Add `create_or_update_keyring_file()`, a more generic version of `create_or_update_crash_keyring_file()`, in order to avoid duplicating the underlying logic for other kinds of keyrings / Ceph auth entities.
Signed-off-by: Max R. Carrara <[email protected]> --- PVE/Ceph/Tools.pm | 80 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/PVE/Ceph/Tools.pm b/PVE/Ceph/Tools.pm index f50d2272..dce9156a 100644 --- a/PVE/Ceph/Tools.pm +++ b/PVE/Ceph/Tools.pm @@ -3,6 +3,7 @@ package PVE::Ceph::Tools; use strict; use warnings; +use Carp qw(croak); use File::Path; use File::Basename; use IO::File; @@ -455,6 +456,85 @@ sub get_or_create_admin_keyring { return $pve_ckeyring_path; } +=head3 create_or_update_keyring_file($dest_file, $entity, $caps [, $rados]) + +Creates or updates a keyring file C<$dest_file> for C<$entity>. If the +C<$entity> is created, it gains the capabilities provided with C<$caps>. +Otherwise, capabilities are not updated. + +B<NOTE:> The caller is responsible for ensuring that the provided C<$dest_file> +is in fact for the given C<$entity>. + +Returns C<1> if C<$dest_file> was created or updated, C<0> otherwise. + +=over + +=item * C<$dest_file> + +The path of the keyring file, for example C</etc/pve/ceph/ceph.client.crash.keyring>. + +=item * C<$entity> + +The entity for which to create the authentication entry and corresponding +keyring, for example C<client.crash>. If the entity already exists, its +capabilities are not updated. + +=item * C<$caps> + +The capabilities to set when creating C<$entity>, for example: + + my $caps = [ + mgr => 'allow profile osd', + mon => 'allow profile osd', + osd => 'allow *', + ]; + +=item * C<$rados> (optional) + +An existing C<L<PVE::RADOS>> object. If not provided, a new object will be +created instead. + +=back + +For an explanation on Ceph capabilities, see: +L<https://docs.ceph.com/en/latest/rados/operations/user-management/#authorization-capabilities> + +=cut + +my sub create_or_update_keyring_file { + my ($dest_file, $entity, $caps, $rados) = @_; + + croak '$dest_file is undef' if !defined($dest_file); + croak '$entity is undef' if !defined($entity); + croak '$caps is undef' if !defined($caps); + + $rados = PVE::RADOS->new() if !defined($rados); + + my $output = $rados->mon_command({ + prefix => 'auth get-or-create', + entity => "$entity", + caps => $caps, + format => 'plain', + }); + + if (-f $dest_file) { + my $contents = PVE::Tools::file_get_contents($dest_file); + + if ($contents ne $output) { + PVE::Tools::file_set_contents($dest_file, $output); + return 1; + } + + return 0; + + } else { + PVE::Tools::file_set_contents($dest_file, $output); + return 1; + } + + return 0; +} + # is also used in `pve-init-ceph-crash` helper sub create_or_update_crash_keyring_file { my ($rados) = @_; -- 2.47.3 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
