Am 22.04.25 um 13:51 schrieb Alexandre Derumier via pve-devel:
>
> fixme:
> - rbd blockdev don't allow extra options (keyring file for example),
> do we need to patch qemu ? or write client option in a file ?
I think following upstream and using a dedicated config file is
better/more future-proof here.
> + if($options->{keyring} && $blockdev->{server}) {
> + #qemu devs are removed passing arbitrary values to blockdev
> object, and don't have added
> + #keyring to the list of allowed keys. It need to be defined in
> the store ceph.conf.
> +
> #https://lists.gnu.org/archive/html/qemu-devel/2018-08/msg02676.html
> + #another way could be to simply patch qemu to allow the key
> + my $ceph_conf = "/etc/pve/priv/ceph/${storeid}.conf";
> + $blockdev->{conf} = $ceph_conf;
> + if (!-e $ceph_conf) {
> + my $content = "[global]\nkeyring = $options->{keyring}\n";
> + PVE::Tools::file_set_contents($ceph_conf, $content, 0400);
> + }
I'd prefer to create the file in /run/qemu-server/${storeid}.ceph.conf
rather than in /etc/pve/priv. It only contains the path to the key file
and that path itself is not secret.
> + }
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
