While these are per-connection rather than per-export settings, it is still useful to have a quick-and-silent command-line query rather than having to parse full info output.
While touching info-can.sh, strengthen it to insist that an unsupported feature is reported with status 2, rather than any non-zero status. --- info/nbdinfo.pod | 34 ++++++++++++++++++++++++---------- info/can.c | 15 ++++++++++++++- info/info-can-connect.sh | 9 ++++++++- info/info-can.sh | 35 ++++++++++++++++++++++++++++++++--- info/info-uri-nbds.sh | 5 +++-- 5 files changed, 81 insertions(+), 17 deletions(-) diff --git a/info/nbdinfo.pod b/info/nbdinfo.pod index a95b64f2..abc56f62 100644 --- a/info/nbdinfo.pod +++ b/info/nbdinfo.pod @@ -156,6 +156,15 @@ All NBD servers must support read, so this always exits with success Test if we can connect to the NBD URI. +=item nbdinfo --is tls URI + +Test if the NBD URI connection is using TLS. + +=item nbdinfo --can structured-reply URI + +Test if server can respond with structured replies (a prerequisite +for supporting block status commands). + =item nbdinfo --is rotational URI Test if the server export is backed by something which behaves like a @@ -313,23 +322,25 @@ Display brief command line help and exit. =item B<--can read> +=item B<--can structured-reply> + =item B<--can trim> =item B<--can write> =item B<--can zero> -Test properties of the NBD server export. The command does not print -anything. Instead it exits with success (S<exit code 0>) if true, or -failure (S<exit code 2>) if false. (Other exit codes indicate an -error querying the flag). +Test properties of the NBD server export or the connection itself. +The command does not print anything. Instead it exits with success +(S<exit code 0>) if true, or failure (S<exit code 2>) if false. +(Other exit codes indicate an error querying the flag). For further information see the L<NBD protocol|https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md> and the following libnbd functions: L<nbd_can_cache(3)>, L<nbd_can_df(3)>, L<nbd_can_fast_zero(3)>, L<nbd_can_flush(3)>, L<nbd_can_fua(3)>, L<nbd_can_multi_conn(3)>, L<nbd_can_trim(3)>, -L<nbd_can_zero(3)>, L<nbd_is_read_only(3)>. +L<nbd_can_zero(3)>, L<nbd_is_read_only(3)>, L<nbd_get_tls_negotiated(3)>. =item B<--color> @@ -362,15 +373,18 @@ use I<--list --content>. =item B<--is rotational> -Test if the NBD server export is read-only and rotational. The -command does not print anything. Instead it exits with success -(S<exit code 0>) if true, or failure (S<exit code 2>) if false. -(Other exit codes indicate an error querying the flag). +=item B<--is tls> + +Test if the NBD server export is read-only and rotational, or whether +the connection itself is using TLS. The command does not print +anything. Instead it exits with success (S<exit code 0>) if true, or +failure (S<exit code 2>) if false. (Other exit codes indicate an +error querying the flag). For further information see the L<NBD protocol|https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md> and the following libnbd functions: L<nbd_is_read_only(3)>, -L<nbd_is_rotational(3)>. +L<nbd_is_rotational(3)>, L<nbd_get_tls_negotiated(3)>. =item B<--json> diff --git a/info/can.c b/info/can.c index ee8bbb76..08d6bcd5 100644 --- a/info/can.c +++ b/info/can.c @@ -1,5 +1,5 @@ /* NBD client library in userspace - * Copyright (C) 2020-2021 Red Hat Inc. + * Copyright (C) 2020-2022 Red Hat Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -37,6 +37,19 @@ do_can (void) strcasecmp (can, "read") == 0) feature = 1; + else if (strcasecmp (can, "tls") == 0) + feature = nbd_get_tls_negotiated (nbd); + + else if (strcasecmp (can, "sr") == 0 || + strcasecmp (can, "structured") == 0 || + strcasecmp (can, "structured reply") == 0 || + strcasecmp (can, "structured-reply") == 0 || + strcasecmp (can, "structured_reply") == 0 || + strcasecmp (can, "structured replies") == 0 || + strcasecmp (can, "structured-replies") == 0 || + strcasecmp (can, "structured_replies") == 0) + feature = nbd_get_structured_replies_negotiated (nbd); + else if (strcasecmp (can, "readonly") == 0 || strcasecmp (can, "read-only") == 0 || strcasecmp (can, "read_only") == 0) diff --git a/info/info-can-connect.sh b/info/info-can-connect.sh index eecc290a..2520e5ab 100755 --- a/info/info-can-connect.sh +++ b/info/info-can-connect.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # nbd client library in userspace -# Copyright (C) 2020-2021 Red Hat Inc. +# Copyright (C) 2020-2022 Red Hat Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -27,3 +27,10 @@ requires nbdkit null --version nbdkit -v -U - null \ --run '$VG nbdinfo --can connect "nbd+unix:///?socket=$unixsocket"' + +# --is tls is false for unencrypted connections. + +st=0 +nbdkit -v -U - null \ + --run '$VG nbdinfo --is tls "nbd+unix:///?socket=$unixsocket"' || st=$? +test $st = 2 diff --git a/info/info-can.sh b/info/info-can.sh index 6f13665c..3edc3948 100755 --- a/info/info-can.sh +++ b/info/info-can.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # nbd client library in userspace -# Copyright (C) 2020-2021 Red Hat Inc. +# Copyright (C) 2020-2022 Red Hat Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -26,6 +26,8 @@ requires bash -c "nbdkit sh --dump-plugin | grep has_can_cache=1" # --is read-only and --can write are tested in info-is-read-only.sh +# --is tls is tested in info-uri-nbds.sh and info-can-connect.sh + # --can connect is tested in info-can-connect.sh # --can read is tested in info-can-read.sh @@ -36,6 +38,29 @@ requires bash -c "nbdkit sh --dump-plugin | grep has_can_cache=1" # and oldstyle never, but that feels like depending a bit too much on # the implementation. +# --can structured-reply is not a per-export setting, but rather +# something set on the server as a whole. + +nbdkit -v -U - sh - \ + --run '$VG nbdinfo --can structured-reply "nbd+unix:///?socket=$unixsocket"' <<'EOF' +case "$1" in + get_size) echo 1024 ;; + pread) ;; + *) exit 2 ;; +esac +EOF + +st=0 +nbdkit -v -U - --no-sr sh - \ + --run '$VG nbdinfo --can structured-reply "nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$? +case "$1" in + get_size) echo 1024 ;; + pread) ;; + *) exit 2 ;; +esac +EOF +test $st = 2 + # --can cache and --can fua require special handling because in # nbdkit-sh-plugin we must print "native" or "none". Also the can_fua # flag is only sent if the export is writable (hence can_write below). @@ -53,8 +78,9 @@ case "$1" in esac EOF + st=0 nbdkit -v -U - sh - \ - --run '! $VG nbdinfo --can $flag "nbd+unix:///?socket=$unixsocket"' <<'EOF' + --run '$VG nbdinfo --can $flag "nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$? case "$1" in get_size) echo 1024 ;; pread) ;; @@ -63,6 +89,7 @@ case "$1" in *) exit 2 ;; esac EOF + test $st = 2 done # These ones are normal booleans. @@ -80,8 +107,9 @@ case "$1" in esac EOF + st=0 nbdkit -v -U - sh - \ - --run '! $VG nbdinfo --can $flag "nbd+unix:///?socket=$unixsocket"' <<'EOF' + --run '$VG nbdinfo --can $flag "nbd+unix:///?socket=$unixsocket"' <<'EOF' || st=$? case "$1" in get_size) echo 1024 ;; pread) ;; @@ -90,4 +118,5 @@ case "$1" in *) exit 2 ;; esac EOF + test $st = 2 done diff --git a/info/info-uri-nbds.sh b/info/info-uri-nbds.sh index f9637a92..afefe58b 100755 --- a/info/info-uri-nbds.sh +++ b/info/info-uri-nbds.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # nbd client library in userspace -# Copyright (C) 2020-2021 Red Hat Inc. +# Copyright (C) 2020-2022 Red Hat Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -47,7 +47,8 @@ cleanup_fn rm -rf $d export pki nbdkit -U - --tls=require --tls-verify-peer --tls-certificates=$pki \ null size=1M \ - --run '$VG nbdinfo --json "nbds+unix:///?socket=$unixsocket&tls-certificates=$pki"' > $out + --run '$VG nbdinfo --json "nbds+unix:///?socket=$unixsocket&tls-certificates=$pki" && + $VG nbdinfo --is tls "nbds+unix:///?socket=$unixsocket&tls-certificates=$pki"' > $out cat $out jq . < $out -- 2.37.3 _______________________________________________ Libguestfs mailing list Libguestfs@redhat.com https://listman.redhat.com/mailman/listinfo/libguestfs
