From 379a1fc4d794405edd4c34d9ac44c2c5621cfe58 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Fri, 2 Jul 2021 15:53:02 -0400 Subject: [PATCH] mgr/nfs: adjust cephfs export caps if necessary If we are importing an old export, we may find that the cephx user existed but with the wrong caps. Adjust caps in that case! Signed-off-by: Sage Weil --- src/pybind/mgr/nfs/export.py | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/src/pybind/mgr/nfs/export.py b/src/pybind/mgr/nfs/export.py index b61392950cf..aaf87662a49 100644 --- a/src/pybind/mgr/nfs/export.py +++ b/src/pybind/mgr/nfs/export.py @@ -462,14 +462,30 @@ class ExportMgr: osd_cap = 'allow rw pool={} namespace={}, allow rw tag cephfs data={}'.format( self.rados_pool, cluster_id, fs_name) access_type = 'r' if fs_ro else 'rw' + nfs_caps = [ + 'mon', 'allow r', + 'osd', osd_cap, + 'mds', 'allow {} path={}'.format(access_type, path) + ] - ret, out, err = self.mgr.check_mon_command({ + ret, out, err = self.mgr.mon_command({ 'prefix': 'auth get-or-create', 'entity': 'client.{}'.format(entity), - 'caps': ['mon', 'allow r', 'osd', osd_cap, 'mds', 'allow {} path={}'.format( - access_type, path)], + 'caps': nfs_caps, 'format': 'json', }) + if ret == -errno.EINVAL and 'does not match' in err: + ret, out, err = self.mgr.check_mon_command({ + 'prefix': 'auth caps', + 'entity': 'client.{}'.format(entity), + 'caps': nfs_caps, + 'format': 'json', + }) + ret, out, err = self.mgr.check_mon_command({ + 'prefix': 'auth get', + 'entity': 'client.{}'.format(entity), + 'format': 'json', + }) json_res = json.loads(out) log.info("Export user created is {}".format(json_res[0]['entity'])) -- 2.39.5