public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH storage v5 09/51] ceph/rbd: set 'keyring' in ceph configuration for externally managed RBD storages
Date: Wed,  2 Jul 2025 18:27:42 +0200	[thread overview]
Message-ID: <20250702162838.393696-10-f.ebner@proxmox.com> (raw)
In-Reply-To: <20250702162838.393696-1-f.ebner@proxmox.com>

For QEMU, when using '-blockdev', there is no way to specify the
keyring file like was possible with '-drive', so it has to be set in
the corresponding Ceph configuration file. As it applies to all images
on the storage, it also is the most natural place for the setting.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---

NOTE: This should also be mentioned in the upgrade guide for PVE 9 and
the pve8to9 script should tell the user and/or automatically set it
for existing externally managed RBD storages, that already do have a
custom configuration.

 src/PVE/CephConfig.pm        | 50 ++++++++++++++++++++++++++++++++++++
 src/PVE/Storage/RBDPlugin.pm |  3 +++
 2 files changed, 53 insertions(+)

diff --git a/src/PVE/CephConfig.pm b/src/PVE/CephConfig.pm
index 5347781..e5815c4 100644
--- a/src/PVE/CephConfig.pm
+++ b/src/PVE/CephConfig.pm
@@ -3,6 +3,8 @@ package PVE::CephConfig;
 use strict;
 use warnings;
 use Net::IP;
+
+use PVE::RESTEnvironment qw(log_warn);
 use PVE::Tools qw(run_command);
 use PVE::Cluster qw(cfs_register_file);
 
@@ -420,6 +422,10 @@ sub ceph_connect_option {
         } else {
             $cmd_option->{ceph_conf} = "/etc/pve/priv/ceph/${storeid}.conf";
         }
+    } elsif (!$pveceph_managed) {
+        # No dedicated config for non-PVE-managed cluster, create new
+        # TODO PVE 10 - remove. All such storages already got a configuration upon creation or here.
+        ceph_create_configuration($scfg->{type}, $storeid);
     }
 
     $cmd_option->{keyring} = $keyfile if (-e $keyfile);
@@ -487,6 +493,50 @@ sub ceph_remove_keyfile {
     }
 }
 
+sub ceph_create_configuration {
+    my ($type, $storeid) = @_;
+
+    return if $type eq 'cephfs'; # no configuration file needed currently
+
+    my $extension = 'keyring';
+    $extension = 'secret' if $type eq 'cephfs';
+    my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension";
+
+    return if !-e $ceph_storage_keyring;
+
+    my $ceph_storage_config = "/etc/pve/priv/ceph/${storeid}.conf";
+
+    if (-e $ceph_storage_config) {
+        log_warn(
+            "file $ceph_storage_config already exists, check manually and ensure 'keyring'"
+                . " option is set to '$ceph_storage_keyring'!\n",
+        );
+        return;
+    }
+
+    my $ceph_config = {
+        global => {
+            keyring => $ceph_storage_keyring,
+        },
+    };
+
+    my $contents = PVE::CephConfig::write_ceph_config($ceph_storage_config, $ceph_config);
+    PVE::Tools::file_set_contents($ceph_storage_config, $contents, 0600);
+
+    return;
+}
+
+sub ceph_remove_configuration {
+    my ($storeid) = @_;
+
+    my $ceph_storage_config = "/etc/pve/priv/ceph/${storeid}.conf";
+    if (-f $ceph_storage_config) {
+        unlink $ceph_storage_config or log_warn("removing $ceph_storage_config failed - $!\n");
+    }
+
+    return;
+}
+
 my $ceph_version_parser = sub {
     my $ceph_version = shift;
     # FIXME this is the same as pve-manager PVE::Ceph::Tools get_local_version
diff --git a/src/PVE/Storage/RBDPlugin.pm b/src/PVE/Storage/RBDPlugin.pm
index c0bbe2c..3f7ca9f 100644
--- a/src/PVE/Storage/RBDPlugin.pm
+++ b/src/PVE/Storage/RBDPlugin.pm
@@ -448,6 +448,7 @@ sub on_add_hook {
     my ($class, $storeid, $scfg, %param) = @_;
 
     PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring});
+    PVE::CephConfig::ceph_create_configuration($scfg->{type}, $storeid);
 
     return;
 }
@@ -469,6 +470,8 @@ sub on_update_hook {
 sub on_delete_hook {
     my ($class, $storeid, $scfg) = @_;
     PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
+    PVE::CephConfig::ceph_remove_configuration($storeid);
+
     return;
 }
 
-- 
2.47.2



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


  parent reply	other threads:[~2025-07-02 16:31 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-07-02 16:27 [pve-devel] [PATCH qemu/storage/qemu-server v3 00/51] let's switch to blockdev, blockdev, blockdev, part four (final) Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu v3 01/51] PVE backup: prepare for the switch to using blockdev rather than drive Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu v3 02/51] block/zeroinit: support using as blockdev driver Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu v3 03/51] block/alloc-track: " Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu v3 04/51] block/qapi: include child references in block device info Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 05/51] plugin: add method to get qemu blockdevice options for volume Fiona Ebner
2025-07-03  9:33   ` Fabian Grünbichler
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 06/51] iscsi direct plugin: implement method to get qemu blockdevice options Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 07/51] zfs iscsi plugin: implement new " Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 08/51] zfs pool plugin: implement " Fiona Ebner
2025-07-02 16:27 ` Fiona Ebner [this message]
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 10/51] rbd plugin: implement new " Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 11/51] plugin: qemu block device: add hints option and EFI disk hint Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 12/51] plugin: qemu block device: add support for snapshot option Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 13/51] plugin: add machine version to qemu_blockdev_options() interface Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 14/51] qemu blockdev options: restrict allowed drivers and options Fiona Ebner
2025-07-02 18:15   ` Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 15/51] plugin: qemu blockdev options: parse protocol paths in default implementation Fiona Ebner
2025-07-03  9:38   ` Fabian Grünbichler
2025-07-02 16:27 ` [pve-devel] [PATCH storage v5 16/51] plugin api: bump api version and age Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 17/51] mirror: code style: avoid masking earlier declaration of $op Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 18/51] test: collect mocked functions for QemuServer module Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 19/51] drive: add helper to parse drive interface Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 20/51] drive: drop invalid export of get_scsi_devicetype Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 21/51] blockdev: add and use throttle_group_id() helper Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 22/51] blockdev: introduce top_node_name() and parse_top_node_name() helpers Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 23/51] blockdev: add helpers for attaching and detaching block devices Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 24/51] blockdev: add missing include for JSON module Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 25/51] backup: use blockdev for fleecing images Fiona Ebner
2025-07-02 16:27 ` [pve-devel] [PATCH qemu-server v3 26/51] backup: use blockdev for TPM state file Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 27/51] blockdev: introduce qdev_id_to_drive_id() helper Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 28/51] blockdev: introduce and use get_block_info() helper Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 29/51] blockdev: move helper for resize into module Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 30/51] blockdev: add helper to get node below throttle node Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 31/51] blockdev: resize: query and use node name for resize operation Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 32/51] blockdev: support using zeroinit filter Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 33/51] blockdev: make some functions private Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 34/51] blockdev: add 'no-throttle' option to skip generationg throttle top node Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 35/51] block job: allow specifying a block node that should be detached upon completion Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 36/51] block job: add blockdev mirror Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 37/51] blockdev: add change_medium() helper Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 38/51] blockdev: add blockdev_change_medium() helper Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 39/51] blockdev: move helper for configuring throttle limits to module Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 40/51] clone disk: skip check for aio=default (io_uring) compatibility starting with machine version 10.0 Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 41/51] print drive device: don't reference any drive for 'none' " Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 42/51] blockdev: add support for NBD paths Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 43/51] blockdev: add helper to generate PBS block device for live restore Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 44/51] blockdev: support alloc-track driver for live-{import, restore} Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 45/51] live import: also record volid information Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 46/51] live import/restore: query which node to use for operation Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 47/51] live import/restore: use Blockdev::detach helper Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 48/51] command line: switch to blockdev starting with machine version 10.0 Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 49/51] test: migration: update running machine to 10.0 Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 50/51] partially fix #3227: ensure that target image for mirror has the same size for EFI disks Fiona Ebner
2025-07-02 16:28 ` [pve-devel] [PATCH qemu-server v3 51/51] blockdev: pass along machine version to storage layer Fiona Ebner
2025-07-03  7:17 ` [pve-devel] [PATCH qemu/storage/qemu-server v3 00/51] let's switch to blockdev, blockdev, blockdev, part four (final) DERUMIER, Alexandre via pve-devel
2025-07-03  7:35   ` Fabian Grünbichler
2025-07-03  8:03     ` DERUMIER, Alexandre via pve-devel
2025-07-03 13:01 ` [pve-devel] applied-series: " Fabian Grünbichler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250702162838.393696-10-f.ebner@proxmox.com \
    --to=f.ebner@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal