From 64c53898702fa6ae8bfbd1f0f2ec9fc09d96c66b Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Mon, 29 Jul 2013 14:47:56 +0100 Subject: [PATCH] RHEL 7: Disable unsupported remote drive protocols (RHBZ#962113). This disables support for unsupported remote drive protocols: * ftp * ftps * http * https * tftp * gluster * iscsi * rbd * sheepdog * ssh Note 'nbd' is not disabled, and of course 'file' works. We hope to gradually add some of these back over the lifetime of RHEL 7. --- fish/guestfish.pod | 67 ---------------------------- fish/test-add-uri.sh | 29 ------------ generator/actions.ml | 72 ------------------------------ src/drives.c | 8 ++++ src/guestfs.pod | 121 --------------------------------------------------- 5 files changed, 8 insertions(+), 289 deletions(-) diff --git a/fish/guestfish.pod b/fish/guestfish.pod index c19fe6c..a240280 100644 --- a/fish/guestfish.pod +++ b/fish/guestfish.pod @@ -1138,40 +1138,6 @@ The possible I<-a URI> formats are described below. Add the local disk image (or device) called C. -=head2 B<-a ftp://[user@]example.com[:port]/disk.img> - -=head2 B<-a ftps://[user@]example.com[:port]/disk.img> - -=head2 B<-a http://[user@]example.com[:port]/disk.img> - -=head2 B<-a https://[user@]example.com[:port]/disk.img> - -=head2 B<-a tftp://[user@]example.com[:port]/disk.img> - -Add a disk located on a remote FTP, HTTP or TFTP server. - -The equivalent API command would be: - - > add /disk.img protocol:(ftp|...) server:tcp:example.com - -=head2 B<-a gluster://example.com[:port]/disk> - -Add a disk image located on GlusterFS storage. - -The server is the one running C, and may be C. - -The equivalent API command would be: - - > add /disk protocol:gluster server:tcp:example.com - -=head2 B<-a iscsi://example.com[:port]/target-iqn-name[/lun]> - -Add a disk located on an iSCSI server. - -The equivalent API command would be: - - > add /target-iqn-name/lun protocol:iscsi server:tcp:example.com - =head2 B<-a nbd://example.com[:port]> =head2 B<-a nbd://example.com[:port]/exportname> @@ -1193,39 +1159,6 @@ The equivalent API command would be (no export name): > add "" protocol:nbd server:[tcp:example.com|unix:/socket] -=head2 B<-a rbd://example.com[:port]/disk> - -Add a disk image located on a Ceph (RBD/librbd) storage volume. - -Although libguestfs and Ceph supports multiple servers, only a single -server can be specified when using this URI syntax. - -The equivalent API command would be: - - > add /disk protocol:rbd server:tcp:example.com - -=head2 B<-a sheepdog://[example.com[:port]]/volume/image> - -Add a disk image located on a Sheepdog volume. - -The server name is optional. Although libguestfs and Sheepdog -supports multiple servers, only at most one server can be specified -when using this URI syntax. - -The equivalent API command would be: - - > add /disk protocol:sheepdog [server:tcp:example.com] - -=head2 B<-a ssh://[user@]example.com[:port]/disk.img> - -Add a disk image located on a remote server, accessed using the Secure -Shell (ssh) SFTP protocol. SFTP is supported out of the box by all -major SSH servers. - -The equivalent API command would be: - - > add /disk protocol:ssh server:tcp:example.com [username:user] - =head1 PROGRESS BARS Some (not all) long-running commands send progress notification diff --git a/fish/test-add-uri.sh b/fish/test-add-uri.sh index dfeccf7..c481e88 100755 --- a/fish/test-add-uri.sh +++ b/fish/test-add-uri.sh @@ -37,14 +37,6 @@ function fail () $VG ./guestfish -x -a file://$(pwd)/test-add-uri.img test-add-uri.out 2>&1 grep -sq 'add_drive ".*/test-add-uri.img"' test-add-uri.out || fail -# curl -$VG ./guestfish -x -a ftp://user@example.com/disk.img test-add-uri.out 2>&1 -grep -sq 'add_drive "/disk.img" "protocol:ftp" "server:tcp:example.com" "username:user"' test-add-uri.out || fail - -# gluster -$VG ./guestfish -x -a gluster://example.com/disk test-add-uri.out 2>&1 -grep -sq 'add_drive "/disk" "protocol:gluster" "server:tcp:example.com"' test-add-uri.out || fail - # NBD $VG ./guestfish -x -a nbd://example.com test-add-uri.out 2>&1 grep -sq 'add_drive "" "protocol:nbd" "server:tcp:example.com"' test-add-uri.out || fail @@ -58,26 +50,5 @@ grep -sq 'add_drive "" "protocol:nbd" "server:unix:/sk"' test-add-uri.out || fai $VG ./guestfish -x -a 'nbd:///export?socket=/sk' test-add-uri.out 2>&1 grep -sq 'add_drive "/export" "protocol:nbd" "server:unix:/sk"' test-add-uri.out || fail -# rbd -$VG ./guestfish -x -a rbd://example.com:3000/disk test-add-uri.out 2>&1 -grep -sq 'add_drive "/disk" "protocol:rbd" "server:tcp:example.com:3000"' test-add-uri.out || fail - -# sheepdog -$VG ./guestfish -x -a sheepdog:///volume/image test-add-uri.out 2>&1 -grep -sq 'add_drive "/volume/image" "protocol:sheepdog"' test-add-uri.out || fail - -$VG ./guestfish -x -a sheepdog://example.com:3000/volume/image test-add-uri.out 2>&1 -grep -sq 'add_drive "/volume/image" "protocol:sheepdog" "server:tcp:example.com:3000"' test-add-uri.out || fail - -# ssh -$VG ./guestfish -x -a ssh://example.com/disk.img test-add-uri.out 2>&1 -grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com"' test-add-uri.out || fail - -$VG ./guestfish -x -a ssh://user@example.com/disk.img test-add-uri.out 2>&1 -grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com" "username:user"' test-add-uri.out || fail - -$VG ./guestfish -x -a ssh://user@example.com:2000/disk.img test-add-uri.out 2>&1 -grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com:2000" "username:user"' test-add-uri.out || fail - rm test-add-uri.out rm test-add-uri.img diff --git a/generator/actions.ml b/generator/actions.ml index e3b57ff..879080f 100644 --- a/generator/actions.ml +++ b/generator/actions.ml @@ -1333,27 +1333,6 @@ C is interpreted as a local file or device. This is the default if the optional protocol parameter is omitted. -=item C - -Connect to a remote FTP, HTTP or TFTP server. -The C parameter must also be supplied - see below. - -See also: L - -=item C - -Connect to the GlusterFS server. -The C parameter must also be supplied - see below. - -See also: L - -=item C - -Connect to the iSCSI server. -The C parameter must also be supplied - see below. - -See also: L. - =item C Connect to the Network Block Device server. @@ -1361,31 +1340,6 @@ The C parameter must also be supplied - see below. See also: L. -=item C - -Connect to the Ceph (librbd/RBD) server. -The C parameter must also be supplied - see below. -The C parameter may be supplied. See below. -The C parameter may be supplied. See below. - -See also: L. - -=item C - -Connect to the Sheepdog server. -The C parameter may also be supplied - see below. - -See also: L. - -=item C - -Connect to the Secure Shell (ssh) server. - -The C parameter must be supplied. -The C parameter may be supplied. See below. - -See also: L. - =back =item C @@ -1396,13 +1350,7 @@ is a list of server(s). Protocol Number of servers required -------- -------------------------- file List must be empty or param not used at all - ftp|ftps|http|https|tftp Exactly one - gluster Exactly one - iscsi Exactly one nbd Exactly one - rbd One or more - sheepdog Zero or more - ssh Exactly one Each list element is a string specifying a server. The string must be in one of the following formats: @@ -1416,26 +1364,6 @@ in one of the following formats: If the port number is omitted, then the standard port number for the protocol is used (see C). -=item C - -For the C, C, C, C, C, C, C -and C protocols, this specifies the remote username. - -If not given, then the local username is used for C, and no authentication -is attempted for ceph. But note this sometimes may give unexpected results, for -example if using the libvirt backend and if the libvirt backend is configured to -start the qemu appliance as a special user such as C. If in doubt, -specify the remote username you want. - -=item C - -For the C protocol only, this specifies the 'secret' to use when -connecting to the remote device. - -If not given, then a secret matching the given username will be looked up in the -default keychain locations, or if no username is given, then no authentication -will be used. - =item C Choose whether or not libguestfs will obey sync operations (safe but slow) diff --git a/src/drives.c b/src/drives.c index f310b06..7abd952 100644 --- a/src/drives.c +++ b/src/drives.c @@ -136,6 +136,7 @@ create_drive_non_file (guestfs_h *g, return drv; } +#if 0 /* DISABLED IN RHEL 7 */ static struct drive * create_drive_curl (guestfs_h *g, enum drive_protocol protocol, @@ -218,6 +219,7 @@ create_drive_gluster (guestfs_h *g, readonly, format, iface, name, disk_label, cachemode); } +#endif /* DISABLED IN RHEL 7 */ static int nbd_port (void) @@ -264,6 +266,7 @@ create_drive_nbd (guestfs_h *g, cachemode); } +#if 0 /* DISABLED IN RHEL 7 */ static struct drive * create_drive_rbd (guestfs_h *g, struct drive_server *servers, size_t nr_servers, @@ -451,6 +454,7 @@ create_drive_iscsi (guestfs_h *g, readonly, format, iface, name, disk_label, cachemode); } +#endif /* DISABLED IN RHEL 7 */ /* Traditionally you have been able to use /dev/null as a filename, as * many times as you like. Ancient KVM (RHEL 5) cannot handle adding @@ -865,6 +869,7 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename, disk_label, cachemode); } } +#if 0 /* DISABLED IN RHEL 7 */ else if (STREQ (protocol, "ftp")) { drv = create_drive_curl (g, drive_protocol_ftp, servers, nr_servers, filename, @@ -905,12 +910,14 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename, readonly, format, iface, name, disk_label, cachemode); } +#endif /* DISABLED IN RHEL 7 */ else if (STREQ (protocol, "nbd")) { drv = create_drive_nbd (g, servers, nr_servers, filename, username, secret, readonly, format, iface, name, disk_label, cachemode); } +#if 0 /* DISABLED IN RHEL 7 */ else if (STREQ (protocol, "rbd")) { drv = create_drive_rbd (g, servers, nr_servers, filename, username, secret, @@ -936,6 +943,7 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename, readonly, format, iface, name, disk_label, cachemode); } +#endif /* DISABLED IN RHEL 7 */ else { error (g, _("unknown protocol '%s'"), protocol); drv = NULL; /*FALLTHROUGH*/ diff --git a/src/guestfs.pod b/src/guestfs.pod index eedea94..87e8882 100644 --- a/src/guestfs.pod +++ b/src/guestfs.pod @@ -668,91 +668,6 @@ you don't need to add any disks. =head2 REMOTE STORAGE -=head3 CEPH - -Libguestfs can access Ceph (librbd/RBD) disks. - -To do this, set the optional C and C parameters of -L like this: - - char **servers = { "ceph1.example.org:3000", /* ... */, NULL }; - guestfs_add_drive_opts (g, "/pool/image", - GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw", - GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "rbd", - GUESTFS_ADD_DRIVE_OPTS_SERVER, servers, - GUESTFS_ADD_DRIVE_OPTS_USERNAME, "rbduser", - GUESTFS_ADD_DRIVE_OPTS_SECRET, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==", - -1); - -C (the C parameter) is a list of one or more Ceph -servers. The server string is documented in -L. The C and C parameters are -also optional, and if not given, then no authentication will be used. - -=head3 FTP, HTTP AND TFTP - -Libguestfs can access remote disks over FTP, FTPS, HTTP, HTTPS -or TFTP protocols. - -To do this, set the optional C and C parameters of -L like this: - - char **servers = { "www.example.org", NULL }; - guestfs_add_drive_opts (g, "/disk.img", - GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw", - GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "http", - GUESTFS_ADD_DRIVE_OPTS_SERVER, servers, - -1); - -The C can be one of C<"ftp">, C<"ftps">, C<"http">, -C<"https"> or C<"tftp">. - -C (the C parameter) is a list which must have a -single element. The single element is a string defining the web, -FTP or TFTP server. The format of this string is documented in -L. - -=head3 GLUSTER - -Libguestfs can access Gluster disks. - -To do this, set the optional C and C parameters of -L like this: - - char **servers = { "gluster.example.org:24007", NULL }; - guestfs_add_drive_opts (g, "/volname/image", - GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw", - GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "gluster", - GUESTFS_ADD_DRIVE_OPTS_SERVER, servers, - -1); - -C (the C parameter) is a list which must have a -single element. The single element is a string defining the Gluster -server. The format of this string is documented in -L. - -Note that gluster usually requires the client process (ie. libguestfs) -to run as B and will give unfathomable errors if it is not -(eg. "No data available"). - -=head3 ISCSI - -Libguestfs can access iSCSI disks remotely. - -To do this, set the optional C and C parameters like -this: - - char **server = { "iscsi.example.org:3000", NULL }; - guestfs_add_drive_opts (g, "/target-iqn-name/lun", - GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw", - GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "iscsi", - GUESTFS_ADD_DRIVE_OPTS_SERVER, server, - -1); - -The C parameter is a list which must have a single element. -The single element is a string defining the iSCSI server. The format -of this string is documented in L. - =head3 NETWORK BLOCK DEVICE Libguestfs can access Network Block Device (NBD) disks remotely. @@ -815,42 +730,6 @@ L =back -=head3 SHEEPDOG - -Libguestfs can access Sheepdog disks. - -To do this, set the optional C and C parameters of -L like this: - - char **servers = { /* optional servers ... */ NULL }; - guestfs_add_drive_opts (g, "/volume", - GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw", - GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "sheepdog", - GUESTFS_ADD_DRIVE_OPTS_SERVER, servers, - -1); - -The optional list of C may be zero or more server addresses -(C<"hostname:port">). The format of the server strings is documented -in L. - -=head3 SSH - -Libguestfs can access disks over a Secure Shell (SSH) connection. - -To do this, set the C and C and (optionally) -C parameters of L like this: - - char **server = { "remote.example.com", NULL }; - guestfs_add_drive_opts (g, "/path/to/disk.img", - GUESTFS_ADD_DRIVE_OPTS_FORMAT, "raw", - GUESTFS_ADD_DRIVE_OPTS_PROTOCOL, "ssh", - GUESTFS_ADD_DRIVE_OPTS_SERVER, server, - GUESTFS_ADD_DRIVE_OPTS_USERNAME, "remoteuser", - -1); - -The format of the server string is documented in -L. - =head2 INSPECTION Libguestfs has APIs for inspecting an unknown disk image to find out -- 1.8.3.1