From: Sage Weil Date: Thu, 4 Feb 2010 00:39:54 +0000 (-0800) Subject: mkcephfs: generate cephx keys during mkfs X-Git-Tag: v0.19~104 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ba515fe62aac34e36d95b84a53a2302249f238dc;p=ceph.git mkcephfs: generate cephx keys during mkfs --- diff --git a/src/mkcephfs.in b/src/mkcephfs.in index 1e91d1889225..01b170b6c5fe 100644 --- a/src/mkcephfs.in +++ b/src/mkcephfs.in @@ -18,7 +18,7 @@ else fi usage_exit() { - echo "usage: $0 [--allhosts] [-c ceph.conf] [--clobber_old_data] [--mkbtrfs]" + echo "usage: $0 [--allhosts] [-c ceph.conf] [--clobber_old_data] [--mkbtrfs] [-k adminkeyring]" exit } @@ -32,6 +32,7 @@ numosd= usecrushmapsrc= usecrushmap= verbose=0 +adminkeyring="" while [ $# -ge 1 ]; do case $1 in @@ -67,6 +68,11 @@ case $1 in shift usecrushmap=$1 ;; + -k) + [ "$2" = "" ] && usage_exit + shift + adminkeyring=$1 + ;; *) echo unrecognized option \'$1\' usage_exit @@ -118,8 +124,57 @@ if echo $what | grep -q mon0 ; then echo Importing crush map from $crushmap $BINDIR/osdmaptool --clobber --import-crush $crushmap $osdmap fi + + # admin keyring + [ -z "$adminkeyring" ] && adminkeyring="/tmp/admin.keyring.$$" + echo Building admin keyring at $adminkeyring + cat < /tmp/admin_caps.$$ +; generated by mkcephfs on `date` + mon = "allow rwx" + osd = "allow rwx" + mds = "allow" +EOF + [ -e "$monkeyring" ] && rm -f $monkeyring + $BINDIR/authtool --create-keyring --gen-key --name=client.admin --caps=/tmp/admin_caps.$$ $adminkeyring + rm /tmp/admin_caps.$$ + + # mon keyring (for monitor) + echo Building monitor keyring with all service keys + monkeyring="/tmp/monkeyring.$$" + $BINDIR/authtool --create-keyring --gen-key --name=mon. $monkeyring + + $BINDIR/authtool --import-keyring $adminkeyring $monkeyring + + cat < /tmp/osd.caps.$$ +; generated by mkcephfs on `date` + mon = "allow rwx" + osd = "allow rwx" +EOF + cat < /tmp/mds.caps.$$ +; generated by mkcephfs on `date` + mon = "allow rwx" + osd = "allow rwx" + mds = "allow" +EOF + + for name in $what; do + type=`echo $name | cut -c 1-3` # e.g. 'mon', if $name is 'mon1' + id=`echo $name | cut -c 4- | sed 's/\\.//'` + + if [ "$type" = "osd" ]; then + $BINDIR/authtool --create-keyring --gen-key --name=osd.$id --caps=/tmp/osd.caps.$$ /tmp/keyring.osd.$id + $BINDIR/authtool --import-keyring /tmp/keyring.osd.$id $monkeyring + fi + if [ "$type" = "mds" ]; then + $BINDIR/authtool --create-keyring --gen-key --name=mds.$id --caps=/tmp/mds.caps.$$ /tmp/keyring.mds.$id + $BINDIR/authtool --import-keyring /tmp/keyring.mds.$id $monkeyring + fi + done + + tmpkeyring="/tmp/keyring.$$" fi + # create monitors, osds for name in $what; do type=`echo $name | cut -c 1-3` # e.g. 'mon', if $name is 'mon1' @@ -135,12 +190,18 @@ for name in $what; do fi if [ "$type" = "mon" ]; then + if [ -n "$ssh" ]; then + scp -q $monkeyring $host:$tmpkeyring + else + cp $monkeyring $tmpkeyring + fi get_conf mon_data "" "mon data" - do_cmd "$BINDIR/mkmonfs $clobber --mon-data $mon_data -i $num --monmap $monmap --osdmap $osdmap" + do_cmd "$BINDIR/mkmonfs $clobber --mon-data $mon_data -i $num --monmap $monmap --osdmap $osdmap -k $tmpkeyring ; rm $tmpkeyring" fi if [ "$type" = "osd" ]; then get_conf osd_data "" "osd data" + get_conf keyring "" "keyring" get_conf btrfs_path "$osd_data" "btrfs path" # mount point defaults so osd data get_conf btrfs_devs "" "btrfs devs" first_dev=`echo $btrfs_devs | cut '-d ' -f 1` @@ -154,13 +215,32 @@ for name in $what; do do_root_cmd "umount $btrfs_path ; for f in $btrfs_devs ; do umount \$f ; done ; modprobe btrfs ; mkfs.btrfs $btrfs_devs ; modprobe btrfs ; btrfsctl -a ; mount -t btrfs $btrfs_opt $first_dev $btrfs_path ; chown $osd_user $btrfs_path ; chmod +w $btrfs_path " fi + if [ -n "$keyring" ]; then + if [ -n "$ssh" ]; then + scp -qv /tmp/keyring.osd.$id $host:$keyring + else + cp -v /tmp/keyring.osd.$id $keyring + fi + fi + rm /tmp/keyring.osd.$id + [ -n "$ssh" ] && scp $monmap $host:$monmap do_cmd "$BINDIR/cosd -c $conf --monmap $monmap -i $num --mkfs --osd-data $osd_data" fi if [ "$type" = "mds" ]; then - # do nothing + get_conf keyring "" "keyring" + if [ -n "$keyring" ]; then + if [ -n "$ssh" ]; then + scp -qv /tmp/keyring.mds.$id $host:$keyring + else + cp -v /tmp/keyring.mds.$id $keyring + fi + fi + rm /tmp/keyring.mds.$id echo fi done + +rm $monkeyring \ No newline at end of file diff --git a/src/vstart.sh b/src/vstart.sh index ff6fa328556f..b834a88e7e7d 100755 --- a/src/vstart.sh +++ b/src/vstart.sh @@ -329,7 +329,7 @@ if [ "$start_osd" -eq 1 ]; then osd journal size = 100 EOF [ "$cephx" -eq 1 ] && cat <> $conf - keyring = dev/osd$osd/osd$osd.keyring + keyring = dev/osd$osd/keyring.bin EOF fi echo mkfs osd$osd @@ -338,7 +338,7 @@ EOF $cmd if [ "$cephx" -eq 1 ]; then - key_fn=dev/osd$osd/osd$osd.keyring + key_fn=dev/osd$osd/keyring.bin if [ $overwrite_conf -eq 1 ]; then cat < $osd_caps ; generated by vstart.sh on `date`