Customize NFS

Signed-off-by: Teoman ONAY <tonay@ibm.com>
ceph · Feb 26, 2024 · e09982a · e09982a
1 parent e7ecafc
commit e09982a
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 1 deletion.
diff --git a/src/cephadm/cephadmlib/daemons/nfs.py b/src/cephadm/cephadmlib/daemons/nfs.py
@@ -31,7 +31,7 @@ class NFSGanesha(ContainerDaemonForm):
     entrypoint = '/usr/bin/ganesha.nfsd'
     daemon_args = ['-F', '-L', 'STDERR']
 
-    required_files = ['ganesha.conf']
+    required_files = ['ganesha.conf', 'idmap.conf']
 
     port_map = {
         'nfs': 2049,

diff --git a/src/cephadm/tests/test_nfs.py b/src/cephadm/tests/test_nfs.py
@@ -25,6 +25,7 @@ def nfs_json(**kwargs):
     if kwargs.get("files"):
         result["files"] = {
             "ganesha.conf": "",
+            "idmap.conf": "",
         }
     if kwargs.get("rgw_content"):
         result["rgw"] = dict(kwargs["rgw_content"])

diff --git a/src/pybind/mgr/cephadm/services/nfs.py b/src/pybind/mgr/cephadm/services/nfs.py
@@ -5,6 +5,8 @@
 import subprocess
 import tempfile
 from typing import Dict, Tuple, Any, List, cast, Optional
+from configparser import ConfigParser
+from io import StringIO
 
 from mgr_module import HandleCommandResult
 from mgr_module import NFS_POOL_NAME as POOL_NAME
@@ -79,6 +81,8 @@ def generate_config(self, daemon_spec: CephadmDaemonDeploySpec) -> Tuple[Dict[st
 
         nodeid = f'{daemon_spec.service_name}.{daemon_spec.rank}'
 
+        nfs_idmap_conf = '/etc/ganesha/idmap.conf'
+
         # create the RADOS recovery pool keyring
         rados_user = f'{daemon_type}.{daemon_id}'
         rados_keyring = self.create_keyring(daemon_spec)
@@ -115,12 +119,28 @@ def get_ganesha_conf() -> str:
                 "port": daemon_spec.ports[0] if daemon_spec.ports else 2049,
                 "bind_addr": bind_addr,
                 "haproxy_hosts": [],
+                "nfs_idmap_conf": nfs_idmap_conf,
             }
             if spec.enable_haproxy_protocol:
                 context["haproxy_hosts"] = self._haproxy_hosts()
                 logger.debug("selected haproxy_hosts: %r", context["haproxy_hosts"])
             return self.mgr.template.render('services/nfs/ganesha.conf.j2', context)
 
+        # generate the idmap config
+        def get_idmap_conf() -> str:
+            idmap_conf = spec.idmap_conf
+            cp = ConfigParser()
+            out = StringIO()
+            for sections, keys in idmap_conf:
+                cp[sections.upper()] = {}
+                for key, value in keys.items():
+                    cp[sections][key.lower()] = value.lower()
+            cp.write(out)
+            out.seek(0)
+            output = out.read()
+            out.close()
+            return output
+
         # generate the cephadm config json
         def get_cephadm_config() -> Dict[str, Any]:
             config: Dict[str, Any] = {}
@@ -130,6 +150,7 @@ def get_cephadm_config() -> Dict[str, Any]:
             config['extra_args'] = ['-N', 'NIV_EVENT']
             config['files'] = {
                 'ganesha.conf': get_ganesha_conf(),
+                'idmap.conf': get_idmap_conf()
             }
             config.update(
                 self.get_config_and_keyring(

diff --git a/src/pybind/mgr/cephadm/templates/services/nfs/ganesha.conf.j2 b/src/pybind/mgr/cephadm/templates/services/nfs/ganesha.conf.j2
@@ -16,6 +16,9 @@ NFSv4 {
         Delegations = false;
         RecoveryBackend = 'rados_cluster';
         Minor_Versions = 1, 2;
+{% if nfs_idmap_conf %}
+        IdmapConf = "{{ nfs_idmap_conf }}";
+{% endif %}
 }
 
 RADOS_KV {

diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
@@ -1093,6 +1093,7 @@ def __init__(self,
                  enable_haproxy_protocol: bool = False,
                  extra_container_args: Optional[GeneralArgList] = None,
                  extra_entrypoint_args: Optional[GeneralArgList] = None,
+                 idmap_conf: Optional[Dict[str, Dict[str, str]]] = None,
                  custom_configs: Optional[List[CustomConfig]] = None,
                  ):
         assert service_type == 'nfs'
@@ -1105,6 +1106,7 @@ def __init__(self,
         self.port = port
         self.virtual_ip = virtual_ip
         self.enable_haproxy_protocol = enable_haproxy_protocol
+        self.idmap_conf = idmap_conf
 
     def get_port_start(self) -> List[int]:
         if self.port:

diff --git a/src/python-common/ceph/tests/test_service_spec.py b/src/python-common/ceph/tests/test_service_spec.py
@@ -398,6 +398,17 @@ def test_osd_unmanaged():
 spec:
   port: 1234
 ---
+service_id: mynfs
+service_name: nfs.mynfs
+spec:
+  port: 1234
+idmap_conf:
+  general:
+    local-Realms: DOMAIN.ORG
+  mapping:
+    nobody-User: nfsnobody
+    nobody-Group: nfsnobody
+---
 service_type: iscsi
 service_id: iscsi
 service_name: iscsi.iscsi