From a36dcdf9cfbc3ca012c5cb022e0d7dbcd95984f4 Mon Sep 17 00:00:00 2001
From: Alfredo Deza <adeza@redhat.com>
Date: Thu, 18 Jan 2018 16:37:00 -0500
Subject: [PATCH] ceph-volume util allow prepare module to work with encryption
 keys

Signed-off-by: Alfredo Deza <adeza@redhat.com>
---
 src/ceph-volume/ceph_volume/util/prepare.py | 31 +++++++++++++++------
 1 file changed, 22 insertions(+), 9 deletions(-)

diff --git a/src/ceph-volume/ceph_volume/util/prepare.py b/src/ceph-volume/ceph_volume/util/prepare.py
index 816f95196a0a6..ddd00e13c4320 100644
--- a/src/ceph-volume/ceph_volume/util/prepare.py
+++ b/src/ceph-volume/ceph_volume/util/prepare.py
@@ -13,25 +13,37 @@ logger = logging.getLogger(__name__)
 
 
 def create_key():
-    stdout, stderr, returncode = process.call(['ceph-authtool', '--gen-print-key'])
+    stdout, stderr, returncode = process.call(
+        ['ceph-authtool', '--gen-print-key'],
+        show_command=True)
     if returncode != 0:
         raise RuntimeError('Unable to generate a new auth key')
     return ' '.join(stdout).strip()
 
 
-def write_keyring(osd_id, secret):
-    # FIXME this only works for cephx, but there will be other types of secrets
-    # later
-    osd_keyring = '/var/lib/ceph/osd/%s-%s/keyring' % (conf.cluster, osd_id)
+def write_keyring(osd_id, secret, keyring_name='keyring', name=None):
+    """
+    Create a keyring file with the ``ceph-authtool`` utility. Constructs the
+    path over well-known conventions for the OSD, and allows any other custom
+    ``name`` to be set.
+
+    :param osd_id: The ID for the OSD to be used
+    :param secret: The key to be added as (as a string)
+    :param name: Defaults to 'osd.{ID}' but can be used to add other client
+                 names, specifically for 'lockbox' type of keys
+    :param keyring_name: Alternative keyring name, for supporting other
+                         types of keys like for lockbox
+    """
+    osd_keyring = '/var/lib/ceph/osd/%s-%s/%s' % (conf.cluster, osd_id, keyring_name)
+    name = name or 'osd.%s' % str(osd_id)
     process.run(
         [
             'ceph-authtool', osd_keyring,
             '--create-keyring',
-            '--name', 'osd.%s' % str(osd_id),
+            '--name', name,
             '--add-key', secret
         ])
     system.chown(osd_keyring)
-    # TODO: do the restorecon dance on the osd_keyring path
 
 
 def create_id(fsid, json_secrets):
@@ -50,7 +62,8 @@ def create_id(fsid, json_secrets):
             '-i', '-',
             'osd', 'new', fsid
         ],
-        stdin=json_secrets
+        stdin=json_secrets,
+        show_command=True
     )
     if returncode != 0:
         raise RuntimeError('Unable to create a new OSD id')
@@ -218,7 +231,7 @@ def osd_mkfs_bluestore(osd_id, fsid, keyring=None, wal=False, db=False):
 
     command = base_command + supplementary_command
 
-    process.call(command, stdin=keyring)
+    process.call(command, stdin=keyring, show_command=True)
 
 
 def osd_mkfs_filestore(osd_id, fsid):
-- 
2.39.5