From: "Max R. Carrara" <m.carrara@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH ceph v2 6/6] fix #6816: patches: make ceph-exporter use custom keyring
Date: Mon, 22 Dec 2025 15:19:04 +0100 [thread overview]
Message-ID: <20251222141907.400926-7-m.carrara@proxmox.com> (raw)
In-Reply-To: <20251222141907.400926-1-m.carrara@proxmox.com>
Add a patch that sets the CEPH_KEYRING env var for the ceph-exporter
daemon, telling it to use our custom keyring file. The patch also
sets the group of the daemon to `www-data` so that the daemon can
access the custom keyring.
Fixes: #6816
Signed-off-by: Max R. Carrara <m.carrara@proxmox.com>
---
...orter-use-custom-keyring-and-set-gro.patch | 32 +++++++++++++++++++
patches/series | 1 +
2 files changed, 33 insertions(+)
create mode 100644 patches/0042-systemd-ceph-exporter-use-custom-keyring-and-set-gro.patch
diff --git a/patches/0042-systemd-ceph-exporter-use-custom-keyring-and-set-gro.patch b/patches/0042-systemd-ceph-exporter-use-custom-keyring-and-set-gro.patch
new file mode 100644
index 0000000000..f939b1d5af
--- /dev/null
+++ b/patches/0042-systemd-ceph-exporter-use-custom-keyring-and-set-gro.patch
@@ -0,0 +1,32 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: "Max R. Carrara" <m.carrara@proxmox.com>
+Date: Tue, 16 Sep 2025 16:34:51 +0200
+Subject: [PATCH] systemd: ceph-exporter: use custom keyring and set group to
+ www-data
+
+With the help of `Environment=`, set the CEPH_KEYRING env var to point
+to our custom keyring file location for the `ceph-exporter` daemon.
+
+Additionally, set the group of the `ceph-exporter` daemon to
+`www-data`, so that it can access this keyring.
+
+Signed-off-by: Max R. Carrara <m.carrara@proxmox.com>
+---
+ systemd/ceph-exporter.service.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/systemd/ceph-exporter.service.in b/systemd/ceph-exporter.service.in
+index f4f6d05c4b4..4e55939d201 100644
+--- a/systemd/ceph-exporter.service.in
++++ b/systemd/ceph-exporter.service.in
+@@ -6,8 +6,9 @@ Before=ceph.target
+ Wants=network-online.target local-fs.target ceph.target ceph-mon.target
+
+ [Service]
++Environment="CEPH_KEYRING=/etc/pve/ceph/ceph.client.exporter.keyring"
+ ExecReload=/bin/kill -HUP $MAINPID
+-ExecStart=@CMAKE_INSTALL_PREFIX@/bin/ceph-exporter -f --id %i --setuser ceph --setgroup ceph
++ExecStart=@CMAKE_INSTALL_PREFIX@/bin/ceph-exporter -f --id exporter --setuser ceph --setgroup www-data
+ LockPersonality=true
+ NoNewPrivileges=true
+ PrivateDevices=yes
diff --git a/patches/series b/patches/series
index d775a8a068..f5c7b9eafa 100644
--- a/patches/series
+++ b/patches/series
@@ -39,3 +39,4 @@
0039-mgr-fix-module-import-by-making-NOTIFY_TYPES-in-py-m.patch
0040-pybind-rbd-disable-on_progress-callbacks-to-prevent-.patch
0041-systemd-services-fix-installing-ceph-volume.patch
+0042-systemd-ceph-exporter-use-custom-keyring-and-set-gro.patch
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-12-22 14:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-22 14:18 [pve-devel] [PATCH pve-manager v2 0/6] Fix #6816: Prevent ceph-exporter Daemon from Crashing on Startup - v2 Max R. Carrara
2025-12-22 14:18 ` [pve-devel] [PATCH pve-manager v2 1/6] ceph: tools: add helper sub for creating or updating keyring files Max R. Carrara
2025-12-22 14:19 ` [pve-devel] [PATCH pve-manager v2 2/6] fix #6816: api: ceph: create 'client.exporter' w/ keyring Max R. Carrara
2025-12-22 14:19 ` [pve-devel] [PATCH pve-manager v2 3/6] fix #6816: bin: add pve-ceph-keyring helper and call it in postinst Max R. Carrara
2025-12-22 14:19 ` [pve-devel] [PATCH pve-manager v2 4/6] ceph: tools: simplify helper sub for crash keyring file Max R. Carrara
2025-12-22 14:19 ` [pve-devel] [PATCH pve-manager v2 5/6] bin: make pve-init-ceph-crash call pve-ceph-keyring Max R. Carrara
2025-12-22 14:19 ` Max R. Carrara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251222141907.400926-7-m.carrara@proxmox.com \
--to=m.carrara@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox