From: Sage Weil Date: Fri, 2 Jul 2021 19:53:02 +0000 (-0400) Subject: mgr/nfs: adjust cephfs export caps if necessary X-Git-Tag: v16.2.7~116^2~45 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e80b0b8e11e6be9ba125e796c4dde1b011374796;p=ceph.git mgr/nfs: adjust cephfs export caps if necessary If we are importing an old export, we may find that the cephx user existed but with the wrong caps. Adjust caps in that case! Signed-off-by: Sage Weil (cherry picked from commit 379a1fc4d794405edd4c34d9ac44c2c5621cfe58) --- diff --git a/src/pybind/mgr/nfs/export.py b/src/pybind/mgr/nfs/export.py index b61392950cfb..aaf87662a49b 100644 --- a/src/pybind/mgr/nfs/export.py +++ b/src/pybind/mgr/nfs/export.py @@ -462,14 +462,30 @@ class ExportMgr: osd_cap = 'allow rw pool={} namespace={}, allow rw tag cephfs data={}'.format( self.rados_pool, cluster_id, fs_name) access_type = 'r' if fs_ro else 'rw' + nfs_caps = [ + 'mon', 'allow r', + 'osd', osd_cap, + 'mds', 'allow {} path={}'.format(access_type, path) + ] - ret, out, err = self.mgr.check_mon_command({ + ret, out, err = self.mgr.mon_command({ 'prefix': 'auth get-or-create', 'entity': 'client.{}'.format(entity), - 'caps': ['mon', 'allow r', 'osd', osd_cap, 'mds', 'allow {} path={}'.format( - access_type, path)], + 'caps': nfs_caps, 'format': 'json', }) + if ret == -errno.EINVAL and 'does not match' in err: + ret, out, err = self.mgr.check_mon_command({ + 'prefix': 'auth caps', + 'entity': 'client.{}'.format(entity), + 'caps': nfs_caps, + 'format': 'json', + }) + ret, out, err = self.mgr.check_mon_command({ + 'prefix': 'auth get', + 'entity': 'client.{}'.format(entity), + 'format': 'json', + }) json_res = json.loads(out) log.info("Export user created is {}".format(json_res[0]['entity']))