[pve-devel] [PATCH storage v4 09/49] ceph/rbd: set 'keyring' in ceph configuration for externally managed RBD storages
Fiona Ebner
f.ebner at proxmox.com
Tue Jul 1 17:40:29 CEST 2025
For QEMU, when using '-blockdev', there is no way to specify the
keyring file like was possible with '-drive', so it has to be set in
the corresponding Ceph configuration file. As it applies to all images
on the storage, it also is the most natural place for the setting.
Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
---
NOTE: This should also be mentioned in the upgrade guide for PVE 9 and
the pve8to9 script should tell the user and/or automatically set it
for existing externally managed RBD storages, that already do have a
custom configuration.
src/PVE/CephConfig.pm | 50 ++++++++++++++++++++++++++++++++++++
src/PVE/Storage/RBDPlugin.pm | 3 +++
2 files changed, 53 insertions(+)
diff --git a/src/PVE/CephConfig.pm b/src/PVE/CephConfig.pm
index 5347781..e5815c4 100644
--- a/src/PVE/CephConfig.pm
+++ b/src/PVE/CephConfig.pm
@@ -3,6 +3,8 @@ package PVE::CephConfig;
use strict;
use warnings;
use Net::IP;
+
+use PVE::RESTEnvironment qw(log_warn);
use PVE::Tools qw(run_command);
use PVE::Cluster qw(cfs_register_file);
@@ -420,6 +422,10 @@ sub ceph_connect_option {
} else {
$cmd_option->{ceph_conf} = "/etc/pve/priv/ceph/${storeid}.conf";
}
+ } elsif (!$pveceph_managed) {
+ # No dedicated config for non-PVE-managed cluster, create new
+ # TODO PVE 10 - remove. All such storages already got a configuration upon creation or here.
+ ceph_create_configuration($scfg->{type}, $storeid);
}
$cmd_option->{keyring} = $keyfile if (-e $keyfile);
@@ -487,6 +493,50 @@ sub ceph_remove_keyfile {
}
}
+sub ceph_create_configuration {
+ my ($type, $storeid) = @_;
+
+ return if $type eq 'cephfs'; # no configuration file needed currently
+
+ my $extension = 'keyring';
+ $extension = 'secret' if $type eq 'cephfs';
+ my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension";
+
+ return if !-e $ceph_storage_keyring;
+
+ my $ceph_storage_config = "/etc/pve/priv/ceph/${storeid}.conf";
+
+ if (-e $ceph_storage_config) {
+ log_warn(
+ "file $ceph_storage_config already exists, check manually and ensure 'keyring'"
+ . " option is set to '$ceph_storage_keyring'!\n",
+ );
+ return;
+ }
+
+ my $ceph_config = {
+ global => {
+ keyring => $ceph_storage_keyring,
+ },
+ };
+
+ my $contents = PVE::CephConfig::write_ceph_config($ceph_storage_config, $ceph_config);
+ PVE::Tools::file_set_contents($ceph_storage_config, $contents, 0600);
+
+ return;
+}
+
+sub ceph_remove_configuration {
+ my ($storeid) = @_;
+
+ my $ceph_storage_config = "/etc/pve/priv/ceph/${storeid}.conf";
+ if (-f $ceph_storage_config) {
+ unlink $ceph_storage_config or log_warn("removing $ceph_storage_config failed - $!\n");
+ }
+
+ return;
+}
+
my $ceph_version_parser = sub {
my $ceph_version = shift;
# FIXME this is the same as pve-manager PVE::Ceph::Tools get_local_version
diff --git a/src/PVE/Storage/RBDPlugin.pm b/src/PVE/Storage/RBDPlugin.pm
index c0bbe2c..3f7ca9f 100644
--- a/src/PVE/Storage/RBDPlugin.pm
+++ b/src/PVE/Storage/RBDPlugin.pm
@@ -448,6 +448,7 @@ sub on_add_hook {
my ($class, $storeid, $scfg, %param) = @_;
PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring});
+ PVE::CephConfig::ceph_create_configuration($scfg->{type}, $storeid);
return;
}
@@ -469,6 +470,8 @@ sub on_update_hook {
sub on_delete_hook {
my ($class, $storeid, $scfg) = @_;
PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
+ PVE::CephConfig::ceph_remove_configuration($storeid);
+
return;
}
--
2.47.2
More information about the pve-devel
mailing list