Juju Charms Collection
ceph package

Merge lp:~james-page/charms/precise/ceph/fixup-mon-perms into lp:~charmers/charms/precise/ceph/trunk

  1. Precise Pangolin (12.04)
  2. fixup-mon-perms
  3. Merge into trunk
Proposed by James Page
Status: Merged
Merged at revision: 65
Proposed branch: lp:~james-page/charms/precise/ceph/fixup-mon-perms
Merge into: lp:~charmers/charms/precise/ceph/trunk
Diff against target: 71 lines (+29/-2)
2 files modified
hooks/ceph.py (+15/-2)
hooks/hooks.py (+14/-0)
To merge this branch: bzr merge lp:~james-page/charms/precise/ceph/fixup-mon-perms
Reviewer Review Type Date Requested Status
Adam Gandelman (community) Approve
Review via email: mp+186997@code.launchpad.net

Description of the change

Fixup mon permissions for client and radosgw so pools can be created still

To post a comment you must log in.
Revision history for this message
Edward Hope-Morley (hopem) wrote :

This looks good. As discussed, one concern with increasing the mon permissions is that each client can now delete any pool. Since we can infer the name of the pool the client is creating, it would be nice/safer to restrict the mon operations to a the client's pool but ceph does not appear to allow restricting mon operations to a single pool (like with 'osd allow rw pool=foo'). Lets go ahead with this patch and make sure we follow up with a patch to allow new clients to have their pools created by the ceph charm thus allowing for the rw perm to be removed (which should not break compatibility since the client does not attempt to create the pool if it already exists).

Revision history for this message
Adam Gandelman (gandelman-a) wrote :

This addresses all of my concerns from last weeks. Thanks.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/ceph.py'
--- hooks/ceph.py 2013-08-27 13:57:46 +0000
+++ hooks/ceph.py 2013-09-23 10:31:33 +0000
@@ -224,7 +224,7 @@
224224
225# OSD caps taken from ceph-create-keys225# OSD caps taken from ceph-create-keys
226_radosgw_caps = {226_radosgw_caps = {
227 'mon': ['allow r'],227 'mon': ['allow rw'],
228 'osd': ['allow rwx']228 'osd': ['allow rwx']
229}229}
230230
@@ -234,7 +234,7 @@
234234
235235
236_default_caps = {236_default_caps = {
237 'mon': ['allow r'],237 'mon': ['allow rw'],
238 'osd': ['allow rwx']238 'osd': ['allow rwx']
239}239}
240240
@@ -259,6 +259,19 @@
259 return parse_key(subprocess.check_output(cmd).strip()) # IGNORE:E1103259 return parse_key(subprocess.check_output(cmd).strip()) # IGNORE:E1103
260260
261261
262def upgrade_key_caps(key, caps):
263 ''' Upgrade key to have capabilities caps '''
264 if not is_leader():
265 # Not the MON leader OR not clustered
266 return
267 cmd = [
268 'ceph', 'auth', 'caps', key
269 ]
270 for subsystem, subcaps in caps.iteritems():
271 cmd.extend([subsystem, '; '.join(subcaps)])
272 subprocess.check_call(cmd)
273
274
262def bootstrap_monitor_cluster(secret):275def bootstrap_monitor_cluster(secret):
263 hostname = get_unit_hostname()276 hostname = get_unit_hostname()
264 path = '/var/lib/ceph/mon/ceph-{}'.format(hostname)277 path = '/var/lib/ceph/mon/ceph-{}'.format(hostname)
265278
=== modified file 'hooks/hooks.py'
--- hooks/hooks.py 2013-08-27 11:47:16 +0000
+++ hooks/hooks.py 2013-09-23 10:31:33 +0000
@@ -206,6 +206,19 @@
206 log('End notify_client.')206 log('End notify_client.')
207207
208208
209def upgrade_keys():
210 ''' Ceph now required mon allow rw for pool creation '''
211 if len(relation_ids('radosgw')) > 0:
212 ceph.upgrade_key_caps('client.radosgw.gateway',
213 ceph._radosgw_caps)
214 for relid in relation_ids('client'):
215 units = related_units(relid)
216 if len(units) > 0:
217 service_name = units[0].split('/')[0]
218 ceph.upgrade_key_caps('client.{}'.format(service_name),
219 ceph._default_caps)
220
221
209@hooks.hook('osd-relation-joined')222@hooks.hook('osd-relation-joined')
210def osd_relation():223def osd_relation():
211 log('Begin osd-relation hook.')224 log('Begin osd-relation hook.')
@@ -259,6 +272,7 @@
259 apt_install(packages=filter_installed_packages(ceph.PACKAGES), fatal=True)272 apt_install(packages=filter_installed_packages(ceph.PACKAGES), fatal=True)
260 install_upstart_scripts()273 install_upstart_scripts()
261 ceph.update_monfs()274 ceph.update_monfs()
275 upgrade_keys()
262 log('End upgrade-charm hook.')276 log('End upgrade-charm hook.')
263277
264278

Subscribers

People subscribed via source and target branches

to all changes: