Re: [Qemu-devel] [RFC PATCH 00/19] block: Configuration fixes and rbd authentication
Jeff Cody writes: > On Thu, Jun 07, 2018 at 05:33:03PM -0400, Jeff Cody wrote: >> Here are some results from auth testing of various combinations; I haven't >> completed all the combinations in my matrix yet, but what I have completed >> looks like what I would expect. >> >> These were all tested with blockdev-add QAPI commands against this patch >> series. >> >> I'll be away on PTO tomorrow (Friday), so I'll conclude testing on Monday. >> >> Warning, long lines below, so don't read it on a vt220 (apologies in >> advance if you do...): >> > > Below is the rest of the matrix filled out. Everything looks OK to me, the > ones that were a bit different than I expected were when the server was > 'none', and we passed an bad key-secret. But that isn't a qemu/qapi issue, > and not really an issue at all (just different from what I expected). > > Completed tests: [...] Looks good to me. Thanks for your help!
Re: [Qemu-devel] [RFC PATCH 00/19] block: Configuration fixes and rbd authentication
On Thu, Jun 07, 2018 at 05:33:03PM -0400, Jeff Cody wrote:
> On Thu, Jun 07, 2018 at 08:25:40AM +0200, Markus Armbruster wrote:
> > This series is RFC because:
> >
> > * It clashes with parts of Max's "[PATCH 00/13] block: Try to create
> > well typed json:{} filenames". I missed that one until too late,
> > sorry.
> >
> > - I stole "[PATCH 06/13] block: Add block-specific QDict header",
> > and tacked on fixups I'd like to have.
> >
> > - My qobject_input_visitor_new_flat_confused() addresses the same
> > general problem as Max's qdict_stringify_for_keyval(): the block
> > layer's confused use of QObject types. My solution fixes a number
> > of bugs in -blockdev, blockdev-add and -drive. If Max's solution
> > adds further value, we need to merge the two somehow.
> >
> > - I changed qdict_flatten() to fix -blockdev and blockdev-add for
> > empty objects and arrays. Max fixed it to not mess up shallow
> > clones. We need to merge the two.
> >
> > * Rbd testing is incomplete. Jeff Cody volunteered to test on his
> > rig. Results should be in soon.
> >
>
> Here are some results from auth testing of various combinations; I haven't
> completed all the combinations in my matrix yet, but what I have completed
> looks like what I would expect.
>
> These were all tested with blockdev-add QAPI commands against this patch
> series.
>
> I'll be away on PTO tomorrow (Friday), so I'll conclude testing on Monday.
>
> Warning, long lines below, so don't read it on a vt220 (apologies in
> advance if you do...):
>
Below is the rest of the matrix filled out. Everything looks OK to me, the
ones that were a bit different than I expected were when the server was
'none', and we passed an bad key-secret. But that isn't a qemu/qapi issue,
and not really an issue at all (just different from what I expected).
Completed tests:
Server| Client-Side (qemu host)
+--
|
|
ServerAuth | userkey-secret/etc/ceph/keyring
auth-client-required | Result
+--
cephx, none | --- --- --- ---
{"return": {}}
cephx, none | --- --- valid ---
{"return": {}}
cephx, none | --- --- invalid ---
{"error": {"class": "GenericError", "desc": "error connecting: Invalid
argument"}}
cephx, none | --- valid --- ---
{"return": {}}
cephx, none | --- invalid --- ---
{"error": {"class": "GenericError", "desc": "error connecting: Invalid
argument"}}
cephx, none | --- invalid valid ---
{"error": {"class": "GenericError", "desc": "error connecting: Invalid
argument"}}
cephx, none | --- valid invalid ---
{"return": {}}
cephx, none | admin --- valid ---
{"return": {}}
cephx, none | admin --- invalid ---
{"error": {"class": "GenericError", "desc": "error connecting: Invalid
argument"}}
cephx, none | invalid --- valid ---
{"error": {"class": "GenericError", "desc": "error connecting: Invalid
argument"}}
cephx, none | invalid --- invalid ---
{"error": {"class": "GenericError", "desc": "error connecting: Invalid
argument"}}
cephx, none | --- --- --- none
{"return": {}}
cephx, none | --- --- valid none
{"return": {}}
cephx, none | --- --- invalid none
{"return": {}}
cephx, none | --- valid --- none
{"return": {}}
cephx, none | --- invalid --- none
{"return": {}}
cephx, none | --- invalid valid none
{"return": {}}
cephx, none | --- valid invalid none
{"return": {}}
cephx, none | admin --- valid none
{"return": {}}
cephx, none | admin --- invalid none
{"return": {}}
cephx, none | invalid --- valid none
{"return": {}}
cephx, none | invalid ---
Re: [Qemu-devel] [RFC PATCH 00/19] block: Configuration fixes and rbd authentication
On Thu, Jun 07, 2018 at 08:25:40AM +0200, Markus Armbruster wrote:
> This series is RFC because:
>
> * It clashes with parts of Max's "[PATCH 00/13] block: Try to create
> well typed json:{} filenames". I missed that one until too late,
> sorry.
>
> - I stole "[PATCH 06/13] block: Add block-specific QDict header",
> and tacked on fixups I'd like to have.
>
> - My qobject_input_visitor_new_flat_confused() addresses the same
> general problem as Max's qdict_stringify_for_keyval(): the block
> layer's confused use of QObject types. My solution fixes a number
> of bugs in -blockdev, blockdev-add and -drive. If Max's solution
> adds further value, we need to merge the two somehow.
>
> - I changed qdict_flatten() to fix -blockdev and blockdev-add for
> empty objects and arrays. Max fixed it to not mess up shallow
> clones. We need to merge the two.
>
> * Rbd testing is incomplete. Jeff Cody volunteered to test on his
> rig. Results should be in soon.
>
Here are some results from auth testing of various combinations; I haven't
completed all the combinations in my matrix yet, but what I have completed
looks like what I would expect.
These were all tested with blockdev-add QAPI commands against this patch
series.
I'll be away on PTO tomorrow (Friday), so I'll conclude testing on Monday.
Warning, long lines below, so don't read it on a vt220 (apologies in
advance if you do...):
Server| Client-Side (qemu host)
+--
|
|
ServerAuth | userkey-secret/etc/ceph/keyring
auth-client-required | Result
+--
cephx, none | --- --- --- ---
{"return": {}}
cephx, none | --- --- valid ---
{"return": {}}
cephx, none | --- --- invalid ---
{"error": {"class": "GenericError", "desc": "error connecting: Invalid
argument"}}
cephx, none | --- valid --- ---
{"return": {}}
cephx, none | --- invalid --- ---
{"error": {"class": "GenericError", "desc": "error connecting: Invalid
argument"}}
cephx, none | --- invalid valid ---
{"error": {"class": "GenericError", "desc": "error connecting: Invalid
argument"}}
cephx, none | --- valid invalid ---
{"return": {}}
cephx, none | admin --- valid ---
cephx, none | admin --- invalid ---
cephx, none | invalid --- valid ---
cephx, none | invalid --- invalid ---
cephx, none | --- --- --- none
{"return": {}}
cephx, none | --- --- valid none
{"return": {}}
cephx, none | --- --- invalid none
{"return": {}}
cephx, none | --- valid --- none
{"return": {}}
cephx, none | --- invalid --- none
{"return": {}}
cephx, none | --- invalid valid none
{"return": {}}
cephx, none | --- valid invalid none
{"return": {}}
cephx, none | admin --- valid none
{"return": {}}
cephx, none | admin --- invalid none
{"return": {}}
cephx, none | invalid --- valid none
{"return": {}}
cephx, none | invalid --- invalid none
{"return": {}}
|
cephx, none | --- --- --- cephx
{"error": {"class": "GenericError", "desc": "error connecting: No such
file or directory"}}
cephx, none | --- --- valid cephx
{"return": {}}
cephx, none | --- --- invalid cephx
{"error": {"class": "GenericError", "desc": "error connecting: Invalid
argument"}}
cephx, none | --- valid --- cephx
{"return": {}}
cephx, none | --- invalid ---
