Added client hooks with basic permissions for cephx

hooks/ceph.py

@@ -98,34 +98,7 @@ _osd_bootstrap_caps = {
 
 
 def get_osd_bootstrap_key():
-    cmd = [
-        'ceph',
-        '--name', 'mon.',
-        '--keyring',
-        '/var/lib/ceph/mon/ceph-{}/keyring'.format(
-                                        utils.get_unit_hostname()
-                                        ),
-        'auth', 'get-or-create', 'client.bootstrap-osd',
-        ]
-    # Add capabilities
-    for subsystem, subcaps in _osd_bootstrap_caps.iteritems():
-        cmd.extend([
-            subsystem,
-            '; '.join(subcaps),
-            ])
-    output = subprocess.check_output(cmd).strip()  # IGNORE:E1103
-    # get-or-create appears to have different output depending
-    # on whether its 'get' or 'create'
-    # 'create' just returns the key, 'get' is more verbose and
-    # needs parsing
-    key = None
-    if len(output.splitlines()) == 1:
-        key = output
-    else:
-        for element in output.splitlines():
-            if 'key' in element:
-                key = element.split(' = ')[1].strip()  # IGNORE:E1103
-    return key
+    return get_named_key('bootstrap-osd', _osd_bootstrap_caps)
 
 
 _radosgw_keyring = "/etc/ceph/keyring.rados.gateway"
@@ -150,6 +123,17 @@ _radosgw_caps = {
 
 
 def get_radosgw_key():
+    return get_named_key('radosgw.gateway', _radosgw_caps)
+
+
+_default_caps = {
+    'mon': ['allow r'],
+    'osd': ['allow rwx']
+    }
+
+
+def get_named_key(name, caps=None):
+    caps = caps or _default_caps
     cmd = [
         'ceph',
         '--name', 'mon.',
@@ -157,10 +141,10 @@ def get_radosgw_key():
         '/var/lib/ceph/mon/ceph-{}/keyring'.format(
                                         utils.get_unit_hostname()
                                         ),
-        'auth', 'get-or-create', 'client.radosgw.gateway',
+        'auth', 'get-or-create', 'client.{}'.format(name),
         ]
     # Add capabilities
-    for subsystem, subcaps in _radosgw_caps.iteritems():
+    for subsystem, subcaps in caps.iteritems():
         cmd.extend([
             subsystem,
             '; '.join(subcaps),

hooks/client-relation-joined

@@ -0,0 +1 @@
+hooks.py

hooks/hooks.py

@@ -179,6 +179,17 @@ def notify_radosgws():
     utils.juju_log('INFO', 'End notify_radosgws.')
 
 
+def notify_client():
+    utils.juju_log('INFO', 'Begin notify_client.')
+
+    for relid in utils.relation_ids('client'):
+        service_name = utils.relation_list(relid)[0].split('/')[0]
+        utils.relation_set(key=ceph.get_named_key(service_name),
+                           rid=relid)
+
+    utils.juju_log('INFO', 'End notify_client.')
+
+
 def osd_relation():
     utils.juju_log('INFO', 'Begin osd-relation hook.')
 
@@ -212,6 +223,22 @@ def radosgw_relation():
     utils.juju_log('INFO', 'End radosgw-relation hook.')
 
 
+def client_relation():
+    utils.juju_log('INFO', 'Begin client-relation hook.')
+
+    if ceph.is_quorum():
+        utils.juju_log('INFO',
+                       'mon cluster in quorum - \
+                        providing client with keys')
+        service_name = os.environ['JUJU_REMOTE_UNIT'].split('/')[0]
+        utils.relation_set(key=ceph.get_named_key(service_name))
+    else:
+        utils.juju_log('INFO',
+                       'mon cluster not in quorum - deferring key provision')
+
+    utils.juju_log('INFO', 'End client-relation hook.')
+
+
 def upgrade_charm():
     utils.juju_log('INFO', 'Begin upgrade-charm hook.')
     emit_cephconf()
@@ -234,6 +261,7 @@ utils.do_hooks({
         'mon-relation-joined': mon_relation,
         'osd-relation-joined': osd_relation,
         'radosgw-relation-joined': radosgw_relation,
+        'client-relation-joined': client_relation,
         'start': start,
         'upgrade-charm': upgrade_charm,
         })