From: Adam King Date: Thu, 13 Apr 2023 17:05:11 +0000 (-0400) Subject: cephadm: still try to open ports in firewall on redeploy/reconfig X-Git-Tag: v18.2.1~326^2~79 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=6cd0d078df036df9a9591e66c5979b4bb9357b00;p=ceph.git cephadm: still try to open ports in firewall on redeploy/reconfig Prior to this patch we were discarding the provided ports on reconfig and redeploy in order to not fail thinking there was a port conflict with the instance of the daemon we were about to reconfig/redeploy. However, it's still desirable for us to make sure the firewall ports are open when we do a reconfig/redpeloy, so this refactors the port handling approach to have it do that but still avoid checking for port conflicts. It also include an update of the type signature of deploy_daemon to the py3 style. That wasn't needed for the change but since I was added an arugment there I thought we might as well do it now. Signed-off-by: Adam King (cherry picked from commit fdecd66f1306d3bf60780dbd44c9cb8e63b3892a) --- diff --git a/src/cephadm/cephadm.py b/src/cephadm/cephadm.py index 44c78691b46f..30ca4c23d995 100755 --- a/src/cephadm/cephadm.py +++ b/src/cephadm/cephadm.py @@ -3407,23 +3407,26 @@ def extract_uid_gid(ctx, img='', file_path='/var/lib/ceph'): raise RuntimeError('uid/gid not found') -def deploy_daemon(ctx, fsid, daemon_type, daemon_id, c, uid, gid, - config=None, keyring=None, - osd_fsid=None, - reconfig=False, - ports=None): - # type: (CephadmContext, str, str, Union[int, str], Optional[CephContainer], int, int, Optional[str], Optional[str], Optional[str], Optional[bool], Optional[List[int]]) -> None +def deploy_daemon(ctx: CephadmContext, fsid: str, daemon_type: str, + daemon_id: Union[int, str], c: Optional['CephContainer'], + uid: int, gid: int, config: Optional[str] = None, + keyring: Optional[str] = None, osd_fsid: Optional[str] = None, + reconfig: Optional[bool] = False, redeploy: Optional[bool] = False, + ports: Optional[List[int]] = None) -> None: ports = ports or [] - if any([port_in_use(ctx, port) for port in ports]): - if daemon_type == 'mgr': - # non-fatal for mgr when we are in mgr_standby_modules=false, but we can't - # tell whether that is the case here. - logger.warning( - f"ceph-mgr TCP port(s) {','.join(map(str, ports))} already in use" - ) - else: - raise Error("TCP Port(s) '{}' required for {} already in use".format(','.join(map(str, ports)), daemon_type)) + # only check port in use if not reconfig or redeploy since service + # we are redeploying/reconfiguring will already be using the port + if not reconfig and not redeploy: + if any([port_in_use(ctx, port) for port in ports]): + if daemon_type == 'mgr': + # non-fatal for mgr when we are in mgr_standby_modules=false, but we can't + # tell whether that is the case here. + logger.warning( + f"ceph-mgr TCP port(s) {','.join(map(str, ports))} already in use" + ) + else: + raise Error("TCP Port(s) '{}' required for {} already in use".format(','.join(map(str, ports)), daemon_type)) data_dir = get_data_dir(fsid, ctx.data_dir, daemon_type, daemon_id) if reconfig and not os.path.exists(data_dir): @@ -6187,13 +6190,14 @@ def command_deploy(ctx): if daemon_type not in get_supported_daemons(): raise Error('daemon type %s not recognized' % daemon_type) + reconfig = ctx.reconfig redeploy = False unit_name = get_unit_name(ctx.fsid, daemon_type, daemon_id) (_, state, _) = check_unit(ctx, unit_name) if state == 'running' or is_container_running(ctx, CephContainer.for_daemon(ctx, ctx.fsid, daemon_type, daemon_id, 'bash')): redeploy = True - if ctx.reconfig: + if reconfig: logger.info('%s daemon %s ...' % ('Reconfig', ctx.name)) elif redeploy: logger.info('%s daemon %s ...' % ('Redeploy', ctx.name)) @@ -6206,11 +6210,8 @@ def command_deploy(ctx): # Get and check ports explicitly required to be opened daemon_ports = [] # type: List[int] - # only check port in use if not reconfig or redeploy since service - # we are redeploying/reconfiguring will already be using the port - if not ctx.reconfig and not redeploy: - if ctx.tcp_ports: - daemon_ports = list(map(int, ctx.tcp_ports.split())) + if ctx.tcp_ports: + daemon_ports = list(map(int, ctx.tcp_ports.split())) if daemon_type in Ceph.daemons: config, keyring = get_config_and_keyring(ctx) @@ -6235,7 +6236,8 @@ def command_deploy(ctx): deploy_daemon(ctx, ctx.fsid, daemon_type, daemon_id, c, uid, gid, config=config, keyring=keyring, osd_fsid=ctx.osd_fsid, - reconfig=ctx.reconfig, + reconfig=reconfig, + redeploy=redeploy, ports=daemon_ports) elif daemon_type in Monitoring.components: @@ -6257,11 +6259,12 @@ def command_deploy(ctx): uid, gid = extract_uid_gid_monitoring(ctx, daemon_type) c = get_deployment_container(ctx, ctx.fsid, daemon_type, daemon_id) deploy_daemon(ctx, ctx.fsid, daemon_type, daemon_id, c, uid, gid, - reconfig=ctx.reconfig, + reconfig=reconfig, + redeploy=redeploy, ports=daemon_ports) elif daemon_type == NFSGanesha.daemon_type: - if not ctx.reconfig and not redeploy and not daemon_ports: + if not reconfig and not redeploy and not daemon_ports: daemon_ports = list(NFSGanesha.port_map.values()) config, keyring = get_config_and_keyring(ctx) @@ -6270,7 +6273,8 @@ def command_deploy(ctx): c = get_deployment_container(ctx, ctx.fsid, daemon_type, daemon_id) deploy_daemon(ctx, ctx.fsid, daemon_type, daemon_id, c, uid, gid, config=config, keyring=keyring, - reconfig=ctx.reconfig, + reconfig=reconfig, + redeploy=redeploy, ports=daemon_ports) elif daemon_type == CephIscsi.daemon_type: @@ -6279,20 +6283,23 @@ def command_deploy(ctx): c = get_deployment_container(ctx, ctx.fsid, daemon_type, daemon_id) deploy_daemon(ctx, ctx.fsid, daemon_type, daemon_id, c, uid, gid, config=config, keyring=keyring, - reconfig=ctx.reconfig, + reconfig=reconfig, + redeploy=redeploy, ports=daemon_ports) elif daemon_type in Tracing.components: uid, gid = 65534, 65534 c = get_container(ctx, ctx.fsid, daemon_type, daemon_id) deploy_daemon(ctx, ctx.fsid, daemon_type, daemon_id, c, uid, gid, - reconfig=ctx.reconfig, + reconfig=reconfig, + redeploy=redeploy, ports=daemon_ports) elif daemon_type == HAproxy.daemon_type: haproxy = HAproxy.init(ctx, ctx.fsid, daemon_id) uid, gid = haproxy.extract_uid_gid_haproxy() c = get_deployment_container(ctx, ctx.fsid, daemon_type, daemon_id) deploy_daemon(ctx, ctx.fsid, daemon_type, daemon_id, c, uid, gid, - reconfig=ctx.reconfig, + reconfig=reconfig, + redeploy=redeploy, ports=daemon_ports) elif daemon_type == Keepalived.daemon_type: @@ -6300,33 +6307,39 @@ def command_deploy(ctx): uid, gid = keepalived.extract_uid_gid_keepalived() c = get_deployment_container(ctx, ctx.fsid, daemon_type, daemon_id) deploy_daemon(ctx, ctx.fsid, daemon_type, daemon_id, c, uid, gid, - reconfig=ctx.reconfig, + reconfig=reconfig, + redeploy=redeploy, ports=daemon_ports) elif daemon_type == CustomContainer.daemon_type: cc = CustomContainer.init(ctx, ctx.fsid, daemon_id) - if not ctx.reconfig and not redeploy: + if not reconfig and not redeploy: daemon_ports.extend(cc.ports) c = get_deployment_container(ctx, ctx.fsid, daemon_type, daemon_id, privileged=cc.privileged, ptrace=ctx.allow_ptrace) deploy_daemon(ctx, ctx.fsid, daemon_type, daemon_id, c, uid=cc.uid, gid=cc.gid, config=None, - keyring=None, reconfig=ctx.reconfig, - ports=daemon_ports) + keyring=None, reconfig=reconfig, + redeploy=redeploy, ports=daemon_ports) elif daemon_type == CephadmAgent.daemon_type: # get current user gid and uid uid = os.getuid() gid = os.getgid() deploy_daemon(ctx, ctx.fsid, daemon_type, daemon_id, None, - uid, gid, ports=daemon_ports) + uid, gid, + reconfig=reconfig, + redeploy=redeploy, + ports=daemon_ports) elif daemon_type == SNMPGateway.daemon_type: sc = SNMPGateway.init(ctx, ctx.fsid, daemon_id) c = get_deployment_container(ctx, ctx.fsid, daemon_type, daemon_id) deploy_daemon(ctx, ctx.fsid, daemon_type, daemon_id, c, sc.uid, sc.gid, + reconfig=reconfig, + redeploy=redeploy, ports=daemon_ports) else: diff --git a/src/cephadm/tests/test_cephadm.py b/src/cephadm/tests/test_cephadm.py index ff6a5c9d4c96..4f174df51d48 100644 --- a/src/cephadm/tests/test_cephadm.py +++ b/src/cephadm/tests/test_cephadm.py @@ -325,6 +325,7 @@ class TestCephAdm(object): ctx.allow_ptrace = True ctx.config_json = '-' ctx.osd_fsid = '0' + ctx.tcp_ports = '3300 6789' _get_parm.return_value = { 'crush_location': 'database=a' }