From 013884acea2253d2001cbcbc635d52ca5f889e77 Mon Sep 17 00:00:00 2001 From: Adam King Date: Thu, 19 Nov 2020 18:49:25 -0500 Subject: [PATCH] mgr/cephadm: improve iscsi dashboard config updating iscsi config dashboard to match what was done with ceph ansible. This includes: - set iscsi api ssl verification to false when api_secure is set - using https rather than http in gateway url when spi_secure is set - default api_user and api_password to "admin" - convert hostname to ip address when creating gateway url Signed-off-by: Adam King (cherry picked from commit ba6d22b492400588de22b93189eee8818f647807) --- .../mgr/cephadm/services/cephadmservice.py | 1 - src/pybind/mgr/cephadm/services/iscsi.py | 34 +++++++++++++------ src/pybind/mgr/cephadm/utils.py | 8 +++++ .../ceph/deployment/service_spec.py | 12 +++---- 4 files changed, 37 insertions(+), 18 deletions(-) diff --git a/src/pybind/mgr/cephadm/services/cephadmservice.py b/src/pybind/mgr/cephadm/services/cephadmservice.py index ac7fd6efbedd2..1486c68fc185a 100644 --- a/src/pybind/mgr/cephadm/services/cephadmservice.py +++ b/src/pybind/mgr/cephadm/services/cephadmservice.py @@ -197,7 +197,6 @@ class CephadmService(metaclass=ABCMeta): cmd_dicts = get_set_cmd_dicts(out.strip()) for cmd_dict in list(cmd_dicts): try: - logger.info('Setting Dashboard config for %s: command: %s', service_name, cmd_dict) _, out, _ = self.mgr.check_mon_command(cmd_dict) except MonCommandFailed as e: logger.warning('Failed to set Dashboard config for %s: %s', service_name, e) diff --git a/src/pybind/mgr/cephadm/services/iscsi.py b/src/pybind/mgr/cephadm/services/iscsi.py index e68f8c96060b7..6454893d9425e 100644 --- a/src/pybind/mgr/cephadm/services/iscsi.py +++ b/src/pybind/mgr/cephadm/services/iscsi.py @@ -77,27 +77,39 @@ class IscsiService(CephService): def get_set_cmd_dicts(out: str) -> List[dict]: gateways = json.loads(out)['gateways'] cmd_dicts = [] + spec = cast(IscsiServiceSpec, + self.mgr.spec_store.specs.get(daemon_descrs[0].service_name(), None)) + if spec.api_secure and spec.ssl_cert and spec.ssl_key: + cmd_dicts.append({ + 'prefix': 'dashboard set-iscsi-api-ssl-verification', + 'value': "false" + }) + else: + cmd_dicts.append({ + 'prefix': 'dashboard set-iscsi-api-ssl-verification', + 'value': "true" + }) for dd in daemon_descrs: spec = cast(IscsiServiceSpec, self.mgr.spec_store.specs.get(dd.service_name(), None)) if not spec: logger.warning('No ServiceSpec found for %s', dd) continue - if not all([spec.api_user, spec.api_password]): - reason = 'api_user or api_password is not specified in ServiceSpec' - logger.warning( - 'Unable to add iSCSI gateway to the Dashboard for %s: %s', dd, reason) - continue - host = self._inventory_get_addr(dd.hostname) - service_url = 'http://{}:{}@{}:{}'.format( - spec.api_user, spec.api_password, host, spec.api_port or '5000') - gw = gateways.get(host) + ip = utils.resolve_ip(dd.hostname) + protocol = "http" + if spec.api_secure and spec.ssl_cert and spec.ssl_key: + protocol = "https" + service_url = '{}://{}:{}@{}:{}'.format( + protocol, spec.api_user or 'admin', spec.api_password or 'admin', ip, spec.api_port or '5000') + gw = gateways.get(dd.hostname) if not gw or gw['service_url'] != service_url: - logger.info('Adding iSCSI gateway %s to Dashboard', service_url) + safe_service_url = '{}://{}:{}@{}:{}'.format( + protocol, '', '', ip, spec.api_port or '5000') + logger.info('Adding iSCSI gateway %s to Dashboard', safe_service_url) cmd_dicts.append({ 'prefix': 'dashboard iscsi-gateway-add', 'service_url': service_url, - 'name': host + 'name': dd.hostname }) return cmd_dicts diff --git a/src/pybind/mgr/cephadm/utils.py b/src/pybind/mgr/cephadm/utils.py index 752031a5037e1..ac788039a1340 100644 --- a/src/pybind/mgr/cephadm/utils.py +++ b/src/pybind/mgr/cephadm/utils.py @@ -2,6 +2,7 @@ import logging import re import json import datetime +import socket from enum import Enum from functools import wraps from typing import Optional, Callable, TypeVar, List, NewType, TYPE_CHECKING, Any @@ -99,3 +100,10 @@ def str_to_datetime(input: str) -> datetime.datetime: def datetime_to_str(dt: datetime.datetime) -> str: return dt.strftime(DATEFMT) + + +def resolve_ip(hostname: str) -> str: + try: + return socket.getaddrinfo(hostname, None, flags=socket.AI_CANONNAME, type=socket.SOCK_STREAM)[0][4][0] + except socket.gaierror as e: + raise OrchestratorError(f"Cannot resolve ip for host {hostname}: {e}") diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py index f4c7e95c31beb..e7e2ee44cc845 100644 --- a/src/python-common/ceph/deployment/service_spec.py +++ b/src/python-common/ceph/deployment/service_spec.py @@ -735,12 +735,12 @@ class IscsiServiceSpec(ServiceSpec): if not self.pool: raise ServiceSpecValidationError( 'Cannot add ISCSI: No Pool specified') - if not self.api_user: - raise ServiceSpecValidationError( - 'Cannot add ISCSI: No Api user specified') - if not self.api_password: - raise ServiceSpecValidationError( - 'Cannot add ISCSI: No Api password specified') + + # Do not need to check for api_user and api_password as they + # now default to 'admin' when setting up the gateway url. Older + # iSCSI specs from before this change should be fine as they will + # have been required to have an api_user and api_password set and + # will be unaffected by the new default value. yaml.add_representer(IscsiServiceSpec, ServiceSpec.yaml_representer) -- 2.39.5