From: Michael Fritch Date: Sun, 8 Mar 2020 16:53:17 +0000 (-0600) Subject: mgr/cephadm: add minimal caps for nfs client keyring X-Git-Tag: v15.2.1~19^2~15 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=14a4a8d52a86fb71799f23955cb1624816f03509;p=ceph.git mgr/cephadm: add minimal caps for nfs client keyring Signed-off-by: Michael Fritch (cherry picked from commit 94600c69e2f547c02017204c909d11d626649066) --- diff --git a/src/pybind/mgr/cephadm/nfs.py b/src/pybind/mgr/cephadm/nfs.py index 77d1b46a4a466..1ba0d8a57940e 100644 --- a/src/pybind/mgr/cephadm/nfs.py +++ b/src/pybind/mgr/cephadm/nfs.py @@ -3,6 +3,7 @@ import logging from typing import Dict, Optional import cephadm +from orchestrator import OrchestratorError logger = logging.getLogger(__name__) @@ -28,7 +29,7 @@ class NFSGanesha(object): def get_rados_user(self): # type: () -> str - return 'admin' # TODO: 'nfs.' + self.daemon_id + return self.get_daemon_name() def get_rados_config_name(self): # type: () -> str @@ -44,11 +45,24 @@ class NFSGanesha(object): def create_keyring(self): # type: () -> str - logger.info('Create keyring for user: %s' % self.get_rados_user()) + entity = 'client.' + self.get_rados_user() + + osd_caps='allow rw pool=%s' % (self.pool) + if self.namespace: + osd_caps='%s namespace=%s' % (osd_caps, self.namespace) + + logger.info('Create keyring: %s' % entity) ret, keyring, err = self.mgr.mon_command({ - 'prefix': 'auth get', - 'entity': 'client.' + self.get_rados_user(), + 'prefix': 'auth get-or-create', + 'entity': entity, + 'caps': ['mon', 'allow r', + 'osd', osd_caps, + 'mds', 'allow rw'], }) + + if ret != 0: + raise OrchestratorError('Unable to create keyring: %s' % (entity)) + return keyring def create_rados_config_obj(self):