From: Aaron Lauterer <a.lauterer@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v2 storage 1/2] CephConfig: add optional $secret parameter
Date: Tue, 3 Aug 2021 13:45:55 +0200 [thread overview]
Message-ID: <20210803114556.3354407-2-a.lauterer@proxmox.com> (raw)
In-Reply-To: <20210803114556.3354407-1-a.lauterer@proxmox.com>
This allows us to manually pass the used RBD keyring or CephFS secret.
Useful mostly when adding external Ceph clusters where we have no other
means to fetch them.
I renamed the previous $secret to $cephfs_secret to be able to use
$secret as parameter.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
---
PVE/CephConfig.pm | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/PVE/CephConfig.pm b/PVE/CephConfig.pm
index 83d72fc..5c94a04 100644
--- a/PVE/CephConfig.pm
+++ b/PVE/CephConfig.pm
@@ -212,7 +212,7 @@ sub ceph_connect_option {
}
sub ceph_create_keyfile {
- my ($type, $storeid) = @_;
+ my ($type, $storeid, $secret) = @_;
my $extension = 'keyring';
$extension = 'secret' if ($type eq 'cephfs');
@@ -221,17 +221,20 @@ sub ceph_create_keyfile {
my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension";
die "ceph authx keyring file for storage '$storeid' already exists!\n"
- if -e $ceph_storage_keyring;
+ if -e $ceph_storage_keyring && !defined($secret);
- if (-e $ceph_admin_keyring) {
+ if (-e $ceph_admin_keyring || defined($secret)) {
eval {
- if ($type eq 'rbd') {
+ if (defined($secret)) {
+ mkdir '/etc/pve/priv/ceph';
+ PVE::Tools::file_set_contents($ceph_storage_keyring, $secret, 0400);
+ } elsif ($type eq 'rbd') {
mkdir '/etc/pve/priv/ceph';
PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring);
} elsif ($type eq 'cephfs') {
- my $secret = $ceph_get_key->($ceph_admin_keyring, 'admin');
+ my $cephfs_secret = $ceph_get_key->($ceph_admin_keyring, 'admin');
mkdir '/etc/pve/priv/ceph';
- PVE::Tools::file_set_contents($ceph_storage_keyring, $secret, 0400);
+ PVE::Tools::file_set_contents($ceph_storage_keyring, $cephfs_secret, 0400);
}
};
if (my $err = $@) {
--
2.30.2
next prev parent reply other threads:[~2021-08-03 11:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-03 11:45 [pve-devel] [PATCH v2 storage 0/2] RBD/Cephfs: new keyring parameter Aaron Lauterer
2021-08-03 11:45 ` Aaron Lauterer [this message]
2021-08-03 11:45 ` [pve-devel] [PATCH v2 storage 2/2] Ceph: add keyring parameter for external clusters Aaron Lauterer
2021-08-26 9:25 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210803114556.3354407-2-a.lauterer@proxmox.com \
--to=a.lauterer@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox