg->encryption_formats.size() != cfg->encryption_passphrase_files.size()) {
     *err_msg << "rbd-nbd: Encryption formats count does not match "
              << "passphrase files count";