Added client hooks with basic permissions for cephx
This commit is contained in:
parent
0e9ead3d48
commit
241bd82151
|
@ -98,34 +98,7 @@ _osd_bootstrap_caps = {
|
|||
|
||||
|
||||
def get_osd_bootstrap_key():
|
||||
cmd = [
|
||||
'ceph',
|
||||
'--name', 'mon.',
|
||||
'--keyring',
|
||||
'/var/lib/ceph/mon/ceph-{}/keyring'.format(
|
||||
utils.get_unit_hostname()
|
||||
),
|
||||
'auth', 'get-or-create', 'client.bootstrap-osd',
|
||||
]
|
||||
# Add capabilities
|
||||
for subsystem, subcaps in _osd_bootstrap_caps.iteritems():
|
||||
cmd.extend([
|
||||
subsystem,
|
||||
'; '.join(subcaps),
|
||||
])
|
||||
output = subprocess.check_output(cmd).strip() # IGNORE:E1103
|
||||
# get-or-create appears to have different output depending
|
||||
# on whether its 'get' or 'create'
|
||||
# 'create' just returns the key, 'get' is more verbose and
|
||||
# needs parsing
|
||||
key = None
|
||||
if len(output.splitlines()) == 1:
|
||||
key = output
|
||||
else:
|
||||
for element in output.splitlines():
|
||||
if 'key' in element:
|
||||
key = element.split(' = ')[1].strip() # IGNORE:E1103
|
||||
return key
|
||||
return get_named_key('bootstrap-osd', _osd_bootstrap_caps)
|
||||
|
||||
|
||||
_radosgw_keyring = "/etc/ceph/keyring.rados.gateway"
|
||||
|
@ -150,6 +123,17 @@ _radosgw_caps = {
|
|||
|
||||
|
||||
def get_radosgw_key():
|
||||
return get_named_key('radosgw.gateway', _radosgw_caps)
|
||||
|
||||
|
||||
_default_caps = {
|
||||
'mon': ['allow r'],
|
||||
'osd': ['allow rwx']
|
||||
}
|
||||
|
||||
|
||||
def get_named_key(name, caps=None):
|
||||
caps = caps or _default_caps
|
||||
cmd = [
|
||||
'ceph',
|
||||
'--name', 'mon.',
|
||||
|
@ -157,10 +141,10 @@ def get_radosgw_key():
|
|||
'/var/lib/ceph/mon/ceph-{}/keyring'.format(
|
||||
utils.get_unit_hostname()
|
||||
),
|
||||
'auth', 'get-or-create', 'client.radosgw.gateway',
|
||||
'auth', 'get-or-create', 'client.{}'.format(name),
|
||||
]
|
||||
# Add capabilities
|
||||
for subsystem, subcaps in _radosgw_caps.iteritems():
|
||||
for subsystem, subcaps in caps.iteritems():
|
||||
cmd.extend([
|
||||
subsystem,
|
||||
'; '.join(subcaps),
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
hooks.py
|
|
@ -179,6 +179,17 @@ def notify_radosgws():
|
|||
utils.juju_log('INFO', 'End notify_radosgws.')
|
||||
|
||||
|
||||
def notify_client():
|
||||
utils.juju_log('INFO', 'Begin notify_client.')
|
||||
|
||||
for relid in utils.relation_ids('client'):
|
||||
service_name = utils.relation_list(relid)[0].split('/')[0]
|
||||
utils.relation_set(key=ceph.get_named_key(service_name),
|
||||
rid=relid)
|
||||
|
||||
utils.juju_log('INFO', 'End notify_client.')
|
||||
|
||||
|
||||
def osd_relation():
|
||||
utils.juju_log('INFO', 'Begin osd-relation hook.')
|
||||
|
||||
|
@ -212,6 +223,22 @@ def radosgw_relation():
|
|||
utils.juju_log('INFO', 'End radosgw-relation hook.')
|
||||
|
||||
|
||||
def client_relation():
|
||||
utils.juju_log('INFO', 'Begin client-relation hook.')
|
||||
|
||||
if ceph.is_quorum():
|
||||
utils.juju_log('INFO',
|
||||
'mon cluster in quorum - \
|
||||
providing client with keys')
|
||||
service_name = os.environ['JUJU_REMOTE_UNIT'].split('/')[0]
|
||||
utils.relation_set(key=ceph.get_named_key(service_name))
|
||||
else:
|
||||
utils.juju_log('INFO',
|
||||
'mon cluster not in quorum - deferring key provision')
|
||||
|
||||
utils.juju_log('INFO', 'End client-relation hook.')
|
||||
|
||||
|
||||
def upgrade_charm():
|
||||
utils.juju_log('INFO', 'Begin upgrade-charm hook.')
|
||||
emit_cephconf()
|
||||
|
@ -234,6 +261,7 @@ utils.do_hooks({
|
|||
'mon-relation-joined': mon_relation,
|
||||
'osd-relation-joined': osd_relation,
|
||||
'radosgw-relation-joined': radosgw_relation,
|
||||
'client-relation-joined': client_relation,
|
||||
'start': start,
|
||||
'upgrade-charm': upgrade_charm,
|
||||
})
|
||||
|
|
Loading…
Reference in New Issue