ceph cephadm set-user <user>
The ``set-user`` command automatically configures the specified user on all cluster
-hosts by calling ``cephadm setup-ssh-user`` on each host. This command is available starting
-with the Umbrella release and includes the following:
+hosts by calling ``cephadm setup-ssh-user`` on each host. This command includes the following:
- Setting up passwordless sudo access for non-root users
- Authorizing the cluster's SSH public key for the user
| [--log-dir LOG_DIR] [--logrotate-dir LOGROTATE_DIR]
| [--unit-dir UNIT_DIR] [--verbose] [--timeout TIMEOUT]
| [--retry RETRY] [--no-container-init]
-| {version,pull,inspect-image,ls,list-networks,list-rdma,adopt,rm-daemon,rm-cluster,remove-file,deploy-file,sysctl-dir,run,shell,enter,ceph-volume,unit,logs,bootstrap,deploy,check-host,check-online,prepare-host,prepare-host-sudo-hardening,setup-ssh-user,add-repo,rm-repo,install,list-images,update-osd-service}
+| {version,pull,inspect-image,ls,list-networks,list-rdma,adopt,rm-daemon,rm-cluster,remove-file,deploy-file,run,shell,enter,ceph-volume,unit,logs,bootstrap,deploy,check-host,prepare-host,prepare-host-sudo-hardening,setup-ssh-user,add-repo,rm-repo,install,list-images,update-osd-service}
| ...
| **cephadm** **check-host** [-h] [--expect-hostname EXPECT_HOSTNAME]
-| **cephadm** **check-online**
-
| **cephadm** **remove-file** [-h] [--fsid FSID] --path PATH
| **cephadm** **deploy-file** [-h] [--fsid FSID] --path PATH [--mode MODE]
| [--uid UID] [--gid GID]
-| **cephadm** **sysctl-dir** [-h] [--fsid FSID] (--list | --apply-system)
-
| **cephadm** **prepare-host**
+| **cephadm** **prepare-host-sudo-hardening** [-h] [--ssh-user SSH_USER]
+| [--ssh-pub-key SSH_PUB_KEY]
+| [--cephadm-version VERSION]
+
+| **cephadm** **setup-ssh-user** [-h] --ssh-user SSH_USER --ssh-pub-key SSH_PUB_KEY
+
| **cephadm** **add-repo** [-h] [--release RELEASE] [--version VERSION]
| [--dev DEV] [--dev-commit DEV_COMMIT]
| [--gpg-url GPG_URL] [--repo-url REPO_URL]
* [--expect-hostname EXPECT_HOSTNAME] Check that hostname matches an expected value
-check-online
-------------
-
-check that the host is online by running ``true`` locally.
-
-This command is primarily intended for cephadm internals (for example, the
-offline host watcher), rather than direct operator workflows.
-
-
remove-file
-----------
Remove a regular file on the local host. Missing paths are ignored.
-Refuses directories and symbolic links, only plain files are
-removed.
Arguments:
-* [--fsid FSID] cluster FSID (passed automatically when invoked by the orchestrator)
+* [--fsid FSID] cluster FSID
* --path PATH absolute path of the file to remove (required)
Arguments:
-* [--fsid FSID] cluster FSID (passed automatically when invoked by the orchestrator)
+* [--fsid FSID] cluster FSID
* --path PATH absolute destination path for the file (required)
* [--mode MODE] octal file mode (for example ``644`` or ``0644``)
* [--uid UID] numeric owner user id (**must** be given together with ``--gid``)
* [--gid GID] numeric owner group id (**must** be given together with ``--uid``)
-sysctl-dir
-----------
-
-List basenames under ``/etc/sysctl.d`` or run ``sysctl --system`` on the local host.
-
-Arguments:
-
-* [--fsid FSID] cluster FSID (passed automatically when invoked by the orchestrator)
-* --list print one directory entry per line (sorted)
-* --apply-system reload sysctl settings from all configuration paths
-
-
deploy
------
help='Configuration input source file',
)
+ parser_check_online = subparsers_orch.add_parser(
+ 'check-online', help='return true to indicate host is running')
+ parser_check_online.set_defaults(func=command_check_online)
+
+ parser_sysctl_dir = subparsers_orch.add_parser(
+ 'sysctl-dir',
+ help='list entries in sysctl.d or run sysctl --system')
+ parser_sysctl_dir.set_defaults(func=command_sysctl_dir)
+ parser_sysctl_dir.add_argument(
+ '--fsid',
+ help='cluster FSID')
+ _sysctl_dir_action = parser_sysctl_dir.add_mutually_exclusive_group(
+ required=True)
+ _sysctl_dir_action.add_argument(
+ '--list',
+ dest='sysctl_dir_action',
+ action='store_const',
+ const='list',
+ help=f'print one basename per line from {SYSCTL_DIR}')
+ _sysctl_dir_action.add_argument(
+ '--apply-system',
+ dest='sysctl_dir_action',
+ action='store_const',
+ const='apply_system',
+ help='reload sysctl settings from all config paths (sysctl --system)')
+
parser_check_host = subparsers.add_parser(
'check-host', help='check host configuration')
parser_check_host.set_defaults(func=command_check_host)
'--expect-hostname',
help='Check that hostname matches an expected value')
- parser_check_online = subparsers.add_parser(
- 'check-online', help='return true to indicate host is running')
- parser_check_online.set_defaults(func=command_check_online)
-
parser_prepare_host = subparsers.add_parser(
'prepare-host', help='prepare a host for cephadm use')
parser_prepare_host.set_defaults(func=command_prepare_host)
default=None,
help='numeric owner gid (requires --uid)')
- parser_sysctl_dir = subparsers.add_parser(
- 'sysctl-dir',
- help='list entries in sysctl.d or run sysctl --system')
- parser_sysctl_dir.set_defaults(func=command_sysctl_dir)
- parser_sysctl_dir.add_argument(
- '--fsid',
- help='cluster FSID')
- _sysctl_dir_action = parser_sysctl_dir.add_mutually_exclusive_group(
- required=True)
- _sysctl_dir_action.add_argument(
- '--list',
- dest='sysctl_dir_action',
- action='store_const',
- const='list',
- help=f'print one basename per line from {SYSCTL_DIR}')
- _sysctl_dir_action.add_argument(
- '--apply-system',
- dest='sysctl_dir_action',
- action='store_const',
- const='apply_system',
- help='reload sysctl settings from all config paths (sysctl --system)')
-
parser_maintenance = subparsers.add_parser(
'host-maintenance', help='Manage the maintenance state of a host')
parser_maintenance.add_argument(
command_check_host,
command_check_online,
command_prepare_host,
+ command_setup_ssh_user,
+ command_prepare_host_sudo_hardening,
command_add_repo,
command_rm_repo,
command_install,
cephadm_fs.create_file(os.path.join(SYSCTL_DIR, 'c.conf'))
cephadm_fs.create_file(os.path.join(SYSCTL_DIR, 'a.conf'))
with with_cephadm_ctx(
- ['sysctl-dir', '--fsid', '00000000-0000-0000-0000-0000deadbeef', '--list']
+ ['_orch', 'sysctl-dir', '--fsid', '00000000-0000-0000-0000-0000deadbeef', '--list']
) as ctx:
assert _cephadm.command_sysctl_dir(ctx) == 0
assert capsys.readouterr().out.splitlines() == ['a.conf', 'c.conf']
shutil.rmtree(SYSCTL_DIR)
assert not cephadm_fs.exists(SYSCTL_DIR)
with with_cephadm_ctx(
- ['sysctl-dir', '--fsid', '00000000-0000-0000-0000-0000deadbeef', '--list']
+ ['_orch', 'sysctl-dir', '--fsid', '00000000-0000-0000-0000-0000deadbeef', '--list']
) as ctx:
with pytest.raises(_cephadm.Error, match='Not a directory'):
_cephadm.command_sysctl_dir(ctx)
def test_command_sysctl_dir_apply_system(self, cephadm_fs):
with with_cephadm_ctx(
- ['sysctl-dir', '--fsid', '00000000-0000-0000-0000-0000deadbeef', '--apply-system']
+ ['_orch', 'sysctl-dir', '--fsid', '00000000-0000-0000-0000-0000deadbeef', '--apply-system']
) as ctx:
assert _cephadm.command_sysctl_dir(ctx) == 0
# Do not let with_cephadm_ctx re-patch cephadm.call back to success (exit 0).
with mock.patch('cephadm.call', return_value=('out', 'sysctl failed', 1)):
with with_cephadm_ctx(
- ['sysctl-dir', '--fsid', '00000000-0000-0000-0000-0000deadbeef', '--apply-system'],
+ ['_orch', 'sysctl-dir', '--fsid', '00000000-0000-0000-0000-0000deadbeef', '--apply-system'],
mock_cephadm_call_fn=False,
) as ctx:
with pytest.raises(_cephadm.Error, match='sysctl --system failed'):
def _setup_user_on_host(self, host: str, user: str, ssh_pub_key: str,
addr: Optional[str] = None) -> None:
"""
- Setup sudoers and copy SSH key by calling cephadm setup-ssh-user command.
+ Setup sudoers and copy SSH key by calling cephadm setup-ssh-user.
User must already exist on the host.
For root user, only SSH key is copied (sudoers setup is skipped).
"""
addr: Optional[str] = None
) -> Tuple[str, bool, str]:
"""
- Prepare a host for sudo hardening by executing 'cephadm prepare-host-sudo-hardening' command.
+ Prepare a host for sudo hardening by executing cephadm prepare-host-sudo-hardening.
"""
try:
self.log.debug('Preparing host %s for sudo hardening...', host)
with self.async_timeout_handler(host, 'cephadm prepare-host-sudo-hardening'):
out, err, code = self.wait_async(
CephadmServe(self)._run_cephadm(
- host, cephadmNoImage, 'prepare-host-sudo-hardening', cephadm_args,
+ host,
+ cephadmNoImage,
+ 'prepare-host-sudo-hardening',
+ cephadm_args,
addr=addr, error_ok=True, no_fsid=True))
if code:
error_msg = '\n'.join(err) if err else 'Unknown error'
def check_host(self, host: str) -> None:
if host not in self.mgr.offline_hosts:
try:
- with self.mgr.async_timeout_handler(host, 'cephadm check-online'):
- self.mgr.wait_async(CephadmServe(self.mgr)._run_cephadm(
- host, cephadmNoImage, 'check-online', [],
- no_fsid=True, log_output=self.mgr.log_refresh_metadata))
+ with self.mgr.async_timeout_handler(
+ host, 'cephadm _orch check-online'):
+ self.mgr.wait_async(
+ CephadmServe(self.mgr)._run_cephadm(
+ host,
+ cephadmNoImage,
+ ['_orch', 'check-online'],
+ [],
+ no_fsid=True,
+ log_output=self.mgr.log_refresh_metadata))
except Exception:
logger.debug(f'OfflineHostDetector: detected {host} to be offline')
# kick serve loop in case corrective action must be taken for offline host
cephadm_module.offline_watcher.check_host('test')
run_cephadm.assert_called_once_with(
- 'test', cephadmNoImage, 'check-online', [],
+ 'test', cephadmNoImage, ['_orch', 'check-online'], [],
no_fsid=True, log_output=cephadm_module.log_refresh_metadata
)
SYSCTL_DIR = '/etc/sysctl.d'
-SYSCTL_DIR_CEPHADM_CMD = 'sysctl-dir'
+SYSCTL_DIR_CEPHADM_CMD = ['_orch', 'sysctl-dir']
class TunedProfileUtils():
self.mgr = mgr
def _sysctl_dir_list(self, host: str) -> str:
- with self.mgr.async_timeout_handler(host, 'cephadm sysctl-dir --list'):
+ with self.mgr.async_timeout_handler(host, 'cephadm _orch sysctl-dir --list'):
out, _err, _code = self.mgr.wait_async(CephadmServe(self.mgr)._run_cephadm(
host,
cephadmNoImage,
return ''.join(out)
def _sysctl_dir_apply_system(self, host: str) -> None:
- with self.mgr.async_timeout_handler(host, 'cephadm sysctl-dir --apply-system'):
+ with self.mgr.async_timeout_handler(host, 'cephadm _orch sysctl-dir --apply-system'):
self.mgr.wait_async(CephadmServe(self.mgr)._run_cephadm(
host,
cephadmNoImage,
projects / ceph.git / commitdiff