Turn on cephx support by default
This commit is contained in:
parent
a3d33dd79b
commit
c1e3ce696a
3
README
3
README
@ -80,8 +80,5 @@ bootstrapping key and propagate it to the other nodes in the cluster. Since
|
||||
all OSDs run on nodes that also run mon, we don't need this and did not
|
||||
implement it.
|
||||
|
||||
The charm does not currently implement cephx and its explicitly turned off in
|
||||
the configuration generated for ceph.
|
||||
|
||||
See http://ceph.com/docs/master/dev/mon-bootstrap/ for more information on Ceph
|
||||
monitor cluster deployment strategies and pitfalls.
|
||||
|
1
TODO
1
TODO
@ -4,4 +4,3 @@ Ceph Charm
|
||||
* fix tunables (http://tracker.newdream.net/issues/2210)
|
||||
* more than 192 PGs
|
||||
* fixup data placement in crush to be host not osd driven
|
||||
* cephx support
|
||||
|
@ -71,3 +71,51 @@ def is_osd_disk(dev):
|
||||
except subprocess.CalledProcessError:
|
||||
pass
|
||||
return False
|
||||
|
||||
_bootstrap_keyring = "/var/lib/ceph/bootstrap-osd/ceph.keyring"
|
||||
|
||||
|
||||
def import_osd_bootstrap_key(key):
|
||||
if not os.path.exists(_bootstrap_keyring):
|
||||
cmd = [
|
||||
'ceph-authtool',
|
||||
_bootstrap_keyring,
|
||||
'--create-keyring',
|
||||
'--name=client.bootstrap-osd',
|
||||
'--add-key={}'.format(key)
|
||||
]
|
||||
subprocess.check_call(cmd)
|
||||
|
||||
# OSD caps taken from ceph-create-keys
|
||||
_osd_bootstrap_caps = [
|
||||
'allow command osd create ...',
|
||||
'allow command osd crush set ...',
|
||||
r'allow command auth add * osd allow\ * mon allow\ rwx',
|
||||
'allow command mon getmap'
|
||||
]
|
||||
|
||||
|
||||
def get_osd_bootstrap_key():
|
||||
cmd = [
|
||||
'ceph',
|
||||
'--name', 'mon.',
|
||||
'--keyring',
|
||||
'/var/lib/ceph/mon/ceph-{}/keyring'.format(
|
||||
utils.get_unit_hostname()
|
||||
),
|
||||
'auth', 'get-or-create', 'client.bootstrap-osd',
|
||||
'mon', '; '.join(_osd_bootstrap_caps)
|
||||
]
|
||||
output = subprocess.check_output(cmd).strip() # IGNORE:E1103
|
||||
# get-or-create appears to have different output depending
|
||||
# on whether its 'get' or 'create'
|
||||
# 'create' just returns the key, 'get' is more verbose and
|
||||
# needs parsing
|
||||
key = None
|
||||
if len(output.splitlines()) == 1:
|
||||
key = output
|
||||
else:
|
||||
for element in output.splitlines():
|
||||
if 'key' in element:
|
||||
key = element.split(' = ')[1].strip() # IGNORE:E1103
|
||||
return key
|
||||
|
@ -142,6 +142,7 @@ def mon_relation():
|
||||
bootstrap_monitor_cluster()
|
||||
|
||||
ceph.wait_for_quorum()
|
||||
|
||||
for dev in utils.config_get('osd-devices').split(' '):
|
||||
osdize(dev)
|
||||
subprocess.call(['udevadm', 'trigger',
|
||||
@ -161,6 +162,7 @@ def notify_osds():
|
||||
|
||||
for relid in utils.relation_ids('osd'):
|
||||
utils.relation_set(fsid=utils.config_get('fsid'),
|
||||
osd_bootstrap_key=ceph.get_osd_bootstrap_key(),
|
||||
rid=relid)
|
||||
|
||||
utils.juju_log('INFO', 'End notify_osds.')
|
||||
@ -171,8 +173,10 @@ def osd_relation():
|
||||
|
||||
if ceph.is_quorum():
|
||||
utils.juju_log('INFO',
|
||||
'mon cluster in quorum - providing OSD with fsid')
|
||||
utils.relation_set(fsid=utils.config_get('fsid'))
|
||||
'mon cluster in quorum - \
|
||||
providing OSD with fsid & keys')
|
||||
utils.relation_set(fsid=utils.config_get('fsid'),
|
||||
osd_bootstrap_key=ceph.get_osd_bootstrap_key())
|
||||
else:
|
||||
utils.juju_log('INFO',
|
||||
'mon cluster not in quorum - deferring fsid provision')
|
||||
|
@ -1,5 +1,5 @@
|
||||
[global]
|
||||
auth supported = none
|
||||
auth supported = cephx
|
||||
keyring = /etc/ceph/$cluster.$name.keyring
|
||||
mon host = {{ mon_hosts }}
|
||||
fsid = {{ fsid }}
|
||||
|
Loading…
Reference in New Issue
Block a user