Ceph: add keyring parameter for external clusters
By adding the keyring for RBD storage or the secret for CephFS ones, it
is possible to add an external Ceph cluster with only one API call.
Previously the keyring / secret file needed to be placed in
/etc/pve/priv/ceph/$storeID.{keyring,secret} manually.
Signed-off-by: Aaron Lauterer <a.lauterer@proxmox.com>
This commit is contained in:
Aaron Lauterer
committed by
Thomas Lamprecht
Thomas Lamprecht
parent
a4a1fe6419
commit
22b68016f7
@ -112,7 +112,7 @@ __PACKAGE__->register_method ({
|
||||
return &$api_storage_config($cfg, $param->{storage});
|
||||
}});
|
||||
|
||||
my $sensitive_params = [qw(password encryption-key master-pubkey)];
|
||||
my $sensitive_params = [qw(password encryption-key master-pubkey keyring)];
|
||||
|
||||
__PACKAGE__->register_method ({
|
||||
name => 'create',
|
||||
|
||||
@ -64,13 +64,21 @@ sub param_mapping {
|
||||
}
|
||||
};
|
||||
|
||||
my $keyring_map = {
|
||||
name => 'keyring',
|
||||
desc => 'file containing the keyring to authenticate in the Ceph cluster',
|
||||
func => sub {
|
||||
my ($value) = @_;
|
||||
return PVE::Tools::file_get_contents($value);
|
||||
},
|
||||
};
|
||||
|
||||
my $mapping = {
|
||||
'cifsscan' => [ $password_map ],
|
||||
'cifs' => [ $password_map ],
|
||||
'pbs' => [ $password_map ],
|
||||
'create' => [ $password_map, $enc_key_map, $master_key_map ],
|
||||
'update' => [ $password_map, $enc_key_map, $master_key_map ],
|
||||
'create' => [ $password_map, $enc_key_map, $master_key_map, $keyring_map ],
|
||||
'update' => [ $password_map, $enc_key_map, $master_key_map, $keyring_map ],
|
||||
};
|
||||
return $mapping->{$name};
|
||||
}
|
||||
|
||||
@ -146,6 +146,7 @@ sub options {
|
||||
fuse => { optional => 1 },
|
||||
bwlimit => { optional => 1 },
|
||||
maxfiles => { optional => 1 },
|
||||
keyring => { optional => 1 },
|
||||
'prune-backups' => { optional => 1 },
|
||||
};
|
||||
}
|
||||
@ -163,20 +164,29 @@ sub check_config {
|
||||
sub on_add_hook {
|
||||
my ($class, $storeid, $scfg, %param) = @_;
|
||||
|
||||
return if defined($scfg->{monhost}); # nothing to do if not pve managed ceph
|
||||
my $secret = $param{keyring} if defined $param{keyring} // undef;
|
||||
PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $secret);
|
||||
|
||||
PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid);
|
||||
return;
|
||||
}
|
||||
|
||||
sub on_update_hook {
|
||||
my ($class, $storeid, $scfg, %param) = @_;
|
||||
|
||||
if (exists($param{keyring})) {
|
||||
if (defined($param{keyring})) {
|
||||
PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring});
|
||||
} else {
|
||||
PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
sub on_delete_hook {
|
||||
my ($class, $storeid, $scfg) = @_;
|
||||
|
||||
return if defined($scfg->{monhost}); # nothing to do if not pve managed ceph
|
||||
|
||||
PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@ -305,6 +305,10 @@ sub properties {
|
||||
description => "Always access rbd through krbd kernel module.",
|
||||
type => 'boolean',
|
||||
},
|
||||
keyring => {
|
||||
description => "Client keyring contents (for external clusters).",
|
||||
type => 'string',
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
@ -318,6 +322,7 @@ sub options {
|
||||
username => { optional => 1 },
|
||||
content => { optional => 1 },
|
||||
krbd => { optional => 1 },
|
||||
keyring => { optional => 1 },
|
||||
bwlimit => { optional => 1 },
|
||||
};
|
||||
}
|
||||
@ -327,20 +332,29 @@ sub options {
|
||||
sub on_add_hook {
|
||||
my ($class, $storeid, $scfg, %param) = @_;
|
||||
|
||||
return if defined($scfg->{monhost}); # nothing to do if not pve managed ceph
|
||||
my $secret = $param{keyring} if defined $param{keyring} // undef;
|
||||
PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $secret);
|
||||
|
||||
PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid);
|
||||
return;
|
||||
}
|
||||
|
||||
sub on_update_hook {
|
||||
my ($class, $storeid, $scfg, %param) = @_;
|
||||
|
||||
if (exists($param{keyring})) {
|
||||
if (defined($param{keyring})) {
|
||||
PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring});
|
||||
} else {
|
||||
PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
sub on_delete_hook {
|
||||
my ($class, $storeid, $scfg) = @_;
|
||||
|
||||
return if defined($scfg->{monhost}); # nothing to do if not pve managed ceph
|
||||
|
||||
PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user