From: Sage Weil <sage.weil@dreamhost.com>
Date: Wed, 18 May 2011 01:46:38 +0000 (-0700)
Subject: osd: add --mkkey mkfs option
X-Git-Tag: v0.28~7
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=bfca7ac58b214b06c39fa5d86a2a85d3dfa27c25;p=ceph.git

osd: add --mkkey mkfs option

Optionally generate a new key as part of the mkfs step.  This makes life
a bit easier for the admin.

Signed-off-by: Sage Weil <sage.weil@dreamhost.com>
---

diff --git a/src/cosd.cc b/src/cosd.cc
index f3a1d106bcff0..4cea4ea0cc9e1 100644
--- a/src/cosd.cc
+++ b/src/cosd.cc
@@ -63,6 +63,7 @@ int main(int argc, const char **argv)
   // osd specific args
   bool mkfs = false;
   bool mkjournal = false;
+  bool mkkey = false;
   bool flushjournal = false;
   char *dump_pg_log = 0;
   FOR_EACH_ARG(args) {
@@ -70,6 +71,8 @@ int main(int argc, const char **argv)
       mkfs = true;
     } else if (CEPH_ARGPARSE_EQ("mkjournal", '\0')) {
       mkjournal = true;
+    } else if (CEPH_ARGPARSE_EQ("mkkey", '\0')) {
+      mkkey = true;
     } else if (CEPH_ARGPARSE_EQ("flush-journal", '\0')) {
       flushjournal = true;
     } else if (CEPH_ARGPARSE_EQ("dump-pg-log", '\0')) {
@@ -140,8 +143,23 @@ int main(int argc, const char **argv)
     if (!g_conf.osd_journal.empty())
       *_dout << " journal " << g_conf.osd_journal;
     *_dout << " for osd" << whoami << " fsid " << mc.monmap.fsid << dendl;
-    exit(0);
   }
+  if (mkkey) {
+    EntityName ename(g_conf.name);
+    EntityAuth eauth;
+    eauth.key.create(CEPH_CRYPTO_AES);
+    g_keyring.add(ename, eauth);
+    bufferlist bl;
+    ::encode(g_keyring, bl);
+    int r = bl.write_file(g_conf.keyring.c_str(), 0600);
+    if (r)
+      derr << TEXT_RED << " ** ERROR: writing new keyring to " << g_conf.keyring
+	   << ": " << cpp_strerror(r) << TEXT_NORMAL << dendl;
+    else
+      derr << "created new key in keyring " << g_conf.keyring << dendl;
+  }
+  if (mkfs || mkkey)
+    exit(0);
   if (mkjournal) {
     int err = OSD::mkjournal(g_conf.osd_data, g_conf.osd_journal);
     if (err < 0) {
diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index c618d3759021f..b53ed01cfd939 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -581,6 +581,11 @@ bool AuthMonitor::prepare_command(MMonCommand *m)
         goto done;
       }
       auth_inc.op = KeyServerData::AUTH_INC_ADD;
+
+      // suck in any caps too
+      for (unsigned i=3; i+1<m->cmd.size(); i += 2)
+	::encode(m->cmd[i+1], auth_inc.auth.caps[m->cmd[i]]);
+
       dout(10) << " importing " << auth_inc.name << " " << auth_inc.auth << dendl;
       push_cephx_inc(auth_inc);
 
@@ -604,7 +609,7 @@ bool AuthMonitor::prepare_command(MMonCommand *m)
       mon->key_server.get_auth(auth_inc.name, auth_inc.auth);
 
       map<string,bufferlist> newcaps;
-      for (unsigned i=3; i+1<m->cmd.size(); i++)
+      for (unsigned i=3; i+1<m->cmd.size(); i += 2)
 	::encode(m->cmd[i+1], newcaps[m->cmd[i]]);
 
       auth_inc.op = KeyServerData::AUTH_INC_ADD;
diff --git a/src/vstart.sh b/src/vstart.sh
index b5b6ba4935c7c..845c5fc1ec360 100755
--- a/src/vstart.sh
+++ b/src/vstart.sh
@@ -367,18 +367,14 @@ EOF
 EOF
 	    fi
 	    echo mkfs osd$osd
-	    cmd="$SUDO $CEPH_BIN/cosd -i $osd $ARGS --mkfs"
+	    cmd="$SUDO $CEPH_BIN/cosd -i $osd $ARGS --mkfs --mkkey"
 	    echo $cmd
 	    $cmd
 
 	    if [ "$cephx" -eq 1 ]; then
 		key_fn=dev/osd$osd/keyring
-		$SUDO $CEPH_BIN/cauthtool --create-keyring --gen-key --name=osd.$osd \
-		    --cap mon 'allow *' \
-		    --cap osd 'allow *' \
-		    $key_fn
 		echo adding osd$osd key to auth repository
-		$SUDO $CEPH_ADM -i $key_fn auth add osd.$osd
+		$SUDO $CEPH_ADM -i $key_fn auth add osd.$osd osd "allow *" mon "allow rwx"
 	    fi
 	fi
 	echo start osd$osd