From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 440DA1FF16B for ; Tue, 1 Jul 2025 17:43:56 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 939DEA276; Tue, 1 Jul 2025 17:41:56 +0200 (CEST) From: Fiona Ebner To: pve-devel@lists.proxmox.com Date: Tue, 1 Jul 2025 17:40:29 +0200 Message-ID: <20250701154117.434512-10-f.ebner@proxmox.com> X-Mailer: git-send-email 2.47.2 In-Reply-To: <20250701154117.434512-1-f.ebner@proxmox.com> References: <20250701154117.434512-1-f.ebner@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.029 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH storage v4 09/49] ceph/rbd: set 'keyring' in ceph configuration for externally managed RBD storages X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" For QEMU, when using '-blockdev', there is no way to specify the keyring file like was possible with '-drive', so it has to be set in the corresponding Ceph configuration file. As it applies to all images on the storage, it also is the most natural place for the setting. Signed-off-by: Fiona Ebner --- NOTE: This should also be mentioned in the upgrade guide for PVE 9 and the pve8to9 script should tell the user and/or automatically set it for existing externally managed RBD storages, that already do have a custom configuration. src/PVE/CephConfig.pm | 50 ++++++++++++++++++++++++++++++++++++ src/PVE/Storage/RBDPlugin.pm | 3 +++ 2 files changed, 53 insertions(+) diff --git a/src/PVE/CephConfig.pm b/src/PVE/CephConfig.pm index 5347781..e5815c4 100644 --- a/src/PVE/CephConfig.pm +++ b/src/PVE/CephConfig.pm @@ -3,6 +3,8 @@ package PVE::CephConfig; use strict; use warnings; use Net::IP; + +use PVE::RESTEnvironment qw(log_warn); use PVE::Tools qw(run_command); use PVE::Cluster qw(cfs_register_file); @@ -420,6 +422,10 @@ sub ceph_connect_option { } else { $cmd_option->{ceph_conf} = "/etc/pve/priv/ceph/${storeid}.conf"; } + } elsif (!$pveceph_managed) { + # No dedicated config for non-PVE-managed cluster, create new + # TODO PVE 10 - remove. All such storages already got a configuration upon creation or here. + ceph_create_configuration($scfg->{type}, $storeid); } $cmd_option->{keyring} = $keyfile if (-e $keyfile); @@ -487,6 +493,50 @@ sub ceph_remove_keyfile { } } +sub ceph_create_configuration { + my ($type, $storeid) = @_; + + return if $type eq 'cephfs'; # no configuration file needed currently + + my $extension = 'keyring'; + $extension = 'secret' if $type eq 'cephfs'; + my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension"; + + return if !-e $ceph_storage_keyring; + + my $ceph_storage_config = "/etc/pve/priv/ceph/${storeid}.conf"; + + if (-e $ceph_storage_config) { + log_warn( + "file $ceph_storage_config already exists, check manually and ensure 'keyring'" + . " option is set to '$ceph_storage_keyring'!\n", + ); + return; + } + + my $ceph_config = { + global => { + keyring => $ceph_storage_keyring, + }, + }; + + my $contents = PVE::CephConfig::write_ceph_config($ceph_storage_config, $ceph_config); + PVE::Tools::file_set_contents($ceph_storage_config, $contents, 0600); + + return; +} + +sub ceph_remove_configuration { + my ($storeid) = @_; + + my $ceph_storage_config = "/etc/pve/priv/ceph/${storeid}.conf"; + if (-f $ceph_storage_config) { + unlink $ceph_storage_config or log_warn("removing $ceph_storage_config failed - $!\n"); + } + + return; +} + my $ceph_version_parser = sub { my $ceph_version = shift; # FIXME this is the same as pve-manager PVE::Ceph::Tools get_local_version diff --git a/src/PVE/Storage/RBDPlugin.pm b/src/PVE/Storage/RBDPlugin.pm index c0bbe2c..3f7ca9f 100644 --- a/src/PVE/Storage/RBDPlugin.pm +++ b/src/PVE/Storage/RBDPlugin.pm @@ -448,6 +448,7 @@ sub on_add_hook { my ($class, $storeid, $scfg, %param) = @_; PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring}); + PVE::CephConfig::ceph_create_configuration($scfg->{type}, $storeid); return; } @@ -469,6 +470,8 @@ sub on_update_hook { sub on_delete_hook { my ($class, $storeid, $scfg) = @_; PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid); + PVE::CephConfig::ceph_remove_configuration($storeid); + return; } -- 2.47.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel