when creating the cluster's first monitor.
Signed-off-by: Max Carrara <m.carr...@proxmox.com>
---
PVE/API2/Ceph/MON.pm | 28 +++++++++++++++++++++++++++-
PVE/Ceph/Services.pm | 12 ++++++++++--
PVE/Ceph/Tools.pm | 38 ++++++++++++++++++++++++++++++++++++++
3 files changed, 75 insertions(+), 3 deletions(-)
diff --git a/PVE/API2/Ceph/MON.pm b/PVE/API2/Ceph/MON.pm
index 1e959ef3..8d75f5d1 100644
--- a/PVE/API2/Ceph/MON.pm
+++ b/PVE/API2/Ceph/MON.pm
@@ -459,11 +459,37 @@ __PACKAGE__->register_method ({
});
die $@ if $@;
# automatically create manager after the first monitor is created
+ # and set up keyring and config for ceph-crash.service
if ($is_first_monitor) {
PVE::API2::Ceph::MGR->createmgr({
node => $param->{node},
id => $param->{node}
- })
+ });
+
+ PVE::Cluster::cfs_lock_file('ceph.conf', undef, sub {
+ my $cfg = cfs_read_file('ceph.conf');
+
+ if ($cfg->{'client.crash'}) {
+ return undef;
+ }
+
+ $cfg->{'client.crash'}->{keyring} =
'/etc/pve/ceph/$cluster.$name.keyring';
+
+ cfs_write_file('ceph.conf', $cfg);
+ });
+ die $@ if $@;
+
+ eval {
+ PVE::Ceph::Tools::get_or_create_crash_keyring();
+ };
+ warn "Unable to configure keyring for ceph-crash.service: $@"
if $@;
+
+ print "enabling service 'ceph-crash.service'\n";
+ PVE::Ceph::Services::ceph_service_cmd('enable', 'crash');
+ print "starting service 'ceph-crash.service'\n";
+ # ceph-crash already runs by default,
+ # this makes sure the keyring is used
+ PVE::Ceph::Services::ceph_service_cmd('restart', 'crash');
}
};
diff --git a/PVE/Ceph/Services.pm b/PVE/Ceph/Services.pm
index e0f31e8e..5f5986f9 100644
--- a/PVE/Ceph/Services.pm
+++ b/PVE/Ceph/Services.pm
@@ -100,8 +100,16 @@ sub get_cluster_service {
sub ceph_service_cmd {
my ($action, $service) = @_;
- if ($service && $service =~
m/^(mon|osd|mds|mgr|radosgw)(\.(${\SERVICE_REGEX}))?$/) {
- $service = defined($3) ? "ceph-$1\@$3" : "ceph-$1.target";
+ if ($service) {
+ # specific (parameterized) services or targets
+ if ($service =~ m/^(mon|osd|mds|mgr|radosgw)(\.(${\SERVICE_REGEX}))?$/)
{
+ $service = defined($3) ? "ceph-$1\@$3" : "ceph-$1.target";
+ # other services without targets
+ } elsif ($service =~ m/^(crash)$/) {
+ $service = "ceph-$1.service";
+ } else {
+ $service = "ceph.target";
+ }
} else {
$service = "ceph.target";
}
diff --git a/PVE/Ceph/Tools.pm b/PVE/Ceph/Tools.pm
index 3acef11b..cf9f2ed4 100644
--- a/PVE/Ceph/Tools.pm
+++ b/PVE/Ceph/Tools.pm
@@ -18,7 +18,9 @@ my $ccname = 'ceph'; # ceph cluster name
my $ceph_cfgdir = "/etc/ceph";
my $pve_ceph_cfgpath = "/etc/pve/$ccname.conf";
my $ceph_cfgpath = "$ceph_cfgdir/$ccname.conf";
+my $pve_ceph_cfgdir = "/etc/pve/ceph";
+my $pve_ceph_crash_key_path = "$pve_ceph_cfgdir/$ccname.client.crash.keyring";
my $pve_mon_key_path = "/etc/pve/priv/$ccname.mon.keyring";
my $pve_ckeyring_path = "/etc/pve/priv/$ccname.client.admin.keyring";
my $ckeyring_path = "/etc/ceph/ceph.client.admin.keyring";
@@ -32,6 +34,7 @@ my $ceph_service = {
ceph_mgr => "/usr/bin/ceph-mgr",
ceph_osd => "/usr/bin/ceph-osd",
ceph_mds => "/usr/bin/ceph-mds",
+ ceph_crash => '/usr/bin/ceph-crash',
ceph_volume => '/usr/sbin/ceph-volume',
};
@@ -44,6 +47,14 @@ my $config_hash = {
value => $pve_ceph_cfgpath,
is_file => 1,
},
+ pve_ceph_cfgdir => {
+ value => $pve_ceph_cfgdir,
+ is_file => 0,
+ },
+ pve_ceph_crash_key_path => {
+ value => $pve_ceph_crash_key_path,
+ is_file => 1,
+ },
pve_mon_key_path => {
value => $pve_mon_key_path,
is_file => 1,
@@ -439,6 +450,33 @@ sub get_or_create_admin_keyring {
return $pve_ckeyring_path;
}
+# requires connection to existing monitor
+sub get_or_create_crash_keyring {
+ my ($rados) = @_;
+
+ if (!defined($rados)) {
+ $rados = PVE::RADOS->new();
+ }
+
+ my $output = $rados->mon_command({
+ prefix => 'auth get-or-create',
+ entity => 'client.crash',
+ caps => [
+ mon => 'profile crash',
+ mgr => 'profile crash',
+ ],
+ format => 'plain',
+ });
+
+ if (! -d $pve_ceph_cfgdir) {
+ mkdir $pve_ceph_cfgdir;
+ }
+
+ PVE::Tools::file_set_contents($pve_ceph_crash_key_path, $output);
+
+ return $pve_ceph_crash_key_path;
+}
+
# get ceph-volume managed osds
sub ceph_volume_list {
my $result = {};
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
