From 744b04aea665142edbbc66f366924ecca49fe4db Mon Sep 17 00:00:00 2001
From: Gil Bregman <gbregman@il.ibm.com>
Date: Thu, 30 Jan 2025 13:33:51 +0200
Subject: [PATCH] mgr/cephadm/nvmeof: Add verify_listener_ip field to NVMeOF
 configuration and remove obsolete enable_key_encryption Fixes
 https://tracker.ceph.com/issues/69731

Signed-off-by: Gil Bregman <gbregman@il.ibm.com>
---
 .../cephadm/templates/services/nvmeof/ceph-nvmeof.conf.j2 | 2 +-
 src/pybind/mgr/cephadm/tests/test_services.py             | 2 +-
 src/python-common/ceph/deployment/service_spec.py         | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/pybind/mgr/cephadm/templates/services/nvmeof/ceph-nvmeof.conf.j2 b/src/pybind/mgr/cephadm/templates/services/nvmeof/ceph-nvmeof.conf.j2
index 2a9ab30956889..016ed312a1d64 100644
--- a/src/pybind/mgr/cephadm/templates/services/nvmeof/ceph-nvmeof.conf.j2
+++ b/src/pybind/mgr/cephadm/templates/services/nvmeof/ceph-nvmeof.conf.j2
@@ -8,7 +8,6 @@ enable_auth = {{ spec.enable_auth }}
 state_update_notify = {{ spec.state_update_notify }}
 state_update_interval_sec = {{ spec.state_update_interval_sec }}
 enable_spdk_discovery_controller = {{ spec.enable_spdk_discovery_controller }}
-enable_key_encryption = {{ spec.enable_key_encryption }}
 encryption_key = /encryption.key
 rebalance_period_sec = {{ spec.rebalance_period_sec }}
 max_gws_in_grp = {{ spec.max_gws_in_grp }}
@@ -19,6 +18,7 @@ prometheus_port = {{ spec.prometheus_port }}
 prometheus_stats_interval = {{ spec.prometheus_stats_interval }}
 verify_nqns = {{ spec.verify_nqns }}
 verify_keys = {{ spec.verify_keys }}
+verify_listener_ip = {{ spec.verify_listener_ip }}
 omap_file_lock_duration = {{ spec.omap_file_lock_duration }}
 omap_file_lock_retries = {{ spec.omap_file_lock_retries }}
 omap_file_lock_retry_sleep_interval = {{ spec.omap_file_lock_retry_sleep_interval }}
diff --git a/src/pybind/mgr/cephadm/tests/test_services.py b/src/pybind/mgr/cephadm/tests/test_services.py
index 36c2121e29a43..7ba5dbb6be9a3 100644
--- a/src/pybind/mgr/cephadm/tests/test_services.py
+++ b/src/pybind/mgr/cephadm/tests/test_services.py
@@ -398,7 +398,6 @@ enable_auth = False
 state_update_notify = True
 state_update_interval_sec = 5
 enable_spdk_discovery_controller = False
-enable_key_encryption = True
 encryption_key = /encryption.key
 rebalance_period_sec = 7
 max_gws_in_grp = 16
@@ -409,6 +408,7 @@ prometheus_port = 10008
 prometheus_stats_interval = 10
 verify_nqns = True
 verify_keys = True
+verify_listener_ip = True
 omap_file_lock_duration = 20
 omap_file_lock_retries = 30
 omap_file_lock_retry_sleep_interval = 1.0
diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
index 61eddbed5c2ec..140871b20611f 100644
--- a/src/python-common/ceph/deployment/service_spec.py
+++ b/src/python-common/ceph/deployment/service_spec.py
@@ -1340,7 +1340,6 @@ class NvmeofServiceSpec(ServiceSpec):
                  state_update_notify: Optional[bool] = True,
                  state_update_interval_sec: Optional[int] = 5,
                  enable_spdk_discovery_controller: Optional[bool] = False,
-                 enable_key_encryption: Optional[bool] = True,
                  encryption_key: Optional[str] = None,
                  rebalance_period_sec: Optional[int] = 7,
                  max_gws_in_grp: Optional[int] = 16,
@@ -1355,6 +1354,7 @@ class NvmeofServiceSpec(ServiceSpec):
                  bdevs_per_cluster: Optional[int] = 32,
                  verify_nqns: Optional[bool] = True,
                  verify_keys: Optional[bool] = True,
+                 verify_listener_ip: Optional[bool] = True,
                  allowed_consecutive_spdk_ping_failures: Optional[int] = 1,
                  spdk_ping_interval_in_seconds: Optional[float] = 2.0,
                  ping_spdk_under_lock: Optional[bool] = False,
@@ -1437,8 +1437,6 @@ class NvmeofServiceSpec(ServiceSpec):
         self.state_update_interval_sec = state_update_interval_sec
         #: ``enable_spdk_discovery_controller`` SPDK or ceph-nvmeof discovery service
         self.enable_spdk_discovery_controller = enable_spdk_discovery_controller
-        #: ``enable_key_encryption`` encrypt DHCHAP and PSK keys before saving in OMAP
-        self.enable_key_encryption = enable_key_encryption
         #: ``encryption_key`` gateway encryption key
         self.encryption_key = encryption_key
         #: ``rebalance_period_sec`` number of seconds between cycles of auto namesapce rebalancing
@@ -1457,6 +1455,8 @@ class NvmeofServiceSpec(ServiceSpec):
         self.verify_nqns = verify_nqns
         #: ``verify_keys`` enables verification of PSJ and DHCHAP keys in the gateway
         self.verify_keys = verify_keys
+        #: ``verify_listener_ip`` enables verification of listener IP address
+        self.verify_listener_ip = verify_listener_ip
         #: ``omap_file_lock_duration`` number of seconds before automatically unlock OMAP file lock
         self.omap_file_lock_duration = omap_file_lock_duration
         #: ``omap_file_lock_retries`` number of retries to lock OMAP file before giving up
@@ -1628,10 +1628,10 @@ class NvmeofServiceSpec(ServiceSpec):
         verify_non_negative_int(self.prometheus_stats_interval, "Prometheus stats interval")
         verify_boolean(self.state_update_notify, "State update notify")
         verify_boolean(self.enable_spdk_discovery_controller, "Enable SPDK discovery controller")
-        verify_boolean(self.enable_key_encryption, "Enable key encryption")
         verify_boolean(self.enable_prometheus_exporter, "Enable Prometheus exporter")
         verify_boolean(self.verify_nqns, "Verify NQNs")
         verify_boolean(self.verify_keys, "Verify Keys")
+        verify_boolean(self.verify_listener_ip, "Verify listener IP address")
         verify_boolean(self.log_files_enabled, "Log files enabled")
         verify_boolean(self.log_files_rotation_enabled, "Log files rotation enabled")
         verify_boolean(self.verbose_log_messages, "Verbose log messages")
-- 
2.39.5