# defined, return empty Daemon Desc
return DaemonDescription()
+ def get_keyring_with_caps(self, entity: AuthEntity, caps: List[str]) -> str:
+ ret, keyring, err = self.mgr.check_mon_command({
+ 'prefix': 'auth get-or-create',
+ 'entity': entity,
+ })
+ ret, out, err = self.mgr.check_mon_command({
+ 'prefix': 'auth caps',
+ 'entity': entity,
+ 'caps': caps,
+ })
+ return keyring
+
def _inventory_get_addr(self, hostname: str) -> str:
"""Get a host's address with its hostname."""
return self.mgr.inventory.get_addr(hostname)
mgr_id, _ = daemon_spec.daemon_id, daemon_spec.host
# get mgr. key
- ret, keyring, err = self.mgr.check_mon_command({
- 'prefix': 'auth get-or-create',
- 'entity': self.get_auth_entity(mgr_id),
- 'caps': ['mon', 'profile mgr',
- 'osd', 'allow *',
- 'mds', 'allow *'],
- })
+ keyring = self.get_keyring_with_caps(self.get_auth_entity(mgr_id),
+ ['mon', 'profile mgr',
+ 'osd', 'allow *',
+ 'mds', 'allow *'])
# Retrieve ports used by manager modules
# In the case of the dashboard port and with several manager daemons
assert self.TYPE == daemon_spec.daemon_type
mds_id, _ = daemon_spec.daemon_id, daemon_spec.host
- # get mgr. key
- ret, keyring, err = self.mgr.check_mon_command({
- 'prefix': 'auth get-or-create',
- 'entity': self.get_auth_entity(mds_id),
- 'caps': ['mon', 'profile mds',
- 'osd', 'allow rw tag cephfs *=*',
- 'mds', 'allow'],
- })
+ # get mds. key
+ keyring = self.get_keyring_with_caps(self.get_auth_entity(mds_id),
+ ['mon', 'profile mds',
+ 'osd', 'allow rw tag cephfs *=*',
+ 'mds', 'allow'])
daemon_spec.keyring = keyring
daemon_spec.final_config, daemon_spec.deps = self.generate_config(daemon_spec)
return daemon_spec
def get_keyring(self, rgw_id: str) -> str:
- ret, keyring, err = self.mgr.check_mon_command({
- 'prefix': 'auth get-or-create',
- 'entity': self.get_auth_entity(rgw_id),
- 'caps': ['mon', 'allow *',
- 'mgr', 'allow rw',
- 'osd', 'allow rwx tag rgw *=*'],
- })
+ keyring = self.get_keyring_with_caps(self.get_auth_entity(rgw_id),
+ ['mon', 'allow *',
+ 'mgr', 'allow rw',
+ 'osd', 'allow rwx tag rgw *=*'])
return keyring
def ok_to_stop(
assert self.TYPE == daemon_spec.daemon_type
daemon_id, _ = daemon_spec.daemon_id, daemon_spec.host
- ret, keyring, err = self.mgr.check_mon_command({
- 'prefix': 'auth get-or-create',
- 'entity': self.get_auth_entity(daemon_id),
- 'caps': ['mon', 'profile rbd-mirror',
- 'osd', 'profile rbd'],
- })
+ keyring = self.get_keyring_with_caps(self.get_auth_entity(daemon_id),
+ ['mon', 'profile rbd-mirror',
+ 'osd', 'profile rbd'])
daemon_spec.keyring = keyring
assert self.TYPE == daemon_spec.daemon_type
daemon_id, host = daemon_spec.daemon_id, daemon_spec.host
- ret, keyring, err = self.mgr.check_mon_command({
- 'prefix': 'auth get-or-create',
- 'entity': self.get_auth_entity(daemon_id, host=host),
- 'caps': ['mon', 'profile crash',
- 'mgr', 'profile crash'],
- })
+ keyring = self.get_keyring_with_caps(self.get_auth_entity(daemon_id, host=host),
+ ['mon', 'profile crash',
+ 'mgr', 'profile crash'])
daemon_spec.keyring = keyring
spec = cast(IscsiServiceSpec, self.mgr.spec_store[daemon_spec.service_name].spec)
igw_id = daemon_spec.daemon_id
- ret, keyring, err = self.mgr.check_mon_command({
- 'prefix': 'auth get-or-create',
- 'entity': self.get_auth_entity(igw_id),
- 'caps': ['mon', 'profile rbd, '
- 'allow command "osd blocklist", '
- 'allow command "config-key get" with "key" prefix "iscsi/"',
- 'mgr', 'allow command "service status"',
- 'osd', 'allow rwx'],
- })
+ keyring = self.get_keyring_with_caps(self.get_auth_entity(igw_id),
+ ['mon', 'profile rbd, '
+ 'allow command "osd blocklist", '
+ 'allow command "config-key get" with "key" prefix "iscsi/"',
+ 'mgr', 'allow command "service status"',
+ 'osd', 'allow rwx'])
if spec.ssl_cert:
if isinstance(spec.ssl_cert, list):
osd_caps = '%s namespace=%s' % (osd_caps, spec.namespace)
logger.info('Create keyring: %s' % entity)
- ret, keyring, err = self.mgr.check_mon_command({
- 'prefix': 'auth get-or-create',
- 'entity': entity,
- 'caps': ['mon', 'allow r',
- 'osd', osd_caps],
- })
+ keyring = self.get_keyring_with_caps(entity,
+ ['mon', 'allow r',
+ 'osd', osd_caps])
return keyring
entity: AuthEntity = self.get_auth_entity(f'{daemon_id}-rgw')
logger.info('Create keyring: %s' % entity)
- ret, keyring, err = self.mgr.check_mon_command({
- 'prefix': 'auth get-or-create',
- 'entity': entity,
- 'caps': ['mon', 'allow r',
- 'osd', 'allow rwx tag rgw *=*'],
- })
+ keyring = self.get_keyring_with_caps(entity,
+ ['mon', 'allow r',
+ 'osd', 'allow rwx tag rgw *=*'])
return keyring
projects / ceph.git / commitdiff