Disable insecure global-id reclamation
Closes-Bug: #1929262 Change-Id: Id9f4cfdd70bab0090b66cbc8aeb258936cbf909e
This commit is contained in:
parent
dfbda68e1a
commit
a1d0518c80
|
@ -103,6 +103,7 @@ from utils import (
|
|||
mgr_enable_module,
|
||||
is_mgr_module_enabled,
|
||||
set_balancer_mode,
|
||||
try_disable_insecure_reclaim,
|
||||
)
|
||||
|
||||
from charmhelpers.contrib.charmsupport import nrpe
|
||||
|
@ -325,10 +326,9 @@ def config_changed():
|
|||
if cmp_pkgrevno('ceph', '12.0.0') >= 0:
|
||||
status_set('maintenance', 'Bootstrapping single Ceph MGR')
|
||||
ceph.bootstrap_manager()
|
||||
|
||||
try_disable_insecure_reclaim()
|
||||
for relid in relation_ids('dashboard'):
|
||||
dashboard_relation(relid)
|
||||
|
||||
# Update client relations
|
||||
notify_client()
|
||||
|
||||
|
@ -528,6 +528,8 @@ def attempt_mon_cluster_bootstrap():
|
|||
except subprocess.CalledProcessError:
|
||||
log("Failed to initialize autoscaler, it must be "
|
||||
"initialized on the last monitor", level='info')
|
||||
|
||||
try_disable_insecure_reclaim()
|
||||
# If we can and want to
|
||||
if is_leader() and config('customize-failure-domain'):
|
||||
# But only if the environment supports it
|
||||
|
|
|
@ -23,6 +23,7 @@ from charmhelpers.core.hookenv import (
|
|||
cached,
|
||||
config,
|
||||
goal_state,
|
||||
is_leader,
|
||||
log,
|
||||
network_get_primary_address,
|
||||
related_units,
|
||||
|
@ -296,6 +297,24 @@ def get_ceph_osd_releases():
|
|||
return list(ceph_osd_releases)
|
||||
|
||||
|
||||
def try_disable_insecure_reclaim():
|
||||
"""Disable insecure global-id reclaim on supported versions.
|
||||
|
||||
This function will disable insecure global-id reclaim on versions
|
||||
of ceph that are supported. Running this on a healthy cluster or
|
||||
a cluster that doesn't support the option won't have any effect.
|
||||
"""
|
||||
if is_leader():
|
||||
try:
|
||||
subprocess.check_call([
|
||||
'ceph', '--id', 'admin',
|
||||
'config', 'set', 'mon',
|
||||
'auth_allow_insecure_global_id_reclaim', 'false'])
|
||||
except subprocess.CalledProcessError as e:
|
||||
log("Could not disable insecure reclaim: {}".format(e),
|
||||
level='ERROR')
|
||||
|
||||
|
||||
def execute_post_osd_upgrade_steps(ceph_osd_release):
|
||||
"""Executes post-upgrade steps.
|
||||
|
||||
|
|
|
@ -32,6 +32,7 @@ TO_PATCH = [
|
|||
'relation_get',
|
||||
'relations_of_type',
|
||||
'status_set',
|
||||
'try_disable_insecure_reclaim',
|
||||
]
|
||||
|
||||
CHARM_CONFIG = {'config-flags': '',
|
||||
|
|
|
@ -388,3 +388,15 @@ class CephUtilsTestCase(test_utils.CharmTestCase):
|
|||
is_mgr_module_enabled.return_value = False
|
||||
utils.set_balancer_mode('upmap')
|
||||
check_call.assert_not_called()
|
||||
|
||||
@mock.patch.object(utils.subprocess, 'check_call')
|
||||
@mock.patch.object(utils, 'is_leader')
|
||||
def test_disable_insecure_reclaim(self,
|
||||
is_leader,
|
||||
check_call):
|
||||
is_leader.return_value = True
|
||||
utils.try_disable_insecure_reclaim()
|
||||
check_call.assert_called_once_with([
|
||||
'ceph', '--id', 'admin',
|
||||
'config', 'set', 'mon',
|
||||
'auth_allow_insecure_global_id_reclaim', 'false'])
|
||||
|
|
Loading…
Reference in New Issue