Implement key rotation for RadosGW daemons
This patchset implements the needed functionality on the ceph-mon charm to rotate the key of a specified RadosGW daemon. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1195 Change-Id: I6dbbf6ca1292a34f5d3b4ff8f2966c8b77f53f48
This commit is contained in:
parent
0572504230
commit
446d17f625
|
@ -194,6 +194,11 @@ class CephMonCharm(ops_openstack.core.OSBaseCharm):
|
|||
for relation in self.model.relations['admin']:
|
||||
hooks.admin_relation_joined(str(relation.id))
|
||||
|
||||
def on_rotate_key_action(self, event):
|
||||
ops_actions.rotate_key.rotate_key(
|
||||
event, self.framework.model
|
||||
)
|
||||
|
||||
def __init__(self, *args):
|
||||
super().__init__(*args)
|
||||
self._stored.is_started = True
|
||||
|
@ -231,7 +236,7 @@ class CephMonCharm(ops_openstack.core.OSBaseCharm):
|
|||
self._observe_action(self.on.list_entities_action,
|
||||
ops_actions.list_entities.list_entities)
|
||||
self._observe_action(self.on.rotate_key_action,
|
||||
ops_actions.rotate_key.rotate_key)
|
||||
self.on_rotate_key_action)
|
||||
|
||||
fw.observe(self.on.install, self.on_install)
|
||||
fw.observe(self.on.config_changed, self.on_config)
|
||||
|
|
|
@ -75,7 +75,31 @@ def _restart_daemon(entity, event):
|
|||
raise
|
||||
|
||||
|
||||
def rotate_key(event) -> None:
|
||||
def _handle_rgw_key_rotation(entity, event, model):
|
||||
rgw_name = entity[7:] # Skip 'client.'
|
||||
relations = model.relations.get('radosgw')
|
||||
if not relations:
|
||||
event.fail('No RadosGW relations found')
|
||||
return
|
||||
|
||||
for relation in relations:
|
||||
for unit in relation.units:
|
||||
try:
|
||||
data = relation.data
|
||||
if data[unit]["key_name"] != rgw_name:
|
||||
continue
|
||||
except KeyError:
|
||||
logger.exception('key name not found in relation data bag')
|
||||
continue
|
||||
|
||||
data[model.unit][rgw_name + "_key"] = _create_key(entity, event)
|
||||
event.set_results({"message": "success"})
|
||||
return
|
||||
|
||||
event.fail("Entity %s not found" % entity)
|
||||
|
||||
|
||||
def rotate_key(event, model=None) -> None:
|
||||
"""Rotate the key of the specified entity."""
|
||||
entity = event.params.get("entity")
|
||||
if entity.startswith("mgr"):
|
||||
|
@ -99,5 +123,7 @@ def rotate_key(event) -> None:
|
|||
_replace_keyring_file(path, entity, key, event)
|
||||
_restart_daemon("ceph-mgr@%s.service" % entity[4:], event)
|
||||
event.set_results({"message": "success"})
|
||||
elif entity.startswith('client.rgw.'):
|
||||
_handle_rgw_key_rotation(entity, event, model)
|
||||
else:
|
||||
event.fail("Unknown entity: %s" % entity)
|
||||
|
|
Loading…
Reference in New Issue