osd: add --mkkey mkfs option

Optionally generate a new key as part of the mkfs step.  This makes life
a bit easier for the admin.

Signed-off-by: Sage Weil <sage.weil@dreamhost.com>

diff --git a/src/cosd.cc b/src/cosd.cc
index f3a1d106bcff0b859a31f4845b860c1cde8380ad..4cea4ea0cc9e11459e8872a6ed9a9334596b9517 100644 (file)
--- a/src/cosd.cc
+++ b/src/cosd.cc
@@ -63,6 +63,7 @@ int main(int argc, const char **argv)
   // osd specific args
   bool mkfs = false;
   bool mkjournal = false;
+  bool mkkey = false;
   bool flushjournal = false;
   char *dump_pg_log = 0;
   FOR_EACH_ARG(args) {
@@ -70,6 +71,8 @@ int main(int argc, const char **argv)
       mkfs = true;
     } else if (CEPH_ARGPARSE_EQ("mkjournal", '\0')) {
       mkjournal = true;
+    } else if (CEPH_ARGPARSE_EQ("mkkey", '\0')) {
+      mkkey = true;
     } else if (CEPH_ARGPARSE_EQ("flush-journal", '\0')) {
       flushjournal = true;
     } else if (CEPH_ARGPARSE_EQ("dump-pg-log", '\0')) {
@@ -140,8 +143,23 @@ int main(int argc, const char **argv)
     if (!g_conf.osd_journal.empty())
       *_dout << " journal " << g_conf.osd_journal;
     *_dout << " for osd" << whoami << " fsid " << mc.monmap.fsid << dendl;
-    exit(0);
   }
+  if (mkkey) {
+    EntityName ename(g_conf.name);
+    EntityAuth eauth;
+    eauth.key.create(CEPH_CRYPTO_AES);
+    g_keyring.add(ename, eauth);
+    bufferlist bl;
+    ::encode(g_keyring, bl);
+    int r = bl.write_file(g_conf.keyring.c_str(), 0600);
+    if (r)
+      derr << TEXT_RED << " ** ERROR: writing new keyring to " << g_conf.keyring
+          << ": " << cpp_strerror(r) << TEXT_NORMAL << dendl;
+    else
+      derr << "created new key in keyring " << g_conf.keyring << dendl;
+  }
+  if (mkfs || mkkey)
+    exit(0);
   if (mkjournal) {
     int err = OSD::mkjournal(g_conf.osd_data, g_conf.osd_journal);
     if (err < 0) {

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index c618d3759021f99f26e8be7f975141bd2fcf06d2..b53ed01cfd939d9b75487ab676bcc9feddd11d64 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -581,6 +581,11 @@ bool AuthMonitor::prepare_command(MMonCommand *m)
         goto done;
       }
       auth_inc.op = KeyServerData::AUTH_INC_ADD;
+
+      // suck in any caps too
+      for (unsigned i=3; i+1<m->cmd.size(); i += 2)
+       ::encode(m->cmd[i+1], auth_inc.auth.caps[m->cmd[i]]);
+
       dout(10) << " importing " << auth_inc.name << " " << auth_inc.auth << dendl;
       push_cephx_inc(auth_inc);
 
@@ -604,7 +609,7 @@ bool AuthMonitor::prepare_command(MMonCommand *m)
       mon->key_server.get_auth(auth_inc.name, auth_inc.auth);
 
       map<string,bufferlist> newcaps;
-      for (unsigned i=3; i+1<m->cmd.size(); i++)
+      for (unsigned i=3; i+1<m->cmd.size(); i += 2)
        ::encode(m->cmd[i+1], newcaps[m->cmd[i]]);
 
       auth_inc.op = KeyServerData::AUTH_INC_ADD;

diff --git a/src/vstart.sh b/src/vstart.sh
index b5b6ba4935c7c1f9f8b75860fc6945cdf358f0a6..845c5fc1ec36090b4534073c808f746a7ac8880a 100755 (executable)
--- a/src/vstart.sh
+++ b/src/vstart.sh
@@ -367,18 +367,14 @@ EOF
 EOF
            fi
            echo mkfs osd$osd
-           cmd="$SUDO $CEPH_BIN/cosd -i $osd $ARGS --mkfs"
+           cmd="$SUDO $CEPH_BIN/cosd -i $osd $ARGS --mkfs --mkkey"
            echo $cmd
            $cmd
 
            if [ "$cephx" -eq 1 ]; then
                key_fn=dev/osd$osd/keyring
-               $SUDO $CEPH_BIN/cauthtool --create-keyring --gen-key --name=osd.$osd \
-                   --cap mon 'allow *' \
-                   --cap osd 'allow *' \
-                   $key_fn
                echo adding osd$osd key to auth repository
-               $SUDO $CEPH_ADM -i $key_fn auth add osd.$osd
+               $SUDO $CEPH_ADM -i $key_fn auth add osd.$osd osd "allow *" mon "allow rwx"
            fi
        fi
        echo start osd$osd