from orchestrator import OrchestratorError, DaemonDescription
from cephadm import utils
-from cephadm.services.cephadmservice import CephadmDaemonSpec, CephService
+from cephadm.services.cephadmservice import AuthEntity, CephadmDaemonSpec, CephService
if TYPE_CHECKING:
from cephadm.module import CephadmOrchestrator
deps: List[str] = []
- # create the keyring
- user = f'{daemon_type}.{daemon_id}'
- keyring = self.create_keyring(daemon_spec)
+ # create the RADOS recovery pool keyring
+ rados_user = f'{daemon_type}.{daemon_id}'
+ rados_keyring = self.create_keyring(daemon_spec)
# create the rados config object
self.create_rados_config_obj(spec)
+ # create the RGW keyring
+ rgw_user = f'{rados_user}-rgw'
+ rgw_keyring = self.create_rgw_keyring(daemon_spec)
+
# generate the ganesha config
def get_ganesha_conf() -> str:
- context = dict(user=user,
+ context = dict(user=rados_user,
nodeid=daemon_spec.name(),
pool=spec.pool,
namespace=spec.namespace if spec.namespace else '',
+ rgw_user=rgw_user,
url=spec.rados_config_location())
return self.mgr.template.render('services/nfs/ganesha.conf.j2', context)
config['pool'] = spec.pool
if spec.namespace:
config['namespace'] = spec.namespace
- config['userid'] = user
+ config['userid'] = rados_user
config['extra_args'] = ['-N', 'NIV_EVENT']
config['files'] = {
'ganesha.conf': get_ganesha_conf(),
config.update(
self.get_config_and_keyring(
daemon_type, daemon_id,
- keyring=keyring,
+ keyring=rados_keyring,
host=host
)
)
+ config['rgw'] = {
+ 'cluster': 'ceph',
+ 'user': rgw_user,
+ 'keyring': rgw_keyring,
+ }
logger.debug('Generated cephadm config-json: %s' % config)
return config
return get_cephadm_config(), deps
- def create_keyring(self, daemon_spec: CephadmDaemonSpec) -> str:
- assert daemon_spec.spec
- daemon_id = daemon_spec.daemon_id
- spec = daemon_spec.spec
-
- entity = self.get_auth_entity(daemon_id)
- logger.info('Create keyring: %s' % entity)
-
- osd_caps = 'allow rw pool=%s' % (spec.pool)
- if spec.namespace:
- osd_caps = '%s namespace=%s' % (osd_caps, spec.namespace)
-
- ret, keyring, err = self.mgr.check_mon_command({
- 'prefix': 'auth get-or-create',
- 'entity': entity,
- 'caps': ['mon', 'allow r',
- 'osd', osd_caps],
- })
-
- return keyring
-
def create_rados_config_obj(self,
spec: NFSServiceSpec,
clobber: bool = False) -> None:
# Create an empty config object
logger.info('Creating rados config object: %s' % obj)
ioctx.write_full(obj, ''.encode('utf-8'))
+
+ def create_keyring(self, daemon_spec: CephadmDaemonSpec[NFSServiceSpec]) -> str:
+ assert daemon_spec.spec
+ daemon_id = daemon_spec.daemon_id
+ spec = daemon_spec.spec
+ entity: AuthEntity = self.get_auth_entity(daemon_id)
+
+ osd_caps = 'allow rw pool=%s' % (spec.pool)
+ if spec.namespace:
+ osd_caps = '%s namespace=%s' % (osd_caps, spec.namespace)
+
+ logger.info('Create keyring: %s' % entity)
+ ret, keyring, err = self.mgr.check_mon_command({
+ 'prefix': 'auth get-or-create',
+ 'entity': entity,
+ 'caps': ['mon', 'allow r',
+ 'osd', osd_caps],
+ })
+
+ return keyring
+
+ def create_rgw_keyring(self, daemon_spec: CephadmDaemonSpec[NFSServiceSpec]) -> str:
+ daemon_id = daemon_spec.daemon_id
+ entity: AuthEntity = self.get_auth_entity(f'{daemon_id}-rgw')
+
+ logger.info('Create keyring: %s' % entity)
+ ret, keyring, err = self.mgr.check_mon_command({
+ 'prefix': 'auth get-or-create',
+ 'entity': entity,
+ 'caps': ['mon', 'allow r',
+ 'osd', 'allow rwx'],
+ })
+
+ return keyring
projects / ceph.git / commitdiff