-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mgr/cephadm: store contianer registry credentials in config-key #43889
mgr/cephadm: store contianer registry credentials in config-key #43889
Conversation
59805e8
to
3396511
Compare
@@ -277,6 +277,7 @@ class CephadmOrchestrator(orchestrator.Orchestrator, MgrModule, | |||
default='*', | |||
desc='PlacementSpec describing on which hosts to manage /etc/ceph/ceph.conf', | |||
), | |||
# not used anymore |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should remove these options entirely. If I'm reading the code properly, the migration config rm
calls should still work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i wanted to do that but i was having trouble getting the old values during the migration.
once the new mgr takes over during an upgrade and with those removed
registry_url = self.mgr.get_module_option('registry_url')
causes
RuntimeError: Config option 'registry_url' is not in CephadmOrchestrator.MODULE_OPTIONS
and
ret, registry_url, err = self.mgr.mon_command({
'prefix': 'config get',
'who': 'mgr',
'key': 'mgr/cephadm/registry_url',
})
returns a return code of -2
and no value for registry_url
additionally trying to run
ceph config get mgr mgr/cephadm/registry_url
returns Error ENOENT:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I should add a --force
to config get
... WDYT @sebastian-philipp ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not yet made my mind about this one. IMO this is an extraordinary edge case. Is it worth building extra code for this?
self.mgr.set_module_option('registry_url', None) | ||
self.mgr.check_mon_command({ | ||
'prefix': 'config rm', | ||
'who': 'mgr', | ||
'key': 'mgr/cephadm/registry_url', | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
think this is redundant. See
Lines 199 to 204 in 8713c24
if (val) { | |
jf.dump_string("prefix", "config set"); | |
jf.dump_string("value", *val); | |
} else { | |
jf.dump_string("prefix", "config rm"); | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
without this the values do not get removed from config dump
While you're here, https://docs.ceph.com/en/latest/cephadm/install/#further-information-about-cephadm-bootstrap is bad as well. Can we deprecate |
This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved |
3396511
to
423ff2e
Compare
423ff2e
to
28b961e
Compare
See
|
This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved |
Signed-off-by: Daniel Pivonka <dpivonka@redhat.com>
28b961e
to
2c29286
Compare
store credentials in a more secure place
Fixes: https://tracker.ceph.com/issues/53269
Signed-off-by: Daniel Pivonka dpivonka@redhat.com