From: John Mulligan <jmulligan@redhat.com>
Date: Fri, 11 Apr 2025 17:02:15 +0000 (-0400)
Subject: mgr/cephadm: do not delete smb fs cephx keys
X-Git-Tag: v20.3.0~60^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=d72f1512bc6c97ceb0f7a8c35fe405ca658081df;p=ceph.git

mgr/cephadm: do not delete smb fs cephx keys

This change effectively disables fencing for the smb service because
the previous attempt to implement fencing would destroy the only
cephx key. Deleting this key would prevent any smb service part of
the logical cluster from talking to cephfs, even ones that were not
to be fenced.

The whole concept of fencing and ranks needs a bit of a rethink in
regards to smb. For now, we're just going to rely on ctdb and not
cephadm for smb's HA.

Fixes: 60300360cc500091e9dadf929d00bb72afad033c
Signed-off-by: John Mulligan <jmulligan@redhat.com>
---

diff --git a/src/pybind/mgr/cephadm/services/smb.py b/src/pybind/mgr/cephadm/services/smb.py
index 6b5b132cd0f6..0b8c8cf569f9 100644
--- a/src/pybind/mgr/cephadm/services/smb.py
+++ b/src/pybind/mgr/cephadm/services/smb.py
@@ -34,11 +34,9 @@ class SMBService(CephService):
         return 'clustered' in smb_spec.features
 
     def fence(self, daemon_id: str) -> None:
-        logger.info(f'Fencing old smb.{daemon_id}')
-        ret, out, err = self.mgr.mon_command({
-            'prefix': 'auth rm',
-            'entity': f'client.smb.fs.cluster.{daemon_id}',
-        })
+        # ... but fencing still wont do anything real, because we
+        # do not have per-service keys. but logging is fun
+        logger.debug('Will not fence key for smb cluster %r', daemon_id)
 
     def fence_old_ranks(
         self,
@@ -47,11 +45,11 @@ class SMBService(CephService):
         num_ranks: int,
     ) -> None:
         smb_spec = cast(SMBSpec, spec)
+        logger.info('Fencing called for smb.%s', smb_spec.cluster_id)
         for rank, m in list(rank_map.items()):
             if rank >= num_ranks:
                 for daemon_id in m.values():
                     if daemon_id is not None:
-                        logger.info(f'Fencing old smb.{smb_spec.cluster_id}')
                         self.fence(smb_spec.cluster_id)
                 del rank_map[rank]
                 self.mgr.spec_store.save_rank_map(spec.service_name(), rank_map)
@@ -60,7 +58,6 @@ class SMBService(CephService):
                 for gen, daemon_id in list(m.items()):
                     if gen < max_gen:
                         if daemon_id is not None:
-                            logger.info(f'Fencing old smb.{smb_spec.cluster_id}')
                             self.fence(smb_spec.cluster_id)
                         del rank_map[rank][gen]
                         self.mgr.spec_store.save_rank_map(spec.service_name(), rank_map)