To create a user with the administrator role you can use the following
commands::
- $ ceph dashboard ac-user-create <username> <password> administrator
+ $ ceph dashboard ac-user-create <username> -i <file-containing-password> administrator
.. _dashboard-enabling-object-gateway:
Finally, provide the credentials to the dashboard::
- $ ceph dashboard set-rgw-api-access-key <access_key>
- $ ceph dashboard set-rgw-api-secret-key <secret_key>
+ $ ceph dashboard set-rgw-api-access-key -i <file-containing-access-key>
+ $ ceph dashboard set-rgw-api-secret-key -i <file-containing-secret-key>
In a typical default configuration with a single RGW endpoint, this is all you
have to do to get the Object Gateway management functionality working. The
The available iSCSI gateways must be defined using the following commands::
- $ ceph dashboard iscsi-gateway-list
- $ ceph dashboard iscsi-gateway-add <scheme>://<username>:<password>@<host>[:port]
- $ ceph dashboard iscsi-gateway-rm <gateway_name>
+ $ ceph dashboard iscsi-gateway-list
+ $ # Gateway URL format for a new gateway: <scheme>://<username>:<password>@<host>[:port]
+ $ ceph dashboard iscsi-gateway-add -i <file-containing-gateway-url> [<gateway_name>]
+ $ ceph dashboard iscsi-gateway-rm <gateway_name>
.. _dashboard-grafana:
- *Create User*::
- $ ceph dashboard ac-user-create <username> [<password>] [<rolename>] [<name>] [<email>]
+ $ ceph dashboard ac-user-create <username> -i <file-containing-password> [<rolename>] [<name>] [<email>]
- *Delete User*::
- *Change Password*::
- $ ceph dashboard ac-user-set-password <username> <password>
+ $ ceph dashboard ac-user-set-password <username> -i <file-containing-password>
- *Modify User (name, and email)*::
1. *Create the user*::
- $ ceph dashboard ac-user-create bob mypassword
+ $ ceph dashboard ac-user-create bob -i <file-containing-password>
2. *Create role and specify scope permissions*::
import json
import logging
+import random
+import string
from collections import namedtuple
import time
if ex.exitstatus != 2:
raise ex
- cls._ceph_cmd(['dashboard', 'ac-user-create', username, password])
+ user_create_args = [
+ 'dashboard', 'ac-user-create', username
+ ]
+ cls._ceph_cmd_with_secret(user_create_args, password)
set_roles_args = ['dashboard', 'ac-user-set-roles', username]
for idx, role in enumerate(roles):
log.info("command result: %s", res)
return res
+ @classmethod
+ def _ceph_cmd_result(cls, cmd):
+ exitstatus = cls.mgr_cluster.mon_manager.raw_cluster_cmd_result(*cmd)
+ log.info("command exit status: %d", exitstatus)
+ return exitstatus
+
+ @classmethod
+ def _ceph_cmd_with_secret(cls, cmd, secret, return_exit_code=False):
+ cmd.append('-i')
+ cmd.append('{}'.format(cls._ceph_create_tmp_file(secret)))
+ if return_exit_code:
+ return cls._ceph_cmd_result(cmd)
+ return cls._ceph_cmd(cmd)
+
+ @classmethod
+ def _ceph_create_tmp_file(cls, content):
+ """Create a temporary file in the remote cluster"""
+ file_name = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(20))
+ file_path = '/tmp/{}'.format(file_name)
+ cls._cmd(['sh', '-c', 'echo -n {} > {}'.format(content, file_path)])
+ return file_path
+
def set_config_key(self, key, value):
self._ceph_cmd(['config-key', 'set', key, value])
def get_config_key(self, key):
return self._ceph_cmd(['config-key', 'get', key])
+ @classmethod
+ def _cmd(cls, args):
+ return cls.mgr_cluster.admin_remote.run(args=args)
+
@classmethod
def _rbd_cmd(cls, cmd):
- args = [
- 'rbd'
- ]
+ args = ['rbd']
args.extend(cmd)
- cls.mgr_cluster.admin_remote.run(args=args)
+ cls._cmd(args)
@classmethod
def _radosgw_admin_cmd(cls, cmd):
- args = [
- 'radosgw-admin'
- ]
+ args = ['radosgw-admin']
args.extend(cmd)
- cls.mgr_cluster.admin_remote.run(args=args)
+ cls._cmd(args)
@classmethod
def _rados_cmd(cls, cmd):
args = ['rados']
args.extend(cmd)
- cls.mgr_cluster.admin_remote.run(args=args)
+ cls._cmd(args)
@classmethod
def mons(cls):
import time
import jwt
+from teuthology.orchestra.run import \
+ CommandFailedError # pylint: disable=import-error
from .helper import DashboardTestCase
self.assertIn('create', perms)
self.assertIn('delete', perms)
+ def test_login_without_password(self):
+ with self.assertRaises(CommandFailedError):
+ self.create_user('admin2', '', ['administrator'], force_password=True)
+
def test_a_set_login_credentials(self):
self.create_user('admin2', 'admin2', ['administrator'])
self._post("/api/auth", {'username': 'admin2', 'password': 'admin2'})
"detail": "Invalid credentials"
})
- def test_login_without_password(self):
- self.create_user('admin2', '', ['administrator'])
- self._post("/api/auth", {'username': 'admin2', 'password': ''})
- self.assertStatus(400)
- self.assertJsonBody({
- "component": "auth",
- "code": "invalid_credentials",
- "detail": "Invalid credentials"
- })
- self.delete_user('admin2')
-
def test_logout(self):
self._post("/api/auth", {'username': 'admin', 'password': 'admin'})
self.assertStatus(201)
self._get("/api/host")
self.assertStatus(200)
time.sleep(1)
- self._ceph_cmd(['dashboard', 'ac-user-set-password', 'user', 'user2'])
+ self._ceph_cmd_with_secret(['dashboard', 'ac-user-set-password', 'user'], 'user2')
time.sleep(1)
self._get("/api/host")
self.assertStatus(401)
'user', 'create', '--uid', 'admin', '--display-name', 'admin',
'--system', '--access-key', 'admin', '--secret', 'admin'
])
- cls._ceph_cmd(['dashboard', 'set-rgw-api-secret-key', 'admin'])
- cls._ceph_cmd(['dashboard', 'set-rgw-api-access-key', 'admin'])
+ cls._ceph_cmd_with_secret(['dashboard', 'set-rgw-api-secret-key'], 'admin')
+ cls._ceph_cmd_with_secret(['dashboard', 'set-rgw-api-access-key'], 'admin')
@classmethod
def tearDownClass(cls):
'--system', '--access-key', 'admin', '--secret', 'admin'
])
# Update the dashboard configuration.
- cls._ceph_cmd(['dashboard', 'set-rgw-api-secret-key', 'admin'])
- cls._ceph_cmd(['dashboard', 'set-rgw-api-access-key', 'admin'])
+ cls._ceph_cmd_with_secret(['dashboard', 'set-rgw-api-secret-key'], 'admin')
+ cls._ceph_cmd_with_secret(['dashboard', 'set-rgw-api-access-key'], 'admin')
# Create a test user?
if cls.create_test_user:
cls._radosgw_admin_cmd([
self._ceph_cmd(['mgr', 'module', 'enable', 'dashboard', '--force'])
# Set the default credentials.
self._ceph_cmd(['dashboard', 'set-rgw-api-user-id', ''])
- self._ceph_cmd(['dashboard', 'set-rgw-api-secret-key', 'admin'])
- self._ceph_cmd(['dashboard', 'set-rgw-api-access-key', 'admin'])
+ self._ceph_cmd_with_secret(['dashboard', 'set-rgw-api-secret-key'], 'admin')
+ self._ceph_cmd_with_secret(['dashboard', 'set-rgw-api-access-key'], 'admin')
super(RgwApiCredentialsTest, self).setUp()
def test_no_access_secret_key(self):
- self._ceph_cmd(['dashboard', 'set-rgw-api-secret-key', ''])
- self._ceph_cmd(['dashboard', 'set-rgw-api-access-key', ''])
+ self._ceph_cmd(['dashboard', 'reset-rgw-api-secret-key'])
+ self._ceph_cmd(['dashboard', 'reset-rgw-api-access-key'])
resp = self._get('/api/rgw/user')
self.assertStatus(500)
self.assertIn('detail', resp)
def handle_command(self, inbuf, cmd):
# pylint: disable=too-many-return-statements
- res = handle_option_command(cmd)
+ res = handle_option_command(cmd, inbuf)
if res[0] != -errno.ENOSYS:
return res
res = handle_sso_command(cmd)
# Set the user-id
./bin/ceph dashboard set-rgw-api-user-id dev
# Obtain and set access and secret key for the previously created user
- ./bin/ceph dashboard set-rgw-api-access-key `./bin/radosgw-admin user info --uid=dev | jq .keys[0].access_key | sed -e 's/^"//' -e 's/"$//'`
- ./bin/ceph dashboard set-rgw-api-secret-key `./bin/radosgw-admin user info --uid=dev | jq .keys[0].secret_key | sed -e 's/^"//' -e 's/"$//'`
+ RGW_ACCESS_KEY_FILE="/tmp/rgw-user-access-key.txt"
+ printf "$(./bin/radosgw-admin user info --uid=dev | jq -r .keys[0].access_key)" > "${RGW_ACCESS_KEY_FILE}"
+ ./bin/ceph dashboard set-rgw-api-access-key -i "${RGW_ACCESS_KEY_FILE}"
+ RGW_SECRET_KEY_FILE="/tmp/rgw-user-secret-key.txt"
+ printf "$(./bin/radosgw-admin user info --uid=dev | jq -r .keys[0].secret_key)" > "${RGW_SECRET_KEY_FILE}"
+ ./bin/ceph dashboard set-rgw-api-secret-key -i "${RGW_SECRET_KEY_FILE}"
# Set SSL verify to False
./bin/ceph dashboard set-rgw-api-ssl-verify False
import bcrypt
-from mgr_module import CLIReadCommand, CLIWriteCommand
+from mgr_module import CLICheckNonemptyFileInput, CLIReadCommand, CLIWriteCommand
from .. import mgr, logger
from ..security import Scope, Permission
# CLI dashboard access control scope commands
@CLIWriteCommand('dashboard set-login-credentials',
- 'name=username,type=CephString '
- 'name=password,type=CephString',
- 'Set the login credentials')
-def set_login_credentials_cmd(_, username, password):
+ 'name=username,type=CephString',
+ 'Set the login credentials. Password read from -i <file>')
+@CLICheckNonemptyFileInput
+def set_login_credentials_cmd(_, username, inbuf):
+ password = inbuf
try:
user = mgr.ACCESS_CTRL_DB.get_user(username)
user.set_password(password)
@CLIWriteCommand('dashboard ac-user-create',
'name=username,type=CephString '
- 'name=password,type=CephString,req=false '
'name=rolename,type=CephString,req=false '
'name=name,type=CephString,req=false '
'name=email,type=CephString,req=false',
- 'Create a user')
-def ac_user_create_cmd(_, username, password=None, rolename=None, name=None,
+ 'Create a user. Password read from -i <file>')
+@CLICheckNonemptyFileInput
+def ac_user_create_cmd(_, username, inbuf, rolename=None, name=None,
email=None):
+ password = inbuf
try:
role = mgr.ACCESS_CTRL_DB.get_role(rolename) if rolename else None
except RoleDoesNotExist as ex:
@CLIWriteCommand('dashboard ac-user-set-password',
- 'name=username,type=CephString '
- 'name=password,type=CephString',
- 'Set user password')
-def ac_user_set_password(_, username, password):
+ 'name=username,type=CephString',
+ 'Set user password from -i <file>')
+@CLICheckNonemptyFileInput
+def ac_user_set_password(_, username, inbuf):
+ password = inbuf
try:
user = mgr.ACCESS_CTRL_DB.get_user(username)
user.set_password(password)
import errno
import json
-from mgr_module import CLIReadCommand, CLIWriteCommand
+from mgr_module import CLICheckNonemptyFileInput, CLIReadCommand, CLIWriteCommand
from .iscsi_client import IscsiClient
from .iscsi_config import IscsiGatewaysConfig, IscsiGatewayAlreadyExists, InvalidServiceUrl, \
@CLIWriteCommand('dashboard iscsi-gateway-add',
- 'name=service_url,type=CephString',
- 'Add iSCSI gateway configuration')
-def add_iscsi_gateway(_, service_url):
+ None,
+ 'Add iSCSI gateway configuration. Gateway URL read from -i <file>')
+@CLICheckNonemptyFileInput
+def add_iscsi_gateway(_, inbuf):
+ service_url = inbuf
try:
IscsiGatewaysConfig.validate_service_url(service_url)
name = IscsiClient.instance(service_url=service_url).get_hostname()['data']
import inspect
from six import add_metaclass
+from mgr_module import CLICheckNonemptyFileInput
+
from . import mgr
'perm': 'r'
})
elif cmd.startswith('dashboard set'):
- cmd_list.append({
+ cmd_entry = {
'cmd': '{} name=value,type={}'
.format(cmd, py2ceph(opt['type'])),
'desc': 'Set the {} option value'.format(opt['name']),
'perm': 'w'
- })
+ }
+ if handles_secret(cmd):
+ cmd_entry['cmd'] = cmd
+ cmd_entry['desc'] = '{} read from -i <file>'.format(cmd_entry['desc'])
+ cmd_list.append(cmd_entry)
elif cmd.startswith('dashboard reset'):
desc = 'Reset the {} option to its default value'.format(
opt['name'])
return result
-def handle_option_command(cmd):
+def handle_option_command(cmd, inbuf):
if cmd['prefix'] not in _OPTIONS_COMMAND_MAP:
return -errno.ENOSYS, '', "Command not found '{}'".format(cmd['prefix'])
elif cmd['prefix'].startswith('dashboard get'):
return 0, str(getattr(Settings, opt['name'])), ''
elif cmd['prefix'].startswith('dashboard set'):
- value = opt['type'](cmd['value'])
+ if handles_secret(cmd['prefix']):
+ value, stdout, stderr = get_secret(inbuf=inbuf)
+ if stderr:
+ return value, stdout, stderr
+ else:
+ value = cmd['value']
+ value = opt['type'](value)
if opt['type'] == bool and cmd['value'].lower() == 'false':
value = False
setattr(Settings, opt['name'], value)
return 0, 'Option {} updated'.format(opt['name']), ''
+
+
+def handles_secret(cmd):
+ return bool([cmd for secret_word in ['password', 'key'] if (secret_word in cmd)])
+
+
+@CLICheckNonemptyFileInput
+def get_secret(inbuf=None):
+ return inbuf, None, None
def exec_dashboard_cmd(command_handler, cmd, **kwargs):
+ inbuf = kwargs['inbuf'] if 'inbuf' in kwargs else None
cmd_dict = {'prefix': 'dashboard {}'.format(cmd)}
cmd_dict.update(kwargs)
if cmd_dict['prefix'] not in CLICommand.COMMANDS:
except ValueError:
return out
- ret, out, err = CLICommand.COMMANDS[cmd_dict['prefix']].call(mgr, cmd_dict,
- None)
+ ret, out, err = CLICommand.COMMANDS[cmd_dict['prefix']].call(mgr, cmd_dict, inbuf)
if ret < 0:
raise CmdException(ret, err)
try:
import time
import unittest
+from mgr_module import ERROR_MSG_EMPTY_INPUT_FILE
+
from . import CmdException, CLICommandTestMixin
from .. import mgr
from ..security import Scope, Permission
def test_create_user(self, username='admin', rolename=None):
user = self.exec_cmd('ac-user-create', username=username,
- rolename=rolename, password='admin',
+ rolename=rolename, inbuf='admin',
name='{} User'.format(username),
email='{}@user.com'.format(username))
self.test_create_user()
with self.assertRaises(CmdException) as ctx:
- self.exec_cmd('ac-user-create', username='admin', password='admin')
+ self.exec_cmd('ac-user-create', username='admin', inbuf='admin')
self.assertEqual(ctx.exception.retcode, -errno.EEXIST)
self.assertEqual(str(ctx.exception), "User 'admin' already exists")
# create a user with a role that does not exist; expect a failure
try:
self.exec_cmd('ac-user-create', username='foo',
- rolename='dne_role', password='foopass',
+ rolename='dne_role', inbuf='foopass',
name='foo User', email='foo@user.com')
except CmdException as e:
self.assertEqual(e.retcode, -errno.ENOENT)
# create a role (this will be 'test_role')
self.test_create_role()
self.exec_cmd('ac-user-create', username='bar',
- rolename='test_role', password='barpass',
+ rolename='test_role', inbuf='barpass',
name='bar User', email='bar@user.com')
# validate db:
def test_set_user_password(self):
user_orig = self.test_create_user()
user = self.exec_cmd('ac-user-set-password', username='admin',
- password='newpass')
+ inbuf='newpass')
pass_hash = password_hash('newpass', user['password'])
self.assertDictEqual(user, {
'username': 'admin',
def test_set_user_password_nonexistent_user(self):
with self.assertRaises(CmdException) as ctx:
self.exec_cmd('ac-user-set-password', username='admin',
- password='newpass')
+ inbuf='newpass')
self.assertEqual(ctx.exception.retcode, -errno.ENOENT)
self.assertEqual(str(ctx.exception), "User 'admin' does not exist")
+ def test_set_user_password_empty(self):
+ with self.assertRaises(CmdException) as ctx:
+ self.exec_cmd('ac-user-set-password', username='admin', inbuf='\n',
+ force_password=True)
+
+ self.assertEqual(ctx.exception.retcode, -errno.EINVAL)
+ self.assertEqual(str(ctx.exception), ERROR_MSG_EMPTY_INPUT_FILE)
+
def test_set_login_credentials(self):
self.exec_cmd('set-login-credentials', username='admin',
- password='admin')
+ inbuf='admin')
user = self.exec_cmd('ac-user-show', username='admin')
pass_hash = password_hash('admin', user['password'])
self.assertDictEqual(user, {
def test_set_login_credentials_for_existing_user(self):
self.test_add_user_roles('admin', ['read-only'])
self.exec_cmd('set-login-credentials', username='admin',
- password='admin2')
+ inbuf='admin2')
user = self.exec_cmd('ac-user-show', username='admin')
pass_hash = password_hash('admin2', user['password'])
self.assertDictEqual(user, {
-# pylint: disable=too-many-public-methods
+# pylint: disable=too-many-public-methods, too-many-lines
import copy
import errno
except ImportError:
import unittest.mock as mock
+from mgr_module import ERROR_MSG_NO_INPUT_FILE
+
from . import CmdException, ControllerTestCase, CLICommandTestMixin, KVStoreMockMixin
from .. import mgr
from ..controllers.iscsi import Iscsi, IscsiTarget
def test_cli_add_gateway_invalid_url(self):
with self.assertRaises(CmdException) as ctx:
- self.exec_cmd('iscsi-gateway-add', name='node1',
- service_url='http:/hello.com')
+ self.exec_cmd('iscsi-gateway-add', inbuf='http:/hello.com')
self.assertEqual(ctx.exception.retcode, -errno.EINVAL)
self.assertEqual(str(ctx.exception),
"Invalid service URL 'http:/hello.com'. Valid format: "
"'<scheme>://<username>:<password>@<host>[:port]'.")
+ def test_cli_add_gateway_empty_url(self):
+ with self.assertRaises(CmdException) as ctx:
+ self.exec_cmd('iscsi-gateway-add', inbuf='')
+
+ self.assertEqual(ctx.exception.retcode, -errno.EINVAL)
+ self.assertEqual(str(ctx.exception), ERROR_MSG_NO_INPUT_FILE)
+
def test_cli_add_gateway(self):
- self.exec_cmd('iscsi-gateway-add', name='node1',
- service_url='https://admin:admin@10.17.5.1:5001')
- self.exec_cmd('iscsi-gateway-add', name='node2',
- service_url='https://admin:admin@10.17.5.2:5001')
+ self.exec_cmd('iscsi-gateway-add', inbuf='https://admin:admin@10.17.5.1:5001')
+ self.exec_cmd('iscsi-gateway-add', inbuf='https://admin:admin@10.17.5.2:5001')
iscsi_config = json.loads(self.get_key("_iscsi_config"))
self.assertEqual(iscsi_config['gateways'], {
'node1': {
import errno
import unittest
+
+from mgr_module import ERROR_MSG_EMPTY_INPUT_FILE
+
from . import KVStoreMockMixin, ControllerTestCase
from .. import settings
from ..controllers.settings import Settings as SettingsController
def test_get_cmd(self):
r, out, err = handle_option_command(
- {'prefix': 'dashboard get-grafana-api-port'})
+ {'prefix': 'dashboard get-grafana-api-port'},
+ None
+ )
self.assertEqual(r, 0)
self.assertEqual(out, '3000')
self.assertEqual(err, '')
def test_set_cmd(self):
r, out, err = handle_option_command(
{'prefix': 'dashboard set-grafana-api-port',
- 'value': '4000'})
+ 'value': '4000'},
+ None
+ )
self.assertEqual(r, 0)
self.assertEqual(out, 'Option GRAFANA_API_PORT updated')
self.assertEqual(err, '')
+ def test_set_secret_empty(self):
+ r, out, err = handle_option_command(
+ {'prefix': 'dashboard set-rgw-api-secret-key'},
+ None
+ )
+ self.assertEqual(r, -errno.EINVAL)
+ self.assertEqual(out, '')
+ self.assertEqual(err, ERROR_MSG_EMPTY_INPUT_FILE)
+
+ def test_set_secret(self):
+ r, out, err = handle_option_command(
+ {'prefix': 'dashboard set-rgw-api-secret-key'},
+ 'my-secret'
+ )
+ self.assertEqual(r, 0)
+ self.assertEqual(out, 'Option RGW_API_SECRET_KEY updated')
+ self.assertEqual(err, '')
+
def test_reset_cmd(self):
r, out, err = handle_option_command(
- {'prefix': 'dashboard reset-grafana-enabled'}
+ {'prefix': 'dashboard reset-grafana-enabled'},
+ None
)
self.assertEqual(r, 0)
self.assertEqual(out, 'Option {} reset to default value "{}"'.format(
def test_inv_cmd(self):
r, out, err = handle_option_command(
- {'prefix': 'dashboard get-non-existent-option'})
+ {'prefix': 'dashboard get-non-existent-option'},
+ None
+ )
self.assertEqual(r, -errno.ENOSYS)
self.assertEqual(out, '')
self.assertEqual(err, "Command not found "
def test_sync(self):
Settings.GRAFANA_API_PORT = 5000
r, out, err = handle_option_command(
- {'prefix': 'dashboard get-grafana-api-port'})
+ {'prefix': 'dashboard get-grafana-api-port'},
+ None
+ )
self.assertEqual(r, 0)
self.assertEqual(out, '5000')
self.assertEqual(err, '')
r, out, err = handle_option_command(
{'prefix': 'dashboard set-grafana-api-host',
- 'value': 'new-local-host'})
+ 'value': 'new-local-host'},
+ None
+ )
self.assertEqual(r, 0)
self.assertEqual(out, 'Option GRAFANA_API_HOST updated')
self.assertEqual(err, '')
except ImportError:
# just for type checking
pass
+import errno
import logging
import json
import six
import re
import time
+ERROR_MSG_EMPTY_INPUT_FILE = 'Empty content: please add a password/secret to the file.'
+ERROR_MSG_NO_INPUT_FILE = 'Please specify the file containing the password/secret with "-i" option.'
# Full list of strings in "osd_types.cc:pg_state_string()"
PG_STATES = [
"active",
return super(HandleCommandResult, cls).__new__(cls, retval, stdout, stderr)
+class MonCommandFailed(RuntimeError): pass
+
+
class OSDMap(ceph_module.BasePyOSDMap):
def get_epoch(self):
return self._get_epoch()
return CLICommand(prefix, args, desc, "w")
+def CLICheckNonemptyFileInput(func):
+ def check(*args, **kwargs):
+ if not 'inbuf' in kwargs:
+ return -errno.EINVAL, '', ERROR_MSG_NO_INPUT_FILE
+ if not kwargs['inbuf'] or (isinstance(kwargs['inbuf'], str)
+ and not kwargs['inbuf'].strip('\n')):
+ return -errno.EINVAL, '', ERROR_MSG_EMPTY_INPUT_FILE
+ return func(*args, **kwargs)
+ return check
+
+
def _get_localized_key(prefix, key):
return '{}/{}'.format(prefix, key)
"""
return self._ceph_get_daemon_status(svc_type, svc_id)
- def mon_command(self, cmd_dict):
+ def check_mon_command(self, cmd_dict, inbuf=None):
+ """
+ Wrapper around :func:`~mgr_module.MgrModule.mon_command`, but raises,
+ if ``retval != 0``.
+ """
+
+ r = HandleCommandResult(*self.mon_command(cmd_dict, inbuf))
+ if r.retval:
+ raise MonCommandFailed(
+ '{} failed: {} retval: {}'.format(cmd_dict["prefix"], r.stderr, r.retval)
+ )
+ return r
+
+ def mon_command(self, cmd_dict, inbuf=None):
"""
Helper for modules that do simple, synchronous mon command
execution.
t1 = time.time()
result = CommandResult()
- self.send_command(result, "mon", "", json.dumps(cmd_dict), "")
+ self.send_command(result, "mon", "", json.dumps(cmd_dict), "", inbuf)
r = result.wait()
t2 = time.time()
return r
- def send_command(self, *args, **kwargs):
+ def send_command(
+ self,
+ result,
+ svc_type,
+ svc_id,
+ command,
+ tag,
+ inbuf=None):
"""
Called by the plugin to send a command to the mon
cluster.
completes, the ``notify()`` callback on the MgrModule instance is
triggered, with notify_type set to "command", and notify_id set to
the tag of the command.
+ :param str inbuf: input buffer for sending additional data.
"""
- self._ceph_send_command(*args, **kwargs)
+ self._ceph_send_command(result, svc_type, svc_id, command, tag, inbuf)
def set_health_checks(self, checks):
"""
tries=$((tries+1))
sleep 1
done
- ceph_adm tell mgr dashboard set-login-credentials admin admin
+
+ DASHBOARD_ADMIN_SECRET_FILE="/tmp/dashboard-admin-secret.txt"
+ printf 'admin' > "${DASHBOARD_ADMIN_SECRET_FILE}"
+ ceph_adm dashboard ac-user-create admin -i "${DASHBOARD_ADMIN_SECRET_FILE}"
tries=0
while [[ $tries < 30 ]] ; do
fi
fi
-# use CEPH_BUILD_ROOT to vstart from a 'make install'
+# use CEPH_BUILD_ROOT to vstart from a 'make install'
if [ -n "$CEPH_BUILD_ROOT" ]; then
[ -z "$CEPH_BIN" ] && CEPH_BIN=$CEPH_BUILD_ROOT/bin
[ -z "$CEPH_LIB" ] && CEPH_LIB=$CEPH_BUILD_ROOT/lib
export LD_LIBRARY_PATH=$CEPH_LIB:$LD_LIBRARY_PATH
export DYLD_LIBRARY_PATH=$CEPH_LIB:$DYLD_LIBRARY_PATH
# Suppress logging for regular use that indicated that we are using a
-# development version. vstart.sh is only used during testing and
+# development version. vstart.sh is only used during testing and
# development
export CEPH_DEV=1
-X )
cephx=0
;;
-
+
-g | --gssapi)
- gssapi_authx=1
+ gssapi_authx=1
;;
-G)
- gssapi_authx=0
+ gssapi_authx=0
;;
-k )
auth client required = gss
gss ktab client file = $CEPH_DEV_DIR/gss_\$name.keytab
EOF
- else
+ else
wconf <<EOF
auth cluster required = none
auth service required = none
if [ "$new" -eq 1 ]; then
# setting login credentials for dashboard
if $with_mgr_dashboard; then
- ceph_adm tell mgr dashboard ac-user-create admin admin administrator
+ DASHBOARD_ADMIN_SECRET_FILE="${CEPH_CONF_PATH}/dashboard-admin-secret.txt"
+ printf 'admin' > "${DASHBOARD_ADMIN_SECRET_FILE}"
+ ceph_adm dashboard ac-user-create admin -i "${DASHBOARD_ADMIN_SECRET_FILE}" \
+ administrator
if [ "$ssl" != "0" ]; then
if ! ceph_adm tell mgr dashboard create-self-signed-cert; then
echo dashboard module not working correctly!
projects / ceph.git / commitdiff