summaryrefslogtreecommitdiff
path: root/lib/ceph/utils.py
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ceph/utils.py')
-rw-r--r--lib/ceph/utils.py50
1 files changed, 46 insertions, 4 deletions
diff --git a/lib/ceph/utils.py b/lib/ceph/utils.py
index 5ff970b..6d039cd 100644
--- a/lib/ceph/utils.py
+++ b/lib/ceph/utils.py
@@ -1096,7 +1096,8 @@ def get_mds_bootstrap_key():
1096 1096
1097 1097
1098_default_caps = collections.OrderedDict([ 1098_default_caps = collections.OrderedDict([
1099 ('mon', ['allow r']), 1099 ('mon', ['allow r',
1100 'allow command "osd blacklist"']),
1100 ('osd', ['allow rwx']), 1101 ('osd', ['allow rwx']),
1101]) 1102])
1102 1103
@@ -1163,6 +1164,7 @@ def get_named_key(name, caps=None, pool_list=None):
1163 :param caps: dict of cephx capabilities 1164 :param caps: dict of cephx capabilities
1164 :returns: Returns a cephx key 1165 :returns: Returns a cephx key
1165 """ 1166 """
1167 key_name = 'client.{}'.format(name)
1166 try: 1168 try:
1167 # Does the key already exist? 1169 # Does the key already exist?
1168 output = str(subprocess.check_output( 1170 output = str(subprocess.check_output(
@@ -1177,8 +1179,14 @@ def get_named_key(name, caps=None, pool_list=None):
1177 ), 1179 ),
1178 'auth', 1180 'auth',
1179 'get', 1181 'get',
1180 'client.{}'.format(name), 1182 key_name,
1181 ]).decode('UTF-8')).strip() 1183 ]).decode('UTF-8')).strip()
1184 # NOTE(jamespage);
1185 # Apply any changes to key capabilities, dealing with
1186 # upgrades which requires new caps for operation.
1187 upgrade_key_caps(key_name,
1188 caps or _default_caps,
1189 pool_list)
1182 return parse_key(output) 1190 return parse_key(output)
1183 except subprocess.CalledProcessError: 1191 except subprocess.CalledProcessError:
1184 # Couldn't get the key, time to create it! 1192 # Couldn't get the key, time to create it!
@@ -1194,7 +1202,7 @@ def get_named_key(name, caps=None, pool_list=None):
1194 '/var/lib/ceph/mon/ceph-{}/keyring'.format( 1202 '/var/lib/ceph/mon/ceph-{}/keyring'.format(
1195 socket.gethostname() 1203 socket.gethostname()
1196 ), 1204 ),
1197 'auth', 'get-or-create', 'client.{}'.format(name), 1205 'auth', 'get-or-create', key_name,
1198 ] 1206 ]
1199 # Add capabilities 1207 # Add capabilities
1200 for subsystem, subcaps in caps.items(): 1208 for subsystem, subcaps in caps.items():
@@ -1213,7 +1221,7 @@ def get_named_key(name, caps=None, pool_list=None):
1213 .strip()) # IGNORE:E1103 1221 .strip()) # IGNORE:E1103
1214 1222
1215 1223
1216def upgrade_key_caps(key, caps): 1224def upgrade_key_caps(key, caps, pool_list=None):
1217 """ Upgrade key to have capabilities caps """ 1225 """ Upgrade key to have capabilities caps """
1218 if not is_leader(): 1226 if not is_leader():
1219 # Not the MON leader OR not clustered 1227 # Not the MON leader OR not clustered
@@ -1222,6 +1230,12 @@ def upgrade_key_caps(key, caps):
1222 "sudo", "-u", ceph_user(), 'ceph', 'auth', 'caps', key 1230 "sudo", "-u", ceph_user(), 'ceph', 'auth', 'caps', key
1223 ] 1231 ]
1224 for subsystem, subcaps in caps.items(): 1232 for subsystem, subcaps in caps.items():
1233 if subsystem == 'osd':
1234 if pool_list:
1235 # This will output a string similar to:
1236 # "pool=rgw pool=rbd pool=something"
1237 pools = " ".join(['pool={0}'.format(i) for i in pool_list])
1238 subcaps[0] = subcaps[0] + " " + pools
1225 cmd.extend([subsystem, '; '.join(subcaps)]) 1239 cmd.extend([subsystem, '; '.join(subcaps)])
1226 subprocess.check_call(cmd) 1240 subprocess.check_call(cmd)
1227 1241
@@ -1453,6 +1467,11 @@ def osdize_dev(dev, osd_format, osd_journal, ignore_errors=False,
1453 ' skipping.'.format(dev)) 1467 ' skipping.'.format(dev))
1454 return 1468 return
1455 1469
1470 if is_mapped_luks_device(dev):
1471 log('{} is a mapped LUKS device,'
1472 ' skipping.'.format(dev))
1473 return
1474
1456 if cmp_pkgrevno('ceph', '12.2.4') >= 0: 1475 if cmp_pkgrevno('ceph', '12.2.4') >= 0:
1457 cmd = _ceph_volume(dev, 1476 cmd = _ceph_volume(dev,
1458 osd_journal, 1477 osd_journal,
@@ -1664,6 +1683,29 @@ def is_active_bluestore_device(dev):
1664 return False 1683 return False
1665 1684
1666 1685
1686def is_luks_device(dev):
1687 """
1688 Determine if dev is a LUKS-formatted block device.
1689
1690 :param: dev: A full path to a block device to check for LUKS header
1691 presence
1692 :returns: boolean: indicates whether a device is used based on LUKS header.
1693 """
1694 return True if _luks_uuid(dev) else False
1695
1696
1697def is_mapped_luks_device(dev):
1698 """
1699 Determine if dev is a mapped LUKS device
1700 :param: dev: A full path to a block device to be checked
1701 :returns: boolean: indicates whether a device is mapped
1702 """
1703 _, dirs, _ = next(os.walk('/sys/class/block/{}/holders/'
1704 .format(os.path.basename(dev))))
1705 is_held = len(dirs) > 0
1706 return is_held and is_luks_device(dev)
1707
1708
1667def get_conf(variable): 1709def get_conf(variable):
1668 """ 1710 """
1669 Get the value of the given configuration variable from the 1711 Get the value of the given configuration variable from the