From: "Max R. Carrara" <m.carrara@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH ceph master v1 6/6] fix #6816: patches: make ceph-exporter use custom keyring
Date: Tue, 16 Sep 2025 19:20:07 +0200 [thread overview]
Message-ID: <20250916172012.739807-7-m.carrara@proxmox.com> (raw)
In-Reply-To: <20250916172012.739807-1-m.carrara@proxmox.com>
Add a patch that sets the CEPH_KEYRING env var for the ceph-exporter
daemon, telling it to use our custom keyring file. The patch also
sets the group of the daemon to `www-data` so that the daemon can
access the custom keyring.
Fixes: #6816
Signed-off-by: Max R. Carrara <m.carrara@proxmox.com>
---
...orter-use-custom-keyring-and-set-gro.patch | 32 +++++++++++++++++++
patches/series | 1 +
2 files changed, 33 insertions(+)
create mode 100644 patches/0056-systemd-ceph-exporter-use-custom-keyring-and-set-gro.patch
diff --git a/patches/0056-systemd-ceph-exporter-use-custom-keyring-and-set-gro.patch b/patches/0056-systemd-ceph-exporter-use-custom-keyring-and-set-gro.patch
new file mode 100644
index 0000000000..2603dbf0e7
--- /dev/null
+++ b/patches/0056-systemd-ceph-exporter-use-custom-keyring-and-set-gro.patch
@@ -0,0 +1,32 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Max R. Carrara" <m.carrara@proxmox.com>
+Date: Tue, 16 Sep 2025 16:34:51 +0200
+Subject: [PATCH] systemd: ceph-exporter: use custom keyring and set group to
+ www-data
+
+With the help of `Environment=`, set the CEPH_KEYRING env var to point
+to our custom keyring file location for the `ceph-exporter` daemon.
+
+Additionally, set the group of the `ceph-exporter` daemon to
+`www-data`, so that it can access this keyring.
+
+Signed-off-by: Max R. Carrara <m.carrara@proxmox.com>
+---
+ systemd/ceph-exporter.service.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/systemd/ceph-exporter.service.in b/systemd/ceph-exporter.service.in
+index f4f6d05c4b4..4e55939d201 100644
+--- a/systemd/ceph-exporter.service.in
++++ b/systemd/ceph-exporter.service.in
+@@ -6,8 +6,9 @@ Before=ceph.target
+ Wants=network-online.target local-fs.target ceph.target ceph-mon.target
+
+ [Service]
++Environment="CEPH_KEYRING=/etc/pve/ceph/ceph.client.exporter.keyring"
+ ExecReload=/bin/kill -HUP $MAINPID
+-ExecStart=/usr/bin/ceph-exporter -f --id %i --setuser ceph --setgroup ceph
++ExecStart=/usr/bin/ceph-exporter -f --id exporter --setuser ceph --setgroup www-data
+ LockPersonality=true
+ NoNewPrivileges=true
+ PrivateDevices=yes
diff --git a/patches/series b/patches/series
index 6dd4562daa..9247a7be54 100644
--- a/patches/series
+++ b/patches/series
@@ -53,3 +53,4 @@
0053-mgr-zabbix-fix-invalid-escape-sequences.patch
0054-client-prohibit-unprivileged-users-from-setting-sgid.patch
0055-pybind-rbd-disable-on_progress-callbacks-to-prevent-.patch
+0056-systemd-ceph-exporter-use-custom-keyring-and-set-gro.patch
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-09-16 17:21 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-16 17:20 [pve-devel] [PATCH pve-manager, ceph master v1 0/6] Fix #6816: Prevent ceph-exporter Daemon from Crashing on Starting Max R. Carrara
2025-09-16 17:20 ` [pve-devel] [PATCH pve-manager master v1 1/6] ceph: tools: add helper sub for creating or updating keyring files Max R. Carrara
2025-09-16 17:20 ` [pve-devel] [PATCH pve-manager master v1 2/6] fix #6816: api: ceph: create 'client.exporter' w/ keyring Max R. Carrara
2025-09-16 17:20 ` [pve-devel] [PATCH pve-manager master v1 3/6] fix #6816: bin: add pve-ceph-keyring helper and call it in postinst Max R. Carrara
2025-09-16 17:20 ` [pve-devel] [PATCH pve-manager master v1 4/6] ceph: tools: simplify helper sub for crash keyring file Max R. Carrara
2025-09-16 17:20 ` [pve-devel] [PATCH pve-manager master v1 5/6] bin: make pve-init-ceph-crash call pve-ceph-keyring Max R. Carrara
2025-09-16 17:20 ` Max R. Carrara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250916172012.739807-7-m.carrara@proxmox.com \
--to=m.carrara@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.