From: Gil Bregman <gbregman@il.ibm.com>
Date: Mon, 25 Nov 2024 08:36:06 +0000 (+0200)
Subject: python-common/ceph/deployment: Add key encryption support to nvmeof configuration
X-Git-Tag: testing/wip-mchangir-testing-PR59936-main-debug~11^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=9701b4b157e6abad8119319d7c22861690b2a4f4;p=ceph-ci.git

python-common/ceph/deployment: Add key encryption support to nvmeof configuration
Fixes https://tracker.ceph.com/issues/69036

Signed-off-by: Gil Bregman <gbregman@il.ibm.com>
---

diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
index 103fd3a8e98..10e9f267940 100644
--- a/src/python-common/ceph/deployment/service_spec.py
+++ b/src/python-common/ceph/deployment/service_spec.py
@@ -1334,6 +1334,7 @@ class NvmeofServiceSpec(ServiceSpec):
                  state_update_notify: Optional[bool] = True,
                  state_update_interval_sec: Optional[int] = 5,
                  enable_spdk_discovery_controller: Optional[bool] = False,
+                 enable_key_encryption: Optional[bool] = True,
                  omap_file_lock_duration: Optional[int] = 20,
                  omap_file_lock_retries: Optional[int] = 30,
                  omap_file_lock_retry_sleep_interval: Optional[float] = 1.0,
@@ -1344,7 +1345,7 @@ class NvmeofServiceSpec(ServiceSpec):
                  allowed_consecutive_spdk_ping_failures: Optional[int] = 1,
                  spdk_ping_interval_in_seconds: Optional[float] = 2.0,
                  ping_spdk_under_lock: Optional[bool] = False,
-                 max_hosts_per_namespace: Optional[int] = 1,
+                 max_hosts_per_namespace: Optional[int] = 8,
                  max_namespaces_with_netmask: Optional[int] = 1000,
                  max_subsystems: Optional[int] = 128,
                  max_namespaces: Optional[int] = 1024,
@@ -1419,6 +1420,8 @@ class NvmeofServiceSpec(ServiceSpec):
         self.state_update_interval_sec = state_update_interval_sec
         #: ``enable_spdk_discovery_controller`` SPDK or ceph-nvmeof discovery service
         self.enable_spdk_discovery_controller = enable_spdk_discovery_controller
+        #: ``enable_key_encryption`` encrypt DHCHAP and PSK keys before saving in OMAP
+        self.enable_key_encryption = enable_key_encryption
         #: ``enable_prometheus_exporter`` enables Prometheus exporter
         self.enable_prometheus_exporter = enable_prometheus_exporter
         #: ``verify_nqns`` enables verification of subsystem and host NQNs for validity
@@ -1639,25 +1642,25 @@ class NvmeofServiceSpec(ServiceSpec):
         if (self.max_namespaces_with_netmask and self.max_namespaces_with_netmask < 0):
             raise SpecValidationError("Max namespaces with netmask can't be negative")
 
-        if type(self.max_subsystems) != int:
+        if not isinstance(self.max_subsystems, int):
             raise SpecValidationError("Max subsystems must be an integer")
 
         if self.max_subsystems <= 0:
             raise SpecValidationError("Max subsystems must be greater than zero")
 
-        if type(self.max_namespaces) != int:
+        if not isinstance(self.max_namespaces, int):
             raise SpecValidationError("Max namespaces must be an integer")
 
         if self.max_namespaces <= 0:
             raise SpecValidationError("Max namespaces must be greater than zero")
 
-        if type(self.max_namespaces_per_subsystem) != int:
+        if not isinstance(self.max_namespaces_per_subsystem, int):
             raise SpecValidationError("Max namespaces per subsystem must be an integer")
 
         if self.max_namespaces_per_subsystem <= 0:
             raise SpecValidationError("Max namespaces per subsystem must be greater than zero")
 
-        if type(self.max_hosts_per_subsystem) != int:
+        if not isinstance(self.max_hosts_per_subsystem, int):
             raise SpecValidationError("Max hosts per subsystem must be an integer")
 
         if self.max_hosts_per_subsystem <= 0: