Enable cephx support by default
This commit is contained in:
parent
f9ac39e6f0
commit
d5e627205b
4
TODO
4
TODO
@ -1,4 +1,4 @@
|
|||||||
Ceph OSD Charm
|
Ceph OSD Charm
|
||||||
==============
|
==============
|
||||||
|
|
||||||
* cephx support
|
* Nothing TODO!
|
||||||
|
@ -71,3 +71,51 @@ def is_osd_disk(dev):
|
|||||||
except subprocess.CalledProcessError:
|
except subprocess.CalledProcessError:
|
||||||
pass
|
pass
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
_bootstrap_keyring = "/var/lib/ceph/bootstrap-osd/ceph.keyring"
|
||||||
|
|
||||||
|
|
||||||
|
def import_osd_bootstrap_key(key):
|
||||||
|
if not os.path.exists(_bootstrap_keyring):
|
||||||
|
cmd = [
|
||||||
|
'ceph-authtool',
|
||||||
|
_bootstrap_keyring,
|
||||||
|
'--create-keyring',
|
||||||
|
'--name=client.bootstrap-osd',
|
||||||
|
'--add-key={}'.format(key)
|
||||||
|
]
|
||||||
|
subprocess.check_call(cmd)
|
||||||
|
|
||||||
|
# OSD caps taken from ceph-create-keys
|
||||||
|
_osd_bootstrap_caps = [
|
||||||
|
'allow command osd create ...',
|
||||||
|
'allow command osd crush set ...',
|
||||||
|
r'allow command auth add * osd allow\ * mon allow\ rwx',
|
||||||
|
'allow command mon getmap'
|
||||||
|
]
|
||||||
|
|
||||||
|
|
||||||
|
def get_osd_bootstrap_key():
|
||||||
|
cmd = [
|
||||||
|
'ceph',
|
||||||
|
'--name', 'mon.',
|
||||||
|
'--keyring',
|
||||||
|
'/var/lib/ceph/mon/ceph-{}/keyring'.format(
|
||||||
|
utils.get_unit_hostname()
|
||||||
|
),
|
||||||
|
'auth', 'get-or-create', 'client.bootstrap-osd',
|
||||||
|
'mon', '; '.join(_osd_bootstrap_caps)
|
||||||
|
]
|
||||||
|
output = subprocess.check_output(cmd).strip() # IGNORE:E1103
|
||||||
|
# get-or-create appears to have different output depending
|
||||||
|
# on whether its 'get' or 'create'
|
||||||
|
# 'create' just returns the key, 'get' is more verbose and
|
||||||
|
# needs parsing
|
||||||
|
key = None
|
||||||
|
if len(output.splitlines()) == 1:
|
||||||
|
key = output
|
||||||
|
else:
|
||||||
|
for element in output.splitlines():
|
||||||
|
if 'key' in element:
|
||||||
|
key = element.split(' = ')[1].strip() # IGNORE:E1103
|
||||||
|
return key
|
||||||
|
@ -105,6 +105,7 @@ def mon_relation():
|
|||||||
if get_fsid():
|
if get_fsid():
|
||||||
utils.juju_log('INFO', 'mon has provided fsid - scanning disks')
|
utils.juju_log('INFO', 'mon has provided fsid - scanning disks')
|
||||||
emit_cephconf()
|
emit_cephconf()
|
||||||
|
ceph.import_osd_bootstrap_key(utils.relation_get('osd_bootstrap_key'))
|
||||||
for dev in utils.config_get('osd-devices').split(' '):
|
for dev in utils.config_get('osd-devices').split(' '):
|
||||||
osdize(dev)
|
osdize(dev)
|
||||||
subprocess.call(['udevadm', 'trigger',
|
subprocess.call(['udevadm', 'trigger',
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
[global]
|
[global]
|
||||||
auth supported = none
|
auth supported = cephx
|
||||||
keyring = /etc/ceph/$cluster.$name.keyring
|
keyring = /etc/ceph/$cluster.$name.keyring
|
||||||
mon host = {{ mon_hosts }}
|
mon host = {{ mon_hosts }}
|
||||||
fsid = {{ fsid }}
|
fsid = {{ fsid }}
|
||||||
|
Loading…
Reference in New Issue
Block a user