From d5e627205b3dad3f07075f6ef78927d4ea6d33c5 Mon Sep 17 00:00:00 2001
From: James Page <james.page@canonical.com>
Date: Tue, 9 Oct 2012 12:19:16 +0100
Subject: [PATCH] Enable cephx support by default

---
 TODO                |  4 ++--
 hooks/ceph.py       | 48 +++++++++++++++++++++++++++++++++++++++++++++
 hooks/hooks.py      |  1 +
 revision            |  2 +-
 templates/ceph.conf |  2 +-
 5 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/TODO b/TODO
index e06e95c3..782a7a43 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,4 @@
 Ceph OSD Charm
 ==============
-
- * cephx support
+ 
+ * Nothing TODO!
diff --git a/hooks/ceph.py b/hooks/ceph.py
index 2a193d58..567ec3fa 100644
--- a/hooks/ceph.py
+++ b/hooks/ceph.py
@@ -71,3 +71,51 @@ def is_osd_disk(dev):
     except subprocess.CalledProcessError:
         pass
     return False
+
+_bootstrap_keyring = "/var/lib/ceph/bootstrap-osd/ceph.keyring"
+
+
+def import_osd_bootstrap_key(key):
+    if not os.path.exists(_bootstrap_keyring):
+        cmd = [
+            'ceph-authtool',
+            _bootstrap_keyring,
+            '--create-keyring',
+            '--name=client.bootstrap-osd',
+            '--add-key={}'.format(key)
+            ]
+        subprocess.check_call(cmd)
+
+# OSD caps taken from ceph-create-keys
+_osd_bootstrap_caps = [
+    'allow command osd create ...',
+    'allow command osd crush set ...',
+   r'allow command auth add * osd allow\ * mon allow\ rwx',
+    'allow command mon getmap'
+    ]
+
+
+def get_osd_bootstrap_key():
+    cmd = [
+        'ceph',
+        '--name', 'mon.',
+        '--keyring',
+        '/var/lib/ceph/mon/ceph-{}/keyring'.format(
+                                        utils.get_unit_hostname()
+                                        ),
+        'auth', 'get-or-create', 'client.bootstrap-osd',
+        'mon', '; '.join(_osd_bootstrap_caps)
+        ]
+    output = subprocess.check_output(cmd).strip()  # IGNORE:E1103
+    # get-or-create appears to have different output depending
+    # on whether its 'get' or 'create'
+    # 'create' just returns the key, 'get' is more verbose and
+    # needs parsing
+    key = None
+    if len(output.splitlines()) == 1:
+        key = output
+    else:
+        for element in output.splitlines():
+            if 'key' in element:
+                key = element.split(' = ')[1].strip()  # IGNORE:E1103
+    return key
diff --git a/hooks/hooks.py b/hooks/hooks.py
index 20b5144f..96a15b3c 100755
--- a/hooks/hooks.py
+++ b/hooks/hooks.py
@@ -105,6 +105,7 @@ def mon_relation():
     if get_fsid():
         utils.juju_log('INFO', 'mon has provided fsid - scanning disks')
         emit_cephconf()
+        ceph.import_osd_bootstrap_key(utils.relation_get('osd_bootstrap_key'))
         for dev in utils.config_get('osd-devices').split(' '):
             osdize(dev)
         subprocess.call(['udevadm', 'trigger',
diff --git a/revision b/revision
index 00750edc..b8626c4c 100644
--- a/revision
+++ b/revision
@@ -1 +1 @@
-3
+4
diff --git a/templates/ceph.conf b/templates/ceph.conf
index 32103fb5..072535f5 100644
--- a/templates/ceph.conf
+++ b/templates/ceph.conf
@@ -1,5 +1,5 @@
 [global]
- auth supported = none
+ auth supported = cephx
  keyring = /etc/ceph/$cluster.$name.keyring
  mon host = {{ mon_hosts }}
  fsid = {{ fsid }}