[pve-devel] [PATCH v2 pve-manager 09/11] fix #4759: ceph: configure keyring for ceph-crash.service
Max Carrara
m.carrara at proxmox.com
Mon Feb 5 18:54:17 CET 2024
when creating the cluster's first monitor.
Signed-off-by: Max Carrara <m.carrara at proxmox.com>
---
Changes v1 --> v2:
* do not enable/restart `ceph-crash` anymore when creating first mon
* drop changes to function `ceph_service_cmd` as they are no longer
needed
* create keyring for `ceph-crash` before modifying 'ceph.conf'
* always set keyring for 'client.crash' section instead of only
if section doesn't exist already
* only modify the keyring file in `get_or_create_crash_keyring()`
if the content differs from the output of `ceph auth get-or-create`
PVE/API2/Ceph/MON.pm | 17 ++++++++++++++++-
PVE/Ceph/Tools.pm | 39 +++++++++++++++++++++++++++++++++++++++
2 files changed, 55 insertions(+), 1 deletion(-)
diff --git a/PVE/API2/Ceph/MON.pm b/PVE/API2/Ceph/MON.pm
index 1e959ef3..ae12a2d3 100644
--- a/PVE/API2/Ceph/MON.pm
+++ b/PVE/API2/Ceph/MON.pm
@@ -459,11 +459,26 @@ __PACKAGE__->register_method ({
});
die $@ if $@;
# automatically create manager after the first monitor is created
+ # and set up keyring and config for ceph-crash.service
if ($is_first_monitor) {
PVE::API2::Ceph::MGR->createmgr({
node => $param->{node},
id => $param->{node}
- })
+ });
+
+ eval {
+ PVE::Ceph::Tools::get_or_create_crash_keyring();
+ };
+ warn "Unable to configure keyring for ceph-crash.service: $@" if $@;
+
+ PVE::Cluster::cfs_lock_file('ceph.conf', undef, sub {
+ my $cfg = cfs_read_file('ceph.conf');
+
+ $cfg->{'client.crash'}->{keyring} = '/etc/pve/ceph/$cluster.$name.keyring';
+
+ cfs_write_file('ceph.conf', $cfg);
+ });
+ die $@ if $@;
}
};
diff --git a/PVE/Ceph/Tools.pm b/PVE/Ceph/Tools.pm
index 273a3eb6..02a932e3 100644
--- a/PVE/Ceph/Tools.pm
+++ b/PVE/Ceph/Tools.pm
@@ -18,7 +18,9 @@ my $ccname = 'ceph'; # ceph cluster name
my $ceph_cfgdir = "/etc/ceph";
my $pve_ceph_cfgpath = "/etc/pve/$ccname.conf";
my $ceph_cfgpath = "$ceph_cfgdir/$ccname.conf";
+my $pve_ceph_cfgdir = "/etc/pve/ceph";
+my $pve_ceph_crash_key_path = "$pve_ceph_cfgdir/$ccname.client.crash.keyring";
my $pve_mon_key_path = "/etc/pve/priv/$ccname.mon.keyring";
my $pve_ckeyring_path = "/etc/pve/priv/$ccname.client.admin.keyring";
my $ckeyring_path = "/etc/ceph/ceph.client.admin.keyring";
@@ -37,12 +39,14 @@ my $ceph_service = {
my $config_values = {
ccname => $ccname,
+ pve_ceph_cfgdir => $pve_ceph_cfgdir,
ceph_mds_data_dir => $ceph_mds_data_dir,
long_rados_timeout => 60,
};
my $config_files = {
pve_ceph_cfgpath => $pve_ceph_cfgpath,
+ pve_ceph_crash_key_path => $pve_ceph_crash_key_path,
pve_mon_key_path => $pve_mon_key_path,
pve_ckeyring_path => $pve_ckeyring_path,
ceph_bootstrap_osd_keyring => $ceph_bootstrap_osd_keyring,
@@ -415,6 +419,41 @@ sub get_or_create_admin_keyring {
return $pve_ckeyring_path;
}
+# requires connection to existing monitor
+sub get_or_create_crash_keyring {
+ my ($rados) = @_;
+
+ if (!defined($rados)) {
+ $rados = PVE::RADOS->new();
+ }
+
+ my $output = $rados->mon_command({
+ prefix => 'auth get-or-create',
+ entity => 'client.crash',
+ caps => [
+ mon => 'profile crash',
+ mgr => 'profile crash',
+ ],
+ format => 'plain',
+ });
+
+ if (! -d $pve_ceph_cfgdir) {
+ File::Path::make_path($pve_ceph_cfgdir);
+ }
+
+ if (-f $pve_ceph_crash_key_path) {
+ my $contents = PVE::Tools::file_get_contents($pve_ceph_crash_key_path);
+
+ if ($contents ne $output) {
+ PVE::Tools::file_set_contents($pve_ceph_crash_key_path, $output);
+ }
+ } else {
+ PVE::Tools::file_set_contents($pve_ceph_crash_key_path, $output);
+ }
+
+ return $pve_ceph_crash_key_path;
+}
+
# get ceph-volume managed osds
sub ceph_volume_list {
my $result = {};
--
2.39.2
More information about the pve-devel
mailing list