]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ci.git/commitdiff
projects / ceph-ci.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2bdd037)
python-common/deployment: add keybridge feature to smb service spec
authorJohn Mulligan <jmulligan@redhat.com>
Wed, 16 Jul 2025 21:08:49 +0000 (17:08 -0400)
committerJohn Mulligan <jmulligan@redhat.com>
Mon, 22 Sep 2025 13:58:06 +0000 (09:58 -0400)
The keybridge sidecar is enabled by the keybridge feature flag.
This sidecar will be used to help fetch keys over various protocols
for the ceph module to use to set up fs encryption.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 44e9c408340d5af51a305cf58e5e0d186ffcb808)

src/python-common/ceph/deployment/service_spec.py patch | blob | history
src/python-common/ceph/smb/constants.py patch | blob | history

diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
index dddc42c1959c854da26f54441e6211f1a562f717..c5b47a4e2ad255eb19746fb6679f3d45ef786595 100644 (file)
--- a/src/python-common/ceph/deployment/service_spec.py
+++ b/src/python-common/ceph/deployment/service_spec.py
@@ -3794,6 +3794,10 @@ class SMBSpec(ServiceSpec):
         remote_control_ssl_cert: Optional[str] = None,
         remote_control_ssl_key: Optional[str] = None,
         remote_control_ca_cert: Optional[str] = None,
+        # == keybridge ==
+        keybridge_kmip_ssl_cert: Optional[str] = None,
+        keybridge_kmip_ssl_key: Optional[str] = None,
+        keybridge_kmip_ca_cert: Optional[str] = None,
         # --- genearal tweaks ---
         extra_container_args: Optional[GeneralArgList] = None,
         extra_entrypoint_args: Optional[GeneralArgList] = None,
@@ -3831,6 +3835,9 @@ class SMBSpec(ServiceSpec):
         self.remote_control_ssl_cert = remote_control_ssl_cert
         self.remote_control_ssl_key = remote_control_ssl_key
         self.remote_control_ca_cert = remote_control_ca_cert
+        self.keybridge_kmip_ssl_cert = keybridge_kmip_ssl_cert
+        self.keybridge_kmip_ssl_key = keybridge_kmip_ssl_key
+        self.keybridge_kmip_ca_cert = keybridge_kmip_ca_cert
         self.validate()
 
     def validate(self) -> None:
diff --git a/src/python-common/ceph/smb/constants.py b/src/python-common/ceph/smb/constants.py
index bc2961de49a3a523893aaccd8873294e952010be..6d8a143f2de7081111f6490aa624d37903f4bd04 100644 (file)
--- a/src/python-common/ceph/smb/constants.py
+++ b/src/python-common/ceph/smb/constants.py
@@ -8,9 +8,11 @@ CTDB = 'ctdb'
 
 
 # Feature names
+# (please keep sorted)
 CEPHFS_PROXY = 'cephfs-proxy'
 CLUSTERED = 'clustered'
 DOMAIN = 'domain'
+KEYBRIDGE = 'keybridge'
 REMOTE_CONTROL = 'remote-control'
 SMBMETRICS = 'smbmetrics'
 
@@ -22,6 +24,7 @@ FEATURES = {
     CEPHFS_PROXY,
     CLUSTERED,
     DOMAIN,
+    KEYBRIDGE,
     REMOTE_CONTROL,
 }
 
Unnamed repository; edit this file 'description' to name the repository.