Sync back in charms.ceph
Change-Id: I188fd24fa2382657d14842b9022a6610f790d7db Partial-Bug: 1424771
This commit is contained in:
parent
3dfeff7a19
commit
06f517d18d
|
@ -1092,6 +1092,26 @@ def get_named_key(name, caps=None, pool_list=None):
|
|||
:param caps: dict of cephx capabilities
|
||||
:return: Returns a cephx key
|
||||
"""
|
||||
try:
|
||||
# Does the key already exist?
|
||||
output = subprocess.check_output(
|
||||
[
|
||||
'sudo',
|
||||
'-u', ceph_user(),
|
||||
'ceph',
|
||||
'--name', 'mon.',
|
||||
'--keyring',
|
||||
'/var/lib/ceph/mon/ceph-{}/keyring'.format(
|
||||
socket.gethostname()
|
||||
),
|
||||
'auth',
|
||||
'get',
|
||||
'client.{}'.format(name),
|
||||
]).strip()
|
||||
return parse_key(output)
|
||||
except subprocess.CalledProcessError:
|
||||
# Couldn't get the key, time to create it!
|
||||
log("Creating new key for {}".format(name), level=DEBUG)
|
||||
caps = caps or _default_caps
|
||||
cmd = [
|
||||
"sudo",
|
||||
|
|
|
@ -186,7 +186,8 @@ def handle_add_permissions_to_key(request, service):
|
|||
if group_name not in service_obj['group_names'][permission]:
|
||||
service_obj['group_names'][permission].append(group_name)
|
||||
save_service(service=service_obj, service_name=service_name)
|
||||
service_obj['groups'][group_name] = group
|
||||
service_obj['groups'] = _build_service_groups(service_obj,
|
||||
group_namespace)
|
||||
update_service_permissions(service_name, service_obj, group_namespace)
|
||||
|
||||
|
||||
|
@ -208,7 +209,8 @@ def add_pool_to_group(pool, group, namespace=None):
|
|||
if namespace:
|
||||
group_name = "{}-{}".format(namespace, group_name)
|
||||
group = get_group(group_name=group_name)
|
||||
group["pools"].append(pool)
|
||||
if pool not in group['pools']:
|
||||
group["pools"].append(pool)
|
||||
save_group(group, group_name=group_name)
|
||||
for service in group['services']:
|
||||
update_service_permissions(service, namespace=namespace)
|
||||
|
@ -216,7 +218,7 @@ def add_pool_to_group(pool, group, namespace=None):
|
|||
|
||||
def pool_permission_list_for_service(service):
|
||||
"""Build the permission string for Ceph for a given service"""
|
||||
permissions = ""
|
||||
permissions = []
|
||||
permission_types = {}
|
||||
for permission, group in service["group_names"].items():
|
||||
if permission not in permission_types:
|
||||
|
@ -224,12 +226,11 @@ def pool_permission_list_for_service(service):
|
|||
for item in group:
|
||||
permission_types[permission].append(item)
|
||||
for permission, groups in permission_types.items():
|
||||
permission = " allow {}".format(permission)
|
||||
permission = "allow {}".format(permission)
|
||||
for group in groups:
|
||||
for pool in service['groups'][group]['pools']:
|
||||
permission = "{} pool={}".format(permission, pool)
|
||||
permissions += permission
|
||||
return ["mon", "allow r", "osd", permissions.strip()]
|
||||
permissions.append("{} pool={}".format(permission, pool))
|
||||
return ["mon", "allow r", "osd", ', '.join(permissions)]
|
||||
|
||||
|
||||
def get_service_groups(service, namespace=None):
|
||||
|
@ -244,7 +245,7 @@ def get_service_groups(service, namespace=None):
|
|||
{
|
||||
group_names: {'rwx': ['images']},
|
||||
groups: {
|
||||
1 'images': {
|
||||
'images': {
|
||||
pools: ['glance'],
|
||||
services: ['nova']
|
||||
}
|
||||
|
@ -260,17 +261,39 @@ def get_service_groups(service, namespace=None):
|
|||
except ValueError:
|
||||
service = None
|
||||
if service:
|
||||
for permission, groups in service['group_names'].items():
|
||||
for group in groups:
|
||||
name = group
|
||||
if namespace:
|
||||
name = "{}-{}".format(namespace, name)
|
||||
service['groups'][group] = get_group(group_name=name)
|
||||
service['groups'] = _build_service_groups(service, namespace)
|
||||
else:
|
||||
service = {'group_names': {}, 'groups': {}}
|
||||
return service
|
||||
|
||||
|
||||
def _build_service_groups(service, namespace=None):
|
||||
'''Rebuild the 'groups' dict for a service group
|
||||
|
||||
:returns: dict: dictionary keyed by group name of the following
|
||||
format:
|
||||
|
||||
{
|
||||
'images': {
|
||||
pools: ['glance'],
|
||||
services: ['nova', 'glance]
|
||||
},
|
||||
'vms':{
|
||||
pools: ['nova'],
|
||||
services: ['nova']
|
||||
}
|
||||
}
|
||||
'''
|
||||
all_groups = {}
|
||||
for _, groups in service['group_names'].items():
|
||||
for group in groups:
|
||||
name = group
|
||||
if namespace:
|
||||
name = "{}-{}".format(namespace, name)
|
||||
all_groups[group] = get_group(group_name=name)
|
||||
return all_groups
|
||||
|
||||
|
||||
def get_group(group_name):
|
||||
"""
|
||||
A group is a structure to hold data about a named group, structured as:
|
||||
|
|
Loading…
Reference in New Issue