From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Aaron Lauterer <a.lauterer@proxmox.com>
Subject: Re: [pve-devel] [PATCH storage 2/2] Ceph: add keyring parameter for external clusters
Date: Fri, 30 Jul 2021 15:35:23 +0200 [thread overview]
Message-ID: <71228b54-f525-283b-a773-f90929643e5c@proxmox.com> (raw)
In-Reply-To: <20210721151326.391244-3-a.lauterer@proxmox.com>
On 21/07/2021 17:13, Aaron Lauterer wrote:
> By adding the keyring for RBD storage or the secret for CephFS ones, it
> is possible to add an external Ceph cluster with only one API call.
>
> Previously the keyring / secret file needed to be placed in
> /etc/pve/priv/ceph/$storeID.{keyring,secret} manually.
>
> Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
> ---
> PVE/API2/Storage/Config.pm | 2 +-
> PVE/CLI/pvesm.pm | 12 ++++++++++--
> PVE/Storage/CephFSPlugin.pm | 20 ++++++++++++++------
> PVE/Storage/RBDPlugin.pm | 24 ++++++++++++++++++------
> 4 files changed, 43 insertions(+), 15 deletions(-)
>
> diff --git a/PVE/Storage/CephFSPlugin.pm b/PVE/Storage/CephFSPlugin.pm
> index 2aaa450..ae02cb8 100644
> --- a/PVE/Storage/CephFSPlugin.pm
> +++ b/PVE/Storage/CephFSPlugin.pm
> @@ -163,20 +164,27 @@ sub check_config {
> sub on_add_hook {
> my ($class, $storeid, $scfg, %param) = @_;
>
> - return if defined($scfg->{monhost}); # nothing to do if not pve managed ceph
> + my $secret = $param{keyring} if defined $param{keyring} // undef;
> + PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $secret);
>
> - PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid);
> + return;
> +}
> +
> +sub on_update_hook {
> + my ($class, $storeid, $scfg, %param) = @_;
> +
> + if (defined($param{keyring})) {
> + PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring});
> + } else {
> + PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
> + }
this is dangerous, you will always delete the key on any update that did not
provided a new one.
Please look in other plugins about how one must handle this, e.g., PBS
if (exists($param{password})) {
if (defined($param{password})) {
pbs_set_password($scfg, $storeid, $param{password});
} else {
pbs_delete_password($scfg, $storeid);
}
}
iow, first check if the param is set and only then you can deduct that undefined
means "must be deleted".
> @@ -327,20 +332,27 @@ sub options {
> sub on_add_hook {
> my ($class, $storeid, $scfg, %param) = @_;
>
> - return if defined($scfg->{monhost}); # nothing to do if not pve managed ceph
> + my $secret = $param{keyring} if defined $param{keyring} // undef;
> + PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $secret);
> +
> + return;
> +}
> +
> +sub on_update_hook {
> + my ($class, $storeid, $scfg, %param) = @_;
>
> - PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid);
> + if (defined($param{keyring})) {
> + PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring});
> + } else {
> + PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
> + }
same here.
prev parent reply other threads:[~2021-07-30 13:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-21 15:13 [pve-devel] [PATCH storage 0/2] RBD/Cephfs: new keyring parameter Aaron Lauterer
2021-07-21 15:13 ` [pve-devel] [PATCH storage 1/2] CephConfig: add optional $secret parameter Aaron Lauterer
2021-07-21 15:13 ` [pve-devel] [PATCH storage 2/2] Ceph: add keyring parameter for external clusters Aaron Lauterer
2021-07-30 13:35 ` Thomas Lamprecht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=71228b54-f525-283b-a773-f90929643e5c@proxmox.com \
--to=t.lamprecht@proxmox.com \
--cc=a.lauterer@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox