From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 4397E94AA for ; Thu, 17 Nov 2022 15:10:37 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DCD042DE4F for ; Thu, 17 Nov 2022 15:10:06 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 17 Nov 2022 15:10:04 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 4D85144BFF for ; Thu, 17 Nov 2022 15:10:03 +0100 (CET) From: Aaron Lauterer To: pve-devel@lists.proxmox.com Date: Thu, 17 Nov 2022 15:10:00 +0100 Message-Id: <20221117141002.1653119-2-a.lauterer@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20221117141002.1653119-1-a.lauterer@proxmox.com> References: <20221117141002.1653119-1-a.lauterer@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: =?UTF-8?Q?0=0A=09?=AWL -0.044 Adjusted score from AWL reputation of From: =?UTF-8?Q?address=0A=09?=BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict =?UTF-8?Q?Alignment=0A=09?=SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF =?UTF-8?Q?Record=0A=09?=SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH manager v3 1/3] api: ceph: add cmd-safety endpoint X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Nov 2022 14:10:37 -0000 Ceph provides us with several safety checks to verify that an action is safe to perform. This endpoint provides means to acces them. The actual mon commands are not exposed directly. Instead the two actions "stop" and "destroy" are offered. In case it is not okay to perform an action, Ceph provides a status message explaining why. This message is part of the returned values. For now there are the following checks for these services: MON: - ok-to-stop - ok-to-rm OSD: - ok-to-stop - safe-to-destroy MDS: - ok-to-stop Even though OSDs have a check if it is okay to destroy them, it is for now not really usable in our workflow because it needs the OSD to be up and running to return useful information. Our workflow in the GUI currently is that the OSD needs to be stopped in order to destroy it. Signed-off-by: Aaron Lauterer --- Needs to have the librados2-perl version that contains commit 80deebd as min version dependency to work. changes since: v2: * use mon_cmd instead of mon_command which now is used as a compat wrapper v1: * remove repetitive endpoints for each service type in favor for a central one PVE/API2/Ceph.pm | 96 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/PVE/API2/Ceph.pm b/PVE/API2/Ceph.pm index 3bbcfe4c..f3442408 100644 --- a/PVE/API2/Ceph.pm +++ b/PVE/API2/Ceph.pm @@ -641,4 +641,100 @@ __PACKAGE__->register_method ({ return $res; }}); +__PACKAGE__->register_method ({ + name => 'cmd_safety', + path => 'cmd-safety', + method => 'GET', + description => "Heuristical check if it is safe to perform an action.", + proxyto => 'node', + protected => 1, + permissions => { + check => ['perm', '/', [ 'Sys.audit' ]], + }, + parameters => { + additionalProperties => 0, + properties => { + node => get_standard_option('pve-node'), + service => { + description => 'Service type', + type => 'string', + enum => ['osd', 'mon', 'mds'], + }, + id => { + description => 'ID of the service', + type => 'string', + }, + action => { + description => 'Action to check', + type => 'string', + enum => ['stop', 'destroy'], + }, + }, + }, + returns => { + type => 'object', + properties => { + safe => { + type => 'boolean', + description => 'If it is safe to run the command.', + }, + status => { + type => 'string', + optional => 1, + description => 'Status message given by Ceph.' + }, + }, + }, + code => sub { + my ($param) = @_; + + PVE::Ceph::Tools::check_ceph_inited(); + + my $id = $param->{id}; + my $service = $param->{service}; + my $action = $param->{action}; + + my $rados = PVE::RADOS->new(); + + my $supported_actions = { + osd => { + stop => 'ok-to-stop', + destroy => 'safe-to-destroy', + }, + mon => { + stop => 'ok-to-stop', + destroy => 'ok-to-rm', + }, + mds => { + stop => 'ok-to-stop', + }, + }; + + die "Service does not support this action: ${service}: ${action}\n" + if !$supported_actions->{$service}->{$action}; + + my $result = { + safe => 0, + status => '', + }; + + my $params = { + prefix => "${service} $supported_actions->{$service}->{$action}", + format => 'plain', + }; + if ($service eq 'mon' && $action eq 'destroy') { + $params->{id} = $id; + } else { + $params->{ids} = [ $id ]; + } + + $result = $rados->mon_cmd($params, 1); + die $@ if $@; + + $result->{safe} = $result->{return_code} == 0 ? 1 : 0; + $result->{status} = $result->{status_message}; + + return $result; + }}); + 1; -- 2.30.2