def get_dmcrypt_key(
_uuid,
key_dir,
- luks
+ luks,
+ cluster
):
+
legacy_path = get_dmcrypt_key_path(_uuid, key_dir, luks)
if os.path.exists(legacy_path):
return (legacy_path,)
key, stderr, ret = command(
[
'ceph',
+ '--cluster',
+ cluster,
'--name',
'client.osd-lockbox.' + osd_uuid,
'--keyring',
self.osd_dm_key = get_dmcrypt_key(
self.get_uuid(), self.args.dmcrypt_key_dir,
- False)
+ False, self.args.cluster)
def set_variables_ptype(self):
self.ptype_map = PTYPE['plain']
self.osd_dm_key = get_dmcrypt_key(
self.get_uuid(), self.args.dmcrypt_key_dir,
- True)
+ True, self.args.cluster)
def set_variables_ptype(self):
self.ptype_map = PTYPE['luks']
self.args.lockbox)
self.partition = self.create_partition()
- def create_key(self):
+ def create_key(self, cluster):
key_size = CryptHelpers.get_dmcrypt_keysize(self.args)
key = open('/dev/urandom', 'rb').read(key_size / 8)
base64_key = base64.b64encode(key)
'ceph',
'--name', 'client.bootstrap-osd',
'--keyring', bootstrap,
+ '--cluster',
+ cluster,
'config-key',
'put',
'dm-crypt/osd/' + self.args.osd_uuid + '/luks',
'ceph',
'--name', 'client.bootstrap-osd',
'--keyring', bootstrap,
+ '--cluster',
+ cluster,
'auth',
'get-or-create',
'client.osd-lockbox.' + self.args.osd_uuid,
LOG.debug('Mounting lockbox ' + str(" ".join(args)))
command_check_call(args)
write_one_line(path, 'osd-uuid', self.args.osd_uuid)
- self.create_key()
+ self.create_key(self.args.cluster)
self.symlink_spaces(path)
write_one_line(path, 'magic', CEPH_LOCKBOX_ONDISK_MAGIC)
if self.device is not None:
return None
-def dmcrypt_map(dev, dmcrypt_key_dir):
+def dmcrypt_map(dev, dmcrypt_key_dir, cluster):
ptype = get_partition_type(dev)
if ptype in Ptype.get_ready_by_type('plain'):
luks = False
raise Error('--dmcrypt called for dev %s with invalid ptype %s'
% (dev, ptype))
part_uuid = get_partition_uuid(dev)
- dmcrypt_key = get_dmcrypt_key(part_uuid, dmcrypt_key_dir, luks)
+ dmcrypt_key = get_dmcrypt_key(part_uuid, dmcrypt_key_dir, luks, cluster)
return _dmcrypt_map(
rawdev=dev,
key=dmcrypt_key,
init,
dmcrypt,
dmcrypt_key_dir,
+ cluster,
reactivate=False,
):
if dmcrypt:
part_uuid = get_partition_uuid(dev)
- dev = dmcrypt_map(dev, dmcrypt_key_dir)
+ dev = dmcrypt_map(dev, dmcrypt_key_dir, cluster)
try:
fstype = detect_fstype(dev=dev)
except (subprocess.CalledProcessError,
init=args.mark_init,
dmcrypt=args.dmcrypt,
dmcrypt_key_dir=args.dmcrypt_key_dir,
+ cluster=args.cluster,
reactivate=args.reactivate,
)
osd_data = get_mount_point(cluster, osd_id)
])
-def _remove_lockbox(uuid):
+def _remove_lockbox(uuid, cluster):
command([
'ceph',
'auth',
])
command([
'ceph',
+ '--cluster',
+ cluster,
'config-key',
'del',
'dm-crypt/osd/' + uuid + '/luks',
unmap = False
else:
dmcrypt_path = dmcrypt_map(partition['path'],
- args.dmcrypt_key_dir)
+ args.dmcrypt_key_dir,
+ args.cluster)
unmap = True
list_dev_osd(dmcrypt_path, {}, partition)
if unmap:
for name in Space.NAMES:
if target_dev.get(name + '_uuid'):
dmcrypt_unmap(target_dev[name + '_uuid'])
- _remove_lockbox(target_dev['uuid'])
+ _remove_lockbox(target_dev['uuid'], args.cluster)
# Check zap flag. If we found zap flag, we need to find device for
# destroy this osd data.
dev = None
with activate_lock:
if args.dmcrypt:
- dev = dmcrypt_map(args.dev, args.dmcrypt_key_dir)
+ dev = dmcrypt_map(args.dev, args.dmcrypt_key_dir, args.cluster)
else:
dev = args.dev
# FIXME: For an encrypted journal dev, does this return the
init=args.mark_init,
dmcrypt=args.dmcrypt,
dmcrypt_key_dir=args.dmcrypt_key_dir,
+ cluster=args.cluster,
reactivate=args.reactivate,
)
activate_key_template=args.activate_key_template,
init=args.mark_init,
dmcrypt=False,
+ cluster=args.cluster,
dmcrypt_key_dir='',
)
start_daemon(
projects / ceph.git / commitdiff