From 64c53898702fa6ae8bfbd1f0f2ec9fc09d96c66b Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 29 Jul 2013 14:47:56 +0100
Subject: [PATCH] RHEL 7: Disable unsupported remote drive protocols
(RHBZ#962113).
This disables support for unsupported remote drive protocols:
* ftp
* ftps
* http
* https
* tftp
* gluster
* iscsi
* rbd
* sheepdog
* ssh
Note 'nbd' is not disabled, and of course 'file' works.
We hope to gradually add some of these back over the lifetime of RHEL 7.
---
fish/guestfish.pod | 67 ----------------------------
fish/test-add-uri.sh | 29 ------------
generator/actions.ml | 72 ------------------------------
src/drives.c | 8 ++++
src/guestfs.pod | 121 ---------------------------------------------------
5 files changed, 8 insertions(+), 289 deletions(-)
diff --git a/fish/guestfish.pod b/fish/guestfish.pod
index c19fe6c..a240280 100644
--- a/fish/guestfish.pod
+++ b/fish/guestfish.pod
@@ -1138,40 +1138,6 @@ The possible I<-a URI> formats are described below.
Add the local disk image (or device) called C<disk.img>.
-=head2 B<-a ftp://[user@]example.com[:port]/disk.img>
-
-=head2 B<-a ftps://[user@]example.com[:port]/disk.img>
-
-=head2 B<-a http://[user@]example.com[:port]/disk.img>
-
-=head2 B<-a https://[user@]example.com[:port]/disk.img>
-
-=head2 B<-a tftp://[user@]example.com[:port]/disk.img>
-
-Add a disk located on a remote FTP, HTTP or TFTP server.
-
-The equivalent API command would be:
-
- ><fs> add /disk.img protocol:(ftp|...) server:tcp:example.com
-
-=head2 B<-a gluster://example.com[:port]/disk>
-
-Add a disk image located on GlusterFS storage.
-
-The server is the one running C<glusterd>, and may be C<localhost>.
-
-The equivalent API command would be:
-
- ><fs> add /disk protocol:gluster server:tcp:example.com
-
-=head2 B<-a iscsi://example.com[:port]/target-iqn-name[/lun]>
-
-Add a disk located on an iSCSI server.
-
-The equivalent API command would be:
-
- ><fs> add /target-iqn-name/lun protocol:iscsi server:tcp:example.com
-
=head2 B<-a nbd://example.com[:port]>
=head2 B<-a nbd://example.com[:port]/exportname>
@@ -1193,39 +1159,6 @@ The equivalent API command would be (no export name):
><fs> add "" protocol:nbd server:[tcp:example.com|unix:/socket]
-=head2 B<-a rbd://example.com[:port]/disk>
-
-Add a disk image located on a Ceph (RBD/librbd) storage volume.
-
-Although libguestfs and Ceph supports multiple servers, only a single
-server can be specified when using this URI syntax.
-
-The equivalent API command would be:
-
- ><fs> add /disk protocol:rbd server:tcp:example.com
-
-=head2 B<-a sheepdog://[example.com[:port]]/volume/image>
-
-Add a disk image located on a Sheepdog volume.
-
-The server name is optional. Although libguestfs and Sheepdog
-supports multiple servers, only at most one server can be specified
-when using this URI syntax.
-
-The equivalent API command would be:
-
- ><fs> add /disk protocol:sheepdog [server:tcp:example.com]
-
-=head2 B<-a ssh://[user@]example.com[:port]/disk.img>
-
-Add a disk image located on a remote server, accessed using the Secure
-Shell (ssh) SFTP protocol. SFTP is supported out of the box by all
-major SSH servers.
-
-The equivalent API command would be:
-
- ><fs> add /disk protocol:ssh server:tcp:example.com [username:user]
-
=head1 PROGRESS BARS
Some (not all) long-running commands send progress notification
diff --git a/fish/test-add-uri.sh b/fish/test-add-uri.sh
index dfeccf7..c481e88 100755
--- a/fish/test-add-uri.sh
+++ b/fish/test-add-uri.sh
@@ -37,14 +37,6 @@ function fail ()
$VG ./guestfish -x -a file://$(pwd)/test-add-uri.img </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive ".*/test-add-uri.img"' test-add-uri.out || fail
-# curl
-$VG ./guestfish -x -a ftp://user@example.com/disk.img </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/disk.img" "protocol:ftp" "server:tcp:example.com" "username:user"' test-add-uri.out || fail
-
-# gluster
-$VG ./guestfish -x -a gluster://example.com/disk </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/disk" "protocol:gluster" "server:tcp:example.com"' test-add-uri.out || fail
-
# NBD
$VG ./guestfish -x -a nbd://example.com </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "" "protocol:nbd" "server:tcp:example.com"' test-add-uri.out || fail
@@ -58,26 +50,5 @@ grep -sq 'add_drive "" "protocol:nbd" "server:unix:/sk"' test-add-uri.out || fai
$VG ./guestfish -x -a 'nbd:///export?socket=/sk' </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "/export" "protocol:nbd" "server:unix:/sk"' test-add-uri.out || fail
-# rbd
-$VG ./guestfish -x -a rbd://example.com:3000/disk </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/disk" "protocol:rbd" "server:tcp:example.com:3000"' test-add-uri.out || fail
-
-# sheepdog
-$VG ./guestfish -x -a sheepdog:///volume/image </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/volume/image" "protocol:sheepdog"' test-add-uri.out || fail
-
-$VG ./guestfish -x -a sheepdog://example.com:3000/volume/image </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/volume/image" "protocol:sheepdog" "server:tcp:example.com:3000"' test-add-uri.out || fail
-
-# ssh
-$VG ./guestfish -x -a ssh://example.com/disk.img </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com"' test-add-uri.out || fail
-
-$VG ./guestfish -x -a ssh://user@example.com/disk.img </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com" "username:user"' test-add-uri.out || fail
-
-$VG ./guestfish -x -a ssh://user@example.com:2000/disk.img </dev/null >test-add-uri.out 2>&1
-grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com:2000" "username:user"' test-add-uri.out || fail
-
rm test-add-uri.out
rm test-add-uri.img
diff --git a/generator/actions.ml b/generator/actions.ml
index e3b57ff..879080f 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -1333,27 +1333,6 @@ C<filename> is interpreted as a local file or device.
This is the default if the optional protocol parameter
is omitted.
-=item C<protocol = \"ftp\"|\"ftps\"|\"http\"|\"https\"|\"tftp\">
-
-Connect to a remote FTP, HTTP or TFTP server.
-The C<server> parameter must also be supplied - see below.
-
-See also: L<guestfs(3)/FTP, HTTP AND TFTP>
-
-=item C<protocol = \"gluster\">
-
-Connect to the GlusterFS server.
-The C<server> parameter must also be supplied - see below.
-
-See also: L<guestfs(3)/GLUSTER>
-
-=item C<protocol = \"iscsi\">
-
-Connect to the iSCSI server.
-The C<server> parameter must also be supplied - see below.
-
-See also: L<guestfs(3)/ISCSI>.
-
=item C<protocol = \"nbd\">
Connect to the Network Block Device server.
@@ -1361,31 +1340,6 @@ The C<server> parameter must also be supplied - see below.
See also: L<guestfs(3)/NETWORK BLOCK DEVICE>.
-=item C<protocol = \"rbd\">
-
-Connect to the Ceph (librbd/RBD) server.
-The C<server> parameter must also be supplied - see below.
-The C<username> parameter may be supplied. See below.
-The C<secret> parameter may be supplied. See below.
-
-See also: L<guestfs(3)/CEPH>.
-
-=item C<protocol = \"sheepdog\">
-
-Connect to the Sheepdog server.
-The C<server> parameter may also be supplied - see below.
-
-See also: L<guestfs(3)/SHEEPDOG>.
-
-=item C<protocol = \"ssh\">
-
-Connect to the Secure Shell (ssh) server.
-
-The C<server> parameter must be supplied.
-The C<username> parameter may be supplied. See below.
-
-See also: L<guestfs(3)/SSH>.
-
=back
=item C<server>
@@ -1396,13 +1350,7 @@ is a list of server(s).
Protocol Number of servers required
-------- --------------------------
file List must be empty or param not used at all
- ftp|ftps|http|https|tftp Exactly one
- gluster Exactly one
- iscsi Exactly one
nbd Exactly one
- rbd One or more
- sheepdog Zero or more
- ssh Exactly one
Each list element is a string specifying a server. The string must be
in one of the following formats:
@@ -1416,26 +1364,6 @@ in one of the following formats:
If the port number is omitted, then the standard port number
for the protocol is used (see C</etc/services>).
-=item C<username>
-
-For the C<ftp>, C<ftps>, C<http>, C<https>, C<iscsi>, C<rbd>, C<ssh>
-and C<tftp> protocols, this specifies the remote username.
-
-If not given, then the local username is used for C<ssh>, and no authentication
-is attempted for ceph. But note this sometimes may give unexpected results, for
-example if using the libvirt backend and if the libvirt backend is configured to
-start the qemu appliance as a special user such as C<qemu.qemu>. If in doubt,
-specify the remote username you want.
-
-=item C<secret>
-
-For the C<rbd> protocol only, this specifies the 'secret' to use when
-connecting to the remote device.
-
-If not given, then a secret matching the given username will be looked up in the
-default keychain locations, or if no username is given, then no authentication
-will be used.
-
=item C<cachemode>
Choose whether or not libguestfs will obey sync operations (safe but slow)
diff --git a/src/drives.c b/src/drives.c
index f310b06..7abd952 100644
--- a/src/drives.c
+++ b/src/drives.c
@@ -136,6 +136,7 @@ create_drive_non_file (guestfs_h *g,
return drv;
}
+#if 0 /* DISABLED IN RHEL 7 */
static struct drive *
create_drive_curl (guestfs_h *g,
enum drive_protocol protocol,
@@ -218,6 +219,7 @@ create_drive_gluster (guestfs_h *g,
readonly, format, iface, name, disk_label,
cachemode);
}
+#endif /* DISABLED IN RHEL 7 */
static int
nbd_port (void)
@@ -264,6 +266,7 @@ create_drive_nbd (guestfs_h *g,
cachemode);
}
+#if 0 /* DISABLED IN RHEL 7 */
static struct drive *
create_drive_rbd (guestfs_h *g,
struct drive_server *servers, size_t nr_servers,
@@ -451,6 +454,7 @@ create_drive_iscsi (guestfs_h *g,
readonly, format, iface, name, disk_label,
cachemode);
}
+#endif /* DISABLED IN RHEL 7 */
/* Traditionally you have been able to use /dev/null as a filename, as
* many times as you like. Ancient KVM (RHEL 5) cannot handle adding
@@ -865,6 +869,7 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
disk_label, cachemode);
}
}
+#if 0 /* DISABLED IN RHEL 7 */
else if (STREQ (protocol, "ftp")) {
drv = create_drive_curl (g, drive_protocol_ftp,
servers, nr_servers, filename,
@@ -905,12 +910,14 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
readonly, format, iface, name,
disk_label, cachemode);
}
+#endif /* DISABLED IN RHEL 7 */
else if (STREQ (protocol, "nbd")) {
drv = create_drive_nbd (g, servers, nr_servers, filename,
username, secret,
readonly, format, iface, name,
disk_label, cachemode);
}
+#if 0 /* DISABLED IN RHEL 7 */
else if (STREQ (protocol, "rbd")) {
drv = create_drive_rbd (g, servers, nr_servers, filename,
username, secret,
@@ -936,6 +943,7 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
readonly, format, iface, name,
disk_label, cachemode);
}
+#endif /* DISABLED IN RHEL 7 */
else {
error (g, _("unknown protocol '%s'"), protocol);
drv = NULL; /*FALLTHROUGH*/
diff --git a/src/guestfs.pod b/src/guestfs.pod
index eedea94..87e8882 100644
--- a/src/guestfs.pod
+++ b/src/guestfs.pod
@@ -668,91 +668,6 @@ you don't need to add any disks.
=head2 REMOTE STORAGE
-=head3 CEPH
-
-Libguestfs can access Ceph (librbd/RBD) disks.
-
-To do this, set the optional C<protocol> and C<server> parameters of
-L</guestfs_add_drive_opts> like this:
-
- char **servers = { "ceph1.example.org:3000", /* ... */, NULL };
- guestfs_add_drive_opts (g, "/pool/image",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "rbd",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, servers,
- GUESTFS_ADD_DRIVE_OPTS_USERNAME, "rbduser",
- GUESTFS_ADD_DRIVE_OPTS_SECRET, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==",
- -1);
-
-C<servers> (the C<server> parameter) is a list of one or more Ceph
-servers. The server string is documented in
-L</guestfs_add_drive_opts>. The C<username> and C<secret> parameters are
-also optional, and if not given, then no authentication will be used.
-
-=head3 FTP, HTTP AND TFTP
-
-Libguestfs can access remote disks over FTP, FTPS, HTTP, HTTPS
-or TFTP protocols.
-
-To do this, set the optional C<protocol> and C<server> parameters of
-L</guestfs_add_drive_opts> like this:
-
- char **servers = { "www.example.org", NULL };
- guestfs_add_drive_opts (g, "/disk.img",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "http",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, servers,
- -1);
-
-The C<protocol> can be one of C<"ftp">, C<"ftps">, C<"http">,
-C<"https"> or C<"tftp">.
-
-C<servers> (the C<server> parameter) is a list which must have a
-single element. The single element is a string defining the web,
-FTP or TFTP server. The format of this string is documented in
-L</guestfs_add_drive_opts>.
-
-=head3 GLUSTER
-
-Libguestfs can access Gluster disks.
-
-To do this, set the optional C<protocol> and C<server> parameters of
-L</guestfs_add_drive_opts> like this:
-
- char **servers = { "gluster.example.org:24007", NULL };
- guestfs_add_drive_opts (g, "/volname/image",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "gluster",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, servers,
- -1);
-
-C<servers> (the C<server> parameter) is a list which must have a
-single element. The single element is a string defining the Gluster
-server. The format of this string is documented in
-L</guestfs_add_drive_opts>.
-
-Note that gluster usually requires the client process (ie. libguestfs)
-to run as B<root> and will give unfathomable errors if it is not
-(eg. "No data available").
-
-=head3 ISCSI
-
-Libguestfs can access iSCSI disks remotely.
-
-To do this, set the optional C<protocol> and C<server> parameters like
-this:
-
- char **server = { "iscsi.example.org:3000", NULL };
- guestfs_add_drive_opts (g, "/target-iqn-name/lun",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "iscsi",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, server,
- -1);
-
-The C<server> parameter is a list which must have a single element.
-The single element is a string defining the iSCSI server. The format
-of this string is documented in L</guestfs_add_drive_opts>.
-
=head3 NETWORK BLOCK DEVICE
Libguestfs can access Network Block Device (NBD) disks remotely.
@@ -815,42 +730,6 @@ L<https://bugs.launchpad.net/qemu/+bug/1155677>
=back
-=head3 SHEEPDOG
-
-Libguestfs can access Sheepdog disks.
-
-To do this, set the optional C<protocol> and C<server> parameters of
-L</guestfs_add_drive_opts> like this:
-
- char **servers = { /* optional servers ... */ NULL };
- guestfs_add_drive_opts (g, "/volume",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "sheepdog",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, servers,
- -1);
-
-The optional list of C<servers> may be zero or more server addresses
-(C<"hostname:port">). The format of the server strings is documented
-in L</guestfs_add_drive_opts>.
-
-=head3 SSH
-
-Libguestfs can access disks over a Secure Shell (SSH) connection.
-
-To do this, set the C<protocol> and C<server> and (optionally)
-C<username> parameters of L</guestfs_add_drive_opts> like this:
-
- char **server = { "remote.example.com", NULL };
- guestfs_add_drive_opts (g, "/path/to/disk.img",
- GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw",
- GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "ssh",
- GUESTFS_ADD_DRIVE_OPTS_SERVER, server,
- GUESTFS_ADD_DRIVE_OPTS_USERNAME, "remoteuser",
- -1);
-
-The format of the server string is documented in
-L</guestfs_add_drive_opts>.
-
=head2 INSPECTION
Libguestfs has APIs for inspecting an unknown disk image to find out
--
1.8.3.1