Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mgr/cephadm: store contianer registry credentials in config-key #43889

Merged
merged 1 commit into from
Dec 16, 2021
Merged

mgr/cephadm: store contianer registry credentials in config-key #43889

merged 1 commit into from
Dec 16, 2021

Conversation

Daniel-Pivonka
Copy link

@Daniel-Pivonka Daniel-Pivonka commented Nov 11, 2021
edited

store credentials in a more secure place

Fixes: https://tracker.ceph.com/issues/53269
Signed-off-by: Daniel Pivonka dpivonka@redhat.com

@Daniel-Pivonka Daniel-Pivonka requested a review from a team as a code owner November 11, 2021 15:19
@Daniel-Pivonka Daniel-Pivonka force-pushed the cephadm-reg-cred branch 4 times, most recently from 59805e8 to 3396511 Compare November 15, 2021 14:26
liewegas
liewegas reviewed Nov 15, 2021
View reviewed changes
src/pybind/mgr/cephadm/module.py
@@ -277,6 +277,7 @@ class CephadmOrchestrator(orchestrator.Orchestrator, MgrModule,
default='*',
desc='PlacementSpec describing on which hosts to manage /etc/ceph/ceph.conf',
),
# not used anymore
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should remove these options entirely. If I'm reading the code properly, the migration config rm calls should still work.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i wanted to do that but i was having trouble getting the old values during the migration.

once the new mgr takes over during an upgrade and with those removed
registry_url = self.mgr.get_module_option('registry_url')
causes
RuntimeError: Config option 'registry_url' is not in CephadmOrchestrator.MODULE_OPTIONS

and

ret, registry_url, err = self.mgr.mon_command({
                'prefix': 'config get',
                'who': 'mgr',
                'key': 'mgr/cephadm/registry_url',
            })

returns a return code of -2 and no value for registry_url

additionally trying to run

ceph config get mgr mgr/cephadm/registry_url

returns Error ENOENT:

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I should add a --force to config get... WDYT @sebastian-philipp ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not yet made my mind about this one. IMO this is an extraordinary edge case. Is it worth building extra code for this?

sebastian-philipp
sebastian-philipp suggested changes Nov 16, 2021
View reviewed changes
src/pybind/mgr/cephadm/migrations.py
Comment on lines +275 to +295
self.mgr.set_module_option('registry_url', None)
self.mgr.check_mon_command({
'prefix': 'config rm',
'who': 'mgr',
'key': 'mgr/cephadm/registry_url',
})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

think this is redundant. See

ceph/src/mgr/PyModule.cc

Lines 199 to 204 in 8713c24

if (val) {
jf.dump_string("prefix", "config set");
jf.dump_string("value", *val);
} else {
jf.dump_string("prefix", "config rm");
}

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

without this the values do not get removed from config dump

src/pybind/mgr/cephadm/serve.py Outdated Show resolved Hide resolved
src/pybind/mgr/cephadm/serve.py Outdated Show resolved Hide resolved
@sebastian-philipp
Copy link
Contributor

sebastian-philipp commented Nov 16, 2021
edited

While you're here, https://docs.ceph.com/en/latest/cephadm/install/#further-information-about-cephadm-bootstrap is bad as well. Can we deprecate cephadm bootstrap --registry-password? I.e. only document --registry-json

@github-actions
Copy link

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

@sebastian-philipp sebastian-philipp mentioned this pull request Nov 24, 2021
Merged
@sebastian-philipp
Copy link
Contributor 

2021-11-29T16:40:23.637 DEBUG:teuthology.orchestra.run.smithi026:> sudo /home/ubuntu/cephtest/cephadm --image docker.io/ceph/ceph:v16.2.4 shell -c /etc/ceph/ceph.conf -k /etc/ceph/ceph.client.admin.keyring --fsid 65fb89d2-5130-11ec-8c2d-001a4aab830c -- bash -c 'ceph config get mgr mgr/cephadm/migration_current | grep 3'
2021-11-29T16:40:24.741 INFO:journalctl@ceph.mon.smithi026.smithi026.stdout:Nov 29 16:40:24 smithi026 ceph-mon[106998]: pgmap v356: 129 pgs: 129 active+clean; 214 MiB data, 2.7 GiB used, 712 GiB / 715 GiB avail; 255 B/s rd, 0 op/s
2021-11-29T16:40:25.037 INFO:journalctl@ceph.mon.smithi119.smithi119.stdout:Nov 29 16:40:24 smithi119 ceph-mon[74838]: pgmap v356: 129 pgs: 129 active+clean; 214 MiB data, 2.7 GiB used, 712 GiB / 715 GiB avail; 255 B/s rd, 0 op/s
2021-11-29T16:40:25.968 DEBUG:teuthology.orchestra.run:got remote process result: 1
2021-11-29T16:40:25.969 ERROR:teuthology.run_tasks:Saw exception from tasks.
Traceback (most recent call last):
  File "/home/teuthworker/src/git.ceph.com_git_teuthology_a0bc318848afe71da1fbf34e1e1b44738d8e3d6d/teuthology/run_tasks.py", line 91, in run_tasks
    manager = run_one_task(taskname, ctx=ctx, config=config)
  File "/home/teuthworker/src/git.ceph.com_git_teuthology_a0bc318848afe71da1fbf34e1e1b44738d8e3d6d/teuthology/run_tasks.py", line 70, in run_one_task
    return task(**kwargs)
  File "/home/teuthworker/src/git.ceph.com_ceph-c_caa4f4125affaece3c1649c79f1b56fa72f9867e/qa/tasks/cephadm.py", line 1101, in shell
    extra_cephadm_args=args)
  File "/home/teuthworker/src/git.ceph.com_ceph-c_caa4f4125affaece3c1649c79f1b56fa72f9867e/qa/tasks/cephadm.py", line 47, in _shell
    **kwargs
  File "/home/teuthworker/src/git.ceph.com_git_teuthology_a0bc318848afe71da1fbf34e1e1b44738d8e3d6d/teuthology/orchestra/remote.py", line 509, in run
    r = self._runner(client=self.ssh, name=self.shortname, **kwargs)
  File "/home/teuthworker/src/git.ceph.com_git_teuthology_a0bc318848afe71da1fbf34e1e1b44738d8e3d6d/teuthology/orchestra/run.py", line 455, in run
    r.wait()
  File "/home/teuthworker/src/git.ceph.com_git_teuthology_a0bc318848afe71da1fbf34e1e1b44738d8e3d6d/teuthology/orchestra/run.py", line 161, in wait
    self._raise_for_status()
  File "/home/teuthworker/src/git.ceph.com_git_teuthology_a0bc318848afe71da1fbf34e1e1b44738d8e3d6d/teuthology/orchestra/run.py", line 183, in _raise_for_status
    node=self.hostname, label=self.label
teuthology.exceptions.CommandFailedError: Command failed on smithi026 with status 1: "sudo /home/ubuntu/cephtest/cephadm --image docker.io/ceph/ceph:v16.2.4 shell -c /etc/ceph/ceph.conf -k /etc/ceph/ceph.client.admin.keyring --fsid 65fb89d2-5130-11ec-8c2d-001a4aab830c -- bash -c 'ceph config get mgr mgr/cephadm/migration_current | grep 3'"

https://pulpito.ceph.com/swagner-2021-11-29_16:02:52-orch:cephadm-wip-swagner3-testing-2021-11-29-1155-distro-default-smithi/6533675

See

ceph/qa/suites/orch/cephadm/mgr-nfs-upgrade/4-final.yaml

Line 10 in 174ad99

- ceph config get mgr mgr/cephadm/migration_current | grep 3

@github-actions
Copy link

github-actions bot commented Dec 1, 2021

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

mgr/cephadm: store contianer registry credentials in config-key
2c29286 
Signed-off-by: Daniel Pivonka <dpivonka@redhat.com>
@sebastian-philipp sebastian-philipp added the wip-swagner-testing My Teuthology tests label Dec 2, 2021
@sebastian-philipp
Copy link
Contributor

https://pulpito.ceph.com/swagner-2021-12-15_14:51:15-orch:cephadm-wip-swagner-testing-2021-12-15-1026-distro-default-smithi/

@sebastian-philipp sebastian-philipp merged commit e911f41 into ceph:master Dec 16, 2021
@sebastian-philipp sebastian-philipp mentioned this pull request Jan 19, 2022
Merged
@adk3798 adk3798 mentioned this pull request Jun 12, 2023
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liewegas liewegas liewegas left review comments

@sebastian-philipp sebastian-philipp sebastian-philipp approved these changes

Assignees
No one assigned
Labels
cephadm documentation pybind wip-swagner-testing My Teuthology tests
Projects
None yet
Milestone
No milestone
3 participants
@Daniel-Pivonka @sebastian-philipp @liewegas