From: John Spray Date: Sat, 23 Jul 2016 21:56:45 +0000 (+0100) Subject: ceph-create-keys: fix existing-but-different case X-Git-Tag: v10.2.4~72^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F11417%2Fhead;p=ceph.git ceph-create-keys: fix existing-but-different case We just have to refrain from calling get-or-create if the named key already exists, to avoid potentially having an error when the default creation args don't match the key as it has already been created, such as on certain upgrades. Fixes: http://tracker.ceph.com/issues/16255 Signed-off-by: John Spray (cherry picked from commit 278196d86c52b0be3cb9c17ed7f8f3e3502a217a) --- diff --git a/src/ceph-create-keys b/src/ceph-create-keys index f9cc2191d5ca..0e1884013ec2 100755 --- a/src/ceph-create-keys +++ b/src/ceph-create-keys @@ -92,24 +92,41 @@ def get_key(cluster, mon_id): os.fchmod(f.fileno(), 0600) os.fchown(f.fileno(), get_ceph_uid(), get_ceph_gid()) LOG.info('Talking to monitor...') - returncode = subprocess.call( - args=[ - 'ceph', + + args_prefix = [ + "ceph", '--cluster={cluster}'.format(cluster=cluster), '--name=mon.', '--keyring=/var/lib/ceph/mon/{cluster}-{mon_id}/keyring'.format( cluster=cluster, mon_id=mon_id, ), + ] + + # First try getting the key if it already exists, to handle + # the case where it exists but doesn't match the caps + # we would pass into get-or-create. + returncode = subprocess.call( + args=args_prefix + [ 'auth', - 'get-or-create', + 'get' 'client.admin', - 'mon', 'allow *', - 'osd', 'allow *', - 'mds', 'allow *', ], stdout=f, ) + if returncode == errno.ENOENT: + returncode = subprocess.call( + args=args_prefix + [ + 'auth', + 'get-or-create', + 'client.admin', + 'mon', 'allow *', + 'osd', 'allow *', + 'mds', 'allow *', + ], + stdout=f, + ) + if returncode != 0: if returncode == errno.EPERM or returncode == errno.EACCES: LOG.info('Cannot get or create admin key, permission denied')