Browse Source

Sync back in charms.ceph

Change-Id: I188fd24fa2382657d14842b9022a6610f790d7db
Partial-Bug: 1424771
changes/70/433870/1
Chris MacNaughton 2 years ago
parent
commit
06f517d18d
2 changed files with 57 additions and 14 deletions
  1. 20
    0
      lib/ceph/__init__.py
  2. 37
    14
      lib/ceph/ceph_broker.py

+ 20
- 0
lib/ceph/__init__.py View File

@@ -1092,6 +1092,26 @@ def get_named_key(name, caps=None, pool_list=None):
1092 1092
     :param caps:  dict of cephx capabilities
1093 1093
     :return: Returns a cephx key
1094 1094
     """
1095
+    try:
1096
+        # Does the key already exist?
1097
+        output = subprocess.check_output(
1098
+            [
1099
+                'sudo',
1100
+                '-u', ceph_user(),
1101
+                'ceph',
1102
+                '--name', 'mon.',
1103
+                '--keyring',
1104
+                '/var/lib/ceph/mon/ceph-{}/keyring'.format(
1105
+                    socket.gethostname()
1106
+                ),
1107
+                'auth',
1108
+                'get',
1109
+                'client.{}'.format(name),
1110
+            ]).strip()
1111
+        return parse_key(output)
1112
+    except subprocess.CalledProcessError:
1113
+        # Couldn't get the key, time to create it!
1114
+        log("Creating new key for {}".format(name), level=DEBUG)
1095 1115
     caps = caps or _default_caps
1096 1116
     cmd = [
1097 1117
         "sudo",

+ 37
- 14
lib/ceph/ceph_broker.py View File

@@ -186,7 +186,8 @@ def handle_add_permissions_to_key(request, service):
186 186
     if group_name not in service_obj['group_names'][permission]:
187 187
         service_obj['group_names'][permission].append(group_name)
188 188
     save_service(service=service_obj, service_name=service_name)
189
-    service_obj['groups'][group_name] = group
189
+    service_obj['groups'] = _build_service_groups(service_obj,
190
+                                                  group_namespace)
190 191
     update_service_permissions(service_name, service_obj, group_namespace)
191 192
 
192 193
 
@@ -208,7 +209,8 @@ def add_pool_to_group(pool, group, namespace=None):
208 209
     if namespace:
209 210
         group_name = "{}-{}".format(namespace, group_name)
210 211
     group = get_group(group_name=group_name)
211
-    group["pools"].append(pool)
212
+    if pool not in group['pools']:
213
+        group["pools"].append(pool)
212 214
     save_group(group, group_name=group_name)
213 215
     for service in group['services']:
214 216
         update_service_permissions(service, namespace=namespace)
@@ -216,7 +218,7 @@ def add_pool_to_group(pool, group, namespace=None):
216 218
 
217 219
 def pool_permission_list_for_service(service):
218 220
     """Build the permission string for Ceph for a given service"""
219
-    permissions = ""
221
+    permissions = []
220 222
     permission_types = {}
221 223
     for permission, group in service["group_names"].items():
222 224
         if permission not in permission_types:
@@ -224,12 +226,11 @@ def pool_permission_list_for_service(service):
224 226
         for item in group:
225 227
             permission_types[permission].append(item)
226 228
     for permission, groups in permission_types.items():
227
-        permission = " allow {}".format(permission)
229
+        permission = "allow {}".format(permission)
228 230
         for group in groups:
229 231
             for pool in service['groups'][group]['pools']:
230
-                permission = "{} pool={}".format(permission, pool)
231
-        permissions += permission
232
-    return ["mon", "allow r", "osd", permissions.strip()]
232
+                permissions.append("{} pool={}".format(permission, pool))
233
+    return ["mon", "allow r", "osd", ', '.join(permissions)]
233 234
 
234 235
 
235 236
 def get_service_groups(service, namespace=None):
@@ -244,7 +245,7 @@ def get_service_groups(service, namespace=None):
244 245
     {
245 246
         group_names: {'rwx': ['images']},
246 247
         groups: {
247
-    1        'images': {
248
+            'images': {
248 249
                 pools: ['glance'],
249 250
                 services: ['nova']
250 251
             }
@@ -260,17 +261,39 @@ def get_service_groups(service, namespace=None):
260 261
     except ValueError:
261 262
         service = None
262 263
     if service:
263
-        for permission, groups in service['group_names'].items():
264
-            for group in groups:
265
-                name = group
266
-                if namespace:
267
-                    name = "{}-{}".format(namespace, name)
268
-                service['groups'][group] = get_group(group_name=name)
264
+        service['groups'] = _build_service_groups(service, namespace)
269 265
     else:
270 266
         service = {'group_names': {}, 'groups': {}}
271 267
     return service
272 268
 
273 269
 
270
+def _build_service_groups(service, namespace=None):
271
+    '''Rebuild the 'groups' dict for a service group
272
+
273
+    :returns: dict: dictionary keyed by group name of the following
274
+                    format:
275
+
276
+                    {
277
+                        'images': {
278
+                            pools: ['glance'],
279
+                            services: ['nova', 'glance]
280
+                         },
281
+                         'vms':{
282
+                            pools: ['nova'],
283
+                            services: ['nova']
284
+                         }
285
+                    }
286
+    '''
287
+    all_groups = {}
288
+    for _, groups in service['group_names'].items():
289
+        for group in groups:
290
+            name = group
291
+            if namespace:
292
+                name = "{}-{}".format(namespace, name)
293
+            all_groups[group] = get_group(group_name=name)
294
+    return all_groups
295
+
296
+
274 297
 def get_group(group_name):
275 298
     """
276 299
     A group is a structure to hold data about a named group, structured as:

Loading…
Cancel
Save