From: Sage Weil <sage@newdream.net>
Date: Fri, 26 Mar 2021 16:02:50 +0000 (-0400)
Subject: cephadm: set auth_allow_insecure_global_id_reclaim for mon on bootstrap
X-Git-Tag: v17.1.0~2258^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7ca74183226b1125b29f4ea8f324ae9e38b46795;p=ceph.git

cephadm: set auth_allow_insecure_global_id_reclaim for mon on bootstrap

If this is a fresh pacific cluster, let's assume that there won't be
legacy clients connecting.  (And if there are, let's put the burden on
the user to enable them to do so insecurely.)

This is in contrast to upgrades, where our focus is on not breaking
anything.

Signed-off-by: Sage Weil <sage@newdream.net>
---

diff --git a/qa/suites/rados/thrash-old-clients/ceph.yaml b/qa/suites/rados/thrash-old-clients/ceph.yaml
index 468b4af27d0f..016ce36da7fc 100644
--- a/qa/suites/rados/thrash-old-clients/ceph.yaml
+++ b/qa/suites/rados/thrash-old-clients/ceph.yaml
@@ -2,3 +2,6 @@
 verify_ceph_hash: false
 tasks:
 - cephadm:
+    conf:
+      mon:
+        auth allow insecure global id reclaim: true
diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm
index c9b7e7680449..042bb8ae1d2a 100755
--- a/src/cephadm/cephadm
+++ b/src/cephadm/cephadm
@@ -3786,8 +3786,15 @@ def prepare_bootstrap_config(
     if not cp.has_section('global'):
         cp.add_section('global')
     cp.set('global', 'fsid', fsid)
-    cp.set('global', 'mon host', mon_addr)
+    cp.set('global', 'mon_host', mon_addr)
     cp.set('global', 'container_image', image)
+    if not cp.has_section('mon'):
+        cp.add_section('mon')
+    if (
+            not cp.has_option('mon', 'auth_allow_insecure_global_id_reclaim')
+            and not cp.has_option('mon', 'auth allow insecure global id reclaim')
+    ):
+        cp.set('mon', 'auth_allow_insecure_global_id_reclaim', 'false')
     cpf = StringIO()
     cp.write(cpf)
     config = cpf.getvalue()