From 96bf4a98bd11fa592fe747dc8150f0156b4d7524 Mon Sep 17 00:00:00 2001 From: gman Date: Thu, 14 Feb 2019 11:48:52 +0100 Subject: [PATCH] cephfs: don't need to store keyrings anymore --- pkg/cephfs/cephconf.go | 85 +--------------------------------- pkg/cephfs/controllerserver.go | 5 -- pkg/cephfs/nodeserver.go | 10 +--- 3 files changed, 3 insertions(+), 97 deletions(-) diff --git a/pkg/cephfs/cephconf.go b/pkg/cephfs/cephconf.go index 65e79a1d1..dac9dc901 100644 --- a/pkg/cephfs/cephconf.go +++ b/pkg/cephfs/cephconf.go @@ -17,13 +17,8 @@ limitations under the License. package cephfs import ( - "fmt" "io/ioutil" "os" - "path" - "text/template" - - "k8s.io/klog" ) var cephConfig = []byte(`[global] @@ -35,39 +30,11 @@ auth_client_required = cephx fuse_set_user_groups = false `) -const cephKeyring = `[client.{{.UserID}}] -key = {{.Key}} -` - -const cephSecret = `{{.Key}}` // #nosec - const ( - cephConfigRoot = "/etc/ceph" - cephConfigPath = "/etc/ceph/ceph.conf" - cephKeyringFileNameFmt = "ceph.share.%s.client.%s.keyring" - cephSecretFileNameFmt = "ceph.share.%s.client.%s.secret" // #nosec + cephConfigRoot = "/etc/ceph" + cephConfigPath = "/etc/ceph/ceph.conf" ) -var ( - cephKeyringTempl *template.Template - cephSecretTempl *template.Template -) - -func init() { - fm := map[string]interface{}{ - "perms": func(readOnly bool) string { - if readOnly { - return "r" - } - - return "rw" - }, - } - - cephKeyringTempl = template.Must(template.New("keyring").Funcs(fm).Parse(cephKeyring)) - cephSecretTempl = template.Must(template.New("secret").Parse(cephSecret)) -} - func createCephConfigRoot() error { return os.MkdirAll(cephConfigRoot, 0755) // #nosec } @@ -79,51 +46,3 @@ func writeCephConfig() error { return ioutil.WriteFile(cephConfigPath, cephConfig, 0640) } - -func writeCephTemplate(fileName string, m os.FileMode, t *template.Template, data interface{}) error { - if err := createCephConfigRoot(); err != nil { - return err - } - - f, err := os.OpenFile(path.Join(cephConfigRoot, fileName), os.O_CREATE|os.O_EXCL|os.O_WRONLY, m) - if err != nil { - if os.IsExist(err) { - return nil - } - return err - } - - defer func() { - if err := f.Close(); err != nil { - klog.Errorf("failed to close file %s with error %s", f.Name(), err) - } - }() - - return t.Execute(f, data) -} - -type cephKeyringData struct { - UserID, Key string - VolumeID volumeID -} - -func (d *cephKeyringData) writeToFile() error { - return writeCephTemplate(fmt.Sprintf(cephKeyringFileNameFmt, d.VolumeID, d.UserID), 0600, cephKeyringTempl, d) -} - -type cephSecretData struct { - UserID, Key string - VolumeID volumeID -} - -func (d *cephSecretData) writeToFile() error { - return writeCephTemplate(fmt.Sprintf(cephSecretFileNameFmt, d.VolumeID, d.UserID), 0600, cephSecretTempl, d) -} - -func getCephSecretPath(volID volumeID, userID string) string { - return path.Join(cephConfigRoot, fmt.Sprintf(cephSecretFileNameFmt, volID, userID)) -} - -func getCephKeyringPath(volID volumeID, userID string) string { - return path.Join(cephConfigRoot, fmt.Sprintf(cephKeyringFileNameFmt, volID, userID)) -} diff --git a/pkg/cephfs/controllerserver.go b/pkg/cephfs/controllerserver.go index 76bb99059..235a99f3a 100644 --- a/pkg/cephfs/controllerserver.go +++ b/pkg/cephfs/controllerserver.go @@ -67,11 +67,6 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol return nil, status.Error(codes.InvalidArgument, err.Error()) } - if err = storeCephCredentials(volID, cr); err != nil { - klog.Errorf("failed to store admin credentials for '%s': %v", cr.id, err) - return nil, status.Error(codes.Internal, err.Error()) - } - if err = createVolume(volOptions, cr, volID, req.GetCapacityRange().GetRequiredBytes()); err != nil { klog.Errorf("failed to create volume %s: %v", req.GetName(), err) return nil, status.Error(codes.Internal, err.Error()) diff --git a/pkg/cephfs/nodeserver.go b/pkg/cephfs/nodeserver.go index 4fff317b4..b9ec7284c 100644 --- a/pkg/cephfs/nodeserver.go +++ b/pkg/cephfs/nodeserver.go @@ -51,10 +51,6 @@ func getCredentialsForVolume(volOptions *volumeOptions, volID volumeID, req *csi return nil, fmt.Errorf("failed to get admin credentials from node stage secrets: %v", err) } - if err = storeCephCredentials(volID, adminCr); err != nil { - return nil, fmt.Errorf("failed to store ceph admin credentials: %v", err) - } - // Then get the ceph user entity, err := getCephUser(volOptions, adminCr, volID) @@ -74,10 +70,6 @@ func getCredentialsForVolume(volOptions *volumeOptions, volID volumeID, req *csi cr = userCr } - if err := storeCephCredentials(volID, cr); err != nil { - return nil, fmt.Errorf("failed to store ceph user credentials: %v", err) - } - return cr, nil } @@ -241,7 +233,7 @@ func (ns *NodeServer) NodeUnstageVolume(ctx context.Context, req *csi.NodeUnstag return nil, status.Error(codes.Internal, err.Error()) } - klog.Infof("cephfs: successfully umounted volume %s from %s", req.GetVolumeId(), stagingTargetPath) + klog.Infof("cephfs: successfully unmounted volume %s from %s", req.GetVolumeId(), stagingTargetPath) return &csi.NodeUnstageVolumeResponse{}, nil }