mon: implement --key for --mkfs

Allow --key to be used as an alternative to --keyring when ceph-mon
--mkfs runs. The key is wrapped inline into

     [mon.]
	key = AQDUS79S0AF9FRAA2cgRLFscVce0gROn/s9WMg==
	caps mon = "allow *"

and parsed with KeyRing::decode_plaintext which is made public.

Signed-off-by: Loic Dachary <loic@dachary.org>

diff --git a/src/auth/KeyRing.h b/src/auth/KeyRing.h
index 6b041ab37ce3229b72c84ef6f0287fdaf653479d..b69921c6500203947d1d697d2833ecfe265925f9 100644 (file)
--- a/src/auth/KeyRing.h
+++ b/src/auth/KeyRing.h
@@ -25,8 +25,8 @@ class KeyRing : public KeyStore {
   map<EntityName, EntityAuth> keys;
 
   int set_modifier(const char *type, const char *val, EntityName& name, map<string, bufferlist>& caps);
-  void decode_plaintext(bufferlist::iterator& bl);
 public:
+  void decode_plaintext(bufferlist::iterator& bl);
   /* Create a KeyRing from a Ceph context.
    * We will use the configuration stored inside the context. */
   int from_ceph_context(CephContext *cct);

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 470df593e79bbc8f39b4ca80861c9b9067c5b163..4d583a0b8a37733475ebc215c19d132f9f75e160 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3791,13 +3791,29 @@ int Monitor::mkfs(bufferlist& osdmapbl)
     string keyring_filename;
     if (!ceph_resolve_file_search(g_conf->keyring, keyring_filename)) {
       derr << "unable to find a keyring file on " << g_conf->keyring << dendl;
-      return -ENOENT;
-    }
-
-    r = keyring.load(g_ceph_context, keyring_filename);
-    if (r < 0) {
-      derr << "unable to load initial keyring " << g_conf->keyring << dendl;
-      return r;
+      if (g_conf->key != "") {
+       string keyring_plaintext = "[mon.]\n\tkey = " + g_conf->key +
+         "\n\tcaps mon = \"allow *\"\n";
+       bufferlist bl;
+       bl.append(keyring_plaintext);
+       try {
+         bufferlist::iterator i = bl.begin();
+         keyring.decode_plaintext(i);
+       }
+       catch (const buffer::error& e) {
+         derr << "error decoding keyring " << keyring_plaintext
+              << ": " << e.what() << dendl;
+         return -EINVAL;
+       }
+      } else {
+       return -ENOENT;
+      }
+    } else {
+      r = keyring.load(g_ceph_context, keyring_filename);
+      if (r < 0) {
+       derr << "unable to load initial keyring " << g_conf->keyring << dendl;
+       return r;
+      }
     }
 
     // put mon. key in external keyring; seed with everything else.