cephadm: set auth_allow_insecure_global_id_reclaim for mon on bootstrap

If this is a fresh pacific cluster, let's assume that there won't be
legacy clients connecting.  (And if there are, let's put the burden on
the user to enable them to do so insecurely.)

This is in contrast to upgrades, where our focus is on not breaking
anything.

Signed-off-by: Sage Weil <sage@newdream.net>
(cherry picked from commit 7ca74183226b1125b29f4ea8f324ae9e38b46795)

diff --git a/qa/suites/rados/cephadm/thrash-old-clients/ceph.yaml b/qa/suites/rados/cephadm/thrash-old-clients/ceph.yaml
index 468b4af27d0f8cae1d169bd6aea725cc04876fd9..016ce36da7fcf5e82b5bed0e9d5d0cc0dc788bc4 100644 (file)
--- a/qa/suites/rados/cephadm/thrash-old-clients/ceph.yaml
+++ b/qa/suites/rados/cephadm/thrash-old-clients/ceph.yaml
@@ -2,3 +2,6 @@
 verify_ceph_hash: false
 tasks:
 - cephadm:
+    conf:
+      mon:
+        auth allow insecure global id reclaim: true

diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm
index e0b5ddd7d1f6dda2ef53e51792a3a8efe5e90c66..cdc52d782b7663a2570538842ad6df55b889bd03 100755 (executable)
--- a/src/cephadm/cephadm
+++ b/src/cephadm/cephadm
@@ -3755,8 +3755,15 @@ def prepare_bootstrap_config(
     if not cp.has_section('global'):
         cp.add_section('global')
     cp.set('global', 'fsid', fsid)
-    cp.set('global', 'mon host', mon_addr)
+    cp.set('global', 'mon_host', mon_addr)
     cp.set('global', 'container_image', image)
+    if not cp.has_section('mon'):
+        cp.add_section('mon')
+    if (
+            not cp.has_option('mon', 'auth_allow_insecure_global_id_reclaim')
+            and not cp.has_option('mon', 'auth allow insecure global id reclaim')
+    ):
+        cp.set('mon', 'auth_allow_insecure_global_id_reclaim', 'false')
     cpf = StringIO()
     cp.write(cpf)
     config = cpf.getvalue()