mgr/cephadm: deploy pending_key when possible

Also, leave out the caps.

Signed-off-by: Sage Weil <sage@newdream.net>
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
(cherry picked from commit 34ba1a58bb19fcb5202ac6c36d083de85d339099)

diff --git a/src/pybind/mgr/cephadm/services/cephadmservice.py b/src/pybind/mgr/cephadm/services/cephadmservice.py
index 14d7e66df5f836dfec90fa5dea054319dfcd0084..ae0fc57458e97b7f041c954648db7712bf71e5f4 100644 (file)
--- a/src/pybind/mgr/cephadm/services/cephadmservice.py
+++ b/src/pybind/mgr/cephadm/services/cephadmservice.py
@@ -244,7 +244,22 @@ class CephadmService(metaclass=ABCMeta):
                 'entity': entity,
             })
             if err:
-                self.mgr.log.warning(f"Unable to fetch keyring for {entity}")
+                raise OrchestratorError(f"Unable to fetch keyring for {entity}: {err}")
+
+        # strip down keyring
+        #  - don't include caps (auth get includes them; get-or-create does not)
+        #  - use pending key if present
+        key = None
+        for line in keyring.splitlines():
+            if ' = ' not in line:
+                continue
+            line = line.strip()
+            (ls, rs) = line.split(' = ', 1)
+            if ls == 'key' and not key:
+                key = rs
+            if ls == 'pending key':
+                key = rs
+        keyring = f'[{entity}]\nkey = {key}\n'
         return keyring
 
     def _inventory_get_fqdn(self, hostname: str) -> str:

diff --git a/src/pybind/mgr/cephadm/tests/test_services.py b/src/pybind/mgr/cephadm/tests/test_services.py
index 98dcc850f20505fb5b88723bf798b25d8c1a8235..8029be7637999322b525729abe5e8ea18badde0b 100644 (file)
--- a/src/pybind/mgr/cephadm/tests/test_services.py
+++ b/src/pybind/mgr/cephadm/tests/test_services.py
@@ -44,6 +44,8 @@ class FakeMgr:
         if prefix == 'set-cmd':
             self.config = cmd_dict.get('value')
             return 0, 'value set', ''
+        if prefix in ['auth get']:
+            return 0, '[foo]\nkeyring = asdf\n', ''
         return -1, '', 'error'
 
     def get_minimal_ceph_conf(self) -> str:
@@ -184,9 +186,12 @@ class TestISCSIService:
         expected_call2 = call({'prefix': 'auth caps',
                                'entity': 'client.iscsi.a',
                                'caps': expected_caps})
+        expected_call3 = call({'prefix': 'auth get',
+                               'entity': 'client.iscsi.a'})
 
         assert expected_call in self.mgr.mon_command.mock_calls
         assert expected_call2 in self.mgr.mon_command.mock_calls
+        assert expected_call3 in self.mgr.mon_command.mock_calls
 
     @patch('cephadm.utils.resolve_ip')
     def test_iscsi_dashboard_config(self, mock_resolve_ip):