mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-17 20:00:23 +00:00
cephfs: ceph-fuse mimic supports passing keys via args, let's use it
This commit is contained in:
parent
b3944f3121
commit
8e371f62fa
@ -17,12 +17,7 @@ limitations under the License.
|
||||
package cephfs
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"k8s.io/klog"
|
||||
)
|
||||
|
||||
const (
|
||||
@ -53,83 +48,47 @@ func getCephUserName(volID volumeID) string {
|
||||
return cephUserPrefix + string(volID)
|
||||
}
|
||||
|
||||
func getCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) {
|
||||
entityName := cephEntityClientPrefix + getCephUserName(volID)
|
||||
|
||||
func getSingleCephEntity(args ...string) (*cephEntity, error) {
|
||||
var ents []cephEntity
|
||||
args := [...]string{
|
||||
"-m", volOptions.Monitors,
|
||||
"auth", "-f", "json", "-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id),
|
||||
"get", entityName,
|
||||
}
|
||||
|
||||
out, err := execCommand("ceph", args[:]...)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cephfs: ceph failed with following error: %s\ncephfs: ceph output: %s", err, out)
|
||||
}
|
||||
|
||||
// Workaround for output from `ceph auth get`
|
||||
// Contains non-json data: "exported keyring for ENTITY\n\n"
|
||||
offset := bytes.Index(out, []byte("[{"))
|
||||
|
||||
if err = json.NewDecoder(bytes.NewReader(out[offset:])).Decode(&ents); err != nil {
|
||||
return nil, fmt.Errorf("failed to decode json: %v", err)
|
||||
if err := execCommandJSON(&ents, "ceph", args...); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if len(ents) != 1 {
|
||||
return nil, fmt.Errorf("got unexpected number of entities for %s: expected 1, got %d", entityName, len(ents))
|
||||
return nil, fmt.Errorf("got unexpected number of entities: expected 1, got %d", len(ents))
|
||||
}
|
||||
|
||||
return &ents[0], nil
|
||||
}
|
||||
|
||||
func getCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) {
|
||||
return getSingleCephEntity(
|
||||
"-m", volOptions.Monitors,
|
||||
"-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key,
|
||||
"-c", cephConfigPath,
|
||||
"-f", "json",
|
||||
"auth", "get", cephEntityClientPrefix+getCephUserName(volID),
|
||||
)
|
||||
}
|
||||
|
||||
func createCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) {
|
||||
caps := cephEntityCaps{
|
||||
Mds: fmt.Sprintf("allow rw path=%s", getVolumeRootPathCeph(volID)),
|
||||
Mon: "allow r",
|
||||
Osd: fmt.Sprintf("allow rw pool=%s namespace=%s", volOptions.Pool, getVolumeNamespace(volID)),
|
||||
}
|
||||
|
||||
var ents []cephEntity
|
||||
args := [...]string{
|
||||
return getSingleCephEntity(
|
||||
"-m", volOptions.Monitors,
|
||||
"auth", "-f", "json", "-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id),
|
||||
"get-or-create", cephEntityClientPrefix + getCephUserName(volID),
|
||||
"mds", caps.Mds,
|
||||
"mon", caps.Mon,
|
||||
"osd", caps.Osd,
|
||||
}
|
||||
|
||||
if err := execCommandJSON(&ents, args[:]...); err != nil {
|
||||
return nil, fmt.Errorf("error creating ceph user: %v", err)
|
||||
}
|
||||
|
||||
return &ents[0], nil
|
||||
"-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key,
|
||||
"-c", cephConfigPath,
|
||||
"-f", "json",
|
||||
"auth", "get-or-create", cephEntityClientPrefix+getCephUserName(volID),
|
||||
"mds", fmt.Sprintf("allow rw path=%s", getVolumeRootPathCeph(volID)),
|
||||
"mon", "allow r",
|
||||
"osd", fmt.Sprintf("allow rw pool=%s namespace=%s", volOptions.Pool, getVolumeNamespace(volID)),
|
||||
)
|
||||
}
|
||||
|
||||
func deleteCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) error {
|
||||
userID := getCephUserName(volID)
|
||||
|
||||
args := [...]string{
|
||||
return execCommandErr("ceph",
|
||||
"-m", volOptions.Monitors,
|
||||
"-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id),
|
||||
"auth", "rm", cephEntityClientPrefix + userID,
|
||||
}
|
||||
|
||||
var err error
|
||||
if err = execCommandAndValidate("ceph", args[:]...); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
keyringPath := getCephKeyringPath(volID, adminCr.id)
|
||||
if err = os.Remove(keyringPath); err != nil {
|
||||
klog.Errorf("failed to remove keyring file %s with error %s", keyringPath, err)
|
||||
}
|
||||
|
||||
secretPath := getCephSecretPath(volID, adminCr.id)
|
||||
if err = os.Remove(secretPath); err != nil {
|
||||
klog.Errorf("failed to remove secret file %s with error %s", secretPath, err)
|
||||
}
|
||||
|
||||
return nil
|
||||
"-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key,
|
||||
"-c", cephConfigPath,
|
||||
"auth", "rm", cephEntityClientPrefix+getCephUserName(volID),
|
||||
)
|
||||
}
|
||||
|
@ -48,7 +48,7 @@ func getVolumeNamespace(volID volumeID) string {
|
||||
}
|
||||
|
||||
func setVolumeAttribute(root, attrName, attrValue string) error {
|
||||
return execCommandAndValidate("setfattr", "-n", attrName, "-v", attrValue, root)
|
||||
return execCommandErr("setfattr", "-n", attrName, "-v", attrValue, root)
|
||||
}
|
||||
|
||||
func createVolume(volOptions *volumeOptions, adminCr *credentials, volID volumeID, bytesQuota int64) error {
|
||||
@ -124,7 +124,7 @@ func purgeVolume(volID volumeID, adminCr *credentials, volOptions *volumeOptions
|
||||
defer unmountAndRemove(cephRoot)
|
||||
|
||||
if err := os.Rename(volRoot, volRootDeleting); err != nil {
|
||||
return fmt.Errorf("coudln't mark volume %s for deletion: %v", volID, err)
|
||||
return fmt.Errorf("couldn't mark volume %s for deletion: %v", volID, err)
|
||||
}
|
||||
|
||||
if err := os.RemoveAll(volRootDeleting); err != nil {
|
||||
|
@ -106,19 +106,18 @@ func mountFuse(mountPoint string, cr *credentials, volOptions *volumeOptions, vo
|
||||
mountPoint,
|
||||
"-m", volOptions.Monitors,
|
||||
"-c", cephConfigPath,
|
||||
"-n", cephEntityClientPrefix + cr.id,
|
||||
"--keyring", getCephKeyringPath(volID, cr.id),
|
||||
"-n", cephEntityClientPrefix + cr.id, "--key=" + cr.key,
|
||||
"-r", volOptions.RootPath,
|
||||
"-o", "nonempty",
|
||||
}
|
||||
|
||||
out, err := execCommand("ceph-fuse", args[:]...)
|
||||
_, stderr, err := execCommand("ceph-fuse", args[:]...)
|
||||
if err != nil {
|
||||
return fmt.Errorf("cephfs: ceph-fuse failed with following error: %s\ncephfs: ceph-fuse output: %s", err, out)
|
||||
return err
|
||||
}
|
||||
|
||||
if !bytes.Contains(out, []byte("starting fuse")) {
|
||||
return fmt.Errorf("cephfs: ceph-fuse failed:\ncephfs: ceph-fuse output: %s", out)
|
||||
if !bytes.Contains(stderr, []byte("starting fuse")) {
|
||||
return fmt.Errorf("ceph-fuse failed: %s", stderr)
|
||||
}
|
||||
|
||||
return nil
|
||||
@ -137,16 +136,15 @@ func (m *fuseMounter) name() string { return "Ceph FUSE driver" }
|
||||
type kernelMounter struct{}
|
||||
|
||||
func mountKernel(mountPoint string, cr *credentials, volOptions *volumeOptions, volID volumeID) error {
|
||||
if err := execCommandAndValidate("modprobe", "ceph"); err != nil {
|
||||
if err := execCommandErr("modprobe", "ceph"); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return execCommandAndValidate("mount",
|
||||
return execCommandErr("mount",
|
||||
"-t", "ceph",
|
||||
fmt.Sprintf("%s:%s", volOptions.Monitors, volOptions.RootPath),
|
||||
mountPoint,
|
||||
"-o",
|
||||
fmt.Sprintf("name=%s,secretfile=%s", cr.id, getCephSecretPath(volID, cr.id)),
|
||||
"-o", fmt.Sprintf("name=%s,secret=%s", cr.id, cr.key),
|
||||
)
|
||||
}
|
||||
|
||||
@ -161,12 +159,12 @@ func (m *kernelMounter) mount(mountPoint string, cr *credentials, volOptions *vo
|
||||
func (m *kernelMounter) name() string { return "Ceph kernel client" }
|
||||
|
||||
func bindMount(from, to string, readOnly bool) error {
|
||||
if err := execCommandAndValidate("mount", "--bind", from, to); err != nil {
|
||||
if err := execCommandErr("mount", "--bind", from, to); err != nil {
|
||||
return fmt.Errorf("failed to bind-mount %s to %s: %v", from, to, err)
|
||||
}
|
||||
|
||||
if readOnly {
|
||||
if err := execCommandAndValidate("mount", "-o", "remount,ro,bind", to); err != nil {
|
||||
if err := execCommandErr("mount", "-o", "remount,ro,bind", to); err != nil {
|
||||
return fmt.Errorf("failed read-only remount of %s: %v", to, err)
|
||||
}
|
||||
}
|
||||
@ -175,7 +173,7 @@ func bindMount(from, to string, readOnly bool) error {
|
||||
}
|
||||
|
||||
func unmountVolume(mountPoint string) error {
|
||||
return execCommandAndValidate("umount", mountPoint)
|
||||
return execCommandErr("umount", mountPoint)
|
||||
}
|
||||
|
||||
func createMountPoint(root string) error {
|
||||
|
Loading…
Reference in New Issue
Block a user