From 4c8a313443f8713189b9139ffada978639363ebd Mon Sep 17 00:00:00 2001
From: Loic Dachary <loic@dachary.org>
Date: Sun, 29 Dec 2013 12:57:45 +0100
Subject: [PATCH] mon: implement --key for --mkfs

Allow --key to be used as an alternative to --keyring when ceph-mon
--mkfs runs. The key is wrapped inline into

     [mon.]
	key = AQDUS79S0AF9FRAA2cgRLFscVce0gROn/s9WMg==
	caps mon = "allow *"

and parsed with KeyRing::decode_plaintext which is made public.

Signed-off-by: Loic Dachary <loic@dachary.org>
---
 src/auth/KeyRing.h |  2 +-
 src/mon/Monitor.cc | 30 +++++++++++++++++++++++-------
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/src/auth/KeyRing.h b/src/auth/KeyRing.h
index 6b041ab37ce3..b69921c65002 100644
--- a/src/auth/KeyRing.h
+++ b/src/auth/KeyRing.h
@@ -25,8 +25,8 @@ class KeyRing : public KeyStore {
   map<EntityName, EntityAuth> keys;
 
   int set_modifier(const char *type, const char *val, EntityName& name, map<string, bufferlist>& caps);
-  void decode_plaintext(bufferlist::iterator& bl);
 public:
+  void decode_plaintext(bufferlist::iterator& bl);
   /* Create a KeyRing from a Ceph context.
    * We will use the configuration stored inside the context. */
   int from_ceph_context(CephContext *cct);
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 470df593e79b..4d583a0b8a37 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3791,13 +3791,29 @@ int Monitor::mkfs(bufferlist& osdmapbl)
     string keyring_filename;
     if (!ceph_resolve_file_search(g_conf->keyring, keyring_filename)) {
       derr << "unable to find a keyring file on " << g_conf->keyring << dendl;
-      return -ENOENT;
-    }
-
-    r = keyring.load(g_ceph_context, keyring_filename);
-    if (r < 0) {
-      derr << "unable to load initial keyring " << g_conf->keyring << dendl;
-      return r;
+      if (g_conf->key != "") {
+	string keyring_plaintext = "[mon.]\n\tkey = " + g_conf->key +
+	  "\n\tcaps mon = \"allow *\"\n";
+	bufferlist bl;
+	bl.append(keyring_plaintext);
+	try {
+	  bufferlist::iterator i = bl.begin();
+	  keyring.decode_plaintext(i);
+	}
+	catch (const buffer::error& e) {
+	  derr << "error decoding keyring " << keyring_plaintext
+	       << ": " << e.what() << dendl;
+	  return -EINVAL;
+	}
+      } else {
+	return -ENOENT;
+      }
+    } else {
+      r = keyring.load(g_ceph_context, keyring_filename);
+      if (r < 0) {
+	derr << "unable to load initial keyring " << g_conf->keyring << dendl;
+	return r;
+      }
     }
 
     // put mon. key in external keyring; seed with everything else.
-- 
2.47.3