From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 2F32669C61 for ; Fri, 25 Mar 2022 11:55:24 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id EC2C0A2C for ; Fri, 25 Mar 2022 11:55:22 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 1A2B68C1 for ; Fri, 25 Mar 2022 11:55:21 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8A0B746F6F for ; Fri, 25 Mar 2022 11:55:14 +0100 (CET) From: Aaron Lauterer To: pve-devel@lists.proxmox.com Date: Fri, 25 Mar 2022 11:55:08 +0100 Message-Id: <20220325105510.3262101-6-a.lauterer@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220325105510.3262101-1-a.lauterer@proxmox.com> References: <20220325105510.3262101-1-a.lauterer@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.024 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH v2 manager 5/7] api: ceph: add cmd-safety endpoint X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2022 10:55:24 -0000 Ceph provides us with several safety checks to verify that an action is safe to perform. This endpoint provides means to acces them. The actual mon commands are not exposed directly. Instead the two actions "stop" and "destroy" are offered. In case it is not okay to perform an action, Ceph provides a status message explaining why. This message is part of the returned values. For now there are the following checks for these services: MON: - ok-to-stop - ok-to-rm OSD: - ok-to-stop - safe-to-destroy MDS: - ok-to-stop Even though OSDs have a check if it is okay to destroy them, it is for now not really usable in our workflow because it needs the OSD to be up and running to return useful information. Our workflow in the GUI currently is that the OSD needs to be stopped in order to destroy it. There are no checks if the service actually exists. Ceph will report back that it is safe to stop/destroy if the service does not exist. Signed-off-by: Aaron Lauterer --- changes: * remove repetitive endpoints for each service type in favor for a central one PVE/API2/Ceph.pm | 96 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/PVE/API2/Ceph.pm b/PVE/API2/Ceph.pm index 1e1b1edd..69ae746a 100644 --- a/PVE/API2/Ceph.pm +++ b/PVE/API2/Ceph.pm @@ -641,4 +641,100 @@ __PACKAGE__->register_method ({ return $res; }}); +__PACKAGE__->register_method ({ + name => 'cmd_safety', + path => 'cmd-safety', + method => 'GET', + description => "Heuristical check if it is safe to perform an action.", + proxyto => 'node', + protected => 1, + permissions => { + check => ['perm', '/', [ 'Sys.audit' ]], + }, + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + service => { + description => 'Service type', + type => 'string', + enum => ['osd', 'mon', 'mds'], + }, + id => { + description => 'ID of the service', + type => 'string', + }, + action => { + description => 'Action to check', + type => 'string', + enum => ['stop', 'destroy'], + }, + }, + }, + returns => { + type => 'object', + properties => { + safe => { + type => 'boolean', + description => 'If it is safe to run the command.', + }, + status => { + type => 'string', + optional => 1, + description => 'Status message given by Ceph.' + }, + }, + }, + code => sub { + my ($param) = @_; + + PVE::Ceph::Tools::check_ceph_inited(); + + my $id = $param->{id}; + my $service = $param->{service}; + my $action = $param->{action}; + + my $rados = PVE::RADOS->new(); + + my $supported_actions = { + osd => { + stop => 'ok-to-stop', + destroy => 'safe-to-destroy', + }, + mon => { + stop => 'ok-to-stop', + destroy => 'ok-to-rm', + }, + mds => { + stop => 'ok-to-stop', + }, + }; + + die "Service does not support this action: ${service}: ${action}\n" + if !$supported_actions->{$service}->{$action}; + + my $result = { + safe => 0, + status => '', + }; + + my $params = { + prefix => "${service} $supported_actions->{$service}->{$action}", + format => 'plain', + }; + if ($service eq 'mon' && $action eq 'destroy') { + $params->{id} = $id; + } else { + $params->{ids} = [ $id ]; + } + + $result = $rados->mon_command($params, 1); + die $@ if $@; + + $result->{safe} = $result->{return_code} == 0 ? 1 : 0; + $result->{status} = $result->{status_message}; + + return $result; + }}); + 1; -- 2.30.2