Only upgrade keys for internal clients
When fetching ceph keys, they are upgraded if it's deemed necessary to fix bug #1968369. This worked for internal ceph entities such as RBD or MDS, but fails for external ceph clients. This is because for those clients, key capabilities can be set via broker requests. As such, when the ceph-mon charm is upgraded, the key capabilities for those clients are reset, and since the broker request has been processed already, no further changes are done, leaving those keys with incorrect caps. Change-Id: I878091f9387f22059d460d28c2d0072507e66c6f Closes-Bug: #2028387
This commit is contained in:
parent
fb13f31d3e
commit
9480417cfa
|
@ -1223,6 +1223,11 @@ def get_upgrade_key():
|
|||
return get_named_key('upgrade-osd', _upgrade_caps)
|
||||
|
||||
|
||||
def is_internal_client(name):
|
||||
keys = ('osd-upgrade', 'osd-removal', 'admin', 'rbd-mirror', 'mds')
|
||||
return any(name.startswith(key) for key in keys)
|
||||
|
||||
|
||||
def get_named_key(name, caps=None, pool_list=None):
|
||||
"""Retrieve a specific named cephx key.
|
||||
|
||||
|
@ -1236,7 +1241,8 @@ def get_named_key(name, caps=None, pool_list=None):
|
|||
|
||||
key = ceph_auth_get(key_name)
|
||||
if key:
|
||||
upgrade_key_caps(key_name, caps)
|
||||
if is_internal_client(name):
|
||||
upgrade_key_caps(key_name, caps)
|
||||
return key
|
||||
|
||||
log("Creating new key for {}".format(name), level=DEBUG)
|
||||
|
|
Loading…
Reference in New Issue