Direct mgr commands to the mgr daemon

Commands in the Ceph driver are directed at the mon daemon instead of at the mgr daemon. The driver's rados_command() calls json_command() and, by default, json_command() calls the python rados client's mon_command() instead of mgr_command(). By passing the target as mon-mgr, the python rados client's mgr_command() is called as desired, and we avoid the need of extra MON write caps. Closes-Bug: #1923181 Co-Authored-By: Victoria Martinez de la Cruz <victoria@redhat.com> Co-Authored-By: Ramana Raja <rraja@redhat.com> Co-Authored-By: Tom Barron <tpb@dyncloud.net> Change-Id: I5bca68070ca1eb539d53dd31cb92588840e925e8
2021-04-09 11:12:43 +00:00 · 2021-04-09 11:12:43 +00:00 · 3ea5d50a23
commit 3ea5d50a23
parent a3aaea9149
2 changed files with 19 additions and 4 deletions
--- a/manila/share/drivers/cephfs/driver.py
+++ b/manila/share/drivers/cephfs/driver.py
@ -149,7 +149,8 @@ class RadosError(Exception):
    pass


-def rados_command(rados_client, prefix=None, args=None, json_obj=False):
+def rados_command(rados_client, prefix=None, args=None, json_obj=False,
+                  target=('mon-mgr', )):
    """Safer wrapper for ceph_argparse.json_command

    Raises error exception instead of relying on caller to check return
@ -172,12 +173,14 @@ def rados_command(rados_client, prefix=None, args=None, json_obj=False):
    argdict['format'] = 'json'

    LOG.debug("Invoking ceph_argparse.json_command - rados_client=%(cl)s, "
-              "prefix='%(pf)s', argdict=%(ad)s, timeout=%(to)s.",
-              {"cl": rados_client, "pf": prefix, "ad": argdict,
+              "target=%(tg)s, prefix='%(pf)s', argdict=%(ad)s, "
+              "timeout=%(to)s.",
+              {"cl": rados_client, "tg": target, "pf": prefix, "ad": argdict,
               "to": RADOS_TIMEOUT})

    try:
        ret, outbuf, outs = json_command(rados_client,
+                                         target=target,
                                         prefix=prefix,
                                         argdict=argdict,
                                         timeout=RADOS_TIMEOUT)
@ -712,7 +715,8 @@ class NativeProtocolHelper(ganesha.NASHelperBase):

    def get_mon_addrs(self):
        result = []
-        mon_map = rados_command(self.rados_client, "mon dump", json_obj=True)
+        mon_map = rados_command(self.rados_client, "mon dump", json_obj=True,
+                                target=('mon', ))
        for mon in mon_map['mons']:
            ip_port = mon['addr'].split("/")[0]
            result.append(ip_port)
--- a/releasenotes/notes/bug-1923181-direct-mgr-commands-monmgr-5e8babb4a1067e92.yaml
+++ b/releasenotes/notes/bug-1923181-direct-mgr-commands-monmgr-5e8babb4a1067e92.yaml
@ -0,0 +1,11 @@
+---
+fixes:
+  - |
+    mgr-commands are now directed to the mgr-daemon instead of the mon-daemon
+    in the CephFS drivers
+upgrade:
+  - |
+    MON write caps are not longer needed to interact with the backend
+    on the Ceph drivers. The capabilities of the driver user (configured with ``cephfs_auth_id``)
+    can hence be reduced. See the `administrator docs <https://docs.openstack.org/manila/wallaby/admin/cephfs_driver.html#authorizing-the-driver-to-communicate-with-ceph>`_
+    for the capabilities required.