From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 8D0DB6ED8E for ; Thu, 26 Aug 2021 12:03:37 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 8503C197BA for ; Thu, 26 Aug 2021 12:03:37 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 5A0081979E for ; Thu, 26 Aug 2021 12:03:33 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 334A043A5A for ; Thu, 26 Aug 2021 12:03:33 +0200 (CEST) From: Aaron Lauterer To: pve-devel@lists.proxmox.com Date: Thu, 26 Aug 2021 12:03:31 +0200 Message-Id: <20210826100332.2003299-2-a.lauterer@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210826100332.2003299-1-a.lauterer@proxmox.com> References: <20210826100332.2003299-1-a.lauterer@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.298 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH v3 storage 1/2] CephConfig: add optional $secret parameter X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Aug 2021 10:03:37 -0000 This allows us to manually pass the used RBD keyring or CephFS secret. Useful mostly when adding external Ceph clusters where we have no other means to fetch them. I renamed the previous $secret to $cephfs_secret to be able to use $secret as parameter. Signed-off-by: Aaron Lauterer --- changes since v2: rebased on the current master branch PVE/CephConfig.pm | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/PVE/CephConfig.pm b/PVE/CephConfig.pm index 83d72fc..5c94a04 100644 --- a/PVE/CephConfig.pm +++ b/PVE/CephConfig.pm @@ -212,7 +212,7 @@ sub ceph_connect_option { } sub ceph_create_keyfile { - my ($type, $storeid) = @_; + my ($type, $storeid, $secret) = @_; my $extension = 'keyring'; $extension = 'secret' if ($type eq 'cephfs'); @@ -221,17 +221,20 @@ sub ceph_create_keyfile { my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension"; die "ceph authx keyring file for storage '$storeid' already exists!\n" - if -e $ceph_storage_keyring; + if -e $ceph_storage_keyring && !defined($secret); - if (-e $ceph_admin_keyring) { + if (-e $ceph_admin_keyring || defined($secret)) { eval { - if ($type eq 'rbd') { + if (defined($secret)) { + mkdir '/etc/pve/priv/ceph'; + PVE::Tools::file_set_contents($ceph_storage_keyring, $secret, 0400); + } elsif ($type eq 'rbd') { mkdir '/etc/pve/priv/ceph'; PVE::Tools::file_copy($ceph_admin_keyring, $ceph_storage_keyring); } elsif ($type eq 'cephfs') { - my $secret = $ceph_get_key->($ceph_admin_keyring, 'admin'); + my $cephfs_secret = $ceph_get_key->($ceph_admin_keyring, 'admin'); mkdir '/etc/pve/priv/ceph'; - PVE::Tools::file_set_contents($ceph_storage_keyring, $secret, 0400); + PVE::Tools::file_set_contents($ceph_storage_keyring, $cephfs_secret, 0400); } }; if (my $err = $@) { -- 2.30.2