cephfs: ceph-fuse mimic supports passing keys via args, let's use it

This commit is contained in:
gman 2019-02-14 11:47:16 +01:00 committed by mergify[bot]
parent b3944f3121
commit 8e371f62fa
3 changed files with 41 additions and 84 deletions

View File

@ -17,12 +17,7 @@ limitations under the License.
package cephfs
import (
"bytes"
"encoding/json"
"fmt"
"os"
"k8s.io/klog"
)
const (
@ -53,83 +48,47 @@ func getCephUserName(volID volumeID) string {
return cephUserPrefix + string(volID)
}
func getCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) {
entityName := cephEntityClientPrefix + getCephUserName(volID)
func getSingleCephEntity(args ...string) (*cephEntity, error) {
var ents []cephEntity
args := [...]string{
"-m", volOptions.Monitors,
"auth", "-f", "json", "-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id),
"get", entityName,
}
out, err := execCommand("ceph", args[:]...)
if err != nil {
return nil, fmt.Errorf("cephfs: ceph failed with following error: %s\ncephfs: ceph output: %s", err, out)
}
// Workaround for output from `ceph auth get`
// Contains non-json data: "exported keyring for ENTITY\n\n"
offset := bytes.Index(out, []byte("[{"))
if err = json.NewDecoder(bytes.NewReader(out[offset:])).Decode(&ents); err != nil {
return nil, fmt.Errorf("failed to decode json: %v", err)
if err := execCommandJSON(&ents, "ceph", args...); err != nil {
return nil, err
}
if len(ents) != 1 {
return nil, fmt.Errorf("got unexpected number of entities for %s: expected 1, got %d", entityName, len(ents))
return nil, fmt.Errorf("got unexpected number of entities: expected 1, got %d", len(ents))
}
return &ents[0], nil
}
func getCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) {
return getSingleCephEntity(
"-m", volOptions.Monitors,
"-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key,
"-c", cephConfigPath,
"-f", "json",
"auth", "get", cephEntityClientPrefix+getCephUserName(volID),
)
}
func createCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) (*cephEntity, error) {
caps := cephEntityCaps{
Mds: fmt.Sprintf("allow rw path=%s", getVolumeRootPathCeph(volID)),
Mon: "allow r",
Osd: fmt.Sprintf("allow rw pool=%s namespace=%s", volOptions.Pool, getVolumeNamespace(volID)),
}
var ents []cephEntity
args := [...]string{
return getSingleCephEntity(
"-m", volOptions.Monitors,
"auth", "-f", "json", "-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id),
"get-or-create", cephEntityClientPrefix + getCephUserName(volID),
"mds", caps.Mds,
"mon", caps.Mon,
"osd", caps.Osd,
}
if err := execCommandJSON(&ents, args[:]...); err != nil {
return nil, fmt.Errorf("error creating ceph user: %v", err)
}
return &ents[0], nil
"-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key,
"-c", cephConfigPath,
"-f", "json",
"auth", "get-or-create", cephEntityClientPrefix+getCephUserName(volID),
"mds", fmt.Sprintf("allow rw path=%s", getVolumeRootPathCeph(volID)),
"mon", "allow r",
"osd", fmt.Sprintf("allow rw pool=%s namespace=%s", volOptions.Pool, getVolumeNamespace(volID)),
)
}
func deleteCephUser(volOptions *volumeOptions, adminCr *credentials, volID volumeID) error {
userID := getCephUserName(volID)
args := [...]string{
return execCommandErr("ceph",
"-m", volOptions.Monitors,
"-c", cephConfigPath, "-n", cephEntityClientPrefix + adminCr.id, "--keyring", getCephKeyringPath(volID, adminCr.id),
"auth", "rm", cephEntityClientPrefix + userID,
}
var err error
if err = execCommandAndValidate("ceph", args[:]...); err != nil {
return err
}
keyringPath := getCephKeyringPath(volID, adminCr.id)
if err = os.Remove(keyringPath); err != nil {
klog.Errorf("failed to remove keyring file %s with error %s", keyringPath, err)
}
secretPath := getCephSecretPath(volID, adminCr.id)
if err = os.Remove(secretPath); err != nil {
klog.Errorf("failed to remove secret file %s with error %s", secretPath, err)
}
return nil
"-n", cephEntityClientPrefix+adminCr.id, "--key="+adminCr.key,
"-c", cephConfigPath,
"auth", "rm", cephEntityClientPrefix+getCephUserName(volID),
)
}

View File

@ -48,7 +48,7 @@ func getVolumeNamespace(volID volumeID) string {
}
func setVolumeAttribute(root, attrName, attrValue string) error {
return execCommandAndValidate("setfattr", "-n", attrName, "-v", attrValue, root)
return execCommandErr("setfattr", "-n", attrName, "-v", attrValue, root)
}
func createVolume(volOptions *volumeOptions, adminCr *credentials, volID volumeID, bytesQuota int64) error {
@ -124,7 +124,7 @@ func purgeVolume(volID volumeID, adminCr *credentials, volOptions *volumeOptions
defer unmountAndRemove(cephRoot)
if err := os.Rename(volRoot, volRootDeleting); err != nil {
return fmt.Errorf("coudln't mark volume %s for deletion: %v", volID, err)
return fmt.Errorf("couldn't mark volume %s for deletion: %v", volID, err)
}
if err := os.RemoveAll(volRootDeleting); err != nil {

View File

@ -106,19 +106,18 @@ func mountFuse(mountPoint string, cr *credentials, volOptions *volumeOptions, vo
mountPoint,
"-m", volOptions.Monitors,
"-c", cephConfigPath,
"-n", cephEntityClientPrefix + cr.id,
"--keyring", getCephKeyringPath(volID, cr.id),
"-n", cephEntityClientPrefix + cr.id, "--key=" + cr.key,
"-r", volOptions.RootPath,
"-o", "nonempty",
}
out, err := execCommand("ceph-fuse", args[:]...)
_, stderr, err := execCommand("ceph-fuse", args[:]...)
if err != nil {
return fmt.Errorf("cephfs: ceph-fuse failed with following error: %s\ncephfs: ceph-fuse output: %s", err, out)
return err
}
if !bytes.Contains(out, []byte("starting fuse")) {
return fmt.Errorf("cephfs: ceph-fuse failed:\ncephfs: ceph-fuse output: %s", out)
if !bytes.Contains(stderr, []byte("starting fuse")) {
return fmt.Errorf("ceph-fuse failed: %s", stderr)
}
return nil
@ -137,16 +136,15 @@ func (m *fuseMounter) name() string { return "Ceph FUSE driver" }
type kernelMounter struct{}
func mountKernel(mountPoint string, cr *credentials, volOptions *volumeOptions, volID volumeID) error {
if err := execCommandAndValidate("modprobe", "ceph"); err != nil {
if err := execCommandErr("modprobe", "ceph"); err != nil {
return err
}
return execCommandAndValidate("mount",
return execCommandErr("mount",
"-t", "ceph",
fmt.Sprintf("%s:%s", volOptions.Monitors, volOptions.RootPath),
mountPoint,
"-o",
fmt.Sprintf("name=%s,secretfile=%s", cr.id, getCephSecretPath(volID, cr.id)),
"-o", fmt.Sprintf("name=%s,secret=%s", cr.id, cr.key),
)
}
@ -161,12 +159,12 @@ func (m *kernelMounter) mount(mountPoint string, cr *credentials, volOptions *vo
func (m *kernelMounter) name() string { return "Ceph kernel client" }
func bindMount(from, to string, readOnly bool) error {
if err := execCommandAndValidate("mount", "--bind", from, to); err != nil {
if err := execCommandErr("mount", "--bind", from, to); err != nil {
return fmt.Errorf("failed to bind-mount %s to %s: %v", from, to, err)
}
if readOnly {
if err := execCommandAndValidate("mount", "-o", "remount,ro,bind", to); err != nil {
if err := execCommandErr("mount", "-o", "remount,ro,bind", to); err != nil {
return fmt.Errorf("failed read-only remount of %s: %v", to, err)
}
}
@ -175,7 +173,7 @@ func bindMount(from, to string, readOnly bool) error {
}
func unmountVolume(mountPoint string) error {
return execCommandAndValidate("umount", mountPoint)
return execCommandErr("umount", mountPoint)
}
func createMountPoint(root string) error {