Only upgrade keys for internal clients

When fetching ceph keys, they are upgraded if it's deemed necessary to fix bug #1968369. This worked for internal ceph entities such as RBD or MDS, but fails for external ceph clients. This is because for those clients, key capabilities can be set via broker requests. As such, when the ceph-mon charm is upgraded, the key capabilities for those clients are reset, and since the broker request has been processed already, no further changes are done, leaving those keys with incorrect caps. Change-Id: I878091f9387f22059d460d28c2d0072507e66c6f Closes-Bug: #2028387
2023-07-17 17:45:06 -03:00 · 2023-07-17 17:45:06 -03:00 · 9480417cfa
parent fb13f31d3e
commit 9480417cfa
1 changed files with 7 additions and 1 deletions
--- a/charms_ceph/utils.py
+++ b/charms_ceph/utils.py
@ -1223,6 +1223,11 @@ def get_upgrade_key():
    return get_named_key('upgrade-osd', _upgrade_caps)


+def is_internal_client(name):
+    keys = ('osd-upgrade', 'osd-removal', 'admin', 'rbd-mirror', 'mds')
+    return any(name.startswith(key) for key in keys)
+
+
 def get_named_key(name, caps=None, pool_list=None):
    """Retrieve a specific named cephx key.

@ -1236,7 +1241,8 @@ def get_named_key(name, caps=None, pool_list=None):

    key = ceph_auth_get(key_name)
    if key:
-        upgrade_key_caps(key_name, caps)
+        if is_internal_client(name):
+            upgrade_key_caps(key_name, caps)
        return key

    log("Creating new key for {}".format(name), level=DEBUG)