mgr/cephadm: reimplement ceph.conf pushing; push client keyrings too #40941
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
liewegas
force-pushed
the
cephadm-conf-placement
branch
2 times, most recently
from
7da5ab8
to
144da3b
Compare
liewegas
changed the title
Add a config option to control which hosts (by default, *) get a ceph.conf (if the bool manage_etc_ceph_ceph_conf option is enabled). We don't modify the existing option because changing a type makes for a messy migration: we have to sort out which section the config option is in to change it. Also, a simple on/off which is more friendly than specifying "*" to enable something. Signed-off-by: Sage Weil <sage@newdream.net>
This is careful is ownership, mode, and fsyncs before renaming into position. Signed-off-by: Sage Weil <sage@newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>
liewegas
force-pushed
the
cephadm-conf-placement
branch
2 times, most recently
from
4ed969e
to
34cd3d8
Compare
adk3798
reviewed
Apr 22, 2021
| raise OrchestratorError('mode must be an octal mode, e.g. "600"') | ||
| else: | ||
| imode = 0o600 | ||
| pspec = PlacementSpec.from_string(placement) |
There was a problem hiding this comment.
Should placement specs that just use "count" not be allowed here since they don't make much sense in this context?
| @@ -1191,6 +1201,67 @@ def run(h: str) -> str: | |||
|
|
|||
| return HandleCommandResult(stdout='\n'.join(run(host))) | |||
|
|
|||
| @orchestrator._cli_read_command('orch client-keyring ls') | |||
There was a problem hiding this comment.
are we okay with starting to put "ceph orch" commands directly in the cephadm module rather than the orchestrator? Other commands we've done here have been "ceph cephadm"
liewegas
force-pushed
the
cephadm-conf-placement
branch
5 times, most recently
from
d9964f3
to
8eea8c7
Compare
liewegas
force-pushed
the
cephadm-conf-placement
branch
3 times, most recently
from
4621b2a
to
dfbaebc
Compare
Comment on lines
-330
to
-332
| if 'last_etc_ceph_ceph_conf' in j: | ||
| self.last_etc_ceph_ceph_conf[host] = str_to_datetime( | ||
| j['last_etc_ceph_ceph_conf']) |
There was a problem hiding this comment.
downgrades. Yes it will work, but it will redeploy the ceph.conf on all hosts.
liewegas
force-pushed
the
cephadm-conf-placement
branch
from
2d6d37c
to
12a117f
Compare
Use a more generic inventory map of paths to digests to track what we've pushed. Signed-off-by: Sage Weil <sage@newdream.net>
…g files Teach cephadm to manage keyring files on cluster hosts. These keys must already exist in the mon auth database--cephadm does not create them if they don't exist (and will issue warnings to the log if they do not). A ceph.conf is pushed implicitly along with the keyring file. Each keyring added will be pushed to the hosts described by the placement spec with the appropriate ownership and mode. If the ownership, mode, or path are modified, the files are rewritten or removed as need. If the client-keyring entry is removed, the keyring files are removed. Signed-off-by: Sage Weil <sage@newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>
liewegas
force-pushed
the
cephadm-conf-placement
branch
from
12a117f
to
68be01c
Compare
liewegas
force-pushed
the
cephadm-conf-placement
branch
3 times, most recently
from
8326505
to
b67186c
Compare
liewegas
force-pushed
the
cephadm-conf-placement
branch
from
b67186c
to
d4949c6
Compare
sebastian-philipp
approved these changes
Apr 27, 2021
…strap If we are placing ceph.conf in /etc/ceph (the default), tell the cluster to continue doing this going forward to hosts with the '_admin' label. This doesn't induce the user to add the admin label to other hosts too, unfortunately--e probably want them to add the admin label to other mons, for instance--but it is a start. Signed-off-by: Sage Weil <sage@newdream.net>
Except during upgrades, since it is not supported there. Signed-off-by: Sage Weil <sage@newdream.net>
Signed-off-by: Sage Weil <sage@newdream.net>
liewegas
force-pushed
the
cephadm-conf-placement
branch
from
781f47a
to
e41931d
Compare
|
Do you want to add this to https://docs.ceph.com/en/latest/cephadm/client-setup/ ? |
adk3798
approved these changes
Apr 28, 2021
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ceph orch client-keyring {ls,set,rm}commands to manage which client keyrings (and associated configs) to push where