Skip to content
Permalink
Browse files

RHEL 7: Disable unsupported remote drive protocols (RHBZ#962113).

This disables support for unsupported remote drive protocols:

 * ftp
 * ftps
 * http
 * https
 * tftp
 * gluster
 * iscsi
 * sheepdog
 * ssh

Note 'nbd' is not disabled, and of course 'file' works.

We hope to gradually add some of these back over the lifetime of RHEL 7.

In RHEL 7.2: rbd (Ceph) support was enabled.
  • Loading branch information...
rwmjones committed Jul 29, 2013
1 parent 12e1dd1 commit f55cbd578c873ad815bd3f8915a49be430b35b72
@@ -117,27 +117,6 @@ image. To exit, type C<exit>.
If you get an error, try enabling debugging (add C<-v> to the command
line). Also make sure that L<libguestfs-test-tool(1)> succeeds.

=head2 Try to open a remote guest image with guestfish.

B<Note> this test requires S<libguestfs E<ge> 1.22> and S<qemu E<ge> 1.5>.
You may also have to disable libvirt by setting this:

export LIBGUESTFS_BACKEND=direct

If you have a disk image available over HTTP/FTP, try to open it.

guestfish --ro -i --format=raw -a http://www.example.com/disk.img

For SSH you will need to make sure that ssh-agent is set up so you
don't need a password to log in to the remote machine. Then a command
similar to this should work:

guestfish --ro -i --format=raw \
-a ssh://remote.example.com/path/to/disk.img

If you get an error, try enabling debugging (add C<-v> to the command
line). Also make sure that L<libguestfs-test-tool(1)> succeeds.

=head2 Run virt-alignment-scan on all your guests.

Run L<virt-alignment-scan(1)> on guests or disk images:
@@ -138,9 +138,9 @@ To list what is available do:

=head2 Remote drives

Access a remote disk using ssh:
Access a remote disk using NBD:

guestfish -a ssh://example.com/path/to/disk.img
guestfish -a nbd://example.com

=head2 Remote control

@@ -1125,12 +1125,12 @@ L<guestfs(3)/REMOTE STORAGE>>.
On the command line, you can use the I<-a> option to add network
block devices using a URI-style format, for example:

guestfish -a ssh://root@example.com/disk.img
guestfish -a nbd://example.com

URIs I<cannot> be used with the L</add> command. The equivalent
command using the API directly is:

><fs> add /disk.img protocol:ssh server:tcp:example.com username:root
><fs> add /disk.img protocol:nbd server:tcp:example.com

The possible I<-a URI> formats are described below.

@@ -1140,40 +1140,6 @@ The possible I<-a URI> formats are described below.

Add the local disk image (or device) called C<disk.img>.

=head2 B<-a ftp://[user@]example.com[:port]/disk.img>

=head2 B<-a ftps://[user@]example.com[:port]/disk.img>

=head2 B<-a http://[user@]example.com[:port]/disk.img>

=head2 B<-a https://[user@]example.com[:port]/disk.img>

=head2 B<-a tftp://[user@]example.com[:port]/disk.img>

Add a disk located on a remote FTP, HTTP or TFTP server.

The equivalent API command would be:

><fs> add /disk.img protocol:(ftp|...) server:tcp:example.com

=head2 B<-a gluster://example.com[:port]/volname/image>

Add a disk image located on GlusterFS storage.

The server is the one running C<glusterd>, and may be C<localhost>.

The equivalent API command would be:

><fs> add volname/image protocol:gluster server:tcp:example.com

=head2 B<-a iscsi://example.com[:port]/target-iqn-name[/lun]>

Add a disk located on an iSCSI server.

The equivalent API command would be:

><fs> add target-iqn-name/lun protocol:iscsi server:tcp:example.com

=head2 B<-a nbd://example.com[:port]>

=head2 B<-a nbd://example.com[:port]/exportname>
@@ -1208,28 +1174,6 @@ The equivalent API command would be:

><fs> add pool/disk protocol:rbd server:tcp:example.com:port

=head2 B<-a sheepdog://[example.com[:port]]/volume/image>

Add a disk image located on a Sheepdog volume.

The server name is optional. Although libguestfs and Sheepdog
supports multiple servers, only at most one server can be specified
when using this URI syntax.

The equivalent API command would be:

><fs> add volume protocol:sheepdog [server:tcp:example.com]

=head2 B<-a ssh://[user@]example.com[:port]/disk.img>

Add a disk image located on a remote server, accessed using the Secure
Shell (ssh) SFTP protocol. SFTP is supported out of the box by all
major SSH servers.

The equivalent API command would be:

><fs> add /disk protocol:ssh server:tcp:example.com [username:user]

=head1 PROGRESS BARS

Some (not all) long-running commands send progress notification
@@ -37,14 +37,6 @@ function fail ()
$VG guestfish -x -a file://$(pwd)/test-add-uri.img </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive ".*/test-add-uri.img"' test-add-uri.out || fail

# curl
$VG guestfish -x -a ftp://user@example.com/disk.img </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "/disk.img" "protocol:ftp" "server:tcp:example.com" "username:user"' test-add-uri.out || fail

# gluster
$VG guestfish -x -a gluster://example.com/disk </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "disk" "protocol:gluster" "server:tcp:example.com"' test-add-uri.out || fail

# NBD
$VG guestfish -x -a nbd://example.com </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "" "protocol:nbd" "server:tcp:example.com"' test-add-uri.out || fail
@@ -64,22 +56,5 @@ grep -sq 'add_drive "pool/disk" "protocol:rbd" "server:tcp:example.com:6789"' te
$VG guestfish -x -a rbd:///pool/disk </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "pool/disk" "protocol:rbd"' test-add-uri.out || fail

# sheepdog
$VG guestfish -x -a sheepdog:///volume/image </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "volume/image" "protocol:sheepdog"' test-add-uri.out || fail

$VG guestfish -x -a sheepdog://example.com:3000/volume/image </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "volume/image" "protocol:sheepdog" "server:tcp:example.com:3000"' test-add-uri.out || fail

# ssh
$VG guestfish -x -a ssh://example.com/disk.img </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com"' test-add-uri.out || fail

$VG guestfish -x -a ssh://user@example.com/disk.img </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com" "username:user"' test-add-uri.out || fail

$VG guestfish -x -a ssh://user@example.com:2000/disk.img </dev/null >test-add-uri.out 2>&1
grep -sq 'add_drive "/disk.img" "protocol:ssh" "server:tcp:example.com:2000" "username:user"' test-add-uri.out || fail

rm test-add-uri.out
rm test-add-uri.img
@@ -1397,27 +1397,6 @@ C<filename> is interpreted as a local file or device.
This is the default if the optional protocol parameter
is omitted.
=item C<protocol = \"ftp\"|\"ftps\"|\"http\"|\"https\"|\"tftp\">
Connect to a remote FTP, HTTP or TFTP server.
The C<server> parameter must also be supplied - see below.
See also: L<guestfs(3)/FTP, HTTP AND TFTP>
=item C<protocol = \"gluster\">
Connect to the GlusterFS server.
The C<server> parameter must also be supplied - see below.
See also: L<guestfs(3)/GLUSTER>
=item C<protocol = \"iscsi\">
Connect to the iSCSI server.
The C<server> parameter must also be supplied - see below.
See also: L<guestfs(3)/ISCSI>.
=item C<protocol = \"nbd\">
Connect to the Network Block Device server.
@@ -1434,22 +1413,6 @@ The C<secret> parameter may be supplied. See below.
See also: L<guestfs(3)/CEPH>.
=item C<protocol = \"sheepdog\">
Connect to the Sheepdog server.
The C<server> parameter may also be supplied - see below.
See also: L<guestfs(3)/SHEEPDOG>.
=item C<protocol = \"ssh\">
Connect to the Secure Shell (ssh) server.
The C<server> parameter must be supplied.
The C<username> parameter may be supplied. See below.
See also: L<guestfs(3)/SSH>.
=back
=item C<server>
@@ -1460,13 +1423,8 @@ is a list of server(s).
Protocol Number of servers required
-------- --------------------------
file List must be empty or param not used at all
ftp|ftps|http|https|tftp Exactly one
gluster Exactly one
iscsi Exactly one
nbd Exactly one
rbd Zero or more
sheepdog Zero or more
ssh Exactly one
Each list element is a string specifying a server. The string must be
in one of the following formats:
@@ -1482,10 +1440,10 @@ for the protocol is used (see C</etc/services>).
=item C<username>
For the C<ftp>, C<ftps>, C<http>, C<https>, C<iscsi>, C<rbd>, C<ssh>
and C<tftp> protocols, this specifies the remote username.
For the C<rbd>
protocol, this specifies the remote username.
If not given, then the local username is used for C<ssh>, and no authentication
If not given, then no authentication
is attempted for ceph. But note this sometimes may give unexpected results, for
example if using the libvirt backend and if the libvirt backend is configured to
start the qemu appliance as a special user such as C<qemu.qemu>. If in doubt,
@@ -199,6 +199,7 @@ create_drive_non_file (guestfs_h *g,
return drv;
}

#if 0 /* DISABLED IN RHEL 7 */
static struct drive *
create_drive_curl (guestfs_h *g,
const struct drive_create_data *data)
@@ -257,6 +258,7 @@ create_drive_gluster (guestfs_h *g,

return create_drive_non_file (g, data);
}
#endif /* DISABLED IN RHEL 7 */

static int
nbd_port (void)
@@ -325,6 +327,7 @@ create_drive_rbd (guestfs_h *g,
return create_drive_non_file (g, data);
}

#if 0 /* DISABLED IN RHEL 7 */
static struct drive *
create_drive_sheepdog (guestfs_h *g,
const struct drive_create_data *data)
@@ -435,6 +438,7 @@ create_drive_iscsi (guestfs_h *g,

return create_drive_non_file (g, data);
}
#endif /* DISABLED IN RHEL 7 */

/* Traditionally you have been able to use /dev/null as a filename, as
* many times as you like. Ancient KVM (RHEL 5) cannot handle adding
@@ -882,6 +886,7 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
drv = create_drive_file (g, &data);
}
}
#if 0 /* DISABLED IN RHEL 7 */
else if (STREQ (protocol, "ftp")) {
data.protocol = drive_protocol_ftp;
drv = create_drive_curl (g, &data);
@@ -906,6 +911,7 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
data.protocol = drive_protocol_iscsi;
drv = create_drive_iscsi (g, &data);
}
#endif /* DISABLED IN RHEL 7 */
else if (STREQ (protocol, "nbd")) {
data.protocol = drive_protocol_nbd;
drv = create_drive_nbd (g, &data);
@@ -914,6 +920,7 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
data.protocol = drive_protocol_rbd;
drv = create_drive_rbd (g, &data);
}
#if 0 /* DISABLED IN RHEL 7 */
else if (STREQ (protocol, "sheepdog")) {
data.protocol = drive_protocol_sheepdog;
drv = create_drive_sheepdog (g, &data);
@@ -926,6 +933,7 @@ guestfs__add_drive_opts (guestfs_h *g, const char *filename,
data.protocol = drive_protocol_tftp;
drv = create_drive_curl (g, &data);
}
#endif /* DISABLED IN RHEL 7 */
else {
error (g, _("unknown protocol '%s'"), protocol);
drv = NULL; /*FALLTHROUGH*/

0 comments on commit f55cbd5

Please sign in to comment.
You can’t perform that action at this time.