mgr/volumes: Update caps for new user created and add it's key to keyring

Fixes: https://tracker.ceph.com/issues/44193
Signed-off-by: Varsha Rao <varao@redhat.com>
(cherry picked from commit 0f2f7b0b1a903c0611dd86fb5e05cf901b1217f1)

diff --git a/src/pybind/mgr/volumes/fs/nfs.py b/src/pybind/mgr/volumes/fs/nfs.py
index 129a0cf289c531e42b7e27e12758424438e6224f..3bb6420e6a5b658dfccb6c44985fadb7f877d157 100644 (file)
--- a/src/pybind/mgr/volumes/fs/nfs.py
+++ b/src/pybind/mgr/volumes/fs/nfs.py
@@ -192,6 +192,17 @@ class NFSConfig(object):
         self.mgr = mgr
         self.ganeshaconf = ''
 
+    def update_user_caps(self):
+        if NFSConfig.exp_num > 0:
+            ret, out, err = self.mgr.mon_command({
+                'prefix': 'auth caps',
+                'entity': "client.%s" % (self.cluster_id),
+                'caps' : ['mon', 'allow r', 'osd', 'allow rw pool=%s namespace=%s, allow rw tag cephfs data=a' % (self.pool_name, self.pool_ns), 'mds', 'allow rw path=/'],
+                })
+
+            if ret!= 0:
+                return ret, out, err
+
     def create_common_config(self, nodeid):
         result = "NFS_CORE_PARAM {\n Enable_NLM = false;\n Enable_RQUOTA = false;\n Protocols = 4;\n}\n\n"
         result += "CACHEINODE {\n Dir_Chunk = 0;\n NParts = 1;\n Cache_Size = 1;\n}\n\n"
@@ -231,6 +242,7 @@ class NFSConfig(object):
 
         log.info("Export ID is {}".format(ex_id))
         NFSConfig.exp_num += 1
+        self.update_user_caps()
         return 0, "", ""
 
     def delete_export(self, ganesha_conf, ex_id):
@@ -275,15 +287,29 @@ class NFSConfig(object):
             log.info("{}".format(out))
             self.ganeshaconf = GaneshaConf(self.cluster_id, self.pool_name, self.pool_ns, self.mgr)
 
+            command = {'prefix': 'osd pool application enable', 'pool': self.pool_name, 'app': 'nfs'}
+            r, out, err = self.mgr.mon_command(command)
+
+            if r != 0:
+                return r, out, err
+            log.info("pool enable done r: {}".format(out))
+
         ret, out, err = self.mgr.mon_command({
             'prefix': 'auth get-or-create',
             'entity': client,
             'caps' : ['mon', 'allow r', 'osd', 'allow rw pool=%s namespace=%s' % (self.pool_name, self.pool_ns)],
+            'format': 'json',
             })
 
         if ret!= 0:
             return ret, out, err
 
+        json_res = json.loads(out)
+        log.info("The user created is {} and key is {} ".format(json_res[0]['entity'], json_res[0]['key']))
+
+        keyring = self.mgr.rados.conf_get("keyring")
+        log.info("The keyring location is {}".format(keyring))
+
         log.info("Calling up common config")
         self.create_common_config("a")
 

diff --git a/src/vstart.sh b/src/vstart.sh
index b0a7afa72fcde4cca4393f57e513ce97820b9a47..f4bfa24c7b72d988c92c0c59dae8eb55f024faa3 100755 (executable)
--- a/src/vstart.sh
+++ b/src/vstart.sh
@@ -1081,9 +1081,10 @@ start_ganesha() {
         prun rm -rf $ganesha_dir
         prun mkdir -p $ganesha_dir
         prun ceph_adm fs nfs cluster create tester
-       prun ceph_adm osd pool application enable nfs-ganesha nfs
+       keyring=$(ceph_adm auth print-key client.ganesha-tester)
+       prun $SUDO "$CEPH_BIN/ceph-authtool" --name=client.ganesha-tester --add-key=$keyring keyring
 
-        echo "%url rados://nfs-ganesha/tester/$name" > "$ganesha_dir/ganesha.conf"
+        echo "%url rados://nfs-ganesha/tester/a" > "$ganesha_dir/ganesha.conf"
        wconf <<EOF
 [ganesha.$name]
         host = $HOSTNAME