Enable cephx support by default
This commit is contained in:
parent
f9ac39e6f0
commit
d5e627205b
@ -71,3 +71,51 @@ def is_osd_disk(dev):
|
||||
except subprocess.CalledProcessError:
|
||||
pass
|
||||
return False
|
||||
|
||||
_bootstrap_keyring = "/var/lib/ceph/bootstrap-osd/ceph.keyring"
|
||||
|
||||
|
||||
def import_osd_bootstrap_key(key):
|
||||
if not os.path.exists(_bootstrap_keyring):
|
||||
cmd = [
|
||||
'ceph-authtool',
|
||||
_bootstrap_keyring,
|
||||
'--create-keyring',
|
||||
'--name=client.bootstrap-osd',
|
||||
'--add-key={}'.format(key)
|
||||
]
|
||||
subprocess.check_call(cmd)
|
||||
|
||||
# OSD caps taken from ceph-create-keys
|
||||
_osd_bootstrap_caps = [
|
||||
'allow command osd create ...',
|
||||
'allow command osd crush set ...',
|
||||
r'allow command auth add * osd allow\ * mon allow\ rwx',
|
||||
'allow command mon getmap'
|
||||
]
|
||||
|
||||
|
||||
def get_osd_bootstrap_key():
|
||||
cmd = [
|
||||
'ceph',
|
||||
'--name', 'mon.',
|
||||
'--keyring',
|
||||
'/var/lib/ceph/mon/ceph-{}/keyring'.format(
|
||||
utils.get_unit_hostname()
|
||||
),
|
||||
'auth', 'get-or-create', 'client.bootstrap-osd',
|
||||
'mon', '; '.join(_osd_bootstrap_caps)
|
||||
]
|
||||
output = subprocess.check_output(cmd).strip() # IGNORE:E1103
|
||||
# get-or-create appears to have different output depending
|
||||
# on whether its 'get' or 'create'
|
||||
# 'create' just returns the key, 'get' is more verbose and
|
||||
# needs parsing
|
||||
key = None
|
||||
if len(output.splitlines()) == 1:
|
||||
key = output
|
||||
else:
|
||||
for element in output.splitlines():
|
||||
if 'key' in element:
|
||||
key = element.split(' = ')[1].strip() # IGNORE:E1103
|
||||
return key
|
||||
|
@ -105,6 +105,7 @@ def mon_relation():
|
||||
if get_fsid():
|
||||
utils.juju_log('INFO', 'mon has provided fsid - scanning disks')
|
||||
emit_cephconf()
|
||||
ceph.import_osd_bootstrap_key(utils.relation_get('osd_bootstrap_key'))
|
||||
for dev in utils.config_get('osd-devices').split(' '):
|
||||
osdize(dev)
|
||||
subprocess.call(['udevadm', 'trigger',
|
||||
|
@ -1,5 +1,5 @@
|
||||
[global]
|
||||
auth supported = none
|
||||
auth supported = cephx
|
||||
keyring = /etc/ceph/$cluster.$name.keyring
|
||||
mon host = {{ mon_hosts }}
|
||||
fsid = {{ fsid }}
|
||||
|
Loading…
Reference in New Issue
Block a user