elif daemon_type == 'nfs':
cephadm_config, deps = \
self._generate_nfs_config(daemon_type, daemon_id, host)
- cephadm_config.update(
- self._get_config_and_keyring(
- daemon_type, daemon_id,
- keyring=keyring,
- extra_config=extra_config))
extra_args.extend(['--config-json', '-'])
elif daemon_type == 'alertmanager':
cephadm_config, deps = self._generate_alertmanager_config()
# cast to keep mypy happy
spec = cast(NFSServiceSpec, specs[0])
- # generate the cephadm config
nfs = NFSGanesha(self, daemon_id, spec)
- return nfs.get_cephadm_config(), deps
+
+ # create the keyring
+ entity = nfs.get_keyring_entity()
+ keyring = nfs.get_or_create_keyring(entity=entity)
+
+ # update the caps after get-or-create, the keyring might already exist!
+ nfs.update_keyring_caps(entity=entity)
+
+ # create the rados config object
+ nfs.create_rados_config_obj()
+
+ # generate the cephadm config
+ cephadm_config = nfs.get_cephadm_config()
+ cephadm_config.update(
+ self._get_config_and_keyring(
+ daemon_type, daemon_id,
+ keyring=keyring))
+
+ return cephadm_config, deps
def add_nfs(self, spec):
return self._add_daemon('nfs', spec, self._create_nfs, self._config_nfs)
self.spec_store.save(spec)
def _create_nfs(self, daemon_id, host, spec):
- nfs = NFSGanesha(self, daemon_id, spec)
- keyring = nfs.create_keyring()
- nfs.create_rados_config_obj()
- return self._create_daemon('nfs', daemon_id, host, keyring=keyring)
+ return self._create_daemon('nfs', daemon_id, host)
@trivial_completion
def apply_nfs(self, spec):
url += self.get_rados_config_name()
return url
- def create_keyring(self):
+ def get_keyring_entity(self):
# type: () -> str
- entity = cephadm.name_to_config_section(self.get_rados_user())
+ return cephadm.name_to_config_section(self.get_rados_user())
- osd_caps='allow rw pool=%s' % (self.spec.pool)
- if self.spec.namespace:
- osd_caps='%s namespace=%s' % (osd_caps, self.spec.namespace)
+ def get_or_create_keyring(self, entity=None):
+ # type: (Optional[str]) -> str
+ if not entity:
+ entity = self.get_keyring_entity()
logger.info('Create keyring: %s' % entity)
ret, keyring, err = self.mgr.mon_command({
'prefix': 'auth get-or-create',
'entity': entity,
+ })
+
+ if ret != 0:
+ raise OrchestratorError(
+ 'Unable to create keyring %s: %s %s' \
+ % (entity, ret, err))
+ return keyring
+
+ def update_keyring_caps(self, entity=None):
+ # type: (Optional[str]) -> None
+ if not entity:
+ entity = self.get_keyring_entity()
+
+ osd_caps='allow rw pool=%s' % (self.spec.pool)
+ if self.spec.namespace:
+ osd_caps='%s namespace=%s' % (osd_caps, self.spec.namespace)
+
+ logger.info('Updating keyring caps: %s' % entity)
+ ret, out, err = self.mgr.mon_command({
+ 'prefix': 'auth caps',
+ 'entity': entity,
'caps': ['mon', 'allow r',
'osd', osd_caps,
'mds', 'allow rw'],
})
if ret != 0:
- raise OrchestratorError('Unable to create keyring: %s' % (entity))
-
- return keyring
+ raise OrchestratorError(
+ 'Unable to update keyring caps %s: %s %s' \
+ % (entity, ret, err))
def create_rados_config_obj(self):
# type: () -> None
projects / ceph.git / commitdiff