mgr/cephadm: remove keyring during daemon post-remove

Fixes: https://tracker.ceph.com/issues/47298
Signed-off-by: Michael Fritch <mfritch@suse.com>

diff --git a/src/pybind/mgr/cephadm/services/cephadmservice.py b/src/pybind/mgr/cephadm/services/cephadmservice.py
index 0593b39d9693097975313db257eb093d9bfaad05..97cd882775e0a75629887c25c38a31ad76033480 100644 (file)
--- a/src/pybind/mgr/cephadm/services/cephadmservice.py
+++ b/src/pybind/mgr/cephadm/services/cephadmservice.py
@@ -242,6 +242,10 @@ class CephService(CephadmService):
 
         return cephadm_config, []
 
+    def post_remove(self, daemon: DaemonDescription) -> None:
+        super().post_remove(daemon)
+        self.remove_keyring(daemon)
+
     def get_auth_entity(self, daemon_id: str, host: str = "") -> AuthEntity:
         """
         Map the daemon id to a cephx keyring entity name
@@ -286,6 +290,18 @@ class CephService(CephadmService):
             'keyring': keyring,
         }
 
+    def remove_keyring(self, daemon: DaemonDescription):
+        daemon_id: str = daemon.daemon_id
+        host: str = daemon.hostname
+
+        entity = self.get_auth_entity(daemon_id, host=host)
+
+        logger.info(f'Remove keyring: {entity}')
+        ret, out, err = self.mgr.check_mon_command({
+            'prefix': 'auth rm',
+            'entity': entity,
+        })
+
 
 class MonService(CephService):
     TYPE = 'mon'