mgr/cephadm: support bootstrap with non-root ssh-user

Sets tmp_path to /tmp and gives permissions to non-root ssh-user to fix "scp: permission denied"

Fixes: https://tracker.ceph.com/issues/53335
Signed-off-by: Melissa Li <melissali@redhat.com>

diff --git a/src/pybind/mgr/cephadm/ssh.py b/src/pybind/mgr/cephadm/ssh.py
index 4c8574893ffb9714df6ea3fb48aef63c9293fa15..7c438e897ac2335794dd1bc707f8ec8d2f72383d 100644 (file)
--- a/src/pybind/mgr/cephadm/ssh.py
+++ b/src/pybind/mgr/cephadm/ssh.py
@@ -189,12 +189,17 @@ class SSHManager:
         try:
             dirname = os.path.dirname(path)
             await self._check_execute_command(host, ['mkdir', '-p', dirname], addr=addr)
-            tmp_path = path + '.new'
+            await self._check_execute_command(host, ['mkdir', '-p', '/tmp' + dirname], addr=addr)
+            tmp_path = '/tmp' + path + '.new'
             await self._check_execute_command(host, ['touch', tmp_path], addr=addr)
             if uid is not None and gid is not None and mode is not None:
                 # shlex quote takes str or byte object, not int
                 await self._check_execute_command(host, ['chown', '-R', str(uid) + ':' + str(gid), tmp_path], addr=addr)
                 await self._check_execute_command(host, ['chmod', oct(mode)[2:], tmp_path], addr=addr)
+            elif self.mgr.ssh_user != 'root':
+                assert self.mgr.ssh_user
+                await self._check_execute_command(host, ['chown', '-R', self.mgr.ssh_user, tmp_path], addr=addr)
+                await self._check_execute_command(host, ['chmod', str(644), tmp_path], addr=addr)
             with NamedTemporaryFile(prefix='cephadm-write-remote-file-') as f:
                 os.fchmod(f.fileno(), 0o600)
                 f.write(content)