cephadm: set auth_allow_insecure_global_id_reclaim for mon on bootstrap

If this is a fresh pacific cluster, let's assume that there won't be
legacy clients connecting.  (And if there are, let's put the burden on
the user to enable them to do so insecurely.)

This is in contrast to upgrades, where our focus is on not breaking
anything.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 7ca74183226b1125b29f4ea8f324ae9e38b46795)

Conflicts:
	src/cephadm/cephadm [ commit 369989ebf90c ("cephadm: split-off
	  config work on bootstrap") not in octopus ]

diff --git a/qa/suites/rados/thrash-old-clients/ceph.yaml b/qa/suites/rados/thrash-old-clients/ceph.yaml
index 42f9495a851667af64c11da289253bb70bac7e12..ebcd7c14250642248ca536be5d51efbf8a156cae 100644 (file)
--- a/qa/suites/rados/thrash-old-clients/ceph.yaml
+++ b/qa/suites/rados/thrash-old-clients/ceph.yaml
@@ -1,2 +1,5 @@
 tasks:
 - cephadm:
+    conf:
+      mon:
+        auth allow insecure global id reclaim: true

diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm
index 1b4163b82e2a16df23a2cdabd658e918c6d77c97..638cd1fd862e633196a21a8c8bf3323b9b6e7e84 100755 (executable)
--- a/src/cephadm/cephadm
+++ b/src/cephadm/cephadm
@@ -2897,8 +2897,15 @@ def command_bootstrap():
     if not cp.has_section('global'):
         cp.add_section('global')
     cp.set('global', 'fsid', fsid);
-    cp.set('global', 'mon host', addr_arg)
+    cp.set('global', 'mon_host', addr_arg)
     cp.set('global', 'container_image', args.image)
+    if not cp.has_section('mon'):
+        cp.add_section('mon')
+    if (
+            not cp.has_option('mon', 'auth_allow_insecure_global_id_reclaim')
+            and not cp.has_option('mon', 'auth allow insecure global id reclaim')
+    ):
+        cp.set('mon', 'auth_allow_insecure_global_id_reclaim', 'false')
     cpf = StringIO()
     cp.write(cpf)
     config = cpf.getvalue()