September 2019 - Libguestfs - Libguestfs List Archives

[PATCH 0/8] v2v: various fixed for -o rhv-upload

by Pino Toscano

This patch series fixes various issues in the rhv-upload output mode: - properly find and use RHV resources - cleanup orphan disks, and possibly the current disk transfer on failure In reality, the first 4 patches deal with resources, and the other 4 with cleanups. The latter block can be theoretically sent alone -- I just happened to start working on it as part of my "let's fix rhv-upload oddities" initiative. Pino Toscano (8): v2v: -o rhv-upload: split vmcheck out of precheck v2v: -o rhv-upload: change precheck script to return a JSON v2v: -o rhv-upload: improve lookup of specified resources (RHBZ#1612653) v2v: -o rhv-upload: tell whether a SD actually exists v2v: add output#disk_copied hook v2v: -o rhv-upload: collect disks UUIDs right after copy v2v: -o rhv-upload: remove uploaded disks on failure v2v: -o rhv-upload: cancel disk transfer on failure v2v/Makefile.am | 14 ++- v2v/output_rhv_upload.ml | 106 ++++++++++++++----- v2v/output_rhv_upload_deletedisks_source.mli | 19 ++++ v2v/output_rhv_upload_vmcheck_source.mli | 19 ++++ v2v/rhv-upload-createvm.py | 11 +- v2v/rhv-upload-deletedisks.py | 71 +++++++++++++ v2v/rhv-upload-plugin.py | 2 + v2v/rhv-upload-precheck.py | 55 +++++++--- v2v/rhv-upload-vmcheck.py | 73 +++++++++++++ v2v/types.ml | 1 + v2v/types.mli | 4 + v2v/v2v.ml | 9 +- 12 files changed, 331 insertions(+), 53 deletions(-) create mode 100644 v2v/output_rhv_upload_deletedisks_source.mli create mode 100644 v2v/output_rhv_upload_vmcheck_source.mli create mode 100644 v2v/rhv-upload-deletedisks.py create mode 100644 v2v/rhv-upload-vmcheck.py -- 2.21.0

5 years, 2 months

3
17
0 / 0

[libnbd PATCH] api: Add set_handshake_flags for integration

by Eric Blake

Similar to the recent --mask-handshake command line added to nbdkit to test client fallbacks to crippled servers, it can be worth testing server fallbacks to crippled clients. And just as we have exposed whether the client will request structured replies, we can also expose whether the client will understand various handshake flags from the NBD protocol. Of course, we default to supporting all flags that we understand and which are advertised by the server. But clearing FIXED_NEWSTYLE lets us test NBD_OPT_EXPORT_NAME handling, and clearing NO_ZEROES lets us test whether the zero padding in response to NBD_OPT_EXPORT_NAME is correct. --- I'm still considering the addition of tests/* against nbd, or interop/* against qemu, to ensure that we have interoperability between various degraded connection modes. But that can be a separate patch. lib/internal.h | 1 + lib/nbd-protocol.h | 5 +- generator/generator | 72 ++++++++++++++++++++- generator/states-newstyle-opt-export-name.c | 2 +- generator/states-newstyle.c | 14 ++-- generator/states-oldstyle.c | 5 ++ lib/handle.c | 18 ++++++ 7 files changed, 107 insertions(+), 10 deletions(-) diff --git a/lib/internal.h b/lib/internal.h index ccaca32..998ca3d 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -157,6 +157,7 @@ struct nbd_handle { } __attribute__((packed)) error; } payload; } __attribute__((packed)) sr; + uint16_t gflags; uint32_t cflags; uint32_t len; uint16_t nrinfos; diff --git a/lib/nbd-protocol.h b/lib/nbd-protocol.h index 04e93d3..699aa22 100644 --- a/lib/nbd-protocol.h +++ b/lib/nbd-protocol.h @@ -93,9 +93,10 @@ struct nbd_fixed_new_option_reply { #define NBD_REP_MAGIC UINT64_C(0x3e889045565a9) -/* Global flags. */ +/* Global flags. Exposed by the generator as LIBNBD_HANDSHAKE_FLAG_* instead #define NBD_FLAG_FIXED_NEWSTYLE 1 #define NBD_FLAG_NO_ZEROES 2 + */ /* Per-export flags. */ #define NBD_FLAG_HAS_FLAGS (1 << 0) @@ -238,10 +239,12 @@ struct nbd_structured_reply_error { #define NBD_CMD_WRITE_ZEROES 6 #define NBD_CMD_BLOCK_STATUS 7 +/* Command flags. Exposed by the generator as LIBNBD_CMD_FLAG_* instead #define NBD_CMD_FLAG_FUA (1<<0) #define NBD_CMD_FLAG_NO_HOLE (1<<1) #define NBD_CMD_FLAG_DF (1<<2) #define NBD_CMD_FLAG_REQ_ONE (1<<3) +*/ /* NBD error codes. */ #define NBD_SUCCESS 0 diff --git a/generator/generator b/generator/generator index a72f36c..170121e 100755 --- a/generator/generator +++ b/generator/generator @@ -971,7 +971,14 @@ let cmd_flags = { "FAST_ZERO", 1 lsl 4; ] } -let all_flags = [ cmd_flags ] +let handshake_flags = { + flag_prefix = "HANDSHAKE_FLAG"; + flags = [ + "FIXED_NEWSTYLE", 1 lsl 0; + "NO_ZEROES", 1 lsl 1; + ] +} +let all_flags = [ cmd_flags; handshake_flags ] (* Calls. * @@ -1261,6 +1268,7 @@ for integration testing, it can be useful to clear this flag rather than find a way to alter the server to fail the negotiation request."; see_also = ["L<nbd_get_request_structured_replies(3)>"; + "L<nbd_set_handshake_flags(3)>"; "L<nbd_can_meta_context(3)>"; "L<nbd_can_df(3)>"]; }; @@ -1277,6 +1285,66 @@ able to honor that request"; see_also = ["L<nbd_set_request_structured_replies(3)>"]; }; + "set_handshake_flags", { + default_call with + args = [ Flags ("flags", handshake_flags) ]; ret = RErr; + permitted_states = [ Created ]; + shortdesc = "control use of handshake flags"; + longdesc = "\ +By default, libnbd tries to negotiate all possible handshake flags +that are also supported by the server; since omitting a handshake +flag can prevent the use of other functionality such as TLS encryption +or structured replies. However, for integration testing, it can be +useful to reduce the set of flags supported by the client to test that +a particular server can handle various clients that were compliant to +older versions of the NBD specification. + +The C<flags> argument is a bitmask, including zero or more of the +following handshake flags: + +=over 4 + +=item C<LIBNBD_HANDSHAKE_FLAG_FIXED_NEWSTYLE> = 1 + +The server gracefully handles unknown option requests from the +client, rather than disconnecting. Without this flag, a client +cannot safely request to use extensions such as TLS encryption or +structured replies, as the request may cause an older server to +drop the connection. + +=item C<LIBNBD_HANDSHAKE_FLAG_NO_ZEROES> = 2 + +If the client is forced to use C<NBD_OPT_EXPORT_NAME> instead of +the preferred C<NBD_OPT_GO>, this flag allows the server to send +fewer all-zero padding bytes over the connection. + +=back + +Future NBD extensions may add further flags. +"; + see_also = ["L<nbd_get_handshake_flags(3)>"; + "L<nbd_set_request_structured_replies(3)>"]; + }; + + "get_handshake_flags", { + default_call with + args = []; ret = RUInt; + may_set_error = false; + shortdesc = "see which handshake flags are supported"; + longdesc = "\ +Return the state of the handshake flags on this handle. When the +handle has not yet completed a connection (see C<nbd_aio_is_created>), +this returns the flags that the client is willing to use, provided +the server also advertises those flags. After the connection is +ready (see C<nbd_aio_is_ready>), this returns the flags that were +actually agreed on between the server and client. If the NBD +protocol defines new handshake flags, then the return value from +a newer library version may include bits that were undefined at +the time of compilation."; + see_also = ["L<nbd_set_handshake_flags(3)>"; + "L<nbd_aio_is_created(3)>"; "L<nbd_aio_is_ready(3)>"]; + }; + "add_meta_context", { default_call with args = [ String "name" ]; ret = RErr; @@ -2521,6 +2589,8 @@ let first_version = [ "can_fast_zero", (1, 2); "set_request_structured_replies", (1, 2); "get_request_structured_replies", (1, 2); + "set_handshake_flags", (1, 2); + "get_handshake_flags", (1, 2); (* These calls are proposed for a future version of libnbd, but * have not been added to any released version so far. diff --git a/generator/states-newstyle-opt-export-name.c b/generator/states-newstyle-opt-export-name.c index ec73136..a46d851 100644 --- a/generator/states-newstyle-opt-export-name.c +++ b/generator/states-newstyle-opt-export-name.c @@ -45,7 +45,7 @@ case 0: h->rbuf = &h->sbuf; h->rlen = sizeof h->sbuf.export_name_reply; - if ((h->gflags & NBD_FLAG_NO_ZEROES) != 0) + if ((h->gflags & LIBNBD_HANDSHAKE_FLAG_NO_ZEROES) != 0) h->rlen -= sizeof h->sbuf.export_name_reply.zeroes; SET_NEXT_STATE (%RECV_REPLY); } diff --git a/generator/states-newstyle.c b/generator/states-newstyle.c index b4f2b80..8c3ae8a 100644 --- a/generator/states-newstyle.c +++ b/generator/states-newstyle.c @@ -112,8 +112,8 @@ handle_reply_error (struct nbd_handle *h) /* STATE MACHINE */ { NEWSTYLE.START: - h->rbuf = &h->gflags; - h->rlen = 2; + h->rbuf = &h->sbuf; + h->rlen = sizeof h->sbuf.gflags; SET_NEXT_STATE (%RECV_GFLAGS); return 0; @@ -127,16 +127,16 @@ handle_reply_error (struct nbd_handle *h) NEWSTYLE.CHECK_GFLAGS: uint32_t cflags; - h->gflags = be16toh (h->gflags); - if ((h->gflags & NBD_FLAG_FIXED_NEWSTYLE) == 0 && + h->gflags &= be16toh (h->sbuf.gflags); + if ((h->gflags & LIBNBD_HANDSHAKE_FLAG_FIXED_NEWSTYLE) == 0 && h->tls == LIBNBD_TLS_REQUIRE) { SET_NEXT_STATE (%.DEAD); - set_error (ENOTSUP, "handshake: server is not fixed newstyle, " + set_error (ENOTSUP, "handshake: server is not using fixed newstyle, " "but handle TLS setting is 'require' (2)"); return 0; } - cflags = h->gflags & (NBD_FLAG_FIXED_NEWSTYLE|NBD_FLAG_NO_ZEROES); + cflags = h->gflags; h->sbuf.cflags = htobe32 (cflags); h->wbuf = &h->sbuf; h->wlen = 4; @@ -148,7 +148,7 @@ handle_reply_error (struct nbd_handle *h) case -1: SET_NEXT_STATE (%.DEAD); return 0; case 0: /* Start sending options. */ - if ((h->gflags & NBD_FLAG_FIXED_NEWSTYLE) == 0) + if ((h->gflags & LIBNBD_HANDSHAKE_FLAG_FIXED_NEWSTYLE) == 0) SET_NEXT_STATE (%OPT_EXPORT_NAME.START); else SET_NEXT_STATE (%OPT_STARTTLS.START); diff --git a/generator/states-oldstyle.c b/generator/states-oldstyle.c index babefc0..c0d8af8 100644 --- a/generator/states-oldstyle.c +++ b/generator/states-oldstyle.c @@ -58,6 +58,11 @@ h->gflags = gflags; debug (h, "gflags: 0x%" PRIx16, gflags); + if (gflags) { + set_error (0, "handshake: oldstyle server should not set gflags"); + SET_NEXT_STATE (%.DEAD); + return 0; + } if (nbd_internal_set_size_and_flags (h, exportsize, eflags) == -1) { SET_NEXT_STATE (%.DEAD); diff --git a/lib/handle.c b/lib/handle.c index bc4206c..8ca2e5a 100644 --- a/lib/handle.c +++ b/lib/handle.c @@ -64,6 +64,8 @@ nbd_create (void) h->unique = 1; h->tls_verify_peer = true; h->request_sr = true; + h->gflags = (LIBNBD_HANDSHAKE_FLAG_FIXED_NEWSTYLE | + LIBNBD_HANDSHAKE_FLAG_NO_ZEROES); s = getenv ("LIBNBD_DEBUG"); h->debug = s && strcmp (s, "1") == 0; @@ -258,6 +260,22 @@ nbd_unlocked_get_request_structured_replies (struct nbd_handle *h) return h->request_sr; } +int +nbd_unlocked_set_handshake_flags (struct nbd_handle *h, + uint32_t flags) +{ + /* The generator already ensured flags was in range. */ + h->gflags = flags; + return 0; +} + +/* NB: may_set_error = false. */ +uint32_t +nbd_unlocked_get_handshake_flags (struct nbd_handle *h) +{ + return h->gflags; +} + const char * nbd_unlocked_get_package_name (struct nbd_handle *h) { -- 2.21.0

5 years, 2 months

2
1
0 / 0

[libnbd PATCH] states: Avoid magic number for h->tls

by Eric Blake

When we moved to an enum instead of raw int for nbd_set_tls(), we should have also updated our code to prefer the enum values. While at it, improve the grammar of error messages (confusing since 632196ec, and copy-and-pasted into more locations since then). Fixes: 4488cf2a Thanks: Rich Jones --- Rich noticed this while reviewing the patch for today's CVE fix. It's not a show-stopper if this doesn't get included in today's releases. generator/states-newstyle-opt-starttls.c | 8 ++++---- generator/states-newstyle.c | 4 ++-- generator/states-oldstyle.c | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/generator/states-newstyle-opt-starttls.c b/generator/states-newstyle-opt-starttls.c index 0a18db0..b050ce0 100644 --- a/generator/states-newstyle-opt-starttls.c +++ b/generator/states-newstyle-opt-starttls.c @@ -21,7 +21,7 @@ /* STATE MACHINE */ { NEWSTYLE.OPT_STARTTLS.START: /* If TLS was not requested we skip this option and go to the next one. */ - if (!h->tls) { + if (h->tls == LIBNBD_TLS_DISABLE) { SET_NEXT_STATE (%^OPT_STRUCTURED_REPLY.START); return 0; } @@ -88,13 +88,13 @@ return 0; } - /* Server refused to upgrade to TLS. If h->tls is not require (2) + /* Server refused to upgrade to TLS. If h->tls is not 'require' (2) * then we can continue unencrypted. */ - if (h->tls == 2) { + if (h->tls == LIBNBD_TLS_REQUIRE) { SET_NEXT_STATE (%.DEAD); set_error (ENOTSUP, "handshake: server refused TLS, " - "but handle TLS setting is require (2)"); + "but handle TLS setting is 'require' (2)"); return 0; } diff --git a/generator/states-newstyle.c b/generator/states-newstyle.c index c8f817e..b4f2b80 100644 --- a/generator/states-newstyle.c +++ b/generator/states-newstyle.c @@ -129,10 +129,10 @@ handle_reply_error (struct nbd_handle *h) h->gflags = be16toh (h->gflags); if ((h->gflags & NBD_FLAG_FIXED_NEWSTYLE) == 0 && - h->tls == 2) { + h->tls == LIBNBD_TLS_REQUIRE) { SET_NEXT_STATE (%.DEAD); set_error (ENOTSUP, "handshake: server is not fixed newstyle, " - "but handle TLS setting is require (2)"); + "but handle TLS setting is 'require' (2)"); return 0; } diff --git a/generator/states-oldstyle.c b/generator/states-oldstyle.c index 1aff185..babefc0 100644 --- a/generator/states-oldstyle.c +++ b/generator/states-oldstyle.c @@ -46,13 +46,13 @@ gflags = be16toh (h->sbuf.old_handshake.gflags); eflags = be16toh (h->sbuf.old_handshake.eflags); - /* Server is unable to upgrade to TLS. If h->tls is not require (2) + /* Server is unable to upgrade to TLS. If h->tls is not 'require' (2) * then we can continue unencrypted. */ - if (h->tls == 2) { + if (h->tls == LIBNBD_TLS_REQUIRE) { SET_NEXT_STATE (%.DEAD); set_error (ENOTSUP, "handshake: server is oldstyle, " - "but handle TLS setting is require (2)"); + "but handle TLS setting is 'require' (2)"); return 0; } -- 2.21.0

5 years, 2 months

2
1
0 / 0

[LIBNBD SECURITY PATCH 0/1] NBD Protocol Downgrade Attack in libnbd

by Eric Blake

We discovered a possible Downgrade Attack in libnbd. Lifecycle --------- Reported: 2019-09-14 Fixed: 2019-09-16 Published: 2019-09-16 There is no CVE number assigned for this issue yet, but the bug is being categorized and processed by Red Hat's security team which may result in a CVE being published later. Description ----------- Libnbd includes the method nbd_set_tls(h, LIBNBD_TLS_REQUIRE) which is documented to let a client refuse to connect to a server that is not using TLS encryption. However, if the server uses the oldstyle protocol, a flaw in libnbd meant that the client would proceed with an unencrypted connection without warning. An attacker, perhaps acting as a man-in-the-middle, can proceed to offer the oldstyle protocol rather than the newstyle protocol in an effort to coerce the client to send plaintext data over the network that the client thought would be secured. Workarounds ----------- It is recommended to upgrade to a fixed version of libnbd (see next section). However if this cannot be done, it is possible for a client to test after connection whether the server also supports extension features that require the newstyle protocol, and thus be sure that an oldstyle server did not thwart encryption. Either of the following extension tests will prove that a newstyle server is present (unfortunately, this does not help for a newstyle server that does not support either extension): - If nbd_can_df(h) returns true. - If the client requests nbd_add_meta_context(h, context) prior to connection, then nbd_can_meta_context(h, context) returns true; the most commonly supported context is LIBNBD_CONTEXT_BASE_ALLOCATION. Test if libnbd is vulnerable ---------------------------- Run the following command (tested with nbdkit 1.12 or newer): $ nbdsh -c 'h.set_tls(nbd.TLS_REQUIRE)' \ -c 'h.connect_command(["nbdkit", "-o", "-s", "null"])' \ -c 'print(h.get_size())' If the command succeeds and prints 0, then libnbd is vulnerable. The correct behavior is to fail with an error that the connection was not possible due to the server lacking encryption support. Fixes ----- This affects all stable versions of libnbd. A fix is available for 1.0 and the current development version: * development branch (1.1) https://github.com/libguestfs/libnbd/commit/cca3b10fea96a349a9d718cc92f42... or use libnbdkit >= 1.1.2 from http://download.libguestfs.org/libnbd/1.1-development/ * stable branch 1.0 https://github.com/libguestfs/libnbd/commit/19217810ce4467cc8b3671a2797e1... or use nbdkit >= 1.0.2 from http://download.libguestfs.org/libnbd/1.0-stable/ Credit ------ Discovered by Eric Blake <eblake(a)redhat.com> Eric Blake (1): security: states: Fail oldstyle servers when tls==2 generator/states-oldstyle.c | 10 ++++++++++ tests/oldstyle.c | 17 +++++++++++++++++ 2 files changed, 27 insertions(+) -- 2.21.0

5 years, 2 months

1
2
0 / 0

[PATCH nbdkit v2] common/bitmap: Don't fail on realloc (ptr, 0)

by Richard W.M. Jones

v1 was here: https://www.redhat.com/archives/libguestfs/2019-September/msg00100.html In v2 I've changed the patch so it avoids calling realloc at all in this case. The patch is a bit longer this way. But I don't see any other alternative if we are to avoid having a "realloc wrapper" of some kind that we use everywhere, which I guess we should avoid because it makes plugins just that bit harder to write and we want them to be as easy to write and accessible as possible. Also: - Clean up the commit message. - Add a simple regression test. Rich.

5 years, 2 months

2
2
0 / 0

[PATCH nbdkit v2 0/3] Access export name from plugins.

by Richard W.M. Jones

The previous incomplete patch was here: https://www.redhat.com/archives/libguestfs/2019-September/msg00049.html based on earlier discussion here: https://www.redhat.com/archives/libguestfs/2019-September/msg00047.html In v2: - The previous patch was incomplete. This version completes it by adding tests and extending nbdkit-sh-plugin. - nbdkit_export_name now returns NULL for error, setting nbdkit_error. The only possible error currently is if we're not called from a connected callback. - For oldstyle protocol, "" is returned. - Add some clarifying text to docs for can_multi_conn. - Use strcpy in one place instead of memcpy (but leave the other one alone). As before this patch doesn't attempt to resolve any problems with our current handling of -e, NBD_OPT_LIST, etc. Rich.

5 years, 2 months

2
7
0 / 0

[PATCH nbdkit] common/bitmap: Don't fail on realloc (ptr, 0)

by Richard W.M. Jones

The following commands: nbdkit -fv --filter=cow memory size=512 --run 'qemu-img info $nbd' nbdkit -fv --filter=cache memory size=512 --run 'qemu-img info $nbd' both fail with: nbdkit: memory[1]: error: realloc: Success Initial git bisect pointed to commit 3166d2bcbfd2 (but I don't believe that commit is the real cause, it merely exposes the bug). The reason this happens is because the new behaviour after commit 3166d2bcbfd2 is to round down the size of the underlying disk to the cow/cache filter block size (4096 bytes). => The size of the disk is rounded down to 0. => The cow/cache filter requests a bitmap of size 0. => We call realloc (ptr, 0). => realloc returns NULL + errno == 0 in this case since it is not an error. The current commit changes the realloc call so that it does not fail in this case. There are many other places in nbdkit where we call realloc, and I did not vet any of them to see if similar bugs could be present, but it is quite likely. Note that the correct use of the cow/cache filter in this case is to combine it with the truncate filter, eg: nbdkit -fv --filter=cow --filter=truncate memory size=512 round-up=4096 --- common/bitmap/bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/bitmap/bitmap.c b/common/bitmap/bitmap.c index caac916..6bf04dc 100644 --- a/common/bitmap/bitmap.c +++ b/common/bitmap/bitmap.c @@ -60,7 +60,7 @@ bitmap_resize (struct bitmap *bm, uint64_t new_size) new_bm_size = (size_t) new_bm_size_u64; new_bitmap = realloc (bm->bitmap, new_bm_size); - if (new_bitmap == NULL) { + if (new_bm_size && new_bitmap == NULL) { nbdkit_error ("realloc: %m"); return -1; } -- 2.23.0

5 years, 2 months

2
1
0 / 0

[libnbd PATCH v2] nbdsh: Prefer --uri over --connect

by Eric Blake

Typing nbdsh --con (the minimum to get an unambiguous prefix for --connect, different from --command) is annoying compared to having a short option. Since it takes a URI as an argument, using -u/--uri is a nicer mnemonic. We still accept --connect for back-compat, and document it in the man page, but omit it from --help as the new spelling is nicer all around. --- Here's what things evolved to after hiding --connect from --help output. I've gone ahead and pushed this. sh/nbdsh.pod | 8 ++++++-- python/nbdsh.py | 8 +++++--- sh/test-context.sh | 24 ++++++++++++------------ sh/test-pattern.sh | 2 +- 4 files changed, 24 insertions(+), 18 deletions(-) diff --git a/sh/nbdsh.pod b/sh/nbdsh.pod index d44c8d8..41a88a5 100644 --- a/sh/nbdsh.pod +++ b/sh/nbdsh.pod @@ -32,11 +32,11 @@ For documentation about the libnbd API please open the shell and type: =head2 Print the size of an NBD export -The I<--connect> option connects to an NBD URI. The I<-c> option lets +The I<-u> option connects to an NBD URI. The I<-c> option lets you execute single Python statements from the command line. Combining these two options lets you print the size in bytes of an NBD export: - $ nbdsh --connect nbd://localhost -c 'print (h.get_size ())' + $ nbdsh -u nbd://localhost -c 'print (h.get_size ())' 1073741824 =head2 Hexdump the boot sector of an NBD export @@ -76,6 +76,10 @@ can be specified multiple times in order to run multiple commands. Read standard input and execute it as a command. +=item B<-u> URI + +=item B<-uri> URI + =item B<--connect> URI Connect to the given L<NBD URI|https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md>. diff --git a/python/nbdsh.py b/python/nbdsh.py index 098cc8a..3b4ad0e 100644 --- a/python/nbdsh.py +++ b/python/nbdsh.py @@ -29,8 +29,10 @@ def shell(): epilog=epilog) parser.add_argument ('--base-allocation', action='store_true', help='request the "base:allocation" meta context') - parser.add_argument ('--connect', metavar='URI', + parser.add_argument ('-u', '--uri', help="connect to NBD URI") + # For back-compat, provide --connect as an undocumented synonym to --uri + parser.add_argument ('--connect', dest='uri', help=argparse.SUPPRESS) parser.add_argument ('-c', '--command', action='append', help="run a command") parser.add_argument ('-V', '--version', action='version', @@ -56,8 +58,8 @@ help (nbd) # Display documentation if args.base_allocation: h.add_meta_context (nbd.CONTEXT_BASE_ALLOCATION) - if args.connect is not None: - h.connect_uri (args.connect) + if args.uri is not None: + h.connect_uri (args.uri) # If there are no -c or --command parameters, go interactive, # otherwise we run the commands and exit. if not args.command: diff --git a/sh/test-context.sh b/sh/test-context.sh index 9a7d3ab..ab3ae80 100755 --- a/sh/test-context.sh +++ b/sh/test-context.sh @@ -21,7 +21,7 @@ fail=0 # Without --base-allocation, no meta context is requested output=$(nbdkit -U - null --run 'nbdsh \ - --connect "nbd+unix://?socket=$unixsocket" \ + -u "nbd+unix://?socket=$unixsocket" \ -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))"') if test "x$output" != xFalse; then echo "$0: unexpected output: $output" @@ -30,26 +30,26 @@ fi # With --base-allocation (and a server that supports it), meta context works. output=$(nbdkit -U - null --run 'nbdsh \ - --base-allocation --connect "nbd+unix://?socket=$unixsocket" \ - -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))"') -if test "x$output" != xTrue; then - echo "$0: unexpected output: $output" - fail=1 -fi - -# Again, but with --b after --connect, and with abbreviated option names -output=$(nbdkit -U - null --run 'nbdsh \ - --conn "nbd+unix://?socket=$unixsocket" --b \ + --base-allocation --uri "nbd+unix://?socket=$unixsocket" \ --command "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))"') if test "x$output" != xTrue; then echo "$0: unexpected output: $output" fail=1 fi +# Again, but with --b after -u, and with abbreviated option names +output=$(nbdkit -U - null --run 'nbdsh \ + -u "nbd+unix://?socket=$unixsocket" --b \ + -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))"') +if test "x$output" != xTrue; then + echo "$0: unexpected output: $output" + fail=1 +fi + if [[ $(nbdkit --help) =~ --no-sr ]]; then # meta context depends on server cooperation output=$(nbdkit -U - --no-sr null --run 'nbdsh \ - --connect "nbd+unix://?socket=$unixsocket" --base-allocation \ + -u "nbd+unix://?socket=$unixsocket" --base-allocation \ -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))"') if test "x$output" != xFalse; then echo "$0: unexpected output: $output" diff --git a/sh/test-pattern.sh b/sh/test-pattern.sh index 2d4e261..855bec7 100755 --- a/sh/test-pattern.sh +++ b/sh/test-pattern.sh @@ -36,7 +36,7 @@ if ! test -f "$pidfile"; then exit 1 fi -nbdsh --connect "nbd+unix://?socket=$sock" \ +nbdsh -u "nbd+unix://?socket=$sock" \ -c ' def size(): return h.get_size() -- 2.21.0

5 years, 2 months

2
1
0 / 0

[libnbd PATCH] nbdsh: Add -b option to simplify h.block_status

by Eric Blake

We decided to not request the "base:allocation" context by default (if a client wants to use block_status on a different context, then they'd have to get any default request out of the way); however, block status is useless without at least one meta context. This adds a convenience knob for requesting that, and has the nice benefit of working with the --connect command line option (previously, if you wanted to use block_status, you could not use --connect, because requesting the meta context must happen before the connection). --- sh/nbdsh.pod | 9 +++++++ python/nbdsh.py | 4 +++ sh/Makefile.am | 4 ++- sh/test-context.sh | 62 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 78 insertions(+), 1 deletion(-) create mode 100755 sh/test-context.sh diff --git a/sh/nbdsh.pod b/sh/nbdsh.pod index d7fc315..6c540c7 100644 --- a/sh/nbdsh.pod +++ b/sh/nbdsh.pod @@ -56,6 +56,15 @@ __EXAMPLES_HEXDUMP__ Display brief command line help and exit. +=item B<-b> + +=item B<--base-allocation> + +Request the use of the "base:allocation" meta context, which is the +most common context used with L<nbd_block_status(3)>. This is +equivalent to calling S<C<h.set_meta_context +(nbd.CONTEXT_BASE_ALLOCATION)>> in the shell prior to connecting. + =item B<-c> 'COMMAND ...' =item B<--command> 'COMMAND ...' diff --git a/python/nbdsh.py b/python/nbdsh.py index 319b0f0..00bc6bc 100644 --- a/python/nbdsh.py +++ b/python/nbdsh.py @@ -27,6 +27,8 @@ def shell(): epilog = '''Please read the nbdsh(1) manual page for full usage.''' parser = argparse.ArgumentParser (prog='nbdsh', description=description, epilog=epilog) + parser.add_argument ('-b', '--base-allocation', action='store_true', + help='request the "base:allocation" meta context') parser.add_argument ('--connect', metavar='URI', help="connect to NBD URI") parser.add_argument ('-c', '--command', action='append', @@ -52,6 +54,8 @@ exit() or Ctrl-D # Quit the shell help (nbd) # Display documentation ''' + if args.base_allocation: + h.add_meta_context (nbd.CONTEXT_BASE_ALLOCATION) if args.connect is not None: h.connect_uri (args.connect) # If there are no -c or --command parameters, go interactive, diff --git a/sh/Makefile.am b/sh/Makefile.am index 8f70e69..415e241 100644 --- a/sh/Makefile.am +++ b/sh/Makefile.am @@ -21,6 +21,7 @@ EXTRA_DIST = \ nbdsh.pod \ examples/LICENSE-FOR-EXAMPLES \ examples/hexdump.sh \ + test-context.sh \ test-help.sh \ test-pattern.sh \ test-version.sh \ @@ -43,7 +44,7 @@ nbdsh.1: nbdsh.pod $(top_builddir)/podwrapper.pl endif HAVE_POD -TESTS_ENVIRONMENT = LIBNBD_DEBUG=1 EXP_VERSION=$(VERSION) +TESTS_ENVIRONMENT = LIBNBD_DEBUG=1 NBDKIT_DEBUG=1 EXP_VERSION=$(VERSION) LOG_COMPILER = $(top_builddir)/run TESTS = \ test-help.sh \ @@ -53,6 +54,7 @@ TESTS = \ if HAVE_NBDKIT TESTS += \ + test-context.sh \ test-pattern.sh \ $(NULL) diff --git a/sh/test-context.sh b/sh/test-context.sh new file mode 100755 index 0000000..55f9b53 --- /dev/null +++ b/sh/test-context.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash +# nbd client library in userspace +# Copyright (C) 2019 Red Hat Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +# Test effects of nbdsh -b +fail=0 + +# Without -b, no meta context is requested +output=$(nbdkit -U - null --run 'nbdsh \ + --connect "nbd+unix://?socket=$unixsocket" \ + -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))" </dev/null') +if test "x$output" != xFalse; then + echo "$0: unexpected output: $output" + fail=1 +fi + +# With -b (and a server that supports it), meta context works. +output=$(nbdkit -U - null --run 'nbdsh \ + -b --connect "nbd+unix://?socket=$unixsocket" \ + -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))" </dev/null') +if test "x$output" != xTrue; then + echo "$0: unexpected output: $output" + fail=1 +fi + +# Again, but with -b after --connect +output=$(nbdkit -U - null --run 'nbdsh \ + --connect "nbd+unix://?socket=$unixsocket" --base-allocation \ + -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))" </dev/null') +if test "x$output" != xTrue; then + echo "$0: unexpected output: $output" + fail=1 +fi + +if [[ $(nbdkit --help) =~ --no-sr ]]; then + # meta context depends on server cooperation + output=$(nbdkit -U - --no-sr null --run 'nbdsh \ + --connect "nbd+unix://?socket=$unixsocket" --base-allocation \ + -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))" </dev/null') + if test "x$output" != xFalse; then + echo "$0: unexpected output: $output" + fail=1 + fi +else + echo "$0: nbdkit lacks --no-sr" +fi + +exit $fail -- 2.21.0

5 years, 2 months

2
2
0 / 0

[libnbd PATCH] nbdsh: Support -u as synonym for --connect

by Eric Blake

Typing nbdsh --con (the minimum to get an unambiguous prefix for --connect, different from --command) is annoying compared to having a short option. Since it takes a URI as an argument, using -u seems like a reasonable mnemonic. --- sh/nbdsh.pod | 6 ++++-- python/nbdsh.py | 2 +- sh/test-context.sh | 8 ++++---- sh/test-pattern.sh | 2 +- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/sh/nbdsh.pod b/sh/nbdsh.pod index 6c540c7..b1a3552 100644 --- a/sh/nbdsh.pod +++ b/sh/nbdsh.pod @@ -32,11 +32,11 @@ For documentation about the libnbd API please open the shell and type: =head2 Print the size of an NBD export -The I<--connect> option connects to an NBD URI. The I<-c> option lets +The I<-u> option connects to an NBD URI. The I<-c> option lets you execute single Python statements from the command line. Combining these two options lets you print the size in bytes of an NBD export: - $ nbdsh --connect nbd://localhost -c 'print (h.get_size ())' + $ nbdsh -u nbd://localhost -c 'print (h.get_size ())' 1073741824 =head2 Hexdump the boot sector of an NBD export @@ -78,6 +78,8 @@ can be specified multiple times in order to run multiple commands. Read standard input and execute it as a command. +=item B<-u> URI + =item B<--connect> URI Connect to the given L<NBD URI|https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md>. diff --git a/python/nbdsh.py b/python/nbdsh.py index 00bc6bc..b15702c 100644 --- a/python/nbdsh.py +++ b/python/nbdsh.py @@ -29,7 +29,7 @@ def shell(): epilog=epilog) parser.add_argument ('-b', '--base-allocation', action='store_true', help='request the "base:allocation" meta context') - parser.add_argument ('--connect', metavar='URI', + parser.add_argument ('-u', '--connect', metavar='URI', help="connect to NBD URI") parser.add_argument ('-c', '--command', action='append', help="run a command") diff --git a/sh/test-context.sh b/sh/test-context.sh index 3b32ba9..f2c3ba5 100755 --- a/sh/test-context.sh +++ b/sh/test-context.sh @@ -21,7 +21,7 @@ fail=0 # Without -b, no meta context is requested output=$(nbdkit -U - null --run 'nbdsh \ - --connect "nbd+unix://?socket=$unixsocket" \ + -u "nbd+unix://?socket=$unixsocket" \ -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))"') if test "x$output" != xFalse; then echo "$0: unexpected output: $output" @@ -30,7 +30,7 @@ fi # With -b (and a server that supports it), meta context works. output=$(nbdkit -U - null --run 'nbdsh \ - -b --connect "nbd+unix://?socket=$unixsocket" \ + -b -u "nbd+unix://?socket=$unixsocket" \ -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))"') if test "x$output" != xTrue; then echo "$0: unexpected output: $output" @@ -40,7 +40,7 @@ fi # Again, but with -b after -u, and with long option names output=$(nbdkit -U - null --run 'nbdsh \ --connect "nbd+unix://?socket=$unixsocket" --base-allocation \ - --command "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))"') + -command "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))"') if test "x$output" != xTrue; then echo "$0: unexpected output: $output" fail=1 @@ -49,7 +49,7 @@ fi if [[ $(nbdkit --help) =~ --no-sr ]]; then # meta context depends on server cooperation output=$(nbdkit -U - --no-sr null --run 'nbdsh \ - --connect "nbd+unix://?socket=$unixsocket" --base-allocation \ + -u "nbd+unix://?socket=$unixsocket" --base-allocation \ -c "print (h.can_meta_context (nbd.CONTEXT_BASE_ALLOCATION))"') if test "x$output" != xFalse; then echo "$0: unexpected output: $output" diff --git a/sh/test-pattern.sh b/sh/test-pattern.sh index 2d4e261..855bec7 100755 --- a/sh/test-pattern.sh +++ b/sh/test-pattern.sh @@ -36,7 +36,7 @@ if ! test -f "$pidfile"; then exit 1 fi -nbdsh --connect "nbd+unix://?socket=$sock" \ +nbdsh -u "nbd+unix://?socket=$sock" \ -c ' def size(): return h.get_size() -- 2.21.0

5 years, 2 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Libguestfs September 2019