Proxmox-Port/pve-storage
1
0
Fork 0
mirror of https://github.com/jiangcuo/pve-storage.git synced 2025-08-27 01:43:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ceph/rbd: set 'keyring' in ceph configuration for externally managed RBD storages

Browse Source 
For QEMU, when using '-blockdev', there is no way to specify the
keyring file like was possible with '-drive', so it has to be set in
the corresponding Ceph configuration file. As it applies to all images
on the storage, it also is the most natural place for the setting.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
This commit is contained in:
Fiona Ebner 2025-07-02 18:27:42 +02:00 committed by Fabian Grünbichler
parent b8acc0286b
commit 7684225bac
2 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/PVE/CephConfig.pm
View File

@ -3,6 +3,8 @@ package PVE::CephConfig;
use strict; use strict;
use warnings; use warnings;
use Net::IP; use Net::IP;
use PVE::RESTEnvironment qw(log_warn);
use PVE::Tools qw(run_command); use PVE::Tools qw(run_command);
use PVE::Cluster qw(cfs_register_file); use PVE::Cluster qw(cfs_register_file);
@ -420,6 +422,10 @@ sub ceph_connect_option {
} else { } else {
$cmd_option->{ceph_conf} = "/etc/pve/priv/ceph/${storeid}.conf"; $cmd_option->{ceph_conf} = "/etc/pve/priv/ceph/${storeid}.conf";
} }
} elsif (!$pveceph_managed) {
# No dedicated config for non-PVE-managed cluster, create new
# TODO PVE 10 - remove. All such storages already got a configuration upon creation or here.
ceph_create_configuration($scfg->{type}, $storeid);
} }
$cmd_option->{keyring} = $keyfile if (-e $keyfile); $cmd_option->{keyring} = $keyfile if (-e $keyfile);
@ -487,6 +493,50 @@ sub ceph_remove_keyfile {
} }
} }
sub ceph_create_configuration {
my ($type, $storeid) = @_;
return if $type eq 'cephfs'; # no configuration file needed currently
my $extension = 'keyring';
$extension = 'secret' if $type eq 'cephfs';
my $ceph_storage_keyring = "/etc/pve/priv/ceph/${storeid}.$extension";
return if !-e $ceph_storage_keyring;
my $ceph_storage_config = "/etc/pve/priv/ceph/${storeid}.conf";
if (-e $ceph_storage_config) {
log_warn(
"file $ceph_storage_config already exists, check manually and ensure 'keyring'"
. " option is set to '$ceph_storage_keyring'!\n",
);
return;
}
my $ceph_config = {
global => {
keyring => $ceph_storage_keyring,
},
};
my $contents = PVE::CephConfig::write_ceph_config($ceph_storage_config, $ceph_config);
PVE::Tools::file_set_contents($ceph_storage_config, $contents, 0600);
return;
}
sub ceph_remove_configuration {
my ($storeid) = @_;
my $ceph_storage_config = "/etc/pve/priv/ceph/${storeid}.conf";
if (-f $ceph_storage_config) {
unlink $ceph_storage_config or log_warn("removing $ceph_storage_config failed - $!\n");
}
return;
}
my $ceph_version_parser = sub { my $ceph_version_parser = sub {
my $ceph_version = shift; my $ceph_version = shift;
# FIXME this is the same as pve-manager PVE::Ceph::Tools get_local_version # FIXME this is the same as pve-manager PVE::Ceph::Tools get_local_version

3
src/PVE/Storage/RBDPlugin.pm
View File

@ -448,6 +448,7 @@ sub on_add_hook {
my ($class, $storeid, $scfg, %param) = @_; my ($class, $storeid, $scfg, %param) = @_;
PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring}); PVE::CephConfig::ceph_create_keyfile($scfg->{type}, $storeid, $param{keyring});
PVE::CephConfig::ceph_create_configuration($scfg->{type}, $storeid);
return; return;
} }
@ -469,6 +470,8 @@ sub on_update_hook {
sub on_delete_hook { sub on_delete_hook {
my ($class, $storeid, $scfg) = @_; my ($class, $storeid, $scfg) = @_;
PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid); PVE::CephConfig::ceph_remove_keyfile($scfg->{type}, $storeid);
PVE::CephConfig::ceph_remove_configuration($storeid);
return; return;
} }