[pve-devel] [PATCH pve-manager 8/8] fix #4759: debian/postinst: configure ceph-crash.service and its key
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jan 31 14:15:20 CET 2024
On January 30, 2024 7:40 pm, Max Carrara wrote:
> This commit adds the `set_ceph_crash_conf` function, which dynamically
> adapts the host's Ceph configuration in order to allow the Ceph crash
> module's daemon to run without elevated privileges.
>
> This adaptation is only performed if:
> * Ceph is installed
> * Ceph is configured ('/etc/pve/ceph.conf' exists)
> * Connection to RADOS is successful
>
> If the above conditions are met, the function will ensure that:
> * Ceph possesses a key named 'client.crash'
> * The key is saved to '/etc/pve/ceph/ceph.client.crash.keyring'
> * A section for 'client.crash' exists in '/etc/pve/ceph.conf'
> * The 'client.crash' section has a key named 'keyring' which
> references '/etc/pve/ceph/ceph.client.crash.keyring'
>
> Furthermore, if a key named 'client.crash' already exists within the
> cluster, it shall be reused and not regenerated. Also, the
> configuration is not altered if the conditions above are already met.
>
> This way the keyring file is available as read-only in
> '/etc/pve/ceph/' for the `www-data` group (due to how pmxcfs works).
> Because the `ceph` user has been made part of said `www-data` group
> [0], it may access the file without requiring any additional
> privileges.
>
> Thus, the configuration for the Ceph crash daemon is safely adapted as
> expected by PVE tooling and also shared via pmxcfs across one's
> cluster.
>
> [0]: https://git.proxmox.com/?p=ceph.git;a=commitdiff;h=f72c698a55905d93e9a0b7b95674616547deba8a
>
> Signed-off-by: Max Carrara <m.carrara at proxmox.com>
> ---
> debian/postinst | 109 ++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 109 insertions(+)
>
> diff --git a/debian/postinst b/debian/postinst
> index 00d5f2cc..8d2a8c4b 100755
> --- a/debian/postinst
> +++ b/debian/postinst
> @@ -110,6 +110,114 @@ migrate_apt_auth_conf() {
> fi
> }
>
> +set_ceph_crash_conf() {
> + PVE_CEPH_CONFFILE='/etc/pve/ceph.conf'
> + PVE_CEPH_CONFDIR='/etc/pve/ceph'
> + PVE_CEPH_CRASH_KEY="${PVE_CEPH_CONFDIR}/ceph.client.crash.keyring"
> + PVE_CEPH_CRASH_KEY_REF="${PVE_CEPH_CONFDIR}/\$cluster.\$name.keyring"
> +
> + # ceph isn't installed -> nothing to do
> + if ! which ceph > /dev/null 2>&1; then
> + return 0
> + fi
> +
> + # ceph isn't configured -> nothing to do
> + if test ! -f "${PVE_CEPH_CONFFILE}"; then
> + return 0
> + fi
> +
> + CEPH_AUTH_RES="$(ceph auth get-or-create client.crash mon 'profile crash' mgr 'profile crash' 2>&1 || true)"
> +
> + # ceph is installed and possibly configured, but no connection to RADOS
> + # -> assume no monitor was created, nothing to do
> + if echo "${CEPH_AUTH_RES}" | grep -i -q 'RADOS object not found'; then
> + return 0
> + fi
the stuff after this point basically duplicates a lot of things from
pveceph in shell.. wouldn't it be easier to have a pveceph reinit or
similar command (or a parameter to an existing one) and call that here?
or, for even less coupling (and thus chance of things going wrong and
interrupting the upgrade), include a check somewhere in the ceph status
code path and just add a warning if the key is not configured, with a
hint what command to run/button to click to do the setup?
> + SECTION_RE='^\[\S+\]$'
> + CRASH_SECTION_RE='^\[client\.crash\]$'
> +
> [..]
More information about the pve-devel
mailing list