thr3ads.net - Libguestfs - [Libguestfs] [libnbd PATCH 2/2] info: Add --is tls, --can structured-reply [Oct 2022]

If this information is useful, please help other people find it:
Share via:

Eric Blake

2022-Oct-11 21:52 UTC

[Libguestfs] [libnbd PATCH 2/2] info: Add --is tls, --can structured-reply

While these are per-connection rather than per-export settings, it is
still useful to have a quick-and-silent command-line query rather than
having to parse full info output.

While touching info-can.sh, strengthen it to insist that an
unsupported feature is reported with status 2, rather than any
non-zero status.
---
 info/nbdinfo.pod         | 34 ++++++++++++++++++++++++----------
 info/can.c               | 15 ++++++++++++++-
 info/info-can-connect.sh |  9 ++++++++-
 info/info-can.sh         | 35 ++++++++++++++++++++++++++++++++---
 info/info-uri-nbds.sh    |  5 +++--
 5 files changed, 81 insertions(+), 17 deletions(-)

diff --git a/info/nbdinfo.pod b/info/nbdinfo.pod
index a95b64f2..abc56f62 100644
--- a/info/nbdinfo.pod
+++ b/info/nbdinfo.pod
@@ -156,6 +156,15 @@ All NBD servers must support read, so this always exits
with success

 Test if we can connect to the NBD URI.

+=item nbdinfo --is tls URI
+
+Test if the NBD URI connection is using TLS.
+
+=item nbdinfo --can structured-reply URI
+
+Test if server can respond with structured replies (a prerequisite
+for supporting block status commands).
+
 =item nbdinfo --is rotational URI

 Test if the server export is backed by something which behaves like a
@@ -313,23 +322,25 @@ Display brief command line help and exit.

 =item B<--can read>

+=item B<--can structured-reply>
+
 =item B<--can trim>

 =item B<--can write>

 =item B<--can zero>

-Test properties of the NBD server export.  The command does not print
-anything.  Instead it exits with success (S<exit code 0>) if true, or
-failure (S<exit code 2>) if false.  (Other exit codes indicate an
-error querying the flag).
+Test properties of the NBD server export or the connection itself.
+The command does not print anything.  Instead it exits with success
+(S<exit code 0>) if true, or failure (S<exit code 2>) if false.
+(Other exit codes indicate an error querying the flag).

 For further information see the L<NBD
 protocol|https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md>
 and the following libnbd functions: L<nbd_can_cache(3)>,
 L<nbd_can_df(3)>, L<nbd_can_fast_zero(3)>,
L<nbd_can_flush(3)>,
 L<nbd_can_fua(3)>, L<nbd_can_multi_conn(3)>,
L<nbd_can_trim(3)>,
-L<nbd_can_zero(3)>, L<nbd_is_read_only(3)>.
+L<nbd_can_zero(3)>, L<nbd_is_read_only(3)>,
L<nbd_get_tls_negotiated(3)>.

 =item B<--color>

@@ -362,15 +373,18 @@ use I<--list --content>.

 =item B<--is rotational>

-Test if the NBD server export is read-only and rotational.  The
-command does not print anything.  Instead it exits with success
-(S<exit code 0>) if true, or failure (S<exit code 2>) if false.
-(Other exit codes indicate an error querying the flag).
+=item B<--is tls>
+
+Test if the NBD server export is read-only and rotational, or whether
+the connection itself is using TLS.  The command does not print
+anything.  Instead it exits with success (S<exit code 0>) if true, or
+failure (S<exit code 2>) if false.  (Other exit codes indicate an
+error querying the flag).

 For further information see the L<NBD
 protocol|https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md>
 and the following libnbd functions: L<nbd_is_read_only(3)>,
-L<nbd_is_rotational(3)>.
+L<nbd_is_rotational(3)>, L<nbd_get_tls_negotiated(3)>.

 =item B<--json>

diff --git a/info/can.c b/info/can.c
index ee8bbb76..08d6bcd5 100644
--- a/info/can.c
+++ b/info/can.c
@@ -1,5 +1,5 @@
 /* NBD client library in userspace
- * Copyright (C) 2020-2021 Red Hat Inc.
+ * Copyright (C) 2020-2022 Red Hat Inc.
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -37,6 +37,19 @@ do_can (void)
       strcasecmp (can, "read") == 0)
     feature = 1;

+  else if (strcasecmp (can, "tls") == 0)
+    feature = nbd_get_tls_negotiated (nbd);
+
+  else if (strcasecmp (can, "sr") == 0 ||
+           strcasecmp (can, "structured") == 0 ||
+           strcasecmp (can, "structured reply") == 0 ||
+           strcasecmp (can, "structured-reply") == 0 ||
+           strcasecmp (can, "structured_reply") == 0 ||
+           strcasecmp (can, "structured replies") == 0 ||
+           strcasecmp (can, "structured-replies") == 0 ||
+           strcasecmp (can, "structured_replies") == 0)
+    feature = nbd_get_structured_replies_negotiated (nbd);
+
   else if (strcasecmp (can, "readonly") == 0 ||
            strcasecmp (can, "read-only") == 0 ||
            strcasecmp (can, "read_only") == 0)
diff --git a/info/info-can-connect.sh b/info/info-can-connect.sh
index eecc290a..2520e5ab 100755
--- a/info/info-can-connect.sh
+++ b/info/info-can-connect.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # nbd client library in userspace
-# Copyright (C) 2020-2021 Red Hat Inc.
+# Copyright (C) 2020-2022 Red Hat Inc.
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -27,3 +27,10 @@ requires nbdkit null --version

 nbdkit -v -U - null \
        --run '$VG nbdinfo --can connect
"nbd+unix:///?socket=$unixsocket"'
+
+# --is tls is false for unencrypted connections.
+
+st=0
+nbdkit -v -U - null \
+       --run '$VG nbdinfo --is tls
"nbd+unix:///?socket=$unixsocket"' || st=$?
+test $st = 2
diff --git a/info/info-can.sh b/info/info-can.sh
index 6f13665c..3edc3948 100755
--- a/info/info-can.sh
+++ b/info/info-can.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # nbd client library in userspace
-# Copyright (C) 2020-2021 Red Hat Inc.
+# Copyright (C) 2020-2022 Red Hat Inc.
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -26,6 +26,8 @@ requires bash -c "nbdkit sh --dump-plugin | grep
has_can_cache=1"

 # --is read-only and --can write are tested in info-is-read-only.sh

+# --is tls is tested in info-uri-nbds.sh and info-can-connect.sh
+
 # --can connect is tested in info-can-connect.sh

 # --can read is tested in info-can-read.sh
@@ -36,6 +38,29 @@ requires bash -c "nbdkit sh --dump-plugin | grep
has_can_cache=1"
 # and oldstyle never, but that feels like depending a bit too much on
 # the implementation.

+# --can structured-reply is not a per-export setting, but rather
+# something set on the server as a whole.
+
+nbdkit -v -U - sh - \
+       --run '$VG nbdinfo --can structured-reply
"nbd+unix:///?socket=$unixsocket"' <<'EOF'
+case "$1" in
+  get_size) echo 1024 ;;
+  pread) ;;
+  *) exit 2 ;;
+esac
+EOF
+
+st=0
+nbdkit -v -U - --no-sr sh - \
+       --run '$VG nbdinfo --can structured-reply
"nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$?
+case "$1" in
+  get_size) echo 1024 ;;
+  pread) ;;
+  *) exit 2 ;;
+esac
+EOF
+test $st = 2
+
 # --can cache and --can fua require special handling because in
 # nbdkit-sh-plugin we must print "native" or "none".  Also
the can_fua
 # flag is only sent if the export is writable (hence can_write below).
@@ -53,8 +78,9 @@ case "$1" in
 esac
 EOF

+    st=0
     nbdkit -v -U - sh - \
-           --run '! $VG nbdinfo --can $flag
"nbd+unix:///?socket=$unixsocket"' <<'EOF'
+           --run '$VG nbdinfo --can $flag
"nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$?
 case "$1" in
   get_size) echo 1024 ;;
   pread) ;;
@@ -63,6 +89,7 @@ case "$1" in
   *) exit 2 ;;
 esac
 EOF
+    test $st = 2
 done

 # These ones are normal booleans.
@@ -80,8 +107,9 @@ case "$1" in
 esac
 EOF

+    st=0
     nbdkit -v -U - sh - \
-           --run '! $VG nbdinfo --can $flag
"nbd+unix:///?socket=$unixsocket"' <<'EOF'
+           --run '$VG nbdinfo --can $flag
"nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$?
 case "$1" in
   get_size) echo 1024 ;;
   pread) ;;
@@ -90,4 +118,5 @@ case "$1" in
   *) exit 2 ;;
 esac
 EOF
+    test $st = 2
 done
diff --git a/info/info-uri-nbds.sh b/info/info-uri-nbds.sh
index f9637a92..afefe58b 100755
--- a/info/info-uri-nbds.sh
+++ b/info/info-uri-nbds.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # nbd client library in userspace
-# Copyright (C) 2020-2021 Red Hat Inc.
+# Copyright (C) 2020-2022 Red Hat Inc.
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -47,7 +47,8 @@ cleanup_fn rm -rf $d
 export pki
 nbdkit -U - --tls=require --tls-verify-peer --tls-certificates=$pki \
        null size=1M \
-       --run '$VG nbdinfo --json
"nbds+unix:///?socket=$unixsocket&tls-certificates=$pki"' >
$out
+       --run '$VG nbdinfo --json
"nbds+unix:///?socket=$unixsocket&tls-certificates=$pki"
&&
+              $VG nbdinfo --is tls
"nbds+unix:///?socket=$unixsocket&tls-certificates=$pki"' >
$out
 cat $out
 jq . < $out

-- 
2.37.3

Richard W.M. Jones

2022-Oct-12 13:30 UTC

head link

[Libguestfs] [libnbd PATCH 2/2] info: Add --is tls, --can structured-reply

Looks good, ACK series.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
nbdkit - Flexible, fast NBD server with plugins
https://gitlab.com/nbdkit/nbdkit

Libguestfs - Oct 2022 - [libnbd PATCH 2/2] info: Add --is tls, --can structured-reply

[Libguestfs] [libnbd PATCH 2/2] info: Add --is tls, --can structured-reply

[Libguestfs] [libnbd PATCH 2/2] info: Add --is tls, --can structured-reply