cephadm: set auth_allow_insecure_global_id_reclaim for mon on bootstrap

If this is a fresh pacific cluster, let's assume that there won't be
legacy clients connecting.  (And if there are, let's put the burden on
the user to enable them to do so insecurely.)

This is in contrast to upgrades, where our focus is on not breaking
anything.

Signed-off-by: Sage Weil <sage@newdream.net>

diff --git a/qa/suites/rados/thrash-old-clients/ceph.yaml b/qa/suites/rados/thrash-old-clients/ceph.yaml
index 468b4af27d0f8cae1d169bd6aea725cc04876fd9..016ce36da7fcf5e82b5bed0e9d5d0cc0dc788bc4 100644 (file)
--- a/qa/suites/rados/thrash-old-clients/ceph.yaml
+++ b/qa/suites/rados/thrash-old-clients/ceph.yaml
@@ -2,3 +2,6 @@
 verify_ceph_hash: false
 tasks:
 - cephadm:
+    conf:
+      mon:
+        auth allow insecure global id reclaim: true

diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm
index c9b7e768044965ffe867bd62aa6e84aa2789201d..042bb8ae1d2ac16dbb9002b08f199afe79718d43 100755 (executable)
--- a/src/cephadm/cephadm
+++ b/src/cephadm/cephadm
@@ -3786,8 +3786,15 @@ def prepare_bootstrap_config(
     if not cp.has_section('global'):
         cp.add_section('global')
     cp.set('global', 'fsid', fsid)
-    cp.set('global', 'mon host', mon_addr)
+    cp.set('global', 'mon_host', mon_addr)
     cp.set('global', 'container_image', image)
+    if not cp.has_section('mon'):
+        cp.add_section('mon')
+    if (
+            not cp.has_option('mon', 'auth_allow_insecure_global_id_reclaim')
+            and not cp.has_option('mon', 'auth allow insecure global id reclaim')
+    ):
+        cp.set('mon', 'auth_allow_insecure_global_id_reclaim', 'false')
     cpf = StringIO()
     cp.write(cpf)
     config = cpf.getvalue()